Values for content-security-policy: upgrade-insecure-requests 18,293 frame-ancestors 'self' 9,989 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 7,480 upgrade-insecure-requests; 5,954 frame-ancestors 'self'; 4,827 default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' data: https: wss:; worker-src 'self' blob: https:; img-src 'self' data: blob: https:; frame-src 'self' https: kbzpay: wavepay: gcash:; font-src 'self' https: data:; object-src 'none'; base-uri 'self'; 1,879 block-all-mixed-content 1,682 frame-ancestors 'none' 1,404 block-all-mixed-content; 1,177 frame-ancestors 'none'; 871 object-src 'none' 476 default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 428 425 frame-ancestors 'self' mitiendanube.com *.mitiendanube.com lojavirtualnuvem.com.br *.lojavirtualnuvem.com.br mitiendanube.com.ar *.mitiendanube.com.ar mitiendanube.com.mx *.mitiendanube.com.mx mitiendanube.com.co *.mitiendanube.com.co mitiendanube.cl *.mitiendanube.cl; upgrade-insecure-requests 423 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 373 frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 347 frame-ancestors 'self' godaddy.com *.godaddy.com 328 report-uri /report-csp-violation 269 upgrade-insecure-requests;frame-ancestors 'none';object-src 'none' 245 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 241 default-src https: data: 'unsafe-inline' 'unsafe-eval' 234 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 230 frame-ancestors * 214 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; 207 require-trusted-types-for 'script' 195 upgrade-insecure-requests; block-all-mixed-content 187 script-src 'self' blob: https://morris-server.de:8801 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; media-src 'self' data: blob: https://api.sparkassen-mediacenter.de https://sparkassen-mediacenter.de https://cdn.sparkassen-mediacenter.de 174 frame-ancestors 'self' ; 167 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com; 163 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 160 upgrade-insecure-requests;object-src 'none' 158 frame-ancestors 'self' http://webvisor.com 156 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net *.33across.com *.360playvid.info *.360yield.com *.abkafurniture.com *.abt.s3.yandex.net *.ad-generation.jp *.ad-plus.com.tr *.adfor.io *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnow.com *.adnsafe.org *.adnxs.com *.adocean.pl *.adpush.com.tr *.adpushup.com *.adroll.com *.ads-twitter.com *.ads7-adnow.com *.adsafeprotected.com *.adsafescan.com *.adsby.io *.adsmx.online *.adsturk.com *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.adtrafficquality.google *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.anura.io *.api-sports.io *.app.adjust.com *.appnexus.com *.aralego.com *.atombilisim.com.tr *.axonix.com *.azureedge.net *.baithoph.net *.beachfront.com *.bidswitch.net *.bidtellect.com *.bik.gov.tr *.bildirt.com *.binance.com *.bizzclick.com *.bringads.ru *.cdn.jsdelivr.net *.cdn.pixad.com.tr *.cdn.proadscdn.com *.cimri.com *.clarity.ms *.cleverwebserver.com *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dable.io *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.dreamwater.com.tr *.dsp-media.eskimi.com *.e-planning.net *.emxdgt.com *.engagebdr.com *.ep2.adtrafficquality.google *.ercdn.net *.erstream.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.flowplayer.com *.foremedia.net *.freewheel.tv *.gamoshi.io *.gemius.pl *.github.io *.google *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gtranslate.net *.gumgum.com *.hhkld.com *.ibillboard.com *.id5-sync.com *.idealmedia.io *.ijit.com *.improvedigital.com *.incehesap.com *.indexexchange.com *.inmobi.com *.instagram.com *.jewelbetting.co *.jewelbetting.net *.jquery.com *.jsdelivr.net *.jwpcdn.com *.karakasbezcanta.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.loopme.me *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.monochat.ai *.monosnap.com *.mrf.io *.netmedyaajans.com.tr *.newborntown.com *.nnowa.com *.omnijay.com *.onesignal.com *.onetag-sys.com *.onnetwork.tv *.openweathermap.com *.openx.com *.openx.net *.optad360.io *.outbrain.com *.paytr.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.player.viads.com *.preply.com *.programattik.com *.protagcdn.com *.publisher-network.com *.pubmatic.com *.radyotelekom.com.tr *.radyotelekomtv.com *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rtb.pixad.com.tr *.rubiconproject.com *.sabio.us *.sanalofisonline.com *.say.ac *.schema.org *.script.ac *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smilewanted.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.springserve.com *.static.hotjar.com *.stickyadstv.com *.stroeer.com *.synacor.com *.t3vakfi.app *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.teknofest.app *.tevideo.org *.thalespirlanta.com *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.trvdp.com *.ttwstatic.com *.twimg.com *.twitter.com *.ucfunnel.com *.uidapi.com *.unpkg.com *.unrulymedia.com *.us.com *.vdo.ai *.viads.com *.viads.net *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.viralize.tv *.virgul.com *.visitchange.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yads.tech *.yahoo.com *.yandex.com *.yandex.net *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com *.zencdn.net 360playvid.info a.bringads.ru ad-plus.com.tr ad.360yield.com adfor.io ads.vidoomy.com ads.viralize.tv adsby.io adsdkprod.azureedge.net adsmx.online adsturk.com adtrafficquality.google analytics.ahrefs.com anura.io api-maps.yandex.ru api.adnsafe.org buttons-config.sharethis.com c1.imgiz.com cdn-auth.t3vakfi.app cdn.adhouse.pro cdn.adpushup.com cdn.adsafescan.com cdn.ampproject.org cdn.doubleverify.com cdn.flowplayer.com cdn.id5-sync.com cdn.jsdelivr.net cdn.jwplayer.com cdn.proadscdn.com cdn.ravenjs.com cdn.stickyadstv.com cdn2.bildirt.com cleverwebserver.com connect.facebook.net csync.loopme.me dable.io display-static.yads.tech dsp-media.eskimi.com ep1.adtrafficquality.google ep2.adtrafficquality.google erpm-js.erstream.com euw2-a.amxrtb.com gdetr.hit.gemius.pl google.com gtranslate.net hbopenbid.pubmatic.com hhkld.com ib.adnxs.com id2.t3vakfi.app id5-sync.com instagram.com invstatic101.creativecdn.com js.globalsun.io jsc.idealmedia.io jscdn.greeter.me jsdelivr.net lidertv.radyotelekom.com.tr mc.yandex.com monosnap.com mrf.io myvalice.com.tr n.nnowa.com netmedyaajans.com.tr nnowa.com oa.openxcdn.net onesignal.com onetag-sys.com pagead2.googlesyndication.com paytr.com pcode.yads.tech pghub.io platform-api.sharethis.com platform.foremedia.net player.im player.viads.com pool-eu.creative-serving.com prebid-server.rubiconproject.com prebid.smilewanted.com preply.com proadscdn.com protagcdn.com radyotelekom.com.tr radyotelekomtv.com run.admost.com s0.2mdn.net say.ac script.4dex.io sdk.mrf.io securepubads.g.doubleclick.net sosyal.teknofest.app sp.ad-plus.com.tr st-n.ads7-adnow.com st-n.nnowa.com static-maps.yandex.ru static.ads-twitter.com static.cdn.pixad.com.tr static.cloudflareinsights.com tags.crwdcntrl.net testerparfum.com theadsby.rtb.pixad.com.tr trgde.adocean.pl tv5-live.ercdn.net twimg.com u.openx.net unpkg.com vdo.ai viads.net videojs.com visitchange.com vjs.zencdn.net vpaid.springserve.com webchat.monochat.ai x.bidswitch.net yandex.ru yastatic.net; 139 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none' 134 default-src * data: 'unsafe-eval' 'unsafe-inline' 127 frame-ancestors 'self' *.tsoftpanel.com *.paneltsoft.com; 119 upgrade-insecure-requests; frame-ancestors 'self' 117 frame-ancestors 'self' https://app.grovecms.org/ 113 self 110 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 106 frame-ancestors 'self' ; upgrade-insecure-requests; 103 default-src * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';img-src * 'self' data:;frame-ancestors none;frame-src 'self' mailto: tel: https: 101 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 99 frame-ancestors self 96 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com; style-src 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src data: https: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; font-src data: https:; connect-src https: data: blob: *.visualwebsiteoptimizer.com app.vwo.com; media-src blob: data: https:; object-src https:; child-src https: data: blob: 'self' *.visualwebsiteoptimizer.com app.vwo.com; upgrade-insecure-requests; block-all-mixed-content; 94 report-uri /report-csp-violation; upgrade-insecure-requests 94 frame-ancestors 'self' https://*.substack.com https://substack.com 94 frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 92 frame-ancestors https://sinclairstoryline.com https://qa-sinclairstoryline.com https://int-sinclairstoryline.com https://storyline-qa.com https://storyline-int.com https://preview.int-sinclairstoryline.com https://preview.storyline-int.com https://preview.storyline-qa.com https://preview.qa-sinclairstoryline.com https://preview.sinclairstoryline.com; upgrade-insecure-requests 92 frame-ancestors *; 90 default-src 'self' http: https: data: blob: 'unsafe-inline' 84 frame-ancestors 'self' https://app.contentful.com 83 frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.google.com *.www.google.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src bat.bing.com ct.pinterest.com s.pinimg.com app.link cdn.branch.io *.slgnt.eu *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel bat.bing.com *.dwin1.com widget.getyourguide.com lhopa01.custhelp.com rum.hlx.page 'unsafe-inline' 'unsafe-eval'; object-src 'none'; worker-src blob: *.lufthansa.com; 82 default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 78 upgrade-insecure-requests;connect-src * 76 ; report-uri https://admin.blog.fc2.com/csp-reports; report-to blog-front-csp-endpoint 74 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.seals.dlagglobal.com *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.edgecasts.net *.fasttrackcdn.net *.cdnrocket.net *.speedysurfcdn.net *.cloudswiftcdn.net *.globalwavecdn.net *.acceleracloud.net *.quickroutecdn.net *.lightningspeedcdn.net *.stormshieldcdn.net *.rapidflarecdn.net *.velocitystream.net *.nexusaccelerate.net *.pacificrouter.com *.cdnhealthcare.net *.traveladventurescdn.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net http://*.sbobet.com; worker-src 'self' blob:; report-uri https://csp.trackittk.net/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa https://csp.trackittk.net/z/44e4f334-51c5-4cdb-b5e0-b33b1ec85c9d 74 frame-ancestors 'self' www.wirtgen-group.com forms.wirtgen-group.com; 74 default-src 'none' 73 default-src 'self'; style-src 'unsafe-inline'; object-src 'none' 72 frame-ancestors 'self' https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com *.khapps.com *.khapps.jp *.lsapps.oracle.com *.lsapps.oracle.jp *.dev-lsapps.oracle.com https://oraclesso.sharepoint.com https://oracle.sharepoint.com https://partners.oracle.com https://partners-stage.oracle.com https://partners-test.oracle.com https://partners-sit.oracle.com https://partners-dev.oracle.com 71 frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 66 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net fw-cdn.com *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https://www.datadoghq-browser-agent.com; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.databerjalan.com dataset.catgarong.com cdn.livechatinc.com youtube.com vimeo.com geo.dailymotion.com twitch.com; object-src 'self' data:; connect-src 'self' data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https://browser-intake-datadoghq.com https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action 'self' *.tawk.to; worker-src blob:; 66 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 64 frame-ancestors 'self'; upgrade-insecure-requests 63 frame-ancestors zyro.com *.zyro.com *.builder-preview.com *.zyro.space *.hostinger.com *.hostinger.io *.hostinger.in *.hostinger.co.uk 63 default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cookiepro.com https://*.onetrust.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiepro.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://*.cookiepro.com; style-src 'self' 'unsafe-inline' 62 frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 62 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 56 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 56 upgrade-insecure-requests; frame-ancestors 'self'; 55 default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 55 default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 54 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 53 frame-ancestors https://web.telegram.org 53 upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 52 default-src 'self' *.smartsites.parentsquare.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.smartsites.parentsquare.com http://localhost:*; style-src 'self' https: 'unsafe-inline' *.smartsites.parentsquare.com http://localhost:*; img-src 'self' data: https:; font-src 'self' data: https:; frame-src https:; connect-src 'self' https: ws://localhost:* wss://localhost:*; worker-src 'self' blob:; object-src 'self' *.smartsites.parentsquare.com; media-src 'self' https:; base-uri 'self'; form-action 'self' https:; report-uri /csp-reports.php; report-to csp-endpoint; 52 frame-ancestors 'none'; upgrade-insecure-requests 51 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 49 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://search.google.com; 49 frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 48 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 47 upgrade-insecure-requests; block-all-mixed-content; 45 default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 45 frame-ancestors 'self' https://cms.scrippsdigital.com 44 frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 44 base-uri 'self';default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 43 frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 43 base-uri 'self' 42 frame-ancestors 'self' *.plentymarkets-cloud-de.com *.my.plentysystems.com 42 default-src 'self' 41 frame-ancestors 'self'; report-uri /report-csp-violation 41 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' https://*.imagio.covestro.com; upgrade-insecure-requests; block-all-mixed-content; 41 frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://cdn.taboola.com https://ads.taboola.com chrome-extension://jdanfkhnfpagoijgfmklhgakdicpnfil; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news®ion=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=; 40 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 40 frame-ancestors 'self'; object-src 'self' 40 img-src https: data:; upgrade-insecure-requests 39 default-src data: 'unsafe-inline' 'unsafe-eval' https:;base-uri 'self';frame-ancestors 'self' ;img-src data: https: blob:;font-src data: https:;media-src https: blob:;connect-src https: wss: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;style-src data: 'unsafe-inline' https:;child-src https: data: blob:;form-action https:;object-src 'none'; 38 default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: 38 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 37 default-src 'self'; 37 base-uri 'self'; frame-ancestors 'self' 37 frame-ancestors 'self' https://*.hygraph.com 37 object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; 37 base-uri 'self'; 36 default-src 'self' 'unsafe-inline' 36 frame-ancestors 'self' https://*.akifast.com akifast.com 36 default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 35 default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; 35 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://corporatetools.zeroheight.com https://global-components.corptools.io 35 frame-ancestors 'self' devcue.diks.fi cue.media.fi cue.test.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:* http://cue.cue-web:*; 35 frame-ancestors 'self' *; 35 frame-ancestors 'self' https://medium.com 34 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 34 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; font-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 34 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 34 frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 33 default-src https: ws: data: 'unsafe-inline' 'unsafe-eval'; 33 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 32 frame-ancestors 'self' https://app.storyblok.com 32 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 32 default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 32 frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 32 default-src 'self';style-src 'self' 'unsafe-inline' *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com tagmanager.google.com fonts.googleapis.com *.googleapis.com cdnjs.cloudflare.com;img-src 'self' data: *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.is *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk consent.trustarc.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com immage.monks.tools *.googleapis.com *.google.com *.googleusercontent.com www.digitalassets.starbucks.eu *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com;media-src 'self' *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.is *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk;font-src 'self' fonts.gstatic.com *.gstatic.com *.trustarc.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com tagmanager.google.com aswpsdkus.com aswpsdkeu.com try.access.worldpay.com maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com https://static.cloudflareinsights.com;frame-src 'self' www.youtube-nocookie.com *.youtube.com starbucksjobs.de *.accdab.net consent-pref.trustarc.com *.google.com *.googletagmanager.com try.access.worldpay.com secure-test.worldpay.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.onecupbigchange.com *.starbucks.ae *.starbucks.at *.starbucks.be *.starbucks.bg *.starbucks.ch *.starbucks.co.ma *.starbucks.co.uk *.starbucks.co.za *.starbucks.com.bh *.starbucks.com.co *.starbucks.com.jo *.starbucks.com.kw *.starbucks.com.kz *.starbucks.com.lb *.starbucks.com.om *.starbucks.cz *.starbucks.de *.starbucks.eg *.starbucks.es *.starbucks.eu *.starbucks.fr *.starbucks.hu *.starbucks.ie *.starbucks.is *.starbucks.mt *.starbucks.nl *.starbucks.no *.starbucks.pl *.starbucks.pt *.starbucks.qa *.starbucks.ro *.starbucks.rs *.starbucks.sa *.starbucks.se *.starbucksslovakia.sk gateway.switch.tj *.worldpay.com *.trustarc.com youtu.be;frame-ancestors 'self' *.onecupbigchange.com *.starbucks.com cms.starbucks.ae cms.starbucks.at cms.starbucks.be cms.starbucks.bg cms.starbucks.ch cms.starbucks.co.ma cms.starbucks.co.uk cms.starbucks.co.za cms.starbucks.com.bh cms.starbucks.com.co cms.starbucks.com.jo cms.starbucks.com.kw cms.starbucks.com.kz cms.starbucks.com.lb cms.starbucks.com.om cms.starbucks.cz cms.starbucks.de cms.starbucks.eg cms.starbucks.es cms.starbucks.eu cms.starbucks.fr cms.starbucks.hu cms.starbucks.ie cms.starbucks.is cms.starbucks.mt cms.starbucks.nl cms.starbucks.no cms.starbucks.pl cms.starbucks.pt cms.starbucks.qa cms.starbucks.ro cms.starbucks.rs cms.starbucks.sa cms.starbucks.se cms.starbucksslovakia.sk;connect-src 'self' i.ytimg.com js-agent.newrelic.com *.trustarc.com aswpsdkus.com aswpsdkeu.com *.cdn-net.com *.accdab.net six.cdn-net.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.g.doubleclick.net google.com *.google.com aswpapius.com aswpapieu.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.worldpay.com bam.nr-data.net report.starbucks.gbqofs.io stats.g.doubleclick.net https://adservice.google.com maps.googleapis.com *.youtube.com;object-src 'none';base-uri 'none'; 32 object-src 'none'; base-uri 'none'; script-src 'nonce-STATIC_NONCE' 'strict-dynamic' 'wasm-unsafe-eval'; 31 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 31 frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce 31 default-src 'self' 'unsafe-inline' https://park.101datacenter.net https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 31 frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 31 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 30 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none'; 29 object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 29 script-src 'self' * https://heapanalytics.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' * https://cdn.us.heap-api.com https://heapanalytics.com 'unsafe-inline' 'unsafe-eval'; img-src * blob: data:; style-src 'self' * https://heapanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' * https://heapanalytics.com; font-src 'self' * https://c.us.heap-api.com https://heapanalytics.com data:; frame-ancestors 'self'; 29 upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 28 frame-ancestors 'self' https://*.cornerstoneondemand.com https://csod-studio.vercel.app https://*.csod-preview.com https://*.sanity.io https://*.sanity.studio;upgrade-insecure-requests;default-src 'self' https://*.cornerstoneondemand.com;connect-src *;font-src * data:;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline' blob:;style-src * 'unsafe-inline';worker-src * blob: 28 child-src * blob: 28 frame-ancestors 'self'; report-uri /_/commcsp?disposition=enforce; 28 default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 28 default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 28 block-all-mixed-content; frame-ancestors 'self' https://*.sapo.vn https://*.mysapo.net https://aelang.aecomapp.com; upgrade-insecure-requests 28 frame-ancestors 'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.nl:* https://*.espn.com:* https://*.espnqa.nl:* *.espnqa.com:* 27 sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri https://csp.yahoo.com/beacon/csp?src=redirect 27 frame-ancestors 'self'; upgrade-insecure-requests; 27 upgrade-insecure-requests;report-to default; 27 default-src 'self' *.gov.bd *.portal.gov.bd *.googleapis.com fonts.googleapis.com *.jquery.com *.bootstrapcdn.com *.googletagmanager.com *.google.com *.gstatic.com *.youtube.com *.facebook.com cdnjs.cloudflare.com;script-src 'self' *.gov.bd *.portal.gov.bd *.googleapis.com fonts.googleapis.com *.jquery.com *.bootstrapcdn.com *.googletagmanager.com *.google.com *.facebook.com cdn.datatables.net *.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' *.gov.bd *.portal.gov.bd *.google.com *.googleapis.com cdn.datatables.net *.facebook.com cdnjs.cloudflare.com getbootstrap.com https://getbootstrap.com http://getbootstrap.com netdna.bootstrapcdn.com;img-src 'self' *.gov.bd *.google.com *.portal.gov.bd *.facebook.com *.youtube.com data:;font-src 'self' *.gov.bd *.portal.gov.bd *.google.com netdna.bootstrapcdn.com *.gstatic.com cdnjs.cloudflare.com;connect-src 'self' *.gov.bd *.portal.gov.bd smartjob.portal.gov.bd *.google.com *.facebook.com;frame-src 'self' *.gov.bd *.google.com *.youtube.com *.portal.gov.bd *.facebook.com;object-src 'none'; 27 object-src 'none'; 27 default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 27 default-src 'self' *;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' *;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' *;frame-src 'self' * 27 frame-ancestors none 26 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 26 default-src 'self'; script-src 'self' 'unsafe-inline' https://api-chat.cyberfolks.pl https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://dev.visualwebsiteoptimizer.com https://cyberfolks.user.com https://widget.user.com https://bat.bing.com https://bat.bing.net https://cdn.mouseflow.com https://analytics.tiktok.com https://business.tiktok.com https://googleads.g.doubleclick.net https://connect.facebook.net https://scripts.clarity.ms https://apps.mypurecloud.ie https://www.youtube.com https://cdnjs.cloudflare.com https://cdn-widget.callpage.io https://www.googleadservices.com https://www.googletagservices.com https://www.clarity.ms ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self' blob:; img-src 'self' data: https:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.mouseflow.com https://static2.sharepointonline.com data:; connect-src 'self' https://api-chat.cyberfolks.pl https://api-cdn.mypurecloud.ie https://api.mypurecloud.ie wss://webmessaging.mypurecloud.ie https://fileupload.mypurecloud.ie https://apps.mypurecloud.ie https://dev.visualwebsiteoptimizer.com https://www.google.com https://www.google.pl https://region1.analytics.google.com https://region2.analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://eu01.rec.mouseflow.com https://cyberfolks.user.com wss://cyberfolks.user.com https://ads.tiktok.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://business.tiktok.com https://cdnjs.cloudflare.com https://y.clarity.ms https://www.facebook.com https://www.youtube.com https://www.clarity.ms https://www.googletagservices.com https://bat.bing.com https://bat.bing.net; frame-src 'self' https://cyberfolks.fireprobe.net https://apps.mypurecloud.ie https://www.google.com https://www.facebook.com https://www.youtube.com https://bid.g.doubleclick.net https://www.googletagmanager.com; frame-ancestors 'self' https://www.google.com; object-src 'none'; base-uri 'self'; 26 frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 26 frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 26 default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.adform.net *.adsrvr.org *.ads-twitter.com *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.amazon-adsystem.com *.awin1.com web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net *.b2x-env.cloud apps.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com app.contentsquare.com t.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net digitizer.app *.dwin1.com *.g.doubleclick.net *.en25.com *.excentos.com nonce-csp-test *.facebook.net *.foxbase.de *.fullstory.com *.google-analytics.com *.googleadservices.com www.googleanalytics.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.google.com *.google.de *.gstatic.com *.guuru.com rum.hlx.page *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.kpcustomer.de *.kuponacdn.de snap.licdn.com *.media01.eu *.metricool.com *.newrelic.com bam.eu01.nr-data.net *.onetrust.com assets.oney.io *.openweathermap.org *.oracleinfinity.in *.outbrain.com *.pages02.net cdn.parcellab.com *.pinimg.com *.pinterest.com *.qualtrics.com *.redditstatic.com lantern.roeyecdn.com *.a.run.app *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.soundcloud.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com userprotect.de.stihl-dns.net *.dam.stihl.cloud *.taboola.com *.teads.tv *.tealiumiq.com analytics.tiktok.com *.tiktokw.us *.tiqcdn.com *.trbo.com *.trkkn.com s.uicdn.com d.c.cdnsrv.de typekit.net *.typekit.net unpkg.com *.unpkg.com *.assistant.watson.appdomain.cloud *.xing.com *.xingcdn.com sp.analytics.yahoo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com s.yimg.com *.zemanta.com *.zenaps.com *.zenloop.com js.stripe.com web-app-frontend-micro-po-t.azurewebsites.net; connect-src 'self' adobeioruntime.net *.adobeioruntime.net *.adyen.com *.adsrvr.org zenloop-website-overlay-production.s3.amazonaws.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon api-app-backend-pda-t.azurewebsites.net api-app-backend-pda-q.azurewebsites.net api-app-backend-pda-r.azurewebsites.net web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net *.bazaarvoice.com *.bing.com *.bing.net *.clarity.ms *.cloudflare.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net data: *.demdex.net *.digitizer.app *.doubleclick.net d.c.cdnsrv.de *.excentos.com ext.nonstoppartner.net *.facebook.com *.foxbase.de *.fullstory.com google.com *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.google.at *.google.be *.google.ch *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.hu *.google.it *.google.lu *.google.nl *.google.pl *.google.pt *.guuru.com *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.linkedin.com *.media01.eu bam.eu01.nr-data.net *.omtrdc.net *.onetrust.com widget.oney.io *.oribi.io *.outbrain.com api.openweathermap.org *.parcellab.com *.phrase.com *.phraseapp.com *.pinterest.com *.qualtrics.com *.reddit.com *.redditstatic.com *.a.run.app *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.stihl.be *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com stihl-sso.com stihl.tui-servicelayers.io *.taboola.com *.teads.tv collect.tealiumiq.com analytics.tiktok.com *.tiktokw.us *.trbo.com *.trkkn.com typekit.net *.typekit.net *.assistant.watson.appdomain.cloud *.blob.core.windows.net *.xing.com *.xingcdn.com s.yimg.com *.youtube-nocookie.com wss://*.iadvize.com www.wepowerconnections.com *.zenloop.com login.microsoftonline.com graph.microsoft.com *.b2clogin.com; img-src 'self' *.ad-stir.com *.1rx.io *.3ma79ae7cua.com 3ma79ae7cua.com *.360yield.com *.3lift.com *.addthis.com *.adform.net *.adingo.jp *.admixer.co.kr *.adnxs.com *.adscale.de *.adsrvr.org *.adtdp.com *.advertising.com *.adyen.com *.agkn.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com *.amazon-adsystem.com *.ants.vn *.appcelerate.ai *.aralego.com *.atdmt.com *.awin1.com *.azureedge.net *.b2x-env.cloud *.bazaarvoice.com segment.prod.bidr.io *.bidswitch.net *.billie.io *.bing.com *.bing.net blob: *.bluekai.com *.casalemedia.com *.clarity.ms *.clmbtech.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.dable.io data: *.demdex.net *.dmxleo.com *.doubleclick.net *.dspx.tv *.dwin1.com *.e-planning.net *.emxdgt.com *.everesttech.net *.excentos.com *.facebook.com *.facebook.net *.foxbase.de *.fullstory.com *.fwnm.net *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.googleusercontent.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mi *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.guuru.com *.gstatic.com *.herrenseite.de *.iadvize.com *.id5-sync.com id5-sync.com event.tracker.inlabserving.com *.rediunid.imrworldwide.com *.ivitrack.com *.kargo.com s.kelkoogroup.net *.krxd.net *.liadm.com *.linkedin.com px.ads.linkedin.com *.mail.ru *.meba.kr *.media.net *.mediavine.com *.mediawallahscript.com *.metricool.com *.mgid.com *.microad.jp *.nate.com *.omnitagjs.com *.omtrdc.net assets.oney.io *.openx.net *.outbrain.com *.pages02.net *.parcellab.com *.pinterest.com *.pinterest.de *.postrelease.com *.pubmatic.com *.qualtrics.com *.reddit.com *.rambler.ru *.revcontent.com *.rlcdn.com *.rockysandstudio.com lantern.roeye.com *.rubiconproject.com *.the.sciencebehindecommerce.com t.uimserv.de *.seadform.net *.seznam.cz *.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net *.socdm.com *.stickyadstv.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com dam.stihl.cloud t.co *.taboola.com *.tapad.com *.teads.tv *.tealiumiq.com *.thebrighttag.com *.tiktokw.us *.toast.com *.tpmn.co.kr *.trbo.com *.tremorhub.com trk.beintoo.net *.turn.com *.twiago.com analytics.twitter.com typekit.net *.typekit.net sync.targeting.unrulymedia.com web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net *.wepowerconnections.com *.windows.net storagetimbersportsdata.blob.core.windows.net *.xing.com *.xingcdn.com *.yahoo.com *.yahoo.net *.yandex.ru *.yieldlab.net *.yieldmo.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.zemanta.com *.zenaps.com *.zenloop.com; media-src 'self'; style-src 'self' 'unsafe-inline' web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net *.cookielaw.org digitizer.app *.excentos.com *.foxbase.de fonts.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.iadvize.com *.onetrust.com *.trbo.com cdn.parcellab.com; font-src 'self' zenloop-assets.s3.eu-west-1.amazonaws.com web-chat.global.assistant.watson.appdomain.cloud web-app-costcalculator-frontend-pda-t.azurewebsites.net web-app-costcalculator-frontend-pda-q.azurewebsites.net web-app-costcalculator-frontend-pda-r.azurewebsites.net web-app-batteryadvisor-frontend-pda-t.azurewebsites.net web-app-batteryadvisor-frontend-pda-q.azurewebsites.net web-app-batteryadvisor-frontend-pda-r.azurewebsites.net apps.bazaarvoice.com cdnjs.cloudflare.com data: *.excentos.com *.foxbase.de fonts.googleapis.com fonts.gstatic.com *.guuru.com *.iadvize.com assets.oney.io cdn.parcellab.com *.stihl.de *.trbo.com typekit.net *.typekit.net *.zenloop.com; frame-src 'self' *.ad-srv.net *.adform.net track.adform.net *.adsrvr.org *.adyen.com *.awin1.com segment.prod.bidr.io *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.dwin1.com d.c.cdnsrv.de *.excentos.com *.facebook.com *.fullstory.com *.google.com *.googletagmanager.com *.guuru.com *.iadvize.com *.jaggaer.com *.kuponacdn.de pixel.mathtag.com my.matterport.com secure.img-cdn.mediaplex.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.com *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.qualtrics.com *.redintelligence.net *.the.sciencebehindecommerce.com *.soundcloud.com static.stihl.com *.stihl.at *.stihl.be *.stihl.bg *.stihl.ca *.stihl.ch *.dam.stihl.cloud *.stihl.cn *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.de *.stihl.dk *.stihl.es *.stihl.fi *.stihl.fr *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.lu *.stihl.nc *.stihl.nl *.stihl.no *.stihl.pe *.stihl.pl *.stihl.pt *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-dns.net *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com *.teads.tv *.trbo.com e.video-cdn.net *.youtube.com *.youtube-nocookie.com *.zenaps.com login.microsoftonline.com support-dev.microsoftcrmportals.com graph.microsoft.com js.stripe.com web-app-frontend-micro-po-t.azurewebsites.net; child-src 'self' blob: *.guuru.com 26 default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net events.webnode.com events.staging.webnode.com events.testing.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com bat.bing.net analytics.ahrefs.com/analytics.js connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp ct.pinterest.com https://cdn.rudderlabs.com/ https://cdn.amplitude.com/ cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp https://s.pinimg.com https://track.adform.net https://s2.adform.net https://eu.acsbapp.com/apps/app/dist/js/app.js https://eu.acsbapp.com/apps/app/dist/js/ https://accesswidget-log-receiver.acsbapp.com/ https://eu-cdn.acsbapp.com/config/ https://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://track-eu1.hubspot.com/;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com bat.bing.net q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://ct.pinterest.com https://track.adform.net https://server.seadform.net/serving/cookie/ https://track-eu1.hubspot.com/;frame-ancestors 'self'; 25 default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 25 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com 25 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 25 frame-ancestors 25 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 25 frame-ancestors 'self' adultmobile.com *.adultmobile.com babes.com *.babes.com babesnetwork.com *.babesnetwork.com bblmate.com *.bblmate.com biempire.com *.biempire.com bigstr.com *.bigstr.com blackmaleme.com *.blackmaleme.com brazzers.com *.brazzers.com brazzersnetwork.com *.brazzersnetwork.com bromo.com *.bromo.com bromonetwork.com *.bromonetwork.com cambb.xxx *.cambb.xxx cambuilder.com *.cambuilder.com camdevils.com *.camdevils.com camjab.com *.camjab.com camjunky.com *.camjunky.com camrub.com *.camrub.com camutik.com *.camutik.com chatass.com *.chatass.com chatfree24.com *.chatfree24.com clipeek.com *.clipeek.com czechhunter.com *.czechhunter.com danejones.com *.danejones.com debtdandy.com *.debtdandy.com deviante.com *.deviante.com devianthardcore.com *.devianthardcore.com digitalplayground.com *.digitalplayground.com digitalplaygroundnetwork.com *.digitalplaygroundnetwork.com dilfed.com *.dilfed.com dirtyscout.com *.dirtyscout.com doghousedigital.com *.doghousedigital.com dpmate.com *.dpmate.com erito.com *.erito.com eroticspice.com *.eroticspice.com extremetubemate.com *.extremetubemate.com fakehostel.com *.fakehostel.com fakehub.com *.fakehub.com faketaxi.com *.faketaxi.com familyhookups.com *.familyhookups.com familysinners.com *.familysinners.com forgivemefather.com *.forgivemefather.com gilfed.com *.gilfed.com girlgrind.com *.girlgrind.com hentaipros.com *.hentaipros.com hentaiprosnetwork.com *.hentaiprosnetwork.com hotgirlsgame.com *.hotgirlsgame.com househumpers.com *.househumpers.com icfadmin.com *.icfadmin.com iconmale.com *.iconmale.com iknowthatgirl.com *.iknowthatgirl.com jerkmate.com *.jerkmate.com kinkyspa.com *.kinkyspa.com kwikylive.com *.kwikylive.com lesbea.com *.lesbea.com letspostit.com *.letspostit.com liveporncams.xxx *.liveporncams.xxx loveherass.com *.loveherass.com maleaccess.com *.maleaccess.com men.com *.men.com mennetwork.com *.mennetwork.com menxposed.com *.menxposed.com metrohd.com *.metrohd.com milehighmedia.com *.milehighmedia.com milfed.com *.milfed.com mofos.com *.mofos.com mofosnetwork.com *.mofosnetwork.com momslickteens.com *.momslickteens.com nastycast.com *.nastycast.com noirmale.com *.noirmale.com nudecams.xxx *.nudecams.xxx nudeporncams.xxx *.nudeporncams.xxx nyloncams.com *.nyloncams.com onbrazzers.com *.onbrazzers.com onmofos.com *.onmofos.com papi.com *.papi.com prettydirtyteens.com *.prettydirtyteens.com privatamateure.com *.privatamateure.com propertysex.com *.propertysex.com publicagent.com *.publicagent.com realitydudes.com *.realitydudes.com realitydudesnetwork.com *.realitydudesnetwork.com realityjunkies.com *.realityjunkies.com realitykings.com *.realitykings.com rk.com *.rk.com seancody.com *.seancody.com seancodynetwork.com *.seancodynetwork.com sexapemate.com *.sexapemate.com sexroulettelive.net *.sexroulettelive.net sextubemate.com *.sextubemate.com sexworking.com *.sexworking.com sexyhub.com *.sexyhub.com shewillcheat.com *.shewillcheat.com spicevids.com *.spicevids.com spicevidsgay.com *.spicevidsgay.com squirted.com *.squirted.com sweetheartvideo.com *.sweetheartvideo.com sweetsinner.com *.sweetsinner.com taboomale.com *.taboomale.com teenslovehugecocks.com *.teenslovehugecocks.com trannytubemate.com *.trannytubemate.com transangels.com *.transangels.com transangelsnetwork.com *.transangelsnetwork.com transharder.com *.transharder.com transsensual.com *.transsensual.com trueamateurs.com *.trueamateurs.com twinkpop.com *.twinkpop.com twistedfamilies.com *.twistedfamilies.com twistys.com *.twistys.com twistysnetwork.com *.twistysnetwork.com vidsmate.com *.vidsmate.com voyr.com *.voyr.com whynotbi.com *.whynotbi.com; report-uri /api/csp-report; 25 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; base-uri 'self' 25 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; worker-src 'self' blob:; 25 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 24 * 24 frame-src * 24 img-src * data:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; 24 frame-ancestors 'self' https://*.kindredtech.net https://*.kindredgroup.com https://*.custhelp.com; default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 24 block-all-mixed-content; frame-ancestors 'self' 24 frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ https://admin-cx.deco.page/ https://deco.chat https://admin.decocms.com https://decocms.com 24 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 23 frame-ancestors 'self' www.bookends.info *.bookends.info 23 worker-src 'self' blob: 23 frame-ancestors 'self' https://*.etracker.com; frame-src https://wp-rocket.me/ https://youtube.com https://www.youtube.com https://player.vimeo.com; default-src 'none'; script-src 'self' *.time-matters.com https://*.etracker.com https://*.etracker.de data: 'unsafe-eval' 'unsafe-inline'; connect-src 'self' *.time-matters.com https://*.etracker.de; img-src 'self' data: https: *.gravatar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none'; base-uri 'none'; form-action 'self' https://info.time-matters.com https://*.time-matters.com; media-src 'self'; 23 upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: ws: *.abtasty.com *.bazaarvoice.com *.bumlam.com *.bing.com bat.bing.net *.crazyegg.com *.clarity.ms *.doubleclick.net *.google.com *.google-analytics.com *.googlesyndication.com *.gstatic.com *.googleapis.com www.googleadservices.com www.googletagmanager.com service.gstatic-cache.com lh3.googleusercontent.com *.mapbox.com *.mycheckstatus.com *.onetrust.com *.pinterest.com *.pmcprograms.com *.pricespider.com *.retargetly.com *.typeform.com *.taboola.com services.global.commerce-connector.com shoppable-assets.global.commerce-connector.com shoppable-configs.global.commerce-connector.com shoppable.commerce-connector.com ws.hotjar.com script.hotjar.com static.hotjar.com metrics.hotjar.io vc.hotjar.io content.hotjar.io nasacort.jebbit.com xyzalus.jebbit.com icyhotus.jebbit.com www.youtube.com m.youtube.com www.youtube-nocookie.com allegra-pitstop-game-0046fd43d9e4.herokuapp.com testyourliver.abi.ai crescendoc.wufoo.com s3.amazonaws.com askyourliver.s3.eu-central-1.amazonaws.com beacon.deepintent.com ads-engagement.presage.io an.yandex.ru mc.yandex.com mc.yandex.ru yandex.ru analytics.tiktok.com analytics.twitter.com static.ads-twitter.com api-js.mixpanel.com api.amcreativemedia.com api.global-data-lab.com api.highdataanalytics.com api.lapis-analytics.com api.mkmediaworks.com api.permutive.com api.solaranalyticscorp.com cdn-eidpp.nitrocdn.com cdn-uicons.flaticon.com cdn.cookielaw.org cdn.flowcode.com cdn.jsdelivr.net cdn.krxd.net cdn.mouseflow.com cdn.trustpilot.net cdn.tailwindcss.com cdnjs.cloudflare.com clientstream.launchdarkly.com cloudjs.netlify.com code.jquery.com connect.facebook.net l.facebook.com www.facebook.com ara.paa-reporting-advertising.amazon auth.iws-hybrid.trendmicro.com data1.calicluo.com datenschutz.sanofi.de i.ytimg.com ib.adnxs.com secure.adnxs.com images.simplycodes.com kraken.rambler.ru r3.dotdigital-email.com r3.dotdigital-pages.com cs.frontend.weborama.fr sanofi.solution.weborama.fr deo.shopeemobile.com dev.visualwebsiteoptimizer.com diffuser-cdn.app-us1.com edge.fullstory.com fonts.cdnfonts.com gdehu.hit.gemius.pl grmtech.net hu-gmtdmp.mookie1.com hugde.adocean.pl insight.adsrvr.org js.adsrvr.org log-papago.naver.com login.microsoftonline.com mon16-normal-useast5.tiktokv.us o132438.ingest.sentry.io p.typekit.net use.typekit.net pixel.rubiconproject.com pollen.services.myilume.de pollenapps.com privacy-cs.mail.ru r3.mail.ru rs.mail.ru top-fwz1.mail.ru px.adhigh.net px.ads.linkedin.com rbtds.net retcode-us-west-1.arms.aliyuncs.com rules.quantcount.com s.adroll.com s.amazon-adsystem.com s.pinimg.com s.yimg.com sc-static.net secure.quantserve.com security-us.mimecast.com snap.licdn.com sp.analytics.yahoo.com spoppe-b.azureedge.net t-azmaps.azurelbs.com st.top100.ru static.ads-twitter.com t.co static.terratraf.io static2.sharepointonline.com sync.crwdcntrl.net sync.dmp.otm-r.com sync.upravel.com tr.snapchat.com tr6.snapchat.com racking.adsafety.net unpkg.com use.fontawesome.com vk.com ws.miqcommerce.com www.instagram.com www.rappi.com.co www.researchsolutions.com www.sanofi.us www.terracycle.com apiv2.popupsmart.com yt3.ggpht.com vimeo.com player.vimeo.com edge.curalate.com engage.telfast.com.au www.telfastcashback.com.au telfast-widget.ambeedata.com telfast-movie-ticket.kostaging.com.au telfast-movie-ticket.kopromos.com.au www.buscopanmoneyback.com.au lett.2buycdn.com embed.2b.uy *.teads.tv p.teads.tv *.amazon-adsystem.com *.run.app analytics-ipv6.tiktokw.us cortizone10.jebbit.com *.taggbox.com *.tagbox.com iaso-amer.dulcolax.com; 23 frame-ancestors 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 23 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 22 upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 22 frame-ancestors 'self' https://app.datadoghq.eu https://backoffice.cwcg9g7aq8-mercedesb2-p1-public.model-t.cc.commerce.ondemand.com; 22 block-all-mixed-content; upgrade-insecure-requests 22 default-src https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss: data: blob:; img-src 'self' https: data: blob:; font-src 'self' https: data: blob:; worker-src 'self' https: blob:; frame-ancestors 'self' *.sitewrench.com *.speakcreative.com 22 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: yoti: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com global.frcapi.com *.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.segpay.com *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com *.agego.com www.youtube.com info.xvideos.net www.tjk-njk.com *.yoti.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.acdn5165543.com *.aacdn.net martted.com *.opoxv.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com chat.1ka.com u.1ka.com media.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us storage.agego.com *.gtflixtv.com media.1ka.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net xenoly7.com miraco7.com clariva5.com miraex6.com go2fridayroll.com solvix8.com linktoliraspin.com clyoro7.com volexa5.com dynara3.com veltor2.com *.trackingtraffo.com trackingtraffo.com *.nowsrv.com betoholictrack.net refpa2518.com refpa3665.com melbet-ma.com melbetegypt.com 1xlite-815256.bar *.staticfilesonly.com; report-uri https://www.xvideos.com/csp-reports; report-to csp-endpoint 21 default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; img-src ‘self’ data:; font-src ‘self’ data:; connect-src ‘self’; 21 default-src 'self'; script-src 'self' 'unsafe-inline' 21 frame-ancestors 'self' https://testbaba.virtualcms.it 21 worker-src 'self'; 21 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 21 frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src cdn.cookielaw.org privacyportal.onetrust.com widget.getyourguide.com *.slgnt.eu *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.discover-airlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel *.dwin1.com rum.hlx.page 'unsafe-inline' 'unsafe-eval'; object-src 'none'; worker-src blob: *.discover-airlines.com.com; 21 frame-ancestors 'self' https://experience.adobe.com; 21 default-src 'self' blob: analytics-ipv6.tiktokw.us cdn.moengage.com app-cdn.moengage.com sdk-01.moengage.com sdk-02.moengage.com sdk-03.moengage.com sdk-04.moengage.com wss://umd.userlike.com/ www.connectcdk.com ct.pinterest.com s.pinimg.com *.drivecentric.io *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 gubagoo.io *.gubagoo.io *.analytics.google.com/ *.autouncle.de *.aws.porsche-preview.cloud/ *.aws.porsche.cloud/ *.clarity.ms *.cloudfront.net *.doubleclick.net *.facebook.com *.fls.doubleclick.net *.google-analytics.com/ *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googletagmanager.com *.hcaptcha.com *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.qualtrics.com tags.tiqcdn.com tags.tiqcdn.cn tags-eu.tiqcdn.com *.storystream.ai *.usercentrics.eu *.userlike.com ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com edge.eu1.fullstory.com files.superchat.de fledge.teads.tv ftm.fluencyinc.co/ftm-ddc.js googleads.g.doubleclick.net https://js-agent.newrelic.com/ http://cdn.ui.porsche.com/ https://app.carnow.com/ https://cdn.gubagoo.io https://config.eu.usercentrics.eu https://hcaptcha.com https://maps.googleapis.com https://pixall.esm1.net https://porsche.com https://static.app.carnow.com https://themes.static.app.carnow.com https://sync.graph.bluecava.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com *.linkedin.com r.turn.com rs.fullstory.com rs.eu1.fullstory.com s.adroll.com sc-static.net script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com tracking.crazyegg.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net bam.nr-data.net my.tealiumiq.com cdnjs.cloudflare.com *.kajoo.ca/ *.auth0.com *.kajoo.ai evt.autouncle.com bat.bing.net wss://node.gubagoo.io wss://gb1-node.gubagoo.io cdn.carfilmapp.com *.adform.net a.mgid.com; img-src 'self' blob: a.storyblok.com a.mgid.com moe-email-campaigns.s3.amazonaws.com image.moengage.com images-porsche.imgix.net bat.bing.net fra1.qualtrics.com siteintercept.qualtrics.com i.ytimg.com https://userlike-cdn-operators.userlike.com/ gubagoo.io *.gubagoo.io *.aws.porsche.cloud/ *.aws.porsche-preview.cloud/ *.autouncle.de *.clarity.ms *.cloudfront.net *.doubleclick.net/ *.facebook.com *.fls.doubleclick.net *.ggpht.com *.google-analytics.com/ *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com/ *.googletagmanager.com *.gstatic.com *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.usercentrics.eu ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com edge.eu1.fullstory.com files.superchat.de fledge.teads.tv googleads.g.doubleclick.net http://cdn.ui.porsche.com/ idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com *.linkedin.com r.turn.com rs.fullstory.com rs.eu1.fullstory.com s.adroll.com s1755874914.t.eloqua.com script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com static.app.carnow.com data:; style-src 'self' cdn.moengage.com app-cdn.moengage.com fonts.bunny.net assets.autouncle.com *.cloudfront.net *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com api.drivecentric.com *.googletagmanager.com tags.srv.stackadapt.com themes.static.app.carnow.com 'unsafe-inline' https://fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' data: assets.autouncle.com fonts.bunny.net https://userlike-cdn-umm.b-cdn.net/ *.porsche.cn *.porsche.com *.cloudfront.net *.porsche-preview.cn *.porsche-preview.com 'unsafe-inline' https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; frame-src 'self' blob: www.connectcdk.com privacyportal.onetrust.com porsche-emails-v2.s3.eu-west-2.amazonaws.com *.accelerate.dealer.com *.autouncle.de *.clarity.ms *.creditbureauconnection.com *.doubleclick.net/ *.facebook.com *.fls.doubleclick.net *.google.com *.google.de *.googleadservices.com *.googletagmanager.com *.hcaptcha.com/ *.porsche-preview.cn *.porsche-preview.com *.porsche.cn *.porsche.com *.usercentrics.eu/ ad.doubleclick.net adservice.google.com analytics.tiktok.com api.drivecentric.com assets.autouncle.com assets.prod.analytics.dealer.com bat.bing.com c.bing.com c.clarity.ms cm.teads.tv connect.facebook.net cs.esm1.net d.adroll.com dealership3d.com dealership3d.s3.ap-southeast-2.amazonaws.com edge.fullstory.com edge.eu1.fullstory.com files.superchat.de fledge.teads.tv googleads.g.doubleclick.net https://app.carnow.com/ https://consumer.xtime.com/ https://creditbureauconnection.com https://pauc.syndication.kbb.com/ https://porsche.com https://static.app.carnow.com https://sync.graph.bluecava.com idsync.rlcdn.com ignitify-insite-scripts.drivecentric.io ignitify-insite.drivecentric.io ignitify-tagmanager-scripts.drivecentric.io ignitify-tagmanager.drivecentric.io img06.en25.com o2.eyereturn.com p.teads.tv pixel.mathtag.com *.linkedin.com r.turn.com rs.fullstory.com rs.eu1.fullstory.com s.adroll.com script.crazyegg.com scripts.foureyes.io snap.licdn.com stags.bluekai.com static-tracking.klaviyo.com static.klaviyo.com static.matterport.com t.teads.tv tags.bkrtx.com tags.bluekai.com tags.srv.stackadapt.com td.doubleclick.net tr.snapchat.com tr6.snapchat.com unpkg.com ut.foureyes.io v.clarity.ms videochat.mobilapp.io widget.superchat.de widgets.binotel.com *.youtube.com app-prod.flipacar.com e.issuu.com fca1.wpengine.com conscheduling.tekioncloud.com player.vimeo.com consumer.xtime.net.au www.cognitoforms.com api.connectcdk.com gain-vi.ca www.youtube-nocookie.com porsche-production.discover.chargetrip.com suite.dtdrs.dealertrack.com porsche-shared.vercel.app gaudinmotorcompany.bamboohr.com ct.pinterest.com cdn.moengage.com m.xtime.com *.adform.net; 21 frame-ancestors 'self' https://webvisor.com http://webvisor.com; 21 frame-ancestors 'self' * 20 ; 20 default-src 'none';base-uri 'self';script-src 'self' 'unsafe-inline' blob: https://api.search.gov.sg https://www.search.gov.sg https://*.wogaa.sg https://*.dcube.cloud https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://graph.facebook.com https://*.licdn.com https://www.youtube.com https://webchat.vica.gov.sg https://webchat.mol-vica.com https://*.clarity.ms https://*.ask.gov.sg https://analytics.tiktok.com https://login.dotomi.com https://login-ds.dotomi.com ;style-src 'self' 'unsafe-inline' https://assets.wogaa.sg https://assets.dcube.cloud https://www.search.gov.sg https://webchat.vica.gov.sg https://webchat.mol-vica.com ;object-src 'none' ;connect-src 'self' https://isomer-user-content.by.gov.sg https://browser-intake-datadoghq.com https://api.search.gov.sg https://*.wogaa.sg https://*.dcube.cloud https://api-chat-fe-flag.vica.gov.sg https://chat.vica.gov.sg wss://chat.vica.gov.sg https://api-chat-fe-flag.mol-vica.com https://chat.mol-vica.com wss://chat.mol-vica.com https://www.google-analytics.com https://www.google.com https://analytics.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://*.clarity.ms https://c.bing.com https://ask.gov.sg https://*.ask.gov.sg https://data.gov.sg https://*.data.gov.sg https://ad.doubleclick.net https://www.googleadservices.com https://www.google.com.sg https://www.facebook.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us ;font-src 'self' data: https://fonts.gstatic.com https://www.search.gov.sg https://assets.wogaa.sg https://assets.dcube.cloud ;frame-src 'self' https://www.search.gov.sg https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net https://www.onemap.gov.sg https://www.youtube-nocookie.com https://player.vimeo.com https://m.facebook.com https://www.facebook.com https://docs.google.com https://form.gov.sg https://maps.gov.sg https://*.fls.doubleclick.net ;img-src 'self' https: ;manifest-src 'self' ;media-src 'self' ;worker-src 'self' ;frame-ancestors 'self' ; 20 script-src 'self' 'strict-dynamic' 'nonce-LSY_r4nD0m' https://www.google-analytics.com:443 https://*.dynamics.com:443 https://mktdplp102cdn.azureedge.net:443 https://www.googletagmanager.com:443 https://connect.facebook.net:443 https://snap.licdn.com:443 https://*.ads.linkedin.com:443 https://www.youtube.com:443 ; style-src 'self' 'unsafe-inline' https://*.tagmanager.com:443 https://*.googleapis.com:443;font-src 'self'; connect-src 'self' https://*.lhsystems.com:443 https://*.stape.io:443 https://*.doubleclick.net:443 https://*.dynamics.com:443 https://*.linkedin.com:443 https://*.google-analytics.com:443 https://*.google.com:443 https://*.facebook.com:443; frame-src https://*.google.com:443 https://*.google.de:443 https://*.dynamics.com:443 https://www.youtube.com:443 https://www.youtube-nocookie.com:443 https://www.googletagmanager.com:443; frame-ancestors https://*.dynamics.com:443; form-action 'self';img-src 'self' data: https://www.google.com.*:443 https://*.lhsystems.com:443 https://*.doubleclick.net:443 https://*.google.de https://cdn.lhsystems.com:443 https://*.ads.linkedin.com:443 https://*.dynamics.com:443 https://*.facebook.com:443 https://www.google.hu:443 https://*.google.com:443 https://*.google-analytics.com:443 https://*.googletagmanager.com:443;object-src 'none';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests; 20 default-src 'self'; object-src 'self' blob:; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src 'self' blob: *; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com static.hotjar.com launch-9151dc1e0eb6-development mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.parquesreunidos.es *.optickssecurity.com *.opticksstatic.com *.opticksprotection.com opticksprotection.com assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com www.sandbox.paypal.com checkoutshopper-live.adyen.com sandbox.src.mastercard.com src.mastercard.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com *.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com apps.mypurecloud.ie surveydynamix.com apps.mypurecloud.com osm.klarnaservices.com js.klarna.com pagead2.googlesyndication.com static.sojern.com *.outbrain.com tib2.tropical-islands.de sla3.slagharen.com mir8.mirabilandia.it mib9.mirabeach.mirabilandia.it war5.parquewarner.com wab6.parquewarnerbeach.parquewarner.com pam4.parquedeatracciones.es mpg3.movieparkgermany.de mar7.marineland.fr zoo2.zoomadrid.com fau4.faunia.es bjl1.bobbejaanland.be bld2.bonbonland.dk dwo7.dutchwonderland.com bnp8.bonoparques.es tus1.tusenfryd.no swa4.selwo.es swm9.selwomarina.es teb6.telefericobenalmadena.com mxa8.atlantisaquarium-madrid.es bel7.belantis.de blk3.blackpoolzoo.org.uk bos6.sommarland.no bor5.oceanarium.co.uk aqs1.aquasplash.fr car1.cartaya.aquopolis.es cda2.costa-dorada.aquopolis.es cul3.cullera.aquopolis.es tor4.torrevieja.aquopolis.es vil5.villanueva.aquopolis.es slp2.sealifeparkhawaii.com ctp3.castlepark.com knw4.kennywood.com adp5.adventurelandresort.com lkc8.lakecompounce.com cnh1.cartoonnetworkhotel.com sct1.sandcastlewaterpark.com stl6.storylandnh.com sny5.splishsplash.com lsa6.livingshores.com rla9.ragingwaters.com syd7.ragingwaterssydney.com.au wco2.watercountry.com wep3.emeraldpointe.com noa8.noahsarkwaterpark.com idw7.idlewild.com webchat.digitalcx.com *.aptrinsic.com *.datatrans.com *.recaptcha.net *.bookingkit.com *.paypalobjects.com *.trackingplan.com *.leadinfo.net *.moin.ai *.talkjs.com *.accdab.net staging.cdn-net.com six.cdn-net.com www.cdn-net.com demo.fareharbor.com fareharbor.com *.piwik.pro *.instagram.com *.equalweb.com; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 20 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: https://cdn.ampproject.org https://*.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' filesystem: https://fonts.googleapis.com; img-src 'self' https: data: blob: filesystem: secure.gravatar.com cdn.ampproject.org ampproject.net *.wordpress.org s.w.org *.githubusercontent.com; connect-src 'self' https: data: blob: filesystem: https://cdn.ampproject.org https://ampcid.google.com https://ampcid.google.com.mt https://ampcid.google.com.tr https://*.google-analytics.com https://*.hotjar.com https://*.facebook.com https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com; font-src 'self' https: data: blob: filesystem: https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https: data: blob: filesystem: https://www.googletagmanager.com https://*.google.com https://vars.hotjar.com https://www.facebook.com 20 default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: mailto: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com https://smb.apple.com https://nova.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 19 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' 19 frame-ancestors https://app.contentful.com 19 frame-ancestors 'self'; object-src 'none'; 19 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 19 frame-ancestors 'self'; object-src 'none' 19 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 19 script-src * 'unsafe-inline' 'unsafe-eval' 19 object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://mc.yandex.com/ https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 19 frame-ancestors 'self' https://epson.custhelp.com https://epson-es.custhelp.com https://epson-pt.custhelp.com *.goepson.com 19 frame-ancestors 'self' *.hexia.io *.zigtools.nl *.zig365.nl 19 frame-ancestors 'self' *.youtube.com 19 base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://lht.mindbreeze.com 'unsafe-inline' 'unsafe-eval' https://lht-acc.mindbreeze.com 'unsafe-inline' 'unsafe-eval' https://code.etracker.com https://app.usercentrics.eu/ https://www.etracker.de/; connect-src 'self' data: https: wss: www.google-analytics.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 19 default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag 'sha256-jrgkEqFIwhymCeRxfh3RHm2ssvwC2lNerrrYfQZiAMA=' # Script for WizGov 'sha256-E6VSHz7prXjxYy3IswjAT2XLomQQ+UmhLBThJZm+dGs=' # Script for WizGov https://script-staging.wiz.gov.sg/customs-script.js https://script.wiz.gov.sg/customs-script.js blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js https://*.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud/ https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ https://*.onemap.gov.sg/ https://maps.hack2025.gov.sg https://maps.gov.sg ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://*.ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; 19 frame-ancestors 'self' xerox.com *.xerox.com carear.app 18 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 18 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https: ; worker-src 'self' blob: ; media-src 'self' blob: https: ; 18 frame-ancestors 'self' https://app.stg.boxoffice.com https://app.boxoffice.com 18 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data: 18 frame-ancestors 'self'; base-uri 'self'; 18 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 18 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *; 17 script-src 'self' 17 block-all-mixed-content; upgrade-insecure-requests; 17 object-src 'none'; frame-ancestors 'self' 17 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' blob: data: https://*; media-src 'self' blob: data: https://*; frame-ancestors 'self'; report-uri /cspreporting.php; report-to csp-endpoint; 17 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 17 frame-ancestors https://*.pironet-ndh.com:4433 'self' 17 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 17 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; connect-src * blob:; font-src https:; frame-ancestors 'self' https://preview.plaece.nl; frame-src *; img-src https: data: blob:; media-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src https: blob: 17 frame-ancestors 'self' *.google.com; 16 report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 16 default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 16 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 16 default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob:;frame-ancestors 'self'; 16 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 16 frame-ancestors 'self' *.plataformaneo.com.br 16 sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 16 upgrade-insecure-requests; base-uri 'none'; 16 frame-ancestors 'self' https://shop.kaspersky.co.uk https://shop.kaspersky.ca https://cart.kaspersky.com.br https://loja.kaspersky.pt https://shop.africa.kaspersky.com https://shop.afrique.kaspersky.com https://shop.baltics.kaspersky.com https://shop.bg.kaspersky.com https://shop.hu.kaspersky.com https://shop.il.kaspersky.com https://shop.kaspersky.be https://shop.kaspersky.co.in https://shop.kaspersky.co.jp https://shop.kaspersky.co.kr https://shop.kaspersky.co.th https://shop.kaspersky.com https://shop.kaspersky.com.au https://shop.kaspersky.com.hk https://shop.kaspersky.com.tr https://shop.kaspersky.com.tw https://shop.kaspersky.com.vn https://shop.kaspersky.cz https://shop.kaspersky.de https://shop.kaspersky.dk https://shop.kaspersky.es https://shop.kaspersky.fi https://shop.kaspersky.fr https://shop.kaspersky.gr https://shop.kaspersky.it https://shop.kaspersky.kz https://shop.kaspersky.ma https://shop.kaspersky.nl https://shop.kaspersky.ro https://shop.kaspersky.rs https://shop.kaspersky.ru https://shop.kaspersky.se https://shop.me.kaspersky.com https://shop.no.kaspersky.com https://shop.sea.kaspersky.com https://shop.stan.kaspersky.com https://shop.usa.kaspersky.com https://shop-lt.latam.kaspersky.com https://shop-mx.latam.kaspersky.com https://checkout.kaspersky.gr; 15 frame-ancestors 'self' *.awsapps.nvidia.com *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com https://cms.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://cms.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://events.rainfocus.com https://docs.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://docs.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://nvfile; 15 frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; object-src 'self'; 15 upgrade-insecure-requests; frame-ancestors 'none' 15 script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ws: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; object-src 'none'; worker-src blob:; img-src 'self' blob: data: https:; frame-src 'self' blob: data: https:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 15 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 15 frame-ancestors 'self' https://www.fortinet.com https://fortinet.pathfactory.com 15 Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://*.bwin.com https://*.bwin.de https://*.bwin.dk https://*.bwin.es https://*.bwin.fr https://*.bwin.it https://*.bwin.gr https://*.bwin.se https://*.bwin.be https://*.bwin.co https://*.bwin.mx https://*.bwin.nl https://*.bwin.pl https://*.bwin.pt https://*.bwin.ro https://*.bwincasino.be https://*.bwindice.be https://*.betcity.nl https://*.betboo.bet.br https://*.br.betboo.com https://*.partypoker.com https://*.partypoker.cz https://*.partypoker.de https://*.partypoker.dk https://*.partypoker.es https://*.partypoker.fr https://*.partypoker.it https://*.partypoker.mx https://*.partypoker.nl https://*.partypoker.pt https://*.partypoker.se https://*.partypokerlive.com https://*.partypoker-sochi.com https://*.partycasino.com https://*.ab.partycasino.ca https://*.partycasino.ca https://*.partycasino.es https://*.partycasino.mx https://*.partycasino.nl https://*.partycasino.se https://*.partysports.com https://*.partysports.ca https://*.partysports.es https://*.partysports.mx https://*.partysports.nl https://*.galabingo.com https://*.galacasino.com https://*.galaspins.com https://*.cheekybingo.com https://*.foxybingo.com https://*.foxygames.com https://*.gamebookers.com https://*.gamebookers.de https://*.giocodigitale.it https://*.ladbrokes.com https://*.ladbrokes.de https://*.ninjacasino.se https://*.oddset.de https://*.on.betmgm.ca https://*.on.bwin.ca https://*.on.partycasino.ca https://*.on.partypoker.ca https://*.on.partysports.ca https://*.on.wheeloffortunecasino.com https://*.partyarcadegames.com https://*.premium.com https://*.bpremium.de https://*.sh.bwin.de https://*.slotclub.de https://*.partyslots.de https://*.sportingbet.com https://*.sportingbet.bet.br https://*.sportingbet.co.za https://*.sportingbet.de https://*.sportingbet.gr https://*.sportingbet.ro https://*.sportsinteraction.com https://*.on.sportsinteraction.com https://*.ab.sportsinteraction.com https://*.unikrn.com https://*.coral.co.uk https://*.vistabet.gr https://*.casinoclub.com https://*.da.partypoker.com https://*.danskespil.dk https://*.cms.test.env.works https://*.itsfogo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.bwin.com https://*.bwin.de https://*.bwin.dk https://*.bwin.es https://*.bwin.fr https://*.bwin.it https://*.bwin.gr https://*.bwin.se https://*.bwin.be https://*.bwin.co https://*.bwin.mx https://*.bwin.nl https://*.bwin.pl https://*.bwin.pt https://*.bwin.ro https://*.bwincasino.be https://*.bwindice.be https://*.betcity.nl https://*.betboo.bet.br https://*.br.betboo.com https://*.partypoker.com https://*.partypoker.cz https://*.partypoker.de https://*.partypoker.dk https://*.partypoker.es https://*.partypoker.fr https://*.partypoker.it https://*.partypoker.mx https://*.partypoker.nl https://*.partypoker.pt https://*.partypoker.se https://*.partypokerlive.com https://*.partypoker-sochi.com https://*.partycasino.com https://*.ab.partycasino.ca https://*.partycasino.ca https://*.partycasino.es https://*.partycasino.mx https://*.partycasino.nl https://*.partycasino.se https://*.partysports.com https://*.partysports.ca https://*.partysports.es https://*.partysports.mx https://*.partysports.nl https://*.galabingo.com https://*.galacasino.com https://*.galaspins.com https://*.cheekybingo.com https://*.foxybingo.com https://*.foxygames.com https://*.gamebookers.com https://*.gamebookers.de https://*.giocodigitale.it https://*.ladbrokes.com https://*.ladbrokes.de https://*.ninjacasino.se https://*.oddset.de https://*.on.betmgm.ca https://*.on.bwin.ca https://*.on.partycasino.ca https://*.on.partypoker.ca https://*.on.partysports.ca https://*.on.wheeloffortunecasino.com https://*.partyarcadegames.com https://*.premium.com https://*.bpremium.de https://*.sh.bwin.de https://*.slotclub.de https://*.partyslots.de https://*.sportingbet.com https://*.sportingbet.bet.br https://*.sportingbet.co.za https://*.sportingbet.de https://*.sportingbet.gr https://*.sportingbet.ro https://*.sportsinteraction.com https://*.on.sportsinteraction.com https://*.ab.sportsinteraction.com https://*.unikrn.com https://*.coral.co.uk https://*.vistabet.gr https://*.casinoclub.com https://*.da.partypoker.com https://help.danskespil.dk https://*.danskespil.dk https://*.cms.test.env.works https://*.itsfogo.com; 15 frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 15 default-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org *.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com ajax.cloudflare.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com openlayers.org www.gstatic.cn hcaptcha.com *.hcaptcha.com bandcamp.com flo.uri.sh challenges.cloudflare.com www.youtube.com; style-src 'self' data: 'unsafe-inline' miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org *.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com use.typekit.net; img-src blob: 'self' data: miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc *.rbxcdn.com cms-imgp.jw-cdn.org hosted.weblate.org minecraft.wiki www.divine-pride.net static.divine-pride.net legacyofnightwind.com; font-src 'self' data: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org use.typekit.net; media-src 'self' blob: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com bandcamp.com; frame-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.google.com docs.google.com apis.google.com calendar.google.com drive.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com bandcamp.com challenges.cloudflare.com map.showdown.wiki clips.twitch.tv video.fastly.steamstatic.com shared.fastly.steamstatic.com; connect-src 'self' blob: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com 1.1.1.1 translate.googleapis.com games.roblox.com economy.roblox.com discord.com discordapp.com api.steampowered.com; 15 frame-ancestors 'self' https://app.storyblok.com; 15 default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com *.linkedin.com *.hubspot.com *.hubapi.com *.optimizely.com js.usemessages.com static.hsappstatic.net http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net js.usemessages.com 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' *.cookielaw.org *.onetrust.com *.googlesyndication.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsadspixel.net *.doubleclick.net *.optimizely.com js.usemessages.com blob: 'sha256-FYVcJ8j+aeiBImnoPSLVrA8jc6b/AUdJP0H7kMX8XRg=' 'sha256-2pe8k26MWlcKficOeMWZ75CKsCYpC8O7SWL1c80IevA=' 'sha256-xA+Nf+aCToDDa/FWlmohq36+g4wJDUNr/5Z99KzXHAQ=' 'sha256-Ekr4lImICDOvgVtzrLML7wjf3IM4V5Q3+ohyZq4Fi5w='; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com *.crazyegg.com 'unsafe-inline'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.hubspot.com; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.googlesyndication.com *.hsforms.com *.doubleclick.net *.googletagmanager.com; object-src 'none' 15 frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 15 frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 15 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 15 base-uri 'self'; frame-ancestors 'self'; 15 script-src-elem *.newrelic.com *.maxymiser.net *.googletagmanager.com *.oracleinfinity.io *.crazyegg.com *.facebook.net *.getblue.io *.air.tech *.google-analytics.com *.doubleclick.net *.kommunicate.io *.youtube.com *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com unpkg.com *.greencolumnart.com *.hotjar.com *.cloudfront.net *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com cdn.ingest-lr.com cdn.lr-intake.com cdn.intake-lr.com cdn.logr-ingest.com cdn.lrkt-in.com cdn.lgrckt-in.com *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io code.jquery.com stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.kommunicate.io *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com *.cdnfonts.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.transbank.cl *.sabbi.cl *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.cardinalcommerce.com *.paypal.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com webpay3g.transbank.cl webpay3gint.transbank.cl *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline'; frame-ancestors *.youtube.com *.vimeo.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.grupoaxo.com *.kipling.cl blog.andesgear.cl *.usercentrics.eu *.inspectlet.com *.inspectlet.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.weltpixel.com *.facebook.com https://web.facebook.com *.google.com *.cnetcontent.com *.vimeo.com https://event.getblue.io *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://notrack.indexado.pmbox.cloud https://emersya.com *.lightwidget.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://firalivepro.blob.core.windows.net/ https://fira-live-player-pro.azurewebsites.net/ https://20839951p.rfihub.com/ *.googletagmanager.com *.doubleclick.net *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.wufoo.com/ https://wufoo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br mercadopago.cl/ *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.syndigo.com *.syndigo.cloud *.google.com.co *.google.com.pa *.teads.tv *.gap.cl https://fichashppervasive.blob.core.windows.net *.komaxchile.cl/ *.kliper.cl/ https://dc.oracleinfinity.io/ https://s3.amazonaws.com/ https://stags.bluekai.com/ https://cm.g.doubleclick.net https://rrstatic.retailrocket.net/ https://mc.yandex.ru/ https://an.yandex.ru/ https://mc.yandex.md/ *.maxymiser.net *.komaxchile.cl *.bananarepublic.cl *.brooksbrothers.cl *.dcshoes.cl *.kipling.cl *.kivul.cl *.kliper.cl *.marmot.cl *.mammut.cl *.oldnavy.cl *.stoked.cl *.surprice.cl *.thenorthface.cl *.ugg.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io https://km-prod-s3-bucket.s3.amazonaws.com *.elfsight.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.cl *.google.com.pe *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe news-oldnavy.cl *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.oraclecloud.com *.guess.cl *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io komax-files.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.googletagmanager.com tagmanager.google.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.facebook.net *.connect.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.bootstrapcdn.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com *.maxymiser.net/ *.kommunicate.io *.retailrocket.net *.oracleinfinity.io *.crazyegg.com *.komaxchile.cl *.oraclecloud.com *.onesignal.com https://onesignal.com/ *.googleoptimize.com *.lightwidget.com *.air.tech *.rfihub.net *.hicloud.com *.tiktok.com *.hotjar.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.elfsight.com https://mc.yandex.ru/ https://mc.yandex.md/ https://an.yandex.ru/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nr-data.net unpkg.com *.soicos.com *.verificado.ai *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com cdn.ingest-lr.com cdn.lr-intake.com cdn.intake-lr.com cdn.logr-ingest.com cdn.lrkt-in.com cdn.lgrckt-in.com *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io code.jquery.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com https://rrstatic.retailrocket.net/ https://widget.kommunicate.io/ *.fontawesome.com https://firalivepro.blob.core.windows.net *.brooksbrothers.cl/ https://*.komaxchile.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io unsafe-inline *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline'; media-src *.adobe.com *.syndigo.com *.syndigo.cloud https://emersya.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net https://*.ingest.sentry.io wss://tm.filter:1502/ xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.google.com *.paypal.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv *.doubleclick.net *.kommunicate.io *.oracleinfinity.io *.oraclecloud.com *.tiktok.com https://mc.yandex.ru/ https://an.yandex.ru https://mc.yandex.md/ *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.maxymiser.net/ *.elfsight.com https://analytics.pangle-ads.com/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com *.nr-data.net *.sentry.io *.google-analytics.com *.facebook.net google.com *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.logrocket.io *.lr-ingest.io *.logrocket.com *.lr-in.com *.lr-in-prod.com *.lr-ingest.com *.ingest-lr.com *.lr-intake.com *.intake-lr.com *.logr-ingest.com *.lrkt-in.com *.lgrckt-in.com *.usercentrics.eu *.grupoaxo.com *.inspectlet.com wss://ws.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io http: https: blob: 'self' 'unsafe-inline'; default-src *.maxymiser.net *.komaxchile.cl *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.doofinder.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.jsdelivr.net *.usercentrics.eu *.grupoaxo.com *.inspectlet.com *.inspectlet.io 'self' 'unsafe-inline'; 15 frame-ancestors http://*.interactcp.com https://*.interactcp.com 'self'; 15 default-src 'self' http: https: ws: wss: yoti: * *.faphouse.com; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' blob: https://assets-ah.flixcdn.com www.google.com www.gstatic.com accounts.google.com *.google.com *.amplitude.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com tagmanager.google.com *.hotjar.com https://pm-api.faphouse.com https://pm.faphouse.com/pm/ https://assets-ah.flixcdn.com/ comments.faphouse.com studio.faphouse.com joinmy.fans 'unsafe-eval' challenges.cloudflare.com cdn.delight-vr.com www.yoti.com; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' 14 frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 14 frame-ancestors https://app.storyblok.com 14 default-src https: blob: * 'unsafe-inline' 'unsafe-eval'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; frame-src https:; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; 14 default-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' blob: data: app-ab56.marketo.com *.optimonk.com cdn.jsdelivr.net d2c7xlmseob604.cloudfront.net *.impartner.live js.hs-scripts.com munchkin.marketo.net translate.google.com/translate_a/element.js web.bentley.com *.ads.linkedin.com *.ads-twitter.com *.amazonaws.com *.bentley.com *.bing.com *.brightcove.net *.byspotify.com www.clarity.ms *.cloudflare.com *.cloudfront.net *.company-target.com *.demandbase.com *.drift.com *.driftt.com *.doubleclick.net *.excentos.com *.facebook.net *.feedbackify.com *.flockler.com *.getsmartling.com *.google-analytics.com *.google.com googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com *.googletagmanager.com www.google-analytics.com www.google.com *.gstatic.cn *.gstatic.com *.hsforms.net http://it-it-2990e259de6cb10f0.getsmartling.com *.jotform.com *.marketo.com *.marketo.net *.mouseflow.com *.onetrust.com packages.prmcdn.io *.pagespeed-mod.com *.pingdom.net pixel.byspotify.com pvdpix.com qvdt3feo.com *.recaptcha.net *.redditstatic.com static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js *.salesloft.com *.surveysparrow.com tags.srv.stackadapt.com *.tailwindcss.com *.tourial.com *.twitter.com *.userway.org *.zencdn.net 1.safecdn01.com accessibilityserver.org api.hubspot.com bat.bing.com/bat.js beacon-v2.helpscout.net/ bentleypocstg.wpengine.com blibok.com c.itaozi.cn cdn.cookielaw.org cdn.mathjax.org cdn.mouseflow.com click.easypower.com client.prod.mplat-ppcprotect.com connect.facebook.net conoret.com cookie-cdn.cookiepro.com d2c7xlmseob604.cloudfront.net fast.wistia.com form.jotform.com/static/feedback.js forms.hubspot.com gateway.on24.com images.uc.cn js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com js.usemessages.com mstat.acestream.net munchkin.marketo.net ob.segreencolumn.com pixel.byspotify.com players.brightcove.net relatedgamesnet-a.akamaihd.net scout-cdn.salesloft.com search.imtt.qq.com service.excentos.com snap.licdn.com snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com tag.demandbase.com tags.srv.stackadapt.com ucads-cdn.ucweb.com unpkg.com unpkg.zhimg.com vjs.zencdn.net w8o39.m70vee7.com *.youtube.com *.visualwebsiteoptimizer.com app.vwo.com *.optimonk.com *.onsite.optimonk.com cdn-asset.optimonk.com https://bentleysystems.my.site.com; style-src 'self' 'report-sample' 'unsafe-inline' data: app-ab56.marketo.com *.bentley.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.easypower.com packages.prmcdn.io *.excentos.com *.optimonk.com https://bentleysystems.my.site.com/ESWLiveChatprod1757717595345/assets/styles/bootstrap.min.css s3.amazonaws.com tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com *.userway.org web.bentley.com; object-src 'self' *.brightcove.net; connect-src 'self' blob: data: localhost: ad.doubleclick.net gjtrack.ucweb.com https: *.doubleclick.net *.hubspot.com adservice.google.com bcbolt446c5271-a.akamaihd.net bcsecure01-a.akamaihd.net forms.hubspot.com manifest.prod.boltdns.net stats.g.doubleclick.net wss://www.bentley.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: themes.googleusercontent.com https:; frame-ancestors 'self' *.bentley.com *.docebosaas.com/ bentleysystems.gcs-web.com/ bentleysystems-preview.gcs-web.com/; frame-src 7668309.hs-sites.com/ app-ab56.marketo.com www.facebook.com *.bentley.com *.brightcove.net *.core.windows.net *.doubleclick.net *.facebook.com *.flickr.com *.getsmartling.com *.google.com *.googletagmanager.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.jotform.com *.driftt.com *.menlosecurity.com *.on24.com *.onetrust.com outlook.office.com outlook.office365.com *.podbean.com *.recaptcha.net https://pricing-calculator.sensemetrics.com:3000 *.sensemetrics.com *.surveysparrow.com *.tourial.com *.twitter.com *.userway.org *.wpengine.com *.youtube.com *.zscalerthree.net 7rx80283.ibosscloud.com block.opendns.com blocked.freedom.to bpb.opendns.com cdn.cookielaw.org click.easypower.com div.show gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net leap13.github.io login.zscloud.net mozbar.moz.com *.statuspage.io remove.video s.company-target.com skytraf.xyz www.ciuvo.com zswpmanager.wip.mmc.com wp-rocket.me/ app.vwo.com *.visualwebsiteoptimizer.com https://bentleysystems.my.site.com/; img-src 'self' blob: data: www.bentley.com https: t.co *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; manifest-src 'self' www.bentley.com; media-src 'self' blob: data: https:; report-uri https://6449169ef1e3671a29137d52.endpoint.csper.io?v=7; worker-src 'self' blob:; 14 default-src 'self'; style-src 'self' * 'unsafe-inline';style-src-attr 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; font-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; connect-src *; img-src 'self' 'unsafe-inline' data: blob: *; manifest-src *; frame-src *; media-src * blob:; worker-src blob: 14 frame-ancestors 'self' https://es.chevrolet.com 14 frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ 14 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com dwin1.com cl.qualaroo.com ref.ccb-dev.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com s2.adform.net c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com comeandsee.my.site.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com dwin1.com cl.qualaroo.com ref.ccb-dev.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com d.la3-c2-ia7.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com *.adform.net *.kmtx.io c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com tag.demandbase.com c.amazon-adsystem.com ct.pinterest.com comeandsee.my.site.com; 14 default-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self'; form-action 'self'; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://strapi.inbox.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.fjordmail.no; 14 default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 14 default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https: blob:; frame-ancestors 'self'; upgrade-insecure-requests 14 default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 14 frame-ancestors 'self' *.agriaffaires.pro *.machineryzone.pro *.agriaffaires.com *.machineryzone.fr *.machineryzone.com *.truckscorner.fr *.mbcore.io; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 14 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; 14 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 14 default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; 14 frame-ancestors 'self' https://go.accessacloud.com; 14 frame-ancestors 'self' azeu.marketing.adobe.com 14 font-src 'none' 14 frame-ancestors 'self' https://temaquevende.com.br https://vitrinedetemas.hostgator.com.br *.clearsale.com.br 14 default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 14 block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample'; 13 frame-ancestors 'self' *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru gw.timeweb.com https://cloud.roistat.com https://cllctr.roistat.com https://smartcaptcha.yandexcloud.net smartcaptcha.yandexcloud.net https://cdn.mxpnl.com cdn.mxpnl.com *.jivo.ru *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com api-v2.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com sentry.timeweb.net:4443 data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com content.saas-support.com cdn.envybox.io whitesaas.com https://directus-twtech.timeweb.net https://api-qa.timeweb.ru 13 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com *.a.mts.ru 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru api-maps.yandex.ru enterprise.api-maps.yandex.ru *.maps.yandex.net yandex.ru *.time-messenger.ru https://gateway.atomyze.ru www.tbank.ru api-statist.tinkoff.ru cdn.tbank.ru cfg.tinkoff.ru business.tbank.ru baf.tinkoff.ru cobrowsing.tbank.ru fallback.cdn-tinkoff.ru mobile-appinapp-static-prod.cdn-tinkoff.ru imgproxy.cdn-tinkoff.ru mddc.tinkoff.ru www.cdn-tinkoff.ru api.tinkoffinsurance.ru geocode-maps.yandex.ru delivery.tinkoff.ru broker-api.tinkoffinsurance.ru api-osago.tbank.ru collection-phoenix.t-tech.team tmsg.tbank.ru tmsg.phoenix-ca.ru api.rosbank.ru pulse-image-avatar.cdn-tinkoff.ru invest-brands.cdn-tinkoff.ru webevent.tbank.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru https://widget.cloudpayments.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com *.maps.yandex.net api-maps.yandex.ru enterprise.api-maps.yandex.ru yandex.ru http://static.tinkoffinsurance.ru https://i.ytimg.com *.rosbank.ru *.depository.ru agents.tcsbank.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru https://www.youtube.com https://newatom.spaaace.io https://order.atom.auto https://widget.cloudpayments.ru rutube.ru t-j.ru yandex.ru; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pwaplatform/log/csp-error?appName=pwaplatform&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru; frame-ancestors 'self' tbank.ru www.tbank.ru *.tbank.ru *.tcsbank.ru tinkoff.ru *.tinkoff.ru *.tbank-online.com https://auto.ru https://t-insurance.avito.com mc.yandex.ru metrika.yandex.ru t-j.ru www.rosbank.ru www.depository.ru *.bankline.ru offer.gdemoideti.ru 13 frame-ancestors 'self' https://metrika.yandex.ru/ 13 frame-ancestors 'self' https://guides.opentext.com https://opentext.sl.smartling.com https://assets.opentext.com https://partnermarketing.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src https:; connect-src https:; object-src https:; child-src https:; 13 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';script-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';connect-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';frame-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self' https://food.grab.com https://food.stg-myteksi.com 13 default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 13 frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 13 upgrade-insecure-requests, upgrade-insecure-requests 13 frame-ancestors 'self' *.funke.cue.cloud 13 default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 13 frame-ancestors 'self'; base-uri 'self' 13 frame-ancestors none; 13 frame-ancestors 'self' *.purpledshub.com 13 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://*.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 13 script-src 'unsafe-inline' 'unsafe-eval' http: https: 13 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 13 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://tags.creativecdn.com https://lensflare.vimeo.com https://arclight.vimeo.com https://player.vimeo.com https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://*.klarnaservices.com https://*.cquotient.com https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js https://*.osp.live https://widget.sendwise.sevensenders.com https://*.seznam.cz https://*.twitch.tv https://*.getback.ch http://*.static.getback.ch https://www.mainadv.com https://*.thebrighttag.com https://*.rubiconproject.com https://*.klarna.com https://*.pinterest.com https://*.kpcustomer.de https://www.facebook.com https://r.clarity.ms https://p.gsitrix.com https://tr6.snapchat.com https://www.sandbox.paypal.com https://trck.linkster.co https://*.preciso.net https://pixel.byspotify.com https://pixels.spotify.com https://api.recova.ai https://*.zbozi.cz https://jzixlqre.micpn-eu.com https://*.roeyecdn.com https://*.roeye.com blob:; 13 frame-ancestors 'self' *.affino.com; 13 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://*.google.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://translate.google.com https://www.gstatic.com https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.go-mpulse.net/ https://*.akstat.io/ https://*.akamaihd.net/ https://dc.hcafloridahealthcare.com https://dc.hcafloridaphysicians.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud https://player.vimeo.com https://embed.vidbeo.com/ https://*.azure.com https://*.microsoft.com https://*.visualstudio.com blob: https://dc.mymdnow.com/ https://dc.carenow.com/ https://dc.stdavids.com/ https://dpx-xsf-func-maps-eastus2-dev-bbasc5hha3dfexh6.eastus2-01.azurewebsites.net https://solutions.invocacdn.com/ https://pnapi.invoca.net/ https://*.podium.com https://*.analyticspodium.com https://dpx-xsf-func-maps-eastus2-prod-bnf2g4e0a8fvhahy.eastus2-01.azurewebsites.net; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://carelinkhca.my.salesforce-sites.com *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.s3.amazonaws.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud https://i.vimeocdn.com/ https://*.podium.com; style-src 'self' 'unsafe-inline' https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.microsoft.com https://*.podium.com; font-src 'self' 'unsafe-inline' data: https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.microsoft.com https://atlas.microsoft.com https://*.podium.com; frame-src 'self' 'unsafe-inline' https://*.clearstep.health *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://www.youtube.com https://youtube.com https://player.vimeo.com https://embed.vidbeo.com/ *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai https://mammogramscreenbotcontainer.azurewebsites.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://mycarenowbiltmoreparkbot.azurewebsites.net https://privacy-central.securiti.ai; upgrade-insecure-requests; block-all-mixed-content; ; 13 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 13 frame-ancestors whitelabel.camspower.com cams.dnxlive.com 13 frame-ancestors 'self' https://platform.fynd.com 13 frame-ancestors 'self' https://*.bsale.io https://*.bsale.cl https://*.bsale.com https://*.bsale.com.pe https://*.bsale.com.mx 13 frame-ancestors 'self' https://customer.educations.com 13 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.youtube.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 13 default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*; object-src 'self' data: blob: https://*; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self' https:; frame-src *; style-src * 'unsafe-inline'; 13 default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net *.archieven.nl storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 13 block-all-mixed-content;upgrade-insecure-requests; 13 object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests 13 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: yoti: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com global.frcapi.com *.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.segpay.com *.online-metrix.net *.vscdns.com *.vsmvideo.com *.mmcdn.com *.agego.com www.youtube.com info.xnxx.com www.tjk-njk.com *.yoti.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net *.acdn5165543.com *.aacdn.net martted.com *.opoxv.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.mmcdn.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us storage.agego.com *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.ackcdn.net *.afcdn.net *.aucdn.net bmedia.justservingfiles.net *.tf4srv.com *.aacdn.net xenoly7.com miraco7.com clariva5.com miraex6.com go2fridayroll.com solvix8.com linktoliraspin.com clyoro7.com volexa5.com dynara3.com veltor2.com *.trackingtraffo.com trackingtraffo.com *.nowsrv.com betoholictrack.net refpa2518.com refpa3665.com melbet-ma.com melbetegypt.com 1xlite-815256.bar *.staticfilesonly.com; report-uri https://www.xnxx.com/csp-reports; report-to csp-endpoint 12 default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 12 default-src https:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.se *.websupport.se websupport.hu *.websupport.hu *.iubenda.com *.redditstatic.com tracker.metricool.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.googlesyndication.com *.google.sk google.sk *.googleadservices.com analytics.tiktok.com stats.g.doubleclick.net connect.facebook.net snap.licdn.com cdn.plyr.io bat.bing.com *.ads-twitter.com c.seznam.cz *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.ladesk.com *.isy-teamblue.services *.motu-teamblue.services *.teamblue.services *.acsbapp.com *.adform.net *.youtube.com *.google.com google.com *.exponea.com; style-src 'self' 'report-sample' 'unsafe-inline' websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.hu *.websupport.hu websupport.se *.websupport.se *.googletagmanager.com cdn.iubenda.com cdn.plyr.io; object-src 'self'; base-uri 'self'; connect-src 'self' 'report-sample' data: ws://localhost:12387 websupport.cz *.websupport.cz websupport.hu *.websupport.hu websupport.sk *.websupport.sk websupport.se *.websupport.se *.iubenda.com *.redditstatic.com *.reddit.com googleapis.com *.googleapis.com *.google.com google.com *.google.sk google.sk pagead2.googlesyndication.com *.googleadservices.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.acsbapp.com *.motu-teamblue.services *.teamblue.services h.seznam.cz noembed.com cdn.plyr.io autoform.ekosystem.slovensko.digital; font-src 'self' 'report-sample' 'unsafe-inline' data: websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.se *.websupport.se websupport.hu *.websupport.hu gstatic.com *.gstatic.com; frame-ancestors 'self' *.websupport.sk; frame-src 'self' 'report-sample' *.websupport.sk websupport.sk *.websupport.cz websupport.cz *.websupport.hu websupport.hu *.websupport.se websupport.se blob: ladesk.com *.ladesk.com cookiebot.com *.cookiebot.com youtube.com www.youtube-nocookie.com *.youtube.com docs.google.com *.googletagmanager.com *.doubleclick.net *.facebook.com public.infinario.com *.iubenda.com autoform.ekosystem.slovensko.digital; img-src 'self' 'report-sample' data: cookiebot.com *.cookiebot.com *.reddit.com tracker.metricool.com gravatar.com *.gravatar.com gstatic.com *.gstatic.com *.google.com *.google.al *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ch *.google.com.cy *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.je *.google.kz *.google.li *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mk *.google.mt *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.si *.google.sk *.google.sm *.google.rs *.google.com.ua *.google.co.uk *.google.cat *.facebook.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.google-analytics.com *.googleadservices.com *.linkedin.com t.co analytics.twitter.com bat.bing.com c.seznam.cz *.ytimg.com *.motu-teamblue.services *.teamblue.services brxcdn.com websupport.cz *.websupport.cz websupport.sk *.websupport.sk websupport.hu *.websupport.hu websupport.se *.websupport.se; manifest-src 'self'; media-src 'self'; worker-src 'self'; 12 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 12 worker-src 'self' blob:;frame-ancestors 'self';default-src 'self' *;script-src 'self' * 'unsafe-inline' 'unsafe-eval';script-src-attr 'unsafe-inline';style-src 'self' * 'unsafe-inline';img-src 'self' * data:;connect-src 'self' *;font-src 'self' * data:;frame-src 'self' *;media-src 'self' *;object-src 'none';base-uri 'self';form-action 'self' 12 object-src 'none'; form-action 'self'; frame-ancestors 'self'; 12 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://*.genesys.com https://*.genesyscsdt.com https://*.genesyscsdteng.com https://resources.genesys.com https://*.seismic.com https://genesys.seismic.com https://know.genesys.com https://help.genesys.com https://*.contentsquare.net https://apps.mypurecloud.com https://genesys.lightning.force.com https://genesys.file.force.com; 12 frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*; 12 frame-ancestors 'self' https://*.joyn.de https://app.datadoghq.eu; 12 default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 12 frame-ancestors 'self' https://*.fun.com 12 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; worker-src 'self' blob:; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; upgrade-insecure-requests; report-uri https://glsgroup.report-uri.io/r/default/csp/enforce; report-to https://glsgroup.report-uri.io/r/default/csp/enforce; 12 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' data: blob: *;font-src 'self' data: *;connect-src 'self' *;media-src 'self' blob: *;frame-ancestors 'self' *.paragonrels.com *.sigmacomputing.com *.bkfsconnect.com *.bkfstest.com;frame-src *;worker-src 'self' blob: *;object-src 'self' *;manifest-src 'self' *;upgrade-insecure-requests;base-uri 'self';form-action 'self';script-src-attr 'none' 12 default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; style-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'none' 12 upgrade-insecure-requests; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' data:; 12 frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 12 script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com d10lpsik1i8c69.cloudfront.net google-analytics.com analytics.google.com www.google-analytics.com iongroupdev.wpenginepowered.com data.iongroup.com; 12 default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https:; frame-src 'self' https:; upgrade-insecure-requests 12 script-src 'self' 'unsafe-inline' 'unsafe-eval' p.teads.tv *.freshchat.com in.fw-cdn.com analytics.tiktok.com vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com *.cdn.adyen.com; object-src 'none'; child-src 'self' youtu.be *.freshchat.com www.youtube.com youtube.com www.google.com google.com *.doubleclick.net player.vimeo.com www.googletagmanager.com checkoutshopper-live.adyen.com *.cdn.adyen.com maps.google.com.sg www.google.com maps.google.com goo.gl google.com www.facebook.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 12 form-action 'self' 12 frame-ancestors 'self' https://*.akifast.com akifast.com https://*.akinoncloud.com akinoncloud.com 12 frame-ancestors 'self' meisterdrucke.com meisterdrucke.de meisterdrucke.at; 12 frame-src 'self' https://www.sonicwall.com/ https://securitynews.sonicwall.com/sonicwall-news/ https://blog.sonicwall.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss:; 12 default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro *.gvt1.com accounts.google.com www.google.com *.googleadservices.com *.calendly.com *.drimify.com *.trustpilot.com *.googlesyndication.com *.googletagservices.com *.googleapis.com *.adtrafficquality.google *.static-viamobilis.com static-viamobilis.com *.ampproject.net https://acdn.adnxs.com/ *.g.doubleclick.net *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.youtu.be youtu.be *.youtube-nocookie.com youtube-nocookie.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * *.google-analytics.com *.googletagmanager.com data: blob: 'self' ; script-src * *.googletagmanager.com *.googleanalytics.com *.google-analytics.com *.googleoptimize.com https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; frame-src * *.googletagmanager.com; frame-ancestors *.europe-camions.com *.via-mobilis.com trux4me.com *.trux4me.com ; connect-src * *.googletagmanager.com *.google.com *.google-analytics.com *.analytics.google.com data: 'self'; base-uri 'self' ; worker-src * data: blob: 12 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 12 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 12 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 12 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' *.webvisor.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr 12 connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 12 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 12 frame-ancestors 'self' https://webcake.io https://*.webcake.io https://storecake.io https://*.storecake.io https://botcake.io https://www.botcake.io; img-src 'self' https://*.pancake.vn https://img.youtube.com https://lh3.googleusercontent.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://platform-lookaside.fbsbx.com https://googleads.g.doubleclick.net https://unpkg.com https://*.giphy.com https://www.googletagmanager.com https://fonts.gstatic.com https://*.mgid.com https://mgid.com https://www.googleadservices.com https://imgur.com https://uhchat.net https://*.webcake.io https://*.ytimg.com data: blob: 12 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: https://cdn.ampproject.org https://*.google-analytics.com https://www.googletagmanager.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' filesystem: https://fonts.googleapis.com; img-src 'self' https: data: blob: filesystem: secure.gravatar.com cdn.ampproject.org ampproject.net *.wordpress.org s.w.org *.githubusercontent.com; connect-src 'self' https: data: blob: filesystem: https://cdn.ampproject.org https://ampcid.google.com https://ampcid.google.com.mt https://ampcid.google.com.tr https://*.google-analytics.com https://*.hotjar.com https://*.facebook.com https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://challenges.cloudflare.com; font-src 'self' https: data: blob: filesystem: https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https: data: blob: filesystem: https://www.googletagmanager.com https://*.google.com https://vars.hotjar.com https://www.facebook.com https://challenges.cloudflare.com 12 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https: nytresource:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: nytresource:; style-src data: 'unsafe-inline' https: nytresource:; img-src data: https: blob: android-webview-video-poster: nytresource:; font-src data: https: nytresource:; connect-src data: https: wss: blob: nytresource:; media-src data: https: blob: nytresource:; object-src https:; child-src https: data: blob: nytresource:; form-action https: nytimes: nytcooking: nytxwd:; report-uri https://csp.nytimes.com/report; 11 upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 11 frame-ancestors *.shein.com https://www.shein.com.hk https://www.shein.com.vn https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se https://co.shein.com https://www.shein.com.co 11 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://js.adsrvr.org https://go.affec.tv https://bat.bing.com https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://snap.licdn.com https://tracking.g2crowd.com https://connect.facebook.net *.visualwebsiteoptimizer.com https://app.vwo.com *.sharethis.com https://unpkg.com https://d1hgczpbubj217.cloudfront.net https://app-static.turtl.co https://js.zi-scripts.com *.mutinycdn.com https://www.clarity.ms https://scripts.clarity.ms *.roundprinceweb.com https://www.redditstatic.com https://go.proofpoint.com https://www.google.com https://www.gstatic.com https://www.buzzsprout.com https://extend.vimeocdn.com https://storage.googleapis.com https://js.navattic.com https://js.qualified.com https://wpaassets.blob.core.windows.net https://www.youtube.com https://vimeo.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * *.mutinycdn.com; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com * *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com *.qualified.com; report-uri /report-csp-violation 11 script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 11 frame-ancestors 'self' https://localhost:* https://*.bustle.com https://*.bdg.com 11 require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 11 upgrade-insecure-requests;frame-ancestors 'self' https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ https://www.staging.medscape.com/ https://www.skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ https://nephrologistconnect.com https://rheumatologynation.com https://dermatologistnation.com 11 upgrade-insecure-requests; frame-ancestors 'self' https://*.cookiebot.com 11 base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; font-src 'self' data: *.cloudfront.net; form-action 'self'; frame-ancestors 'self' *.mycleverpush.com; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.cloudfront.net *.usabilla.com *.getback.ch *.abtasty.com; upgrade-insecure-requests; worker-src blob: 'self' *.cleverpush.com 11 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 11 frame-ancestors 'self' https://app.eu.contentful.com; 11 default-src 'self'; img-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp; media-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp; style-src 'self' 'nonce-yiyABNgr0rFv5i+sndZpFTeyWOw=' fonts.googleapis.com cdn.jsdelivr.net *.cloudfront.net *.tixpo.jp; style-src-attr 'self' 'nonce-yiyABNgr0rFv5iasndZpFTeyWOw='; script-src 'self' 'nonce-acga38w6Qa0Xoa7JsaBE0xAWWP0=' www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ajax.googleapis.com *.cloudfront.net *.mul-pay.jp *.tixpo.jp *.emtg.co.jp; font-src 'self' data: fonts.gstatic.com fonts.googleapi.com *.cloudfront.net *.tixpo.jp; form-action 'self' *.mul-pay.jp *.emtg.co.jp; connect-src 'self' www.google-analytics.com analytics.google.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com www.gstatic.com *.tixpo.jp; frame-ancestors 'self'; 11 frame-ancestors 'self' http://admin.bonami.cz 11 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 11 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 11 frame-ancestors 'self' https://www.quandoo-partner.com/ https://ws.ephapay.net/ https://pp.ephapay.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://www.gstatic.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://bf61376cao.bf.dynatrace.com https://bookings.designmynight.com https://castle.verseapps.co.uk https://cdn.jsdelivr.net https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://partners.designmynight.com https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://static.uk.eagleeye.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://widgets.designmynight.com https://cdn.fingerprint.host https://cdn.fingerprint-staging.host https://www.dwin1.com https://*.webtrends-optimize.com https://analytics.tiktok.com https://*.azurewebsites.net https://*.onetrust.com https://*.cloudfront.net https://*.privacy-center.org https://privacy-center.org https://*.sjv.io https://forms.airship.co.uk https://verifi.podscribe.com https://ipv4.podscribe.com https://www.recaptcha.net; object-src 'none'; base-uri 'none'; 11 default-src 'self' data: blob: ; worker-src 'self' data: blob: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai https://*.hotjar.com *.blackhawknetwork.com *.bhn.cards assets.adobedtm.com; script-src-attr 'unsafe-inline' *.blackhawknetwork.com; connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com adobedc.demdex.net metrics.mycardwallet.com *.bhn.cards; img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com https://*.hotjar.com; frame-src *; object-src 'none'; media-src 'self' *.iesnare.com data:; frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self'; form-action 'self'; upgrade-insecure-requests 11 default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 11 default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 11 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https:;connect-src 'self' https:;img-src 'self' data: https:;style-src 'self' 'unsafe-inline' https:;font-src 'self' data: https:;worker-src 'self' blob: data:;media-src 'self' https:;frame-src 'self' https: 11 default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 11 worker-src 'self' blob:; 11 default-src 'self' 'unsafe-inline' https://* data: wss://*.hotjar.com; frame-ancestors 'none' 11 default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com; script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 11 frame-ancestors https://*.login.smartweb.test https://*.admin.shop-sftest.io https://*.webshop-admin.scannet.dk https://*.admin.hostedshop.io https://*.admin.hostedcms.io https://*.webshop.dandomain.dk 11 default-src 'none' ; connect-src https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob: https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data: https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; style-src https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-src blob: https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; form-action https://duck.ai https://*.duck.ai https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-ancestors 'self' https://html.duckduckgo.com; base-uri 'self' ; block-all-mixed-content ; 10 frame-ancestors https://www.connectwise.com/ https://marketplace.connectwise.com/ https://www.screenconnect.com/ https://prod2.screenconnect.com/ https://prod2.screenconnect.connectwise.com/ https://inte2.screenconnect.com/ https://prep2.screenconnect.com/ https://screenconnect.connectwise.com/ https://prod2.theitnation.com/ https://itnation.connectwise.com/ https://prod2.info.connectwise.com/ https://www.cloudservices.connectwise.com/ university.connectwise.com 10 default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' nic.bradesco imprensa.bradesco vivaprime.bradesco assets.bradesco *.prebanco.com.br *.adobedtm.com *.bing.com *.google.com *.google.com.br *.facebook.com *.facebook.net *.youtube.com *.youtube.com.br *.tiktok.com *.googleapis.com https://fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://canalconsorciado.bradesco.com.br *.googleoptimize.com static.ads-twitter.com *.doubleclick.net *.rybena.com.br *.navdmp.com t.co https://banco.bradesco *.bradesco.com.br *.banco.bradesco *.interneth.bradesco.com.br *.bradescopessoajuridica.com.br *.bradescocelular.com.br *.omny.fm *.ggpht.com *.ytimg.com https://turn2c-sandbox.com https://wa.onelink.me https://apps.sae1.pure.cloud *.virtualearth.net https://bancobradesco.tt.omtrdc.net https://dpm.demdex.net https://www.unibrad.com.br; img-src * 'self' data: https:; font-src * 'self' data:; media-src * 'self' data: 10 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob: 'self' data:; object-src 'none'; child-src https: data: blob:; form-action https:; block-all-mixed-content; 10 frame-ancestors *; upgrade-insecure-requests; object-src 'none' 10 frame-ancestors *.ivanti.com https://dash.cloudflare.com 10 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 10 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 10 upgrade-insecure-requests; frame-ancestors 'self' https://explore.apptio.com https://explore.ibm.com 10 default-src 'self' *.idrive.com *.idrivesync.com https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chatbot.com https://www.clarity.ms https://*.bing.com https://maxaccess-api.onlineada.workers.dev https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://alcdn.msauth.net https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; frame-src https://chatbot.idriveonlinebackup.com; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; frame-ancestors 'self'; 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net *.en25.com https://js.zi-scripts.com https://epsilon.6sense.com/ https://www.redditstatic.com https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivateanalytics.my.site.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com *.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com https://translate.google.com https://*.googleapis.com https://*.amcharts.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 10 frame-src *; 10 reflected-xss block 10 frame-ancestors 'self' https://app.contentful.com; 10 frame-ancestors 'self' *.laccd.edu *.elac.edu *.wlac.edu *.lapc.edu *.lamission.edu *.lavc.edu *.lasc.edu *.lahc.edu *.lacc.edu *.lattc.edu 10 default-src 'self'; connect-src 'self' *.yoast.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.authorize.net *.facebook.com stats.addtoany.com *.google.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com s3.eu-west-1.amazonaws.com *.marker.io stats.g.doubleclick.net *.clarity.ms *.mktoresp.com *.ziftsolutions.com *.ziftone.com *.ziftmarcom.com *.onetrust.com *.cookielaw.org *.newrelic.com bam.nr-data.net *.googlesyndication.com *.gstatic.com scout.salesloft.com cdn.linkedin.oribi.io *.mktoutil.com *.bonterratech.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com bat.bing.com *.convertexperiments.com *.instagram.com *.linkedin.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com *.onetrust.com ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com; font-src 'self' data: fonts.googleapis.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ct.capterra.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com; frame-src 'self' app.marker.io *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.instagram.com *.driftt.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.desire2learncapture.com *.everyaction.com *.mktoresp.com *.spotify.com *.googlesyndication.com tpc.googlesyndication.com *.googleads.com *.googleapis.com go.bonterratech.com hemsync.clickagy.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com *.marketo.com google.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com https://www.googleadservices.com *.byspotify.com vimeo.com; img-src 'self' *.vimeocdn.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.wpengine.com *.w.org secure.gravatar.com data: *.bonterratech.com test-bonterra-corporate-v2.pantheonsite.io live-bonterra-corporate-v2.pantheonsite.io *.driftt.com maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com *.ziftsolutions.com *.ziftone.com *.cookielaw.org *.googlesyndication.com www.google-analytics.com googleads.g.doubleclick.net www.google.com ad.doubleclick.net ade.googlesyndication.com *.bing.com px.ads.linkedin.com www.linkedin.com c.clarity.ms cdn.kimbia.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com *.clarity.ms *.linkedin.com *.google.ca ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com; media-src 'self' *.vimeo.com *.zi-scripts.com *.onetrust.com *.zoominfo.com *.clickagy.com *.youtube.com *.spotify.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com https://www.googleadservices.com *.byspotify.com vimeo.com; object-src 'self' *.oembed.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.vimeo.com *.youtube.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com; script-src 'self' 'unsafe-eval' https://cdn.cookielaw.org *.marker.io *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.driftt.com *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.timevaluecalculators.com *.w55c.net *.chatbeacon.io *.marketo.net google.com *.everyaction.com *.mktoresp.com *.ziftsolutions.com cdn.cookielaw.org go.bonterratech.com js.zi-scripts.com ws.zoominfo.com *.onetrust.com tags.clickagy.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.cloudinary.com cdn-4.convertexperiments.com *.instagram.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com https://scripts.clarity.ms https://www.googleadservices.com *.byspotify.com *.spotify.com https://d34r8q7sht0t9k.cloudfront.net *.podscribe.com vimeo.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com *.google.com *.gstatic.com *.googleapis.com *.driftt.com munchkin.marketo.net *.ziftsolutions.com cdn.cookielaw.org widgets.kimbia.com cdn.kimbia.com *.newrelic.com go.everyaction.com *.googlesyndication.com snap.licdn.com bat.bing.com scout-cdn.salesloft.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net *.convertexperiments.com *.instagram.com go.bonterratech.com www.googleadservices.com *.6sc.co ws.zoominfo.com *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com *.marketo.com google.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdn-4.convertexperiments.com *.instagram.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com https://scripts.clarity.ms https://www.googleadservices.com *.byspotify.com *.spotify.com https://d34r8q7sht0t9k.cloudfront.net *.podscribe.com vimeo.com; script-src-attr 'self' 'unsafe-inline' https://www.googleadservices.com *.byspotify.com *.spotify.com https://d34r8q7sht0t9k.cloudfront.net *.podscribe.com vimeo.com; style-src 'self' fonts.googleapis.com *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com tagmanager.google.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com *.timevaluecalculators.com *.marketo.net google.com *.everyaction.com *.mktoresp.com *.ziftsolutions.com *.driftt.com go.everyaction.com cdn.cookielaw.org go.bonterratech.com ct.capterra.com learn.bonterratech.com *.marketo.com google.com jsd-widget.atlassian.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline' https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com; style-src-elem 'self' 'unsafe-inline' *.typekit.net *.zi-scripts.com *.zoominfo.com *.onetrust.com *.clickagy.com https://www.googletagmanager.com go.everyaction.com fonts.googleapis.com *.ziftsolutions.com cdn.kimbia.com go.bonterratech.com ct.capterra.com learn.bonterratech.com *.marketo.com jsd-widget.atlassian.com google.com *.wistia.com *.6sense.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://*.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.googleadservices.com *.byspotify.com *.spotify.com *.podscribe.com vimeo.com; frame-ancestors 'self' vimeo.com 10 script-src 'self' 'unsafe-inline' 'unsafe-eval' * 10 frame-ancestors 'self' letmedate.com www.letmedate.com 10 manifest-src 'self'; 10 frame-ancestors 'self'; object-src 'self'; 10 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com https://*.rudderlabs.com https://api.rudderstack.com https://app.contentful.com 10 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 10 frame-ancestors 'self' *.ci360.sas.com app.contentstack.com login.celebrations.com www.1800flowers.com www.1800baskets.com www.berries.com www.cheryls.com www.florists.com www.plants.com www.fruitbouquets.com www.harryanddavid.com www.simplychocolate.com www.thepopcornfactory.com www.vitalchoice.com www.wolfermans.com www.celebrations.com prod-celebrations-chained.18f.tech pmallstore.pmalladmin.com 10 frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 10 default-src * 'unsafe-eval' 'unsafe-inline' data: mediastream: blob: filesystem:; 10 frame-ancestors 'self' http://jack-wolfskin.com https://mywolfpack.jack-wolfskin.com http://staffbase.com capacitor://jack-wolfskin.com capacitor://staffbase.com; 10 frame-ancestors 'self' https://*.bdo.global 10 default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 10 upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 10 'self' ; 10 frame-ancestors https://app.storyblok.com/ 10 default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net https://cdn.jsdelivr.net https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://statistikk.fnsp.no https://web-sdk-eu.aptrinsic.com https://www.cdisol.blog https://js.monitor.azure.com; object-src 'none'; manifest-src https://www.cdisol.blog; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://web-sdk-eu.aptrinsic.com https://www.cdisol.blog; font-src 'self' data: https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com https://web-sdk-eu.aptrinsic.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.nhn.no https://www.ahus.no https://www.antibiotika.no https://www.betanienhospital.no https://www.betaniensykehus.no https://www.bjorkeli.no https://www.diakonhjemmetsykehus.no https://fellesinnhold.fnsp.nhn.no https://www.finnmarkssykehuset.no https://www.fnsp.no https://www.haraldsplass.no https://www.hdo.no https://www.helgelandssykehuset.no https://www.helse-bergen.no https://www.helse-fonna.no https://www.helse-forde.no https://www.helse-midt.no https://www.helse-mr.no https://www.helse-nord.no https://www.helse-sorost.no https://www.helse-stavanger.no https://www.helse-vest-ikt.no https://www.helse-vest.no https://www.helsenordikt.no https://www.helseplattformen.no https://www.hemit.no https://www.hnt.no https://www.hsr.as https://www.jdps.no https://www.kloverasen.no https://www.kvalitetsregistre.no https://www.lovisenbergsykehus.no https://www.luftambulanse.no https://www.martinahansen.no https://norcrin.fnsp.nhn.no https://www.nordlandssykehuset.no https://www.nortrials.no https://www.nyemetoder.no https://www.olaviken.no https://www.oslo-universitetssykehus.no https://www.pasientreiser.no https://www.revmatismesykehuset.no https://rvtsvest.fnsp.nhn.no https://www.saman.no https://samhandlingsbarometeret.fnsp.nhn.no https://www.siv.no https://www.sjukehusapoteka-vest.no https://www.skde.no https://www.solli.no https://www.spesialisthelsetjenesten.no https://www.sshf.no https://www.sthf.no https://www.stolav.no https://www.sunnaas.no https://www.sykehusapotek-nord.no https://www.sykehusapotekene.no https://www.sykehusapoteket.no https://www.sykehusbygg.no https://www.sykehuset-innlandet.no https://www.sykehuset-ostfold.no https://www.sykehusinnkjop.no https://www.sykehuspartner.no https://www.tryggakuttmedisin.no https://tryggprat.fnsp.nhn.no https://www.unn.no https://www.vestreviken.no https://sp.tinymce.com; media-src 'self' https://*.nhn.no https://www.ahus.no https://www.antibiotika.no https://www.betanienhospital.no https://www.betaniensykehus.no https://www.bjorkeli.no https://www.diakonhjemmetsykehus.no https://fellesinnhold.fnsp.nhn.no https://www.finnmarkssykehuset.no https://www.fnsp.no https://www.haraldsplass.no https://www.hdo.no https://www.helgelandssykehuset.no https://www.helse-bergen.no https://www.helse-fonna.no https://www.helse-forde.no https://www.helse-midt.no https://www.helse-mr.no https://www.helse-nord.no https://www.helse-sorost.no https://www.helse-stavanger.no https://www.helse-vest-ikt.no https://www.helse-vest.no https://www.helsenordikt.no https://www.helseplattformen.no https://www.hemit.no https://www.hnt.no https://www.hsr.as https://www.jdps.no https://www.kloverasen.no https://www.kvalitetsregistre.no https://www.lovisenbergsykehus.no https://www.luftambulanse.no https://www.martinahansen.no https://norcrin.fnsp.nhn.no https://www.nordlandssykehuset.no https://www.nortrials.no https://www.nyemetoder.no https://www.olaviken.no https://www.oslo-universitetssykehus.no https://www.pasientreiser.no https://www.revmatismesykehuset.no https://rvtsvest.fnsp.nhn.no https://www.saman.no https://samhandlingsbarometeret.fnsp.nhn.no https://www.siv.no https://www.sjukehusapoteka-vest.no https://www.skde.no https://www.solli.no https://www.spesialisthelsetjenesten.no https://www.sshf.no https://www.sthf.no https://www.stolav.no https://www.sunnaas.no https://www.sykehusapotek-nord.no https://www.sykehusapotekene.no https://www.sykehusapoteket.no https://www.sykehusbygg.no https://www.sykehuset-innlandet.no https://www.sykehuset-ostfold.no https://www.sykehusinnkjop.no https://www.sykehuspartner.no https://www.tryggakuttmedisin.no https://tryggprat.fnsp.nhn.no https://www.unn.no https://www.vestreviken.no; connect-src 'self' https://app-fnsp-matomo-analytics-prod.azurewebsites.net https://fellesinnhold.fnsp.nhn.no https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://*.fnsp.nhn.no https://acast.com/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://app.powerbi.com https://apps.skde.no https://dashboard.find.episerver.net/ https://data.stolav.no/ https://ekstranett.helse-midt.no/ https://fellesinnhold.fnsp.nhn.no https://film.oslo-universitetssykehus.no/ https://fnsp.fnsp.nhn.no https://login.microsoftonline.com https://medfilm.se/ https://navikt.github.io https://ntnu.cloud.panopto.eu/ https://open.spotify.com/ https://player.vimeo.com https://players.brightcove.net/ https://podcasts.apple.com https://prat.fnsp.no https://prod-tabellverk.skde.org/ https://skde.org https://sketchfab.com https://test.skde.no https://uib.cloud.panopto.eu/ https://vimeo.com/ https://www.acast.com/ https://www.fnsp.no https://www.youtube-nocookie.com https://www.youtube.com https://use.mazemap.com https://rise.articulate.com/ https://forms.office.com/ https://csb10033fff971bc7e5.z6.web.core.windows.net/ https://youtu.be/ https://cg.optimizely.com; frame-ancestors 'self'; 10 default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sprinklr.com 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net https://*.sprinklr.com content.securedvisit.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com https://ct.pinterest.com https://storage.cloud.kargo.com *.invocacdn.com pnapi.invoca.net *.invoca.net https://*.recaptcha.net *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/ https://*.sprinklr.com/ api.securedvisit.com content.securedvisit.com track.sv.rkdms.com sv.firestonetire.com sv.bridgestonetire.com https://live.rezync.com ; img-src * data: blob: ; connect-src * ; frame-src 'self' api.securedvisit.com ; font-src 'self' https://*.fonts.net https://*.bridgestoneresources.com data:; media-src 'self' https://assets.bridgestonetire.com 10 default-src *; font-src 'self' data: https://static.opencityitalia.it https://fonts.gstatic.com https://acsbapp.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; img-src * 'self' data: https: blob: 10 default-src https: 'unsafe-inline' 'unsafe-eval' 10 base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; frame-ancestors 'self' constantcontact.com *.constantcontact.com constantcontact.my.site.com constantcontact.my.salesforce-scrt.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' constantcontact.com *.constantcontact.com constantcontact.my.site.com constantcontact.my.salesforce-scrt.com *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io *.highcharts.com; object-src 'none'; 10 default-src 'self' blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com;connect-src 'self' blob: wss: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metart.network *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com api.ipify.org *.s3.eu-central-1.amazonaws.com;style-src 'self' blob: 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.vwo.com;script-src 'self' 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com;frame-src 'self' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.twitter.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com *.google.com *.trymax.ai;img-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.icfcdn.com *.twimg.com *.twitter.com *.zopim.com *.jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.visualwebsiteoptimizer.com *.vwo.com *.vscdns.com *.strpst.com *.google.com;media-src 'self' data: blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.icfcdn.com *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 10 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;script-src-elem * 'unsafe-inline' 'unsafe-eval' data: blob:;style-src * 'unsafe-inline' 'unsafe-eval' data: blob:;style-src-attr * 'unsafe-inline' 'unsafe-eval' data: blob:;style-src-elem * 'unsafe-inline' 'unsafe-eval' data: blob:;img-src * 'unsafe-inline' 'unsafe-eval' data: blob:;font-src * 'unsafe-inline' 'unsafe-eval' data: blob:;object-src * 'unsafe-inline' 'unsafe-eval' data: blob:;media-src * 'unsafe-inline' 'unsafe-eval' data: blob:;frame-src * 'unsafe-inline' 'unsafe-eval' data: blob:;frame-ancestors *;connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:;worker-src * 'unsafe-inline' 'unsafe-eval' data: blob: 10 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org 10 frame-ancestors 'self';base-uri 'self';font-src 'self' https: data:;object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 10 frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data: blob:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php 10 default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://*.omappapi.com https://cdn.jsdelivr.net https://cdn.onesignal.com https://*.mouseflow.com https://*.cloudflareinsights.com https://*.amazonaws.com https://umami.apidome.net; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://*.omappapi.com https://cdn.jsdelivr.net https://cdn.onesignal.com https://*.mouseflow.com https://*.cloudflareinsights.com https://*.amazonaws.com https://umami.apidome.net; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.omappapi.com; font-src 'self' data: https://fonts.cdnfonts.com https://fonts.gstatic.com; img-src 'self' data: blob: https:; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.omappapi.com https://*.mouseflow.com https://*.amazonaws.com https://umami.apidome.net; frame-src 'self' https:; worker-src 'self' blob:; manifest-src 'self' 10 frame-ancestors 'self' https://familywatchdog.us https://*.familywatchdog.us ; 10 default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-uri /csp-report-endpoint/ 10 frame-ancestors 'self' *.mydukaan.io; 10 default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com images.ctfassets.net/8aevphvgewt8/; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com assets.ctfassets.net/8aevphvgewt8/ videos.ctfassets.net/8aevphvgewt8/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 9 report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' apis.roblox.com roblox.com *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net adservice.google.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com js.rbxcdn.com js.stripe.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com arkoselabs.roblox.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net cdn.veriff.me *.lightstep.com client-api.arkoselabs.com api.arkoselabs.com *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com cdn.safecharge.com; img-src 'self' data: *.cloudfront.net *.gilcdn.com *.gldcdn.com *.google-analytics.com *.google.com *.kaptcha.com *.rblx.org *.rbxcdn.com *.roblox.com *.robloxlabs.com googleads.g.doubleclick.net i.ytimg.com www.googletagmanager.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat *.stripe.com *.tarobicdn.com *.tarobidevsandboxcdn.com www.facebook.com *.snapchat.com *.safecharge.com; connect-src 'self' *.roblox.com *.robloxlabs.com *.rblx.org *.rbx.com *.rbxcdn.com *.roblox.cn *.simulpong.com *.lightstep.com *.ns1p.net *.arkoselabs.com *.kaptcha.com *.google.com *.google-analytics.com *.doubleclick.net *.sentry.io wss://realtime.roblox.com wss://realtime.sitetest1.robloxlabs.com wss://realtime.sitetest2.robloxlabs.com wss://realtime.sitetest3.robloxlabs.com wss://realtime-signalr.roblox.com *.braintree-api.com *.braintreegateway.com d1q2u37vreaobr.cloudfront.net funcaptcha.com robloxcorp.s.llnwi.net roblox-poc.global.ssl.fastly.net d1unuk07s6td74.cloudfront.net *.sierra.chat sierra.chat sc-static.net *.sc-static.net *.snapchat.com *.tapad.com analytics.tiktok.com *.safecharge.com; 9 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com *.upday.com *.samsung-news.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 9 default-src 'self' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; style-src 'self' 'unsafe-inline' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; font-src 'self' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; img-src 'self' data: https: blob: *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; media-src 'self' blob: *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; connect-src 'self' *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; worker-src 'self' blob: *.prismic.io *.jwplayer.com *.jwpcdn.com *.googletagmanager.com *.google-analytics.com *.jwpltx.com *.googleapis.com *.gstatic.com *.jwpsrv.com *.myworkdayjobs.com *.workday.com *.jobvite.com; frame-src 'self' *.prismic.io *.myworkdayjobs.com *.workday.com *.jobvite.com *.googletagmanager.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' *.myworkdayjobs.com *.workday.com 9 upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; object-src 'none'; script-src 'unsafe-eval' 'self' 'nonce-DhcnhD3khTMePgXw' 'strict-dynamic' 'unsafe-hashes' 'sha256-RjileO61mmx5C3Z0ub77ckR3sl153RlKqUC+EcKaVQc=' ; 9 default-src 'self' *.2o7.net *.accenture.cn *.accenture.com *.accenture.jp *.accenture.test *.accenturealumni.com *.adnxs.com *.adobe.com *.adobeaemcloud.com *.adobedc.net *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.amazonaws.com *.appcast.io *.apple.com *.assestsadobe.com *.azurewebsites.net *.bidswitch.net *.bing.com *.bootstrapcdn.com *.bnr.nl *.casalemedia.com *.captcha.com *.clarity.ms *.clicktale.net *.cloudflare.com *.cocubesprod.com *.company-target.com *.companytarget.com *.confirmit.com *.contentsquare.com *.contentsquare.net *.cookielaw.org *.crwdcntrl.net *.d3js.org *.datadoghq-browser-agent.com *.day.com *.demandbase.com *.delvenetworks.com *.demdex.net *.doubleclick.net *.echocdn.com *.echosign.com *.embed.ly *.en25.com *.everesttech.net *.facebook.com *.facebook.net *.flipsnack.com *.fontawesome.com *.ggpht.com *.glassdoor.com *.google.ca *.google.co.in *.google.co.za *.google.com *.google.com.ph *.google.com.sg *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ietf.org *.javelingroup.com *.jsdelivr.net *.knotch-cdn.com *.knotch.it *.libsyn.com *.licdn.com *.lightinfosys.com *.linkedin.com *.login.live.com *.marketo.net *.mettl.de *.ml314.com *.monster.com *.mktgcdn.com *.newsroom.accenture.de *.novetta.com *.omtrdc.net *.onetrust.com *.oribi.io *.pagetiger.com *.pubmatic.com *.reddit.com *.redditstatic.com *.rlcdn.com *.rosettastone.com *.rubiconproject.com *.salesforce.com *.scene7.com *.schema.org *.siteimprove.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.tableau.com *.trtl.co *.twimg.com *.typekit.net *.unpkg.com *.vidyard.com *.virtualearth.net *.yahoo.com *.youtube.com *.youtube-nocookie.com *.youtubenocookie.com *.ytimg.com https://t.co *.ionicframework.com *.flourish.studio https://flo.uri.sh https://unpkg.com *.delvenetworks.com *.slideshare.net *.jquery.com *.assetsadobe.com *.fintechinnovationlab.com *.pcdn.co *.wistia.net *.intraworlds.com *.wistia.com *.powerbi.com https://browser-intake-datadoghq.com blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' '*.2o7.net *.accenture.cn *.accenture.com *.accenture.jp *.accenture.test *.accenturealumni.com *.adnxs.com *.adobe.com *.adobeaemcloud.com *.adobedc.net *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.amazonaws.com *.appcast.io *.apple.com *.assestsadobe.com *.azurewebsites.net *.bidswitch.net *.bing.com *.bootstrapcdn.com *.bnr.nl *.casalemedia.com *.captcha.com *.clarity.ms *.clicktale.net *.cloudflare.com *.cocubesprod.com *.company-target.com *.companytarget.com *.confirmit.com *.contentsquare.com *.contentsquare.net *.cookielaw.org *.crwdcntrl.net *.d3js.org *.datadoghq-browser-agent.com *.day.com *.demandbase.com *.delvenetworks.com *.demdex.net *.doubleclick.net *.echocdn.com *.echosign.com *.embed.ly *.en25.com *.everesttech.net *.facebook.com *.facebook.net *.flipsnack.com *.fontawesome.com *.ggpht.com *.glassdoor.com *.google.ca *.google.co.in *.google.co.za *.google.com *.google.com.ph *.google.com.sg *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ietf.org *.javelingroup.com *.jsdelivr.net *.knotch-cdn.com *.knotch.it *.libsyn.com *.licdn.com *.lightinfosys.com *.linkedin.com *.login.live.com *.marketo.net *.mettl.de *.ml314.com *.monster.com *.mktgcdn.com *.newsroom.accenture.de *.novetta.com *.omtrdc.net *.onetrust.com *.oribi.io *.pagetiger.com *.pubmatic.com *.reddit.com *.redditstatic.com *.rlcdn.com *.rosettastone.com *.rubiconproject.com *.salesforce.com *.scene7.com *.schema.org *.siteimprove.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.tableau.com *.trtl.co *.twimg.com *.typekit.net *.unpkg.com *.vidyard.com *.virtualearth.net *.yahoo.com *.youtube.com *.youtube-nocookie.com *.youtubenocookie.com *.ytimg.com https://t.co *.ionicframework.com *.flourish.studio https://flo.uri.sh https://unpkg.com *.delvenetworks.com *.slideshare.net *.jquery.com *.assetsadobe.com *.fintechinnovationlab.com *.pcdn.co *.wistia.net *.intraworlds.com *.wistia.com *.powerbi.com blob:; style-src 'self' 'unsafe-inline' *.2o7.net *.accenture.cn *.accenture.com *.accenture.jp *.accenture.test *.accenturealumni.com *.adnxs.com *.adobe.com *.adobeaemcloud.com *.adobedc.net *.adobedtm.com *.ads-twitter.com *.adsrvr.org *.adsymptotic.com *.amazonaws.com *.appcast.io *.apple.com *.assestsadobe.com *.azurewebsites.net *.bidswitch.net *.bing.com *.bootstrapcdn.com *.bnr.nl *.casalemedia.com *.captcha.com *.clarity.ms *.clicktale.net *.cloudflare.com *.cocubesprod.com *.company-target.com *.companytarget.com *.confirmit.com *.contentsquare.com *.contentsquare.net *.cookielaw.org *.crwdcntrl.net *.d3js.org *.datadoghq-browser-agent.com *.day.com *.demandbase.com *.delvenetworks.com *.demdex.net *.doubleclick.net *.echocdn.com *.echosign.com *.embed.ly *.en25.com *.everesttech.net *.facebook.com *.facebook.net *.flipsnack.com *.fontawesome.com *.ggpht.com *.glassdoor.com *.google.ca *.google.co.in *.google.co.za *.google.com *.google.com.ph *.google.com.sg *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ietf.org *.javelingroup.com *.jsdelivr.net *.knotch-cdn.com *.knotch.it *.libsyn.com *.licdn.com *.lightinfosys.com *.linkedin.com *.login.live.com *.marketo.net *.mettl.de *.ml314.com *.monster.com *.mktgcdn.com *.newsroom.accenture.de *.novetta.com *.omtrdc.net *.onetrust.com *.oribi.io *.pagetiger.com *.pubmatic.com *.reddit.com *.redditstatic.com *.rlcdn.com *.rosettastone.com *.rubiconproject.com *.salesforce.com *.scene7.com *.schema.org *.siteimprove.com *.slidesharecdn.com *.sndcdn.com *.soundcloud.com *.tableau.com *.trtl.co *.twimg.com *.typekit.net *.unpkg.com *.vidyard.com *.virtualearth.net *.yahoo.com *.youtube.com *.youtube-nocookie.com *.youtubenocookie.com *.ytimg.com https://t.co *.ionicframework.com *.flourish.studio https://flo.uri.sh https://unpkg.com *.delvenetworks.com *.slideshare.net *.jquery.com *.assetsadobe.com *.fintechinnovationlab.com *.pcdn.co *.wistia.net *.intraworlds.com *.wistia.com *.powerbi.com blob:; upgrade-insecure-requests; block-all-mixed-content 9 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors: 'self' *.mheducation.com; 9 frame-ancestors 'self' https://www.thomsonreuters.com 9 frame-ancestors 'self' *.freshworks.com *.freshdesk.com *.freshservice.com *.myfreshworks.com *.freshcaller.com *.freshteam.com *.freshchat.com *.freshping.io *.freshrelease.com *.freshstatus.io *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com *.optimizely.com *.freshpo.com *.myfreshworks.dev *.freshscout.com freshworks.pathfactory.com *.freshrobust.com *.freshitops.com *.freshcmdb.com 9 frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ https://app.mutinyhq.com/ 9 object-src 'none'; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests 9 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 9 object-src 'none'; base-uri 'self' 9 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://hossa.inwx.com https://zammad.inwx.de *.zammad.inwx.de ws: wss: *.hossa.inwx.com https://static.inwx.com; worker-src 'self' blob: 9 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: ; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 9 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 9 default-src 'self'; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 9 frame-ancestors 'self' https://www.johnsoncontrols.com 9 form-action 'self'; 9 frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 9 default-src * blob: data: https:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 9 frame-ancestors 'self' https://dato-plugin-seven.vercel.app https://factorial-next.admin.datocms.com *.factorial.co *.factorialhr.es *.factorial.es *.factorial.mx *.factorial.fr *.factorial.it *.factorialhr.co.uk *.factorialhr.co *.factorialhr.de *.factorial.ch *.factorial.be *.factorialhr.pt *.factorialhr.com.br *.factorialhr.com.ar *.factorialhr.ar *.factorialhr.cl *.factorialhr.com.de *.factorial.pl *.factorialhr.com 9 frame-ancestors 'self' *.daysmartpayments.com http://localhost:4200/ 9 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 9 default-src 'self' http: https: ws: wss:; script-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' http: https: data:; style-src 'unsafe-inline' http: https:; font-src 'self' http: https: data:; 9 default-src *; frame-src https:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src *; img-src * data:; object-src 'none'; frame-ancestors https:; base-uri 'self'; connect-src *; font-src * data:; 9 frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/ https://gamezone.cfl.ca/ https://platform.twitter.com/ https://www.instagram.com/ https://www.tiktok.com/ https://interland3.donorperfect.net/ https://chartbeat.com/ https://static2.chartbeat.com/ https://*.acuityscheduling.com/ https://*.tagboard.com/ https://caimgs.s3-ca-central-1.amazonaws.com/ https://cdn.userway.org/ https://www.surveymonkey.com/ https://player.streamguys.com/ https://www.buzzsprout.com https://www.googleadservices.com/ https://console.googletagservices.com/ https://play.ottawaredblacks.com/ https://www.googletagservices.com/ https://www.tdplace.ca/ https://www.placetd.ca/ https://fevo-enterprise.com/ https://x.adroll.com/ https://www.googletagmanager.com/ https://ep2.adtrafficquality.google/ https://winnipegfootballclub.jotform.com/ https://embed.radio.co/ https://open.spotify.com/ https://pop0-ccs-webchat-api.serverdata.net/ https://logwork.com/; 9 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 9 base-uri 'none'; font-src 'self' https: data:; form-action 'self'; upgrade-insecure-requests; 9 default-src * 'unsafe-inline' 'unsafe-eval' 9 default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 9 default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 9 frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 9 frame-ancestors 'self' https://virtual-tours.msccruises.com; 9 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 9 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://payment.preprod.payone.com https://payment.payone.com; frame-ancestors 'none'; img-src 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https: http://localhost:8080; upgrade-insecure-requests; 9 frame-ancestors 'self' https://test-screwfixspares.bloomreach.io/ https://screwfixspares.bloomreach.io/ 9 unsafe-inline 9 default-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 9 frame-ancestors https://auto-emotion.cupra.de https://showcase.cupra.de.showcase.dev.cupra.de 'self' 9 frame-ancestors https://app.contentful.com https://dash.cloudflare.com 9 default-src * data: 'unsafe-inline' 'unsafe-eval' 'self' blob:; media-src * blob:; img-src * data: 'unsafe-inline' blob: *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.heapanalytics.com https://*.qualtrics.com; font-src * data: 'unsafe-inline'; frame-ancestors *.amway.it; connect-src 'self' api-js.datadome.co *.amway.eu https://siteintercept.qualtrics.com https://maps.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com https://*.clarity.ms https://c.bing.com *.auryc.com https://amway-api.exponea.com https://*.ada.support https://*.qualtrics.com; frame-src https://*.elf.site https://players.brightcove.net geo.captcha-delivery.com https://coreplus.amwayglobal.com https://coreplus-qa.amwayglobal.com https://coreplus-regional.gmb-preprod.corp.amway.net https://coreplus-stage.amwayglobal.com *.qualtrics.com https://bonus.amway-services.com https://online.flippingbook.com https://amway-achievers.web.app https://amway-achievers-gallery.web.app app.vwo.com *.visualwebsiteoptimizer.com https://www.youtube.com https://*.ada.support https://*.qualtrics.com https://export-file-storage-prod.s3.us-east-1.amazonaws.com https://view.genially.com https://*.3ways.com; worker-src 'self' blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com tags.tiqcdn.com js.datadome.co *.googleapis.com *.heapanalytics.com *.qualtrics.com *.clarity.ms https://amway-api.exponea.com https://*.ada.support https://*.qualtrics.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.googleapis.com *.gstatic.com 9 frame-ancestors *; report-uri /_/commcsp?disposition=enforce 9 default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 9 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *; frame-ancestors 'self' ekat.festool.de *.festool.com 9 default-src https: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' ;img-src https: blob: data:;font-src https: data:;connect-src https: wss:;worker-src https: blob:; 9 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 9 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' unsafe-inline; script-src 'self' * data: blob: unsafe-inline 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: unsafe-inline 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: unsafe-inline 'unsafe-inline'; img-src * data: blob: unsafe-inline 'unsafe-inline'; media-src * data: blob: unsafe-inline 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: unsafe-inline 'unsafe-inline'; font-src * data: blob: unsafe-inline 'unsafe-inline'; frame-ancestors 'none' 9 frame-ancestors 'self' https://www.mtbiker.sk; 9 frame-ancestors 'self' *.plentymarkets-cloud-ie.com *.my.plentysystems.com 9 base-uri 'self';frame-ancestors 'self' 9 frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 8 upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 8 frame-ancestors 'self' *.kameleoon.com 8 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-src http: https: data:; upgrade-insecure-requests 8 upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none' 8 frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 8 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 8 upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 8 default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://sdk.token.logpay.de https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' https://s-bahn-hh.specials-bahn.de/ *.google.com https://cms.static-bahn.de https://secure.pay1.de https://dbpayment.dbv.service.deutschebahn.com https://payment.dbv.service.deutschebahn.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://s-bahn-muenchen-live.de https://assets1-eur.mkt.dynamics.com https://assets-eur.mkt.dynamics.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de https://tour.services-bahn.de; frame-ancestors 'self'; style-src 'self' https://ucm-eu.verint-cdn.com https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 8 object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com http://*.cvent.cloud https://*.cvent.cloud; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com http://*.cvent.cloud https://*.cvent.cloud; report-uri /report-csp-violation 8 default-src 'self' *.jfrog.com *.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jfrog.com https://geoip-js.com https://www.googletagmanager.com https://cdn.cookielaw.org *.nagich.co.il https://www.recaptcha.net https://sec.webeyez.com https://pagead2.googlesyndication.com https://www.gstatic.com https://www.gstatic.cn https://dev.visualwebsiteoptimizer.com https://gtm.jfrog.com https://js.driftt.com https://munchkin.marketo.net *.marketo.com https://static.oktopost.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://static.ads-twitter.com https://snap.licdn.com https://connect.facebook.net https://www.redditstatic.com *.outbrain.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://okt.to https://www.google-analytics.com blob: https://tracking.g2crowd.com https://platform.twitter.com https://www.google.com *.6sc.co https://cdn.heapanalytics.com *.zuora.com https://256-fnz-187.mktoutil.com https://js-eu1.hsforms.net https://www2.bluesnap.com https://jfrogforms.formtitan.com *.algolia.net *.algolianet.com https://app.vwo.com transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com https://www.influ2.com https://a.usbrowserspeed.com; connect-src 'self' *.jfrog.com https://send.webeyez.com https://ingest.webeyez.com *.nagich.co.il https://cdn.cookielaw.org https://www.gstatic.com https://pagead2.googlesyndication.com *.visualwebsiteoptimizer.com https://gtm.jfrog.com https://www.google.com *.marketo.com https://ws.zoominfo.com https://js.zi-scripts.com https://pixel-config.reddit.com https://www.redditstatic.com *.outbrain.com https://px.ads.linkedin.com https://256-fnz-187.mktoresp.com https://www.google-analytics.com *.6sc.co *.onetrust.com https://tracking.g2crowd.com https://geoip-js.com *.6sense.com https://www.googleapis.com *.g2.com https://heapanalytics.com https://256-fnz-187.mktoutil.com *.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com *.hubspot.com https://www.googleadservices.com https://www2.bluesnap.com *.algolia.net *.algolianet.com https://app.vwo.com https://www.recaptcha.net transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com https://www.facebook.com https://t.influ2.com/ https://google.com; style-src 'self' 'unsafe-inline' *.jfrog.com https://rtp-static.marketo.com https://fonts.googleapis.com https://access.nagich.co.il https://app.vwo.com *.visualwebsiteoptimizer.com transcend-cdn.com; font-src 'self' *.jfrog.com https://fonts.gstatic.com data:; img-src * blob: data: transcend.io *.transcend.io transcend-cdn.com *.transcend-cdn.com; media-src 'self' *.jfrog.com; frame-src 'self' *.jfrog.com https://sec.webeyez.com https://www.googletagmanager.com https://www.recaptcha.net https://js.driftt.com https://td.doubleclick.net https://www.google.com https://www.facebook.com https://www.youtube.com *.zuora.com *.hsforms.com https://jfrogforms.formtitan.com https://jfrog.chilipiper.com https://hackerone.com https://jfrog.force.com https://jfrogprm.my.salesforce-sites.com https://app.vwo.com *.visualwebsiteoptimizer.com https://jfrogcpq.formtitan.com https://sandbox-jfrog.chilipiper.com https://apps.chilipiper.com https://access.nagich.co.il; frame-ancestors 'self' https://partners.jfrog.com https://supportjfrog.force.com/; worker-src 'self' *.jfrog.com https://sec.webeyez.com blob:; 8 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 8 default-src https: 'unsafe-eval' 'unsafe-inline' 'self' ws: data:; worker-src blob:; object-src 'none'; frame-ancestors 'none' 8 connect-src 'self' wss: *.adyen.com bat.bing.com bat.bing.net browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu www.ceneo.pl common-services.cidaas.de *.clarity.ms cke4.ckeditor.com *.cloudflare.com cdn.cookielaw.org ams.creativecdn.com *.doubleclick.net *.facebook.com www.google.at google.com adservice.google.com *.analytics.google.com apis.google.com pay.google.com tez.google.com www.google.com www.google.cz www.google.de www.google.fr www.google.it www.google.pl www.google.sk *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com retazove-pily.heureka.sk code.jquery.com *.kaufland.at account.kaufland.com *.kaufland.cz *.kaufland.de *.kaufland.fr *.kaufland.it *.kaufland.pl *.kaufland.sk js.klarna.com x.klarnacdn.net eu.klarnaevt.com availability.loadbee.com *.mopinion.com *.onetrust.com *.paypal.com *.paypalobjects.com spay.samsung.com *.seznam.cz jsapi.simplesurance.de *.sovendus.com *.theadex.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.userwerk.com *.venmo.com; default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: blob:; font-src 'self' data: https:; frame-src 'self' https: http:; img-src 'self' blob: data: https: http: chrome-extension:; object-src 'self' https: http:; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=puba4ff6837563e0a6289c852e7c147d8db&dd-evp-origin=content-security-policy&ddsource=csp-report&service=csp-report&ddtags=env:prod; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: track.adform.net js.adsrvr.org bat.bing.com *.cash.app applepay.cdn-apple.com cdn.ckeditor.com *.clarity.ms *.cloudflare.com cdn.cookielaw.org tags.creativecdn.com cdn.datatables.net googleads.g.doubleclick.net connect.facebook.net edge.eu1.fullstory.com cdn.getivy.de apis.google.com pay.google.com translate.google.com www.google.com *.googleadservices.com *.googleapis.com www.googleoptimize.com pagead2.googlesyndication.com *.googletagmanager.com tagmanager.google.com www.heureka.cz code.jquery.com *.kaufland.at *.kaufland.cz *.kaufland.de kaufland.de *.kaufland.fr *.kaufland.it *.kaufland.pl *.kaufland.sk js.klarna.com x.klarnacdn.net *.loadbee.com src.mastercard.com *.mopinion.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.ratepay.com *.seznam.cz jsapi.simplesurance.de api.sovendus.com cdn.speedcurve.com speedcurve.com *.theadex.com analytics.tiktok.com *.int.userwerk.com *.venmo.com assets.secure.checkout.visa.com www.zbozi.cz; style-src 'self' 'unsafe-inline' https:; worker-src blob: 'self' 8 frame-ancestors 'self' *.mebis.info 8 report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app https://*.auscheck-5.preprod.govcms.gov.au 8 default-src=self; 8 frame-ancestors 'self' *.aftership.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.am-static.com *.automizely.com *.aftership.com *.automizely-analytics.com https://cdn.jsdelivr.net/npm/keycloak-js@15.1.1/dist/keycloak.min.js js-agent.newrelic.com static.cloudflareinsights.com www.googletagmanager.com ws.zoominfo.com accounts.google.com www.google.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com snap.licdn.com connect.facebook.net static.ads-twitter.com bat.bing.com www.clarity.ms scripts.clarity.ms tracking.g2crowd.com www.gstatic.com www.gstatic.cn widget.freshworks.com us-assets.i.posthog.com client.crisp.chat app.storyblok.com www.recaptcha.net code.jquery.com *.hotjar.com j.6sc.co js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net js.hsadspixel.net static.hsappstatic.net *.tiktok.com *.ttwstatic.com https://boards.greenhouse.io/embed/job_board/js organizer.bizzabo.com https://js.usemessages.com/conversations-embed.js https://unpkg.com/@splinetool/viewer/build/spline-viewer.js https://cdn.jsdelivr.net/npm/hls.js@latest mv.icu *.revenuehero.io www.zerobounce.net sdks.aftership-pixel.com cdn.crowdin.com; object-src 'none' 8 require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 8 default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; style-src * 'unsafe-inline'; object-src 'self' *.youtube.com youtube.com; img-src * data:; frame-src * blob:; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 8 connect-src 'self' inetchat.zoner.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com www.google-analytics.com *.smartlook.cloud *.doubleclick.net https://web.facebook.com https://www.facebook.com https://manychat.com https://socialplugin.facebook.net *.google-analytics.com https://search.zonercloud.cz https://*.clarity.ms www.google.com google.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io adservice.google.com www.google.cz *.analytics.google.com px.ads.linkedin.com googletagmanager.com https://maps.googleapis.com https://ai-dev.zarea.net:4003;default-src 'self' www.google-analytics.com www.google.com inetchat.zoner.com;font-src 'self' data: fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com www.google.cz www.google.com inetchat.zoner.com www.facebook.com c.imedia.cz http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.inpage.cz https://www.inpage.sk https://c.seznam.cz https://i.ytimg.com *.twitter.com https://seal.digicert.com ad.czechia.com api.thegreenwebfoundation.org www.abuseipdb.com www.googletagmanager.com https://px.ads.linkedin.com https://c.bing.com https://c.clarity.ms www.google.sk www.google.es www.google.de www.google.sn https://maps.gstatic.com www.czechia.com mailing.zoner.eu;manifest-src 'self';script-src 'self' 'unsafe-inline' data: www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz connect.facebook.net c.imedia.cz rec.smartlook.com *.twitter.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://seal.digicert.com ad.czechia.com https://c.seznam.cz https://widget.manychat.com https://mccdn.me www.clarity.ms https://search.zonercloud.cz https://snap.licdn.com https://*.clarity.ms https://maps.googleapis.com/ https://mujtest.eu https://cdn.amcharts.com https://cdn.datatables.net https://martinturek.dev 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net;frame-ancestors 'none';form-action 'self' admin.czechia.com admin.slovaknet.sk admin.regzone.cz *.csob.cz *.tatrabanka.sk www.googletagmanager.com www.facebook.com;base-uri 'self';object-src 'none';frame-src 'self' *.inpage.cz *.inpage.sk *.inpageweb.com www.youtube.com www.google.com maps.google.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.twitter.com www.metercustom.net https://web.facebook.com https://www.facebook.com *.doubleclick.net https://docs.google.com mailing.zoner.eu www.googletagmanager.com https://mujtest.eu;report-uri /csp-report-endpoint; 8 upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 8 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://p2-chat-use1.starcenter.star2star.com/ https://privacy-proxy.usercentrics.eu/ https://app.usercentrics.eu/ https://info.sangomaus.local/ https://info.staging.sangoma.com/ https://info.sangoma.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://cdn.howuku.com/ https://api.howuku.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hubspot.com/ https://js.hsforms.net/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://play.google.com/ https://www.googleadservices.com/ https://s3.tradingview.com/ https://www.workable.com/ https://dcvxs6ggqztsa.cloudfront.net/ https://apply.workable.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' blob: data: https://secure.gravatar.com/ https://staging.sangoma.com/ https://app.usercentrics.eu/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://perf-na1.hsforms.com/ https://track.hubspot.com/ https://forms-na1.hsforms.com/ https://www.googletagmanager.com/ https://www.linkedin.com/ https://www.x.com/ https://uct.service.usercentrics.eu/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ ; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' wss://ws.hotjar.com/ https://api.hsforms.com/ https://api.usercentrics.eu/ https://px.ads.linkedin.com/ https://api.howuku.com/ https://cta-service-cms2.hubspot.com/ https://content.hotjar.io/ https://p2-chat-use1.starcenter.star2star.com/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://www.google-analytics.com/ https://www.linkedin.com/ https://www.google.com/ https://www.workable.com/assets/embed.jshttps://www.x.com/ https://metrics.hotjar.io/ https://api.howuku.com/ https://api.howuku.com/ https://vc.hotjar.io/ https://consent-api.service.consent.usercentrics.eu/ https://google.com/ https://www.googleadservices.com/ ;worker-src 'self' blob: https://www.google.com/ ;frame-src 'self' https://p2-chat-use1.starcenter.star2star.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://www.google.com/ https://www.youtube.com/ https://forms.hsforms.com/ https://www.tradingview-widget.com/ ;frame-ancestors 'self' https://www.google.com/ ; 8 object-src 'self' 8 default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self' https://cdn.justpremium.com; form-action 'self' 8 frame-ancestors 'self' https://school.novakidschool.com 8 frame-ancestors 'self' https://crm.test.doublefs.com https://crm.prod.doublefs.com; 8 frame-ancestors 'self' https://*.infomaker.io https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 8 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; worker-src 'self' blob:; 8 default-src * 'unsafe-inline' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.rambler.ru dsp-rambler.ru *.dsp-rambler.ru *.rambler-co.ru *.top100.ru *.s3.yandex.net *.market.yandex.ru *.yandex.ru *.maps.yandex.net yandex.ru yastatic.net *.webvisor.org smartcaptcha.yandexcloud.net www.google-analytics.com www.googletagmanager.com *.weborama.fr *.weborama-tech.ru weborama-tech.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru adriver.com adriver.ru *.adriver.com *.adriver.ru *.serving-sys.ru *.serving-sys.com serving-sys.ru serving-sys.com *.smi2.net *.smi2.ru smi2.ru *.24smi.net *.smi2cdn.ru *.sber.ru sber.ru *.mail.ru *.mindbox.ru *.rnet.plus *.adfox.ru *.jsdelivr.net *.pushwoosh.com *.createjs.com *.facebook.net *.reddigital.ru *.geniusaudience.com *.gnezdo.ru *.hit.gemius.pl *.prom.app.sberdevices.ru *.2xclick.ru *.infox.sg *.otm-r.com stat.media *.terratraf.io *.soloway.ru vk.com *.getsitecontrol.com www.tns-counter.ru *.mradx.net *.ampproject.org *.bumlam.com *.imgsniper.com *.terratraf.com *.digitaltarget.ru telegram.org *.buzzoola.com buzzoola.com *.aidata.io *.a.mts.ru anketolog.ru blob:; report-to csp.rambler-co.ru 8 frame-ancestors https://*.teknikproffset.se https://pj-guiding-content.sanity.studio 'self' 8 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 8 frame-ancestors 'self' https://*.etracker.com 8 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 8 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 8 nosniff 8 frame-ancestors https://faucetpay.io https://coinpayu.com https://cointiply.com https://faucetcrypto.com https://adbtc.top https://viefaucet.com https://firefaucet.win https://autofaucet.dutchycorp.space https://claimfreecoins.io; 8 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 8 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vlibras.gov.br https://www.vlibras.gov.br https://www.googletagmanager.com https://atlas.microsoft.com https://www.google-analytics.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://www.ba.gov.br https://ba.gov.br https://use.fontawesome.com https://www.chatbase.co https://www.instagram.com https://platform.twitter.com https://code.jquery.com; script-src-elem 'self' 'unsafe-inline' blob: https://vlibras.gov.br https://www.vlibras.gov.br https://www.googletagmanager.com https://atlas.microsoft.com https://www.google-analytics.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://apis.google.com https://use.fontawesome.com https://www.chatbase.co https://www.instagram.com https://platform.twitter.com https://unpkg.com https://regin.pscs.com.br https://code.jquery.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.ba.gov.br https://ba.gov.br https://cdn.jsdelivr.net https://unpkg.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://atlas.microsoft.com https://vlibras.gov.br https://www.vlibras.gov.br; connect-src 'self' https://atlas.microsoft.com https://servicosaocidadao.ba.gov.br https://www.google-analytics.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://acessos.vlibras.gov.br https://dicionario2.vlibras.gov.br https://vlibras.gov.br https://cdn.jsdelivr.net https://traducao2.vlibras.gov.br https://www.google.com https://apis.google.com https://www.chatbase.co https://saojoaodabahia.ba.gov.br https://chatbot.pscs.com.br wss://chatbot.pscs.com.br; frame-src 'self' https://www.youtube.com https://www.google.com https://nuvidio.com https://app.powerbi.com https://prodeb-sac-digital.firebaseapp.com https://gestor.meioambiente.ba.gov.br https://www.chatbase.co https://platform.twitter.com https://www.instagram.com https://publicacao.egba.ba.gov.br https://www.transparencia.ba.gov.br https://calendar.google.com https://copilotstudio.microsoft.com https://services.pge.ba.gov.br https://piloto.egba.ba.gov.br https://rtmp.irdeb.ba.gov.br; frame-ancestors 'self' https://www.google.com; worker-src 'self' blob:; 8 frame-ancestors 'self' https://shopproxy.p-s-s.de https://home.interzum.com https://home.interzum.de 8 frame-ancestors https://cms-prod.brxm.grandvision.io 8 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.sharethis.com *.botmd.io *.google-analytics.com https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.simsys.sg *.sharethis.com *.cdninstagram.com *.botmd.io *.s3.amazonaws.com *.google-analytics.com *.google.com *.google.com.sg https://px.ads.linkedin.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.sharethis.com player.vimeo.com *.facebook.com *.youtube.com *.botmd.io *.google.com https://form.gov.sg td.doubleclick.net youtu.be www.googletagmanager.com my.matterport.com *.spotify.com https://gccchat.nuhs.edu.sg https://vimeo.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.sharethis.com bcp.crwdcntrl.net *.ent.ap-southeast-1.aws.found.io *.google-analytics.com https://stats.g.doubleclick.net *.amazonaws.com https://data.stbuttons.click/data c.ltmsphrcl.net https://gccchat.nuhs.edu.sg/connector/api/chat/connect *.google.com https://px.ads.linkedin.com; media-src 'self' data: blob: *.cdninstagram.com *.botmd.io *.s3.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: data:; object-src 'none' 8 frame-ancestors 'self'; base-uri 'self'; object-src 'none'; 8 img-src 'self' data: https:; 8 upgrade-insecure-requests; frame-ancestors 'self' http://localhost https://localhost https://aemstage1.assaabloyservices.com https://aemdev.hesinnovations.com https://assaconnect.azurewebsites.net https://assaconnect-qa.azurewebsites.net https://assaconnect-staging.azurewebsites.net https://connect.assaabloy.com https://edc.adamsrite.com https://egress-calculator-qa.azurewebsites.net https://egresscalc.assaabloy.com https://egress-calculator-prod.azurewebsites.net https://eac-dev.aa-bts.com https://eac-qa.aa-bts.com https://eacconfig.assaabloy.com; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: http:; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; base-uri 'self'; 8 frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 8 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com http://s7.addthis.com https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' https:; frame-src 'self' https: https://www.google.com; object-src 'none'; frame-ancestors 'self';connect-src 'self' https://www.google-analytics.com https://analytics.google.com https:; 8 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.domain-robot.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.google.com https://*.usercentrics.eu https://www.googleadservices.com https://snap.licdn.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://t.co https://*.google.de https://*.google.com https://*.facebook.com https://seal.digicert.com blob: data: https://fonts.googleapis.com/css;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 8 upgrade-insecure-requests; frame-ancestors: self 8 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 8 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 8 object-src 'self'; 8 font-src *;img-src * data:; 8 default-src 'self' 'unsafe-inline' *.myconnectsuite.com *.schoolinsites.com *.pcmac.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; base-uri 'self'; form-action 'self' 'unsafe-inline' *; img-src 'self' *; connect-src 'self' *; frame-src *; media-src 'self' blob: *; worker-src 'self' blob: * 8 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.erwinhymergroup.com https://*.laika.it 8 frame-ancestors *; report-uri /_/commcsp?disposition=enforce; 8 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; frame-src 'self' https:; 8 frame-ancestors ; upgrade-insecure-requests; 8 frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 8 frame-ancestors 'self' https://gtranslate.io; 8 frame-ancestors 'self' oricohxr.works ricoh.oricohxr.works; 8 frame-ancestors https://*.enjoy4fun.com https://*.beesads.com 8 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 8 frame-ancestors 'self' https://*.traumgutscheine.com 8 frame-ancestors 'self' https://omnidoctor.ru/ 8 frame-ancestors 'self' *.netcinegg.lat netcinegg.lat 8 upgrade-insecure-requests; frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com; 7 frame-ancestors 'self' https://blog.hootsuite.com https://app.contentful.com https://hootsuite.com https://staging.hootsuite.com/; report-uri https://o3805.ingest.sentry.io/api/6608832/security/?sentry_key=f44c14ec894c4667b3fd34b84042794d 7 object-src *; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 7 base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com *.visualwebsiteoptimizer.com https://forms.hsforms.com; frame-ancestors 'self' https://cms.hosting.com; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 7 frame-ancestors 'self' *.nokia.com *.ceros.com nokia.lookbookhq.com; report-uri /report-csp-violation 7 script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.brighttalk.com *.pdst.fm *.doubleclick.net *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.techtarget.com *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.vidyard.com *.hotjar.com *.driftt.com *.searchcdn.com *.salesforceliveagent.com *.force.com *.salesforce.com *.salesforce-sites.com *.google.com *.googleoptimize.com *.redditstatic.com *.jsdelivr.net unpkg.com *.highcharts.com *.zi-scripts.com assets.barracuda.com *.pixeltracker.co 7 block-all-mixed-content;frame-ancestors *.mail.com 7 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://api-esp-eu.piano.io; worker-src 'self' blob:; child-src 'self' blob: https://consentcdn.cookiebot.com; frame-src 'self' https://consentcdn.cookiebot.com *.googletagmanager.com https://api-esp.piano.io https://share.transistor.fm https://www.google.com *.googlesyndication.com *.adtrafficquality.google *.youtube.com datawrapper.dwcdn.net e.infogram.com js.stripe.com https://www.youtube-nocookie.com *.webclew.com https://securepubads.g.doubleclick.net/ https://www.googleadservices.com/ *.spotify.com https://api-esp-eu.piano.io/ https://cdn-gl.imrworldwide.com/ *.soundcloud.com donorbox.org https://*.hsforms.com https://*.hsforms.net https://www.google.com/recaptcha/ https://*.linkedin.com 7 frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.healthybenefitsplus.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.healthybenefitsplus.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net *.lpsnmedia.net *.liveperson.net https://va.idp.liveperson.net match.adsrvr.org; 7 default-src https: data: 'unsafe-eval' 'unsafe-inline' https://*.smassets.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com wss://*.qualified.com https://api.amplitude.com https://api2.amplitude.com https://*.crazyegg.com; upgrade-insecure-requests; connect-src https: wss: https://rum-ingest.us1.signalfx.com/ https://api.schedule.zoominfo.com https://ws.zoominfo.com 'self'; script-src https: blob: 'unsafe-eval' 'unsafe-inline' https://js.zi-scripts.com https://schedule.zoominfo.com https://ws-assets.zoominfo.com 'self'; worker-src https: blob: 'self'; media-src https: blob: 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com https://*.cloud.microsoft 7 frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 7 'self' 7 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com www.questdiagnostics.com *.scene7.com tags.tiqcdn.com www.googletagmanager.com www.youtube.com analytics.js *.google-analytics.com *.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com *.demandbase.com js.hs-analytics.net secure.quantserve.com bs.serving-sys.com api.fouanalytics.com *.linkedin.com *.licdn.com *.facebook.net *.facebook.com *.hotjar.com *.ps.five9.com api.mixpanel.com api-js.mixpanel.com cdn.mxpnl.com js-cdn.dynatrace.com vbk56183.live.dynatrace.com ucg59307.live.dynatrace.com https://d8j4om1fqg.kameleoon.com https://static.kameleoon.com https://graphical-editor.kameleoon.com https://simulation.kameleoon.com https://client-config.kameleoon.com https://sdk-config.kameleoon.eu https://electra.kameleoon.com; connect-src 'self' *.scene7.com target.questdiagnostics.com *.google-analytics.com stats.g.doubleclick.net *.qualtrics.com cdn.cookielaw.org *.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com api.company-target.com api.fouanalytics.com *.demandbase.com *.linkedin.com *.licdn.com *.facebook.net *.facebook.com *.hotjar.com *.ps.five9.com api.mixpanel.com api-js.mixpanel.com cdn.mxpnl.com js-cdn.dynatrace.com vbk56183.live.dynatrace.com ucg59307.live.dynatrace.com https://d8j4om1fqg.kameleoon.com https://static.kameleoon.com https://data.kameleoon.io https://data.kameleoon.eu https://eu-data.kameleoon.io https://eu-data.kameleoon.eu https://na-data.kameleoon.io https://na-data.kameleoon.eu https://editor.kameleoon.com https://graphical-editor.kameleoon.com https://simulation.kameleoon.com https://api.kameleoon.com https://customers.kameleoon.com https://logger.kameleoon.io https://client-config.kameleoon.com https://sdk-config.kameleoon.eu https://api.products.kameleoon.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com 7 upgrade-insecure-requests; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; font-src 'self' https://*.apple.com; style-src 'self' https://*.apple.com 'unsafe-inline'; script-src 'self' https://*.apple.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; connect-src 'self' https://*.apple.com https://*.mzstatic.com; media-src 'self' https://*.apple.com blob:; child-src 'self' https://*.apple.com; frame-src 'self' https://*.apple.com itms-appss: macappstore:; worker-src blob:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/csp-report 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: ws:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 7 base-uri 'none'; font-src 'self' blob: data: https://assets.vercel.com https://vercel.live/ *.abtasty.com *.gstatic.com *.googleapis.com; form-action 'self' https://*.salesforce.com; frame-ancestors 'self' localhost:* https://*.toogoodtogo.com https://mkt-website-studio-dev.tgtg.ninja https://mkt-website-studio.tgtg.ninja https://*.sanity.studio https://*.sanity.io; img-src 'self' data: blob: https://vercel.com https://vercel.live/ https://sockjs-mt1.pusher.com/ https://cdn.sanity.io https://images.tgtg.ninja https://images-test.tgtg.ninja https://i.vimeocdn.com https://apptoogoodtogo.com https://dashboard.feedbucket.app https://www.googletagmanager.com https://*.ytimg.com https://*.googletagmanager.com https://*.abtasty.com https://*.hotjar.com https://*.starred.com https://*.bing.com https://bat.bing.com https://*.doubleclick.net https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.amazonaws.com https://*.google.es https://obseu.andstarsbuilding.com https://c.clarity.ms https://static-mkt.toogoodtogo.com https://*.googleapis.com https://*.gstatic.com; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-f8TfkKg+1iU2aPsoXdlYBmNL' 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src 'self' https://vercel.com https://vercel.live/ https://player.vimeo.com https://www.youtube.com https://*.googletagmanager.com https://*.starred.com policy.app.cookieinformation.com https://*.starred.com https://*.facebook.com *.hotjar.com https://*.sanity.studio https://*.sanity.io https://*.doubleclick.net https://challenges.cloudflare.com https://iframe.turnstile.cloudflare.com https://captcha.cloudflare.com; 7 script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net analytics.tiktok.com bat.bing.com fpt.absa.co.za fpt.absa.com.gh fpt.absabank.co.ke fpt.absabank.mu fpt.absa.co.mz fpt.absa.sc fpt.absa.co.tz fpt.absa.co.ug fpt.absa.co.zm fpt.absa.co.bw p.teads.tv absa2--a2sadcdev.sandbox.my.site.com absa2--a2sadcdev.sandbox.my.salesforce-scrt.com absa2--a2uat.sandbox.my.site.com absa2--a2uat.sandbox.my.salesforce-scrt.com absa2.my.site.com absa2.my.salesforce-scrt.com absa-en-za-stage-webview-library-service.kitsys.net absa-en-za-stage.kitsys.net 7 “upgrade-insecure-requests†7 frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com;object-src 'none'; 7 default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * blob: data: 'unsafe-inline'; frame-src * data:; style-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors * data:; 7 upgrade-insecure-requests; object-src 'none'; 7 object-src 'none'; form-action 'self'; frame-ancestors 'none' 7 script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 7 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 7 frame-ancestors 'self' https://smarthub.keystoneacademic.com https://sanity.keg.com https://beta.sanity.keg.com; 7 img-src data: 'self' https: blob: https://www.facebook.com https://content-eu-central-1.knowunity.com https://content-eu-central-1.knowunity.dev; font-src 'self'; connect-src *; object-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://apis.google.com https://www.google.com https://appleid.cdn-apple.com https://js.hcaptcha.com https://analytics.tiktok.com https://sc-static.net https://js.stripe.com https://cdnjs.cloudflare.com https://apps.elfsight.com https://static.elfsight.com https://accounts.google.com/gsi/client https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.clarity.ms https://www.paypal.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://assets.calendly.com/assets/external/widget.js https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; style-src-elem 'self' https://accounts.google.com/gsi/style 'unsafe-inline' https://cdn.paddle.com/paddle/v2/assets/css/paddle.css; script-src-elem * 'unsafe-inline' blob: 'self'; media-src https: 'self'; default-src 'self'; worker-src blob:; frame-ancestors 'self'; frame-src https://www.youtube.com https://accounts.google.com https://newassets.hcaptcha.com https://appleid.apple.com https://js.stripe.com https://www.facebook.com https://drive.google.com/ https://js.stripe.com https://hooks.stripe.com https://cloudflarestream.com https://customer-8ik8x9s31pwtfi7p.cloudflarestream.com https://accounts.google.com/gsi/ https://calendly.com https://www.sandbox.paypal.com https://www.paypal.com https://www.googletagmanager.com/ https://embed.podcasts.apple.com/ https://www.googletagmanager.com/ https://knowunity-learn-ai.bolt.host; 7 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 7 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 7 default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: 7 default-src 'self' https:; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; form-action 'self' https:; frame-src 'self' https:; frame-ancestors 'self' *.ahc.root.loc *.dirsvcs.org *.epichosted.com *.aah.org *.atriumhealth.org; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: wss:; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 7 default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 7 frame-ancestors 'none'; object-src 'none'; 7 frame-ancestors nuanceaudio.com *.nuanceaudio.com *.luxgroup.net https://cms-prod.brxm.grandvision.io 7 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 7 frame-ancestors 'self' http://*.tp.com https://*.tp.com http://insights.tp.com https://insights.tp.com 7 default-src 'self';connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com habboo-a.akamaihd.net d29usylhdk1xyu.cloudfront.net;img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com apis.google.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net;style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com;child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:;frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br;form-action 'self' https://login.habbo.com https://help.habbo.com https://help.habbo.de https://help.habbo.es https://help.habbo.fi https://help.habbo.fr https://help.habbo.it https://help.habbo.nl https://help.habbo.com.br https://help.habbo.com.tr habbohelpbr.zendesk.com habbohelpen.zendesk.com habbohelpde.zendesk.com habbohelpes.zendesk.com habbohelpfi.zendesk.com habbohelpfr.zendesk.com habbohelpit.zendesk.com habbohelpnl.zendesk.com habbohelptr.zendesk.com;upgrade-insecure-requests ;report-uri /csp/report 7 frame-ancestors *.lotvue.com *.insearch-ds.net resource.ecisolutions.com ecisoftwaresolutions.pathfactory.com 'self' 7 frame-ancestors 'self' *.marketing.ai *.myclickfunnels.com; 7 object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 7 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; font-src https: data:; style-src https: 'unsafe-inline'; connect-src blob: 'self' ws: wss: https:; object-src https: blob:; frame-src https: blob:; form-action 'self' https://*.tse.jus.br https://*.tre-df.jus.br https://*.tre-ce.jus.br https://*.tre-pe.jus.br https://*.tre-mg.jus.br; base-uri 'self'; frame-ancestors 'self' https://*.tse.jus.br https://*.tre-df.jus.br https://*.tre-ce.jus.br https://*.tre-pa.jus.br https://*.tre-pe.jus.br https://*.tre-mg.jus.br; navigate-to 'self' https://*.rybena.com.br; worker-src 'self' blob:; 7 default-src 'self' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-src https:; img-src data: https:; media-src https:; object-src 'none'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-presentation allow-same-origin allow-scripts; 7 frame-ancestors 'self' *.bambuser.com 7 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://analytics.filen.io/js/plausible.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.filen.io; font-src 'self'; frame-src 'self'; img-src 'self' https://blog.filen.io https://api.dicebear.com https://cdn.discordapp.com https://filen.io data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 7 object-src 'self' cdn.jsdelivr.net *.verbraucherzentrale.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://secure.spendenbank.de https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com https://app.bryter.io https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://heizsystemvergleich.vz-nrw.de https://polyfill-fastly.io https://unpkg.com https://auswertung.verbraucherzentrale.de/; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src * 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://secure.spendenbank.de https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de cdn.jsdelivr.net gemeinschaftsredaktion.de *.gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de www.fakeshop-finder.de warnung.fakeshop-finder.de www.verbraucherzentrale-niedersachsen.de 7 default-src 'self' https://www.lufthansa-industry-solutions.com/typo3/ https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://cdn.linkedin.oribi.io/partner/1586777/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ *.svc.dynamics.com/ *.consentmanager.net https://consentmanager.mgr.consensu.org data:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://tracking.lufthansa-industry-solutions.com/ https://*.googlesyndication.com https://*.google.com https://*.googletagmanager.com https://www.googleadservices.com https://*.g.doubleclick.net https://td.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com *.consentmanager.net *.consentmanager.mgr.consensu.org https://bat.bing.com https://*.hotjar.com https://connect.facebook.net https://snap.licdn.com *.azureedge.net; object-src 'self' blob:; img-src 'self' https://www.lufthansa-industry-solutions.com https://pagead2.googlesyndication.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://*.google.com https://*.google.de https://*.gstatic.com/analytics-suite/ *.svc.dynamics.com https://i.ytimg.com/vi_webp/ https://*.hotjar.com/ *.linkedin.com https://*.facebook.com https://maps.googleapis.com https://scontent.xx.fbcdn.net https://bat.bing.com https://pbs.twimg.com https://media.licdn.com *.consentmanager.net https://consentmanager.mgr.consensu.org data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://tagmanager.google.com https://s.ytimg.com *.consentmanager.net *.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org; child-src 'self' https://player.podigee-cdn.net https://handelsblatt-soklingtwirtschaft.podigee.io https://*.facebook.com *.svc.dynamics.com https://*.hotjar.com https://www.youtube-nocookie.com https://open.spotify.com; font-src 'self' https://script.hotjar.com/; connect-src 'self' https://assets-eur.mkt.dynamics.com/ https://public-eur.mkt.dynamics.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://tracking.lufthansa-industry-solutions.com *.consentmanager.mgr.consensu.org *.consentmanager.net https://*.google.de https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://td.doubleclick.net https://pagead2.googlesyndication.com wss://ws.hotjar.com https://*.hotjar.io *.svc.dynamics.com https://bat.bing.com https://bat.bing.net *.ads.linkedin.com; frame-src https://www.lufthansa-industry-solutions.com/ https://tracking.lufthansa-industry-solutions.com/ https://*.googletagmanager.com https://td.doubleclick.net *.svc.dynamics.com/ https://www.youtube-nocookie.com/ https://open.spotify.com 7 frame-ancestors 'self' https://www.ruralvia.com https://ruralviasimuladores.afi.es https://bancocooperativosimuladores.afi.es; 7 script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.vin https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://tcsdk.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.style https://*.59ow.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://cdn.builder.io https://*.onfido.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://api-web.wwmxd.info https://api-web.wwmxd.site https://*.forter.com https://js.volt.io https://static.ads-twitter.com https://js.adsrvr.org;connect-src 'self' 'report-sample' data: blob: ws: wss: https://*.hdmune.cn https://*.nlviwq.cn https://oauth.telegram.org https://*.qq.com https://*.tencent-cloud.com https://*.intltencentcos.com https://*.tencentcos.cn https://*.tencentcloud.com https://*.my-cpaas.com https://*.tlivewebrtc2.com https://*.tlivecloud.com https://*.rtclivekit.com https://*.xuundv.cn https://*.tencentcloudapi.com https://*.myqcloud.com https://www.googletagmanager.com https://*.rtc-web.com https://*.qcloud.com https://*.my-imcloud.com https://*.tlivewebrtc.com https://*.tliveplay.com https://*.tlivesource.com https://*.rtc-web.io https://*.cloud-rtc.com https://*.vod-qcloud.com https://*.minigitlab.top https://wa.appsflyer.com https://*.google.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com wss://*.bitgetpro.site https://*.google-analytics.com https://analytics.tiktok.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.vin https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.noxiaohao.com https://*.bitget.style https://*.59ow.com wss://*.bitget.vin wss://*.bitget.style wss://*.59ow.com https://megacheck.vip https://*.megacheck.vip wss://*.megacheck.vip wss://megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com https://*.skypay.space wss://*.saintpay.com wss://*.skypay.space wss://*.noxiaohao.com https://*.omkbic.com:8443 https://*.uykdjs.com wss://*.uykdjs.com https://dn-staticdown.qbox.me https://*.duoyihubei.top https://duoyihubei.top wss://*.duoyihubei.top wss://duoyihubei.top wss://*.ada.support wss://*.checkout.com https://cdn.builder.io https://*.onfido.com https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://sensors-ab.gdrichem.com:8443 https://img.gurenla.com https://img.bitgetimg.com https://browser-http-intake.logs.datadoghq.com https://mc.yandex.md https://pre.ssqhome.top https://ssqhome.top https://*.forter.com https://*.bgstatic.com;frame-src 'self' 'report-sample' blob: data: https://ramp.osl-pay.com https://callback.osl-pay.com https://*.bgstatic.com https://*.bitgetimg.com https://*.gurenla.com https://*.google.com https://*.bitgetpro.site https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.bitget.style https://*.59ow.com https://*.saintpay.com https://*.skypay.space https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://www.bitgetwidget.com https://*.nihaopay.com https://onramp.money https://*.simplexcc.com https://*.revolut.com https://*.bitgetimg.com https://*.multiexc.com https://*.thedecard.com https://forms-prod.sprinklr.com https://thedecard.com https://pre.ssqhome.top https://ssqhome.top https://checkout.volt.io https://openapi-uatdcd.com https://openapi-thedecard.com https://khipu.com https://checkout.pagsmile.com https://gateway.kashio.com.pe https://apiin.monnetpayments.com https://pmt-01.etpayment.com https://registro.pse.com.co https://secure-checkout.payvalida.com https://api.openpay.co https://s.tradingview.com https://insight.adsrvr.org;report-uri /v1/buried/log/cspSecurity; 7 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com https://app.leandata.com https://js.driftt.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://optimize.google.com https://www.googleoptimize.com/ https://extend.vimeocdn.com https://code.highcharts.com https://cdn.bizible.com https://www.vimeo.com https://vimeo.com https://cdn.jsdelivr.net https://rc-sc.js.driftt.com https://site-concierge.driftt.com blob: https://www.g2.com https://challenges.cloudflare.com/ https://unpkg.com/; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net https://optimize.google.com https://www.googletagmanager.com https://www.gstatic.com https://unpkg.com/; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://app.leandata.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/ https://js.driftt.com https://www.googletagmanager.com https://content.hotjar.io https://metrics.hotjar.io https://epsilon.6sense.com https://px.ads.linkedin.com https://*.6sense.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com https://tracking.g2crowd.com https://tracking-api.production.g2.com https://tracking-api.g2.com/; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/ https://app.leandata.com https://js.driftt.com https://optimize.google.com https://webikeo.fr/ https://td.doubleclick.net/ http://stg.onespan.com/ http://www.onespan.com/ https://rc-sc.driftt.com https://rc-sc.js.driftt.com https://site-concierge.driftt.com https://job-boards.greenhouse.io/ https://www.g2.com/ https://challenges.cloudflare.com/; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; 7 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; 7 default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ blob:; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob: 'self'; media-src https: 'self'; object-src 'self'; font-src *.gstatic.com *.googleapis.com data: 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https:; connect-src https: ws: wss: https://app.wotnot.io 'self' wss://ws.hotjar.com; worker-src blob:; child-src blob: 7 font-src https://components-bnpl-pe-bbva-moprestamo-com.s3.amazonaws.com *.fontawesome.com *.alothemes.com *.magepow.com 'self' data: *.typekit.net *.moprestamo.com *.connectif.cloud data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' business.facebook.com webpay3g.transbank.cl webpay3gint.transbank.cl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.weltpixel.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.paynet.com.mx *.openpay.mx *.openpay.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com assets.fintoc.com https://assets.fintoc.com *.moprestamo.com *.apurata.com *.google.com https://www.google.com.ar https://www.google.cl https://www.google.com.pe https://www.google.co.ve https://coliseumstorehelp.zendesk.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.postimg.cc *.openpay.mx 'self' data: *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.facebook.com *.apptrian.com *.scene7.com p.typekit.net *.gstatic.com *.googleapis.com *.google.cl *.hotjar.com *.google.com.co *.mercadopago.cl *.mercadopago.com.pe *.bing.com *.clarity.ms *.notifications-icommkt.com *.track-icommkt.com *.connectif.cloud *.converse.cl *.converse.com.pe *.newbalance.com.pe *.merrell.com.pe *.stevemadden.com.pe *.catlifestyle.pe coliseumstore.cl *.coliseumstore.cl *.coliseum.com.pe www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.moprestamo.com *.apurata.com https://coliseumstorehelp.zendesk.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ https://api.smooch.io https://api.smooch.io/faye https://api.wcx.cloud https://f.wcentrix.com https://wcentrix.net *.woowup.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.net business.facebook.com *.google.com unpkg.com cdn.jsdelivr.net *.magento-datasolutions.com *.magento-ds.com amcglobal.sc.omtrdc.net use.typekit.net *.online-metrix.net *.converse.cl *.google.cl *.hotjar.com *.getblue.io *.connectif.cloud *.tiktok.com *.bing.com *.emarsys.net *.clarity.ms *.cloudfront.net *.crazyegg.com *.zdassets.com *.vnforapps.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.moprestamo.com *.fontawesome.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.apurata.com https://coliseumstorehelp.zendesk.com *.openpay.mx *.openpay.co *.openpay.pe wss://api.smooch.io *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* *.snplow.net *.pingdom.net *.woorank.com *.adobe.io *.adobedc.net *.youtube.com *.googleapis.com *.magento-ds.com performance.typekit.net *.sentry.io *.converse.cl *.google.cl *.hotjar.com wss://ws.hotjar.com *.hotjar.io stats.g.doubleclick.net *.google.com.co *.tiktok.com *.connectif.cloud *.bing.com notifications-icommkt.com track-icommkt.com *.crazyegg.com *.clarity.ms *.zdassets.com *.powerpay.pe apurata.com *.woowup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 7 upgrade-insecure-requests; base-uri 'self'; 7 frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 7 frame-ancestors 'self' https://app.storyblok.com/ 7 frame-ancestors 'self' *.sivuviidakko.fi *.lianacms.com *.tagomocms.fi; 7 frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 7 script-src https://www.gstatic.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.gstatic.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://www.gstatic.com/ https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://www.gstatic.com/ https://csp.withgoogle.com https://translate.googleapis.com/ https://translate-pa.googleapis.com 'self'; 7 frame-ancestors 'self' https://*.refinitiv.com https://*.lseg.com; 7 upgrade-insecure-requests; frame-ancestors 'self' https://www.motor.es/tasar-coche https://www.cea-online.es/ https://cea-online.es/; 7 frame-ancestors 'self' ersag.com.tr *.ersag.com.tr 7 ; frame-ancestors 'self' 7 referrer no-referrer 7 frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com dobit.com *.dobit.com samsonite-dxp.dobit.com http://localhost:88; base-uri 'self'; 7 frame-ancestors 'self' https://dlinz.sharepoint.com; 7 frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 7 default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 7 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 7 frame-ancestors 'self' http://*.elsevier.es/ 7 frame-ancestors 'self' https://*.negocom-atlantique.com, base-uri 'self', script-src 'self' 'unsafe-inline' 'unsafe-eval' *.negocom-atlantique.com *.point-sys.com *.googletagmanager.com *.google-analytics.com *.google.fr *.googleapis.com *.youtube.com *.dmcdn.net *.jsdelivr.net *.mapbox.com blob: 7 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 7 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 7 default-src 'self'; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 7 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 7 default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: wss: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; report-uri https://912c98659423667ae9a3372f78cdda6d.report-uri.com/r/d/csp/enforce 7 frame-ancestors 'none'; report-to default 7 frame-ancestors 'self' https://trustseal.enamad.ir 7 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 7 default-src * https: data: blob: 'unsafe-inline' 'unsafe-eval'; 7 frame-ancestors 'self' *.f5.com f5.com *.vercel.app https://f5com-frontend.vercel.app http://localhost:3333 *.sanity.io stage.f5.com.cn f5.com.cn www.f5.com.cn 6 frame-ancestors 'self' accounts.login.idm.telekom.com; 6 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru mycdn.me http://*.mycdn.me https://*.mycdn.me http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru http://st-ok-pts.cdn-vk.ru https://st-ok-pts.cdn-vk.ru wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://cdn.consentmanager.net https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru static.dzeninfra.ru connect.ok.ru https://connect.ok.ru blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru http://st-ok.cdn-vk.ru https://st-ok.cdn-vk.ru http://st-ok-pts.cdn-vk.ru https://st-ok-pts.cdn-vk.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://*.consentmanager.net https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru static.dzeninfra.ru *.adtrafficquality.google; worker-src blob: 'self'; connect-src * wss: blob: data:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report; 6 frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn 6 report-uri /v1/csplog; block-all-mixed-content; frame-ancestors https://*.grupawp.pl https://*.kube.dev.dcwp.pl; 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.basis.net *.sitescout.com *.mktoresp.com *.sentry-cdn.com *.integrate.com *.d41.co *.contentsquare.net analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com dpm.demdex.net platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net munchkin.marketo.net widget.usersnap.com resources.usersnap.com cdn5.userzoom.com app.contentsquare.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.basis.net *.sitescout.com *.mktoresp.com *.sentry-cdn.com *.integrate.com *.d41.co *.contentsquare.net analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com dpm.demdex.net platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net munchkin.marketo.net widget.usersnap.com resources.usersnap.com cdn5.userzoom.com app.contentsquare.com https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' *.redhat.com fonts.googleapis.com js.driftt.com https://cdnjs.cloudflare.com https://static.redhat.com https://use.fontawesome.com https://www.redhat.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' tracks.redhat.com; report-uri https://o425042.ingest.sentry.io/api/5370002/security/?sentry_key=676ea2c2d4a147c2834066d24c04a9e4&sentry_environment=prod 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.google.com *.pathfactoryeu.com *.gstatic.com *.sportradar.com https://bugcrowd.com/ https://connect.facebook.net https://www.google-analytics.com https://www.youtube.com https://pi.pardot.com https://snap.licdn.com https://googleads.g.doubleclick.net https://prod-origin.truendo.com https://analytics.tiktok.com https://tag.demandbase.com https://j.6sc.co https://cdn.priv.center https://cdn-geo.priv.center https://cdn-glo.priv.center *.containers.piwik.pro *.smartrecruiters.com *.googletagmanager.com *.hotjar.com https://nitroscripts.com/ *.nitrocdn.com; frame-src 'self' 'unsafe-inline' https://s.company-target.com/ https://bugcrowd.com/ https://a.sportradarserving.com https://td.doubleclick.net *.youtube.com *.youtu.be *.smartrecruiters.com *.priv.center *.pathfactoryeu.com *.linkedin.com *.piwik.pro https://analytics.tiktok.com tag.demandbase.com *.atriumsports.com *.facebook.net https://xss.hex.run/ https://www.smartrecruiters.com/ https://static.smartrecruiters.com/ *.sportradar.com https://googletagmanager.com www.gstatic.com www.googletagmanager.com *.google.com *.recaptcha.net https://www.google-analytics.com www.google-analytics.com https://fonts.googleapis.com https://cdn.priv.center/ https://www.googleadservices.com https://static.hotjar.com https://snap.licdn.com https://pi.pardot.com https://prod-origin.truendo.com https://googleads.g.doubleclick.net *.onetrust.com/; img-src * data: 'self' blob:; media-src * 'self'; connect-src * https://www.google-analytics.com www.google-analytics.com; font-src * data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net; style-src * 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; 6 upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 6 frame-ancestors 'self' *.lycos.com 6 frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com https://www.gather.town; 6 frame-ancestors 'self' https://console-dev.ps.kz https://console.ps.kz https://*.ps.kz https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com 6 default-src 'self'; media-src https://static.zdassets.com https://res.cloudinary.com https://pmecdn.protonweb.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://telemetry.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me https://noembed.com https://boards-api.greenhouse.io https://proton.me https://*.paypal.com https://*.paypalobjects.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://static.zdassets.com https://pmecdn.protonweb.com https://www.youtube.com https://platform.twitter.com https://*.paypal.com https://*.paypalobjects.com; style-src 'self' 'unsafe-inline' https://pmecdn.protonweb.com https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://pmecdn.protonweb.com; img-src 'self' data: blob: https:; frame-src 'self' data: blob: https://www.youtube-nocookie.com https://platform.twitter.com https://*.paypal.com https://*.paypalobjects.com; object-src 'self' data: blob:; child-src 'self' data: blob: https://*.paypal.com https://*.paypalobjects.com; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self' https://*.proton.me; 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.citi.com *.google.com *.qualtrics.com bat.bing.com ct.pinterest.com www.youtube.com cdn.plaid.com code.jquery.com pwm-image.trendmicro.com *.google-analytics.com js.adsrvr.org s.pinimg.com assets.adobedtm.com *.liveperson.com nexus.ensighten.com cdn.boomtrain.com lptag.liveperson.net s.yimg.com gc.kis.v2.scr.kaspersky-labs.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com live.rezync.com mpsnare.iesnare.com negbar.ad-blocker.org video.limelight.com cdn.gbqofs.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net get663.com c1.rfihub.net www.adobetag.com c.tvpixel.com www.googleadservices.com tpc.googlesyndication.com bcdn-god.we-stats.com a.rfihub.com services-dev.sdiapi.com *.online-metrix.net data.privacy.ensighten.com connect.facebook.net s.rfihub.com/meta blob: p11.techlab-cdn.com p11.techlab-cdn.com p11.techlab-cdn.com; object-src 'none'; frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 6 block-all-mixed-content; frame-ancestors 'self' https://payload.anker-in.com; upgrade-insecure-requests; 6 default-src 'self' *.visualwebsiteoptimizer.com *.qualified.com bat.bing.com;connect-src 'self' app.vwo.com *.6sense.com cdn.jsdelivr.net *.navattic.com *.bc0a.com *.adsrvr.org go.8x8.com *.mktoutil.com *.mktoweb.com *.clickagy.com *.liadm.com *.doubleclick.net data.hockeystack.com *.zi-scripts.com *.6sc.co *.facebook.com secure.adnxs.com 8x8-website-web.vercel.app *.google.com *.google-analytics.com *.sentry.io *.zoominfo.com *.google.com *.sanity.io *.googletagmanager.com *.techtarget.com *.visualwebsiteoptimizer.com wss://ws2.qualified.com *.qualified.com bat.bing.com *.mktoresp.com *.criteo.com *.googlesyndication.com *.datagrail.io *.linkedin.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.adroll.com *.vwo.com *.bc0a.com *.adsrvr.org *.6sc.co connect.facebook.net *.zi-scripts.com cdn.jsdelivr.net vercel.live *.zoominfo.com go.8x8.com cdn.ravenjs.com schedule.zoominfo.com *.vidyard.com *.googletagmanager.com *.criteo.com *.techtarget.com va.vercel-scripts.com *.datagrail.io *.doubleclick.net bat.bing.com *.qualified.com *.marketo.net *.mktoweb.com *.visualwebsiteoptimizer.com snap.licdn.com js.navattic.com tags.clickagy.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.qualified.com bat.bing.com app.vwo.com *.visualwebsiteoptimizer.com *.criteo.com *.doubleclick.net *.marketo.net *.mktoweb.com snap.licdn.com static.cloudflareinsights.com trk.techtarget.com cdn.pushcrew.com;style-src 'self' 'unsafe-inline' go.8x8.com *.mktoweb.com app.vwo.com cdn.pushcrew.com fonts.googleapis.com *.qualified.com;img-src 'self' pippio.com eb2.3lift.com x.bidswitch.net app.vwo.com go.8x8.com *.adroll.com *.mktoweb.com adservice.google.com *.openx.net *.rlcdn.com *.sitescout.com *.googlesyndication.com *.facebook.com b.6sc.co *.vidyard.com bat.bing.com *.linkedin.com cdn.sanity.io cdn.8x8.com www.google.com *.googletagmanager.com *.visualwebsiteoptimizer.com aorta.clickagy.com *.doubleclick.net *.agkn.com useruploads.vwo.io data: blob:;frame-ancestors 'self' https://studio.8x8.com *.sanity.io referto8.8x8.com au1quoxulaju1.saasquatch.app;frame-src 'self' *.visualwebsiteoptimizer.com app.vwo.com go.8x8.com *.mktoweb.com *.vwo.com *.adsrvr.org vercel.live 8x8stc.speedtestcustom.com *.doubleclick.net *.youtube.com *.qualified.com *.navattic.com *.vidyard.com www.g2.com *.googletagmanager.com *.criteo.com *.liadm.com; font-src 'self' fonts.gstatic.com use.typekit.net;worker-src 'self' data: blob:; 6 frame-src 'self'; 6 frame-ancestors 'self' https://nurture.solarwinds.com/ 6 default-src 'self' data: blob:; 6 frame-ancestors test.lightstream.com www.lightstream.com *.truist.com; 6 default-src 'self';font-src fonts.gstatic.com; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src mailto: *; connect-src *; 6 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 6 default-src 'self'; connect-src 'self' https://*.ingest.sentry.io https://*.streamlock.net https://*.zdassets.com https://*.zendesk.com https://*.zeturf.be https://*.zeturf.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://region1.analytics.google.com https://www.google.com wss://*.zendesk.com https://*.bing.com https://*.clarity.ms https://*.commander1.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.snapchat.com https://*.trustcommander.net https://*.xiti.com https://analytics.twitter.com https://cdn.tagcommander.com https://dqxcjhc.pa-cd.com https://gwkqcts.pa-cd.com https://www.googletagmanager.com https://zz.connextra.com; frame-src 'self' https://*.snapchat.com https://*.zendesk.com https://api-vcs-awstbmtst002.mugbookie.com https://cdn.trustcommander.net https://consentcdn.cookiebot.com https://td.doubleclick.net https://vision.prod.thebetmakers.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: blob: https://*.adnxs.com https://*.bidr.io https://*.cookiebot.com https://*.googleusercontent.com https://*.zdassets.com https://*.zendesk.com https://*.zdusercontent.com https://*.zeturf.be https://*.zeturf.com https://*.ytimg.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://maps.gstatic.com https://t.co https://www.google.com https://www.google.fr https://www.paypalobjects.com https://*.bing.com https://*.clarity.ms https://*.commander1.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.snapchat.com https://*.trustcommander.net https://*.xiti.com https://analytics.twitter.com https://cdn.tagcommander.com https://dqxcjhc.pa-cd.com https://gwkqcts.pa-cd.com https://www.googletagmanager.com https://zz.connextra.com; font-src 'self' https://*.snapchat.com https://*.zeturf.be https://*.zeturf.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://github.com; media-src 'self' https://*.streamlock.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.cookiebot.com https://*.sentry-cdn.com https://*.zdassets.com https://*.zendesk.com https://*.zeturf.be https://*.zeturf.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ga.jspm.io https://maps.googleapis.com https://sc-static.net https://static.ads-twitter.com https://tag.aticdn.net https://www.googleadservices.com https://*.bing.com https://*.clarity.ms https://*.commander1.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.snapchat.com https://*.trustcommander.net https://*.xiti.com https://analytics.twitter.com https://cdn.tagcommander.com https://dqxcjhc.pa-cd.com https://gwkqcts.pa-cd.com https://www.googletagmanager.com https://zz.connextra.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://*.zeturf.com https://*.zeturf.be https://*.snapchat.com 6 frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com 6 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com *.vercel.app cdnjs.cloudflare.com https://community.cisco.com/; 6 frame-ancestors 'self' app.storyblok.com 6 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: blob:; font-src 'self' https: data:; connect-src 'self' https:; worker-src 'self' https: blob:; media-src 'self' https: blob:; 6 frame-ancestors 'self' *.ci360.sas.com; 6 frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 6 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 6 frame-ancestors *.npo.nl *.bijnpo.nl *.npotest.nl *.npoacc.nl 6 frame-ancestors 'self' *.tournamentsoftware.com *.toernooi.nl 6 frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com quantserv.com adnxs.com impactradius-event.com dgm-au.com everestjs.net everesttech.net yahoo.com xg4ken.com *.online-metrix.net *.uplift.com *.quantummetric.com api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com *.nagich.com cloudfront.net bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com abgnz.wufoo.com *.youtube-nocookie.com *.mypurecloud.com *.mypurecloud.com.au; 6 default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com certificates.webtests.com blob:; style-src 'self' 'unsafe-inline' certificates.webtests.com fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' certificates.webtests.com data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 6 frame-ancestors 'none'; base-uri 'self'; 6 default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 6 object-src 'none'; base-uri 'none'; 6 frame-ancestors 'self' *.bny.com; 6 default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 6 frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' https://builder.io 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss://* https://*; 6 frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 6 block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 6 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 6 frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com https://view-su2.highspot.com; 6 frame-ancestors 'self' https://uatmytaj.tajhotels.com https://mytaj.tajhotels.com https://mytajsats.honohr.com https://mytajsats.hono.ai 6 img-src * data: 6 connect-src 'self' data: *.ampproject.org *.clarity.ms/collect *.facebook.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.linximpulse.net *.loggly.com *.plyr.io *.rdstation.com.br *.retargeter.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.voxus.tv api.ipify.org ckies.net https://ampcid.google.com.br https://analytics.tiktok.com/ https://api2.amplitude.com/2/httpapi https://app.securiti.ai https://app.splithero.com/api/sync https://bat.bing.com https://boards-api.greenhouse.io https://cdn-prod.securiti.ai https://cdn.linkedin.oribi.io https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://freegeoip.app https://noembed.com https://notify.bugsnag.com https://px.ads.linkedin.com https://s.yimg.com https://stats.g.doubleclick.net https://suportelinx.my.salesforce-scrt.com https://viacep.com.br https://www.googletagmanager.com wss://*.hotjar.com www.google-analytics.com https://*.tintim.app; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ampproject.org *.bizographics.com *.cloudfront.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.novahaus.com.br *.omguk.com *.rawgit.com *.rdstation.com.br *.reclameaqui.com.br *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.tailtarget.com *.unpkg.com *.voxus.com.br *.w3-edge.com *.youtube.com *.ytimg.com https://analytics.tiktok.com https://app.splithero.com https://bat.bing.com https://cdn-prod.securiti.ai https://cdn.amplitude.com https://cdn.jsdelivr.net/gh/davidmz/apng-canvas@v2.0.0/build/apng-canvas.min.js https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.3.0/dist/index.js https://cdn.mouseflow.com https://cdn.privacytools.com.br https://dashboard.purplemetrics.com.br https://s.yimg.com https://suportelinx.my.site.com https://unpkg.com https://www.clarity.ms snap.licdn.com targeting.voxus.tv https://*.tintim.app/; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br/widget/widget.css https://dashboard.purplemetrics.com.br/widget/styles.css https://cdn.privacytools.com.br/ https://suportelinx.my.site.com; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com https://*.purplemetrics.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.privacytools.com.br/; default-src https: 6 default-src 'none'; child-src 'self' *.kaltura.com *.surveygizmo.com cdn.calconic.com insuranceservicesofficeinc.demdex.net; connect-src 'self' data: *.albacross.com *.brightcove.com *.commoninja.com *.crazyegg.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.xactware.com app.calconic.com bcbolt446c5271-a.akamaihd.net cdn-app.continual.ly cdn.calconic.com cdn.cookielaw.org dc.services.visualstudio.com dl.episerver.net dpm.demdex.net geolocation.onetrust.com google.co.in http://ad.doubleclick.net https://*.influ2.com https://1752680588.rsc.cdn77.org https://adservice.google.com https://analytics.google.com https://api.adblocking247.com https://api.aituria.com https://api.awesomeblocker.com https://app.continual.ly/ https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://content.hotjar.io https://metrics.hotjar.io https://s.yimg.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://unpkg.com https://wss-pr.continual.ly:6001 https://www.google.com.et https://www.google.com.pr https://www.google.com.tr hubspot-forms-static-embed.s3.amazonaws.com manifest.prod.boltdns.net opreq.observepoint.com privacyportal.onetrust.com secure.adnxs.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net ws.hotjar.com wss://ws.hotjar.com; font-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.kaltura.com cdnjs.cloudflare.com dl.episerver.net vjs.zencdn.net; frame-src 'self' *.acast.com *.brightcove.net *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google.com *.gstatic.com *.kaltura.com *.kampyle.com *.maplecroft.com *.optimizely.com *.pardot.com *.readymag.com *.surveygizmo.com *.twitter.com *.youtube.com activitymap.adobe.com app.powerbi.com bloomberg.com capture.navattic.com cdn-app.continual.ly cdn.calconic.com datawrapper.dwcdn.net dl.episerver.net flo.uri.sh https://app.continual.ly/ https://open.spotify.com https://view.ceros.com https://www.brighttalk.com https://www.googletagmanager.com insuranceservicesofficeinc.demdex.net lifedemo.shinyapps.io optimize.google.com player.vimeo.com public.tableau.com survey.alchemer.com td.doubleclick.net verisk.postclickmarketing.com www.buzzsprout.com www.google.com www.insurancejournal.tv www.youtube-nocookie.com; img-src 'self' data: *.air-worldwide.com *.albacross.com *.brightcove.com *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.trendemon.com *.twimg.com *.twitter.com *.verisk.com *.youtube.com 6016449.global.siteimproveanalytics.io api.mapbox.com assets.adobedtm.com cdn.cookielaw.org cf-images.us-east-1.prod.boltdns.net cm.everesttech.net dl.episerver.net dpm.demdex.net https://ib.adnxs.com https://sp.analytics.yahoo.com i.ytimg.com jumbe.zaius.com maps.gstatic.com optimize.google.com p.adsymptotic.com public.tableau.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net w3.poweradvocate.com www.google.co.uk www.google.com www.greatplacetowork.com www.gstatic.com; media-src 'self' blob: *.air-worldwide.com *.gstatic.com *.kaltura.com *.srv.stackadapt.com bcbolt446c5271-a.akamaihd.net dl.episerver.net manifest.prod.boltdns.net; script-src-elem 'self' 'unsafe-inline' *.albacross.com *.cave9tape.com *.cloudfront.net *.cookielaw.org *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.licdn.com *.maplecroft.com *.oktopost.com *.salesforceliveagent.com *.srv.stackadapt.com *.trendemon.com *.twitter.com *.xactware.com alert.risksolutions.verisk.com assets.adobedtm.com cdn-app.continual.ly cdn.calconic.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com dl.episerver.net https://*.influ2.com https://app.optimizely.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.optimizely.com https://cdnapisec.kaltura.com https://okt.to https://s.yimg.com https://script.hotjar.com https://static.hotjar.com https://unpkg.com https://view.ceros.com https://www.brighttalk.com img.en25.com js.monitor.azure.com maxcdn.bootstrapcdn.com risksolutions.verisk.com siteimproveanalytics.com static.oktopost.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.albacross.com *.cave9tape.com *.cloudflare.com *.cloudfront.net *.commoninja.com *.cookielaw.org *.facebook.net *.fraudblocker.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.herbgreencolumn.com *.hsforms.com *.kaltura.com *.licdn.com *.linkedin.com *.maplecroft.com *.oktopost.com *.optimizely.com *.pardot.com *.readymag.com *.salesforceliveagent.com *.trendemon.com *.twimg.com *.twitter.com *.xactware.com *.youtube.com activitymap.adobe.com api-ssl.bitly.com az416426.vo.msecnd.net cdn-app.continual.ly cdn-assets-prod.s3.amazonaws.com cdn.calconic.com cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com dl.episerver.net geolocation.onetrust.com https://js.monitor.azure.com img.en25.com ionfiles.scribblecdn.ne js.hsforms.net js.monitor.azure.com maxcdn.bootstrapcdn.com optimize.google.com player.vimeo.com players.brightcove.net public.flourish.studio public.tableau.com s1065293013.t.eloqua.com script.crazyegg.com secure.leadforensics.com siteimproveanalytics.com unpkg.com vjs.zencdn.net www.buzzsprout.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.verisk.com alert.risksolutions.verisk.com cdn-app.continual.ly cdn.jsdelivr.net dl.episerver.net https://app.continual.ly/css/gekr8k83y6vw/custom.css https://cdnjs.cloudflare.com https://unpkg.com risksolutions.verisk.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com cdn-app.continual.ly cdn.jsdelivr.net cdnjs.cloudflare.com dl.episerver.net optimize.google.com unpkg.com; worker-src 'self' blob:; script-src-attr 'unsafe-inline' *.srv.stackadapt.com *.xactware.com; report-to stott-security-endpoint;report-uri https://risksolutions.verisk.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 6 default-src 'self' https://*.allkeyshop.com https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://www.google.com https://www.google.fr https://*.gstatic.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://www.recaptcha.net https://*.googleusercontent.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://www.google.com/s2/ https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://v2assets.zopim.io https://steamcdn-a.akamaihd.net https://avatars.steamstatic.com https://*.twitch.tv https://static-cdn.jtvnw.net https://static-cdn.jtvnw.net/ https://discord.com https://cdn.discordapp.com/avatars/ https://www.youtube.com https://s.ytimg.com https://i.ytimg.com/ https://*.gravatar.com https://www.tiktok.com/ https://*.ttwstatic.com/ https://i0.wp.com/www.allkeyshop.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net/ https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://platform.twitter.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs http://cdn.sendpulse.com https://cdn.sendpulse.com https://widget.gleamjs.io https://gleam.io https://js.gleam.io https://ad.doubleclick.net https://do6911745127z.cloudfront.net/scripts/master/goclecd.js https://system.warlegend.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://*.ttwstatic.com/ https://cdn.jsdelivr.net https://cdn.sendpulse.com https://www.google.com/recaptcha 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://www.google.com https://www.google.fr https://*.gstatic.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://www.recaptcha.net https://*.googleusercontent.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://www.google.com/s2/ https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://v2assets.zopim.io https://steamcdn-a.akamaihd.net https://avatars.steamstatic.com https://*.twitch.tv https://static-cdn.jtvnw.net https://static-cdn.jtvnw.net/ https://discord.com https://cdn.discordapp.com/avatars/ https://www.youtube.com https://s.ytimg.com https://i.ytimg.com/ https://*.gravatar.com https://www.tiktok.com/ https://*.ttwstatic.com/ https://i0.wp.com/www.allkeyshop.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net/ https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://platform.twitter.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs http://cdn.sendpulse.com https://cdn.sendpulse.com https://widget.gleamjs.io https://gleam.io https://js.gleam.io https://ad.doubleclick.net https://do6911745127z.cloudfront.net/scripts/master/goclecd.js https://system.warlegend.net data: https://www.googletagmanager.com 6 upgrade-insecure-requests; default-src 'self' 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net; script-src 'self' 'unsafe-inline' js.driftt.com widget.drift.com ametekemip--dev.sandbox.my.site.com ametekemip.my.site.com enterprise-demo.tfaforms.net js.sentry-cdn.com affimvip.baidu.com static.lightning.force.com creaform.my.salesforce.com c.la1-core1.sfdc-58ktaz.salesforceliveagent.com creaform.my.site.com d.la1-core1.sfdc-58ktaz.salesforceliveagent.com chatai-cdn.ametek.com ametekpds.us17.list-manage.com mc.us17.list-manage.com static.addtoany.com fast.wistia.net wappass.baidu.com hmcdn.baidu.com fast.wistia.com static.zdassets.com affim.baidu.com safe.cdn.bcebos.com aifanfan.baidu.com a.omappapi.com go.zygo.com aff-im.cdn.bcebos.com cdnjs.cloudflare.com goutong.baidu.com player.youku.com hm.baidu.com js.hscollectedforms.net dmpstatic.cdn.bcebos.com sofire.bdstatic.com aiff.cdn.bcebos.com cdn.syndication.twimg.com api.twitter.com platform.twitter.com cdn.jsdelivr.net embed.tawk.to shopapi.dunkermotoren.de dwebshoptest.plan-software.de aff-im.cdn.bcebos.com ametekcdn2.azureedge.net ametekcdn.azureedge.net cdn.cookielaw.org go.phantomcamera.es go.phantomcameras.cn go.phantomcamera.fr wistia.com wistia.net go.ametekesp.com go.powervar.com go.precitech.com go.precitech.com.de *.creaform-engineering.com *.zygo.tw *.introtek.com *.alphasense.com *.egsautomation.de *.rtds.com *.skybitz.com *.ametek.com *.ametekweb.com go.sunpowerinc.com go.ameteksi.com go.ortec-online.com ajax.cloudflare.com static.cloudflareinsights.com facebook.com facebook.net connect.facebook.net googleads.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com google.com www.google.com support.google.com www.googleadservices.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com js.hscollectedforms.net t.sharethis.com code.jquery.com ws.sharethis.com info.ametek-land.com go.spectro.com twitter.com player.vimeo.com/api/ webtraxs.com youku.com youtube.com www.youtube.com go.techmfg.com go.techmfg.cn go.techmfg.de go.techmfg.jp go.techmfg.es chimpstatic.com cookie-cdn.cookiepro.com emip.ametek.com emipi.ametek.com geolocation.onetrust.com go.ametekaerospaceanddefense.com go.ametek-airtechnology.com go.ametekcalibration.cn go.ametekcalibration.com go.ametek-coining.com go.ametekfactoryautomation.com *.ametek-measurement.com go.ameteksfms.com go.ametekstc.com go.ametektest.cn go.ametektest.com go.ametektest.fr go.ametekusg.com go.brookfieldengineering.cn go.brookfieldengineering.com go.brookfieldengineering.de go.brookfieldengineering.in go.brookfieldengineering.uk go.drexelbrook.com go.emip.ametek.com go.fmhaerospace.com go.hughes-treitler.com go.hunterspringandreel.com go.pd-tech.com go.phantomcamera.de go.phantomhighspeed.com go.phantomcamera.fr go.phantomcameras.cn go.precitech.cn go.precitech.co.kr go.precitech.com.de go.precitech.jp go.precitech.tw go.rauland.com go.rauland.com go.spectro.de go.spectro.jp go.store.csiheat.com go.zygo.cn go.zygo.com.cn go.zygo.de go.zygo.jp *.zygo.kr go.zygo.sg go.zygo.th info.ametekland.com info.ametek-land.com info.ameteksurfacevision.com listadmin.ametek.com pardot1022173.ametek.com privacyportal.onetrust.com www.linkedin.com players.brightcove.net brightcvove.com brightinfo.com vjs.zencdn.net *.amazonaws.com js.hscta.net js.hs-banner.com js.hsleadflows.net analytics-eu.clickdimensions.com widgets.wp.com snap.licdn.com *.salesforceliveagent.com service.force.com bat.bing.com *.salesforce.com www.googletagmanager.com static.doubleclick.net fwww.surveymonkey.com fr.surveymonkey.com es.surveymonkey.com nl.surveymonkey.com de.surveymonkey.com jp.surveymonkey.com help.surveymonkey.com it.surveymonkey.com apply.surveymonkey.com pt.surveymonkey.com ru.surveymonkey.com sv.surveymonkey.com fi.surveymonkey.com da.surveymonkey.com zh.surveymonkey.com ko.surveymonkey.com no.surveymonkey.com tr.surveymonkey.com secure.surveymonkey.com contribute.surveymonkey.com fdeveloper.surveymonkey.com godaddy.surveymonkey.com linuxfoundation.surveymonkey.com eu.surveymonkey.com cx.surveymonkey.com investor.surveymonkey.com widget.surveymonkey.com engage.surveymonkey.com smenterprise.surveymonkey.com smaudience.surveymonkey.com blog.electiontracking.surveymonkey.com seattle.surveymonkey.com de.eu.surveymonkey.com uber.surveymonkey.com jpmc.surveymonkey.com en.surveymonkey.com ourstory.surveymonkey.com carerstrust.surveymonkey.com lp.surveymonkey.com demo.cx.surveymonkey.com cx-help.surveymonkey.com engage-help.surveymonkey.com images.surveymonkey.com kab.surveymonkey.com sgs.surveymonkey.com mobile.surveymonkey.com att.surveymonkey.com thearcus.surveymonkey.com winnipeg.surveymonkey.com petersburgmedicalcenter.surveymonkey.com cs.surveymonkey.com cy.surveymonkey.com el.surveymonkey.com ro.surveymonkey.com asm.surveymonkey.com cfchildren.surveymonkey.com ga.surveymonkey.com kooziegroup.surveymonkey.com mcafee.surveymonkey.com audience.surveymonkey.com fit.eu.surveymonkey.com click.outbound.surveymonkey.com secure.eu.surveymonkey.com anpost.eu.surveymonkey.com oesb.surveymonkey.com kla.surveymonkey.com nycdohmh.surveymonkey.com csl.surveymonkey.com wwww.surveymonkey.com blumenthalarts.surveymonkey.com api.surveymonkey.com labelmaster.surveymonkey.com thelynxgroup.surveymonkey.com try.surveymonkey.com assets01.surveymonkey.com lcoa.surveymonkey.com bnymellon.surveymonkey.com placer.surveymonkey.com ayuda.surveymonkey.com avon.surveymonkey.com auth0.surveymonkey.com maximus.surveymonkey.com sasb.surveymonkey.com nmhs.surveymonkey.com csp.surveymonkey.com strong365northwell.surveymonkey.com be.surveymonkey.com augustatech.surveymonkey.com woodplc.surveymonkey.com go.surveymonkey.com fr.eu.surveymonkey.com nychealthandhospitals.surveymonkey.com hca.surveymonkey.com nhl.surveymonkey.com slsnz.surveymonkey.com ds.surveymonkey.com ww.surveymonkey.com symplr.surveymonkey.com ca.surveymonkey.com aktionen.surveymonkey.com pncpa.surveymonkey.com seiu1021.surveymonkey.com kornferry.surveymonkey.com streetwisepartners.surveymonkey.com gamechange.surveymonkey.com jp.blog.surveymonkey.com google.surveymonkey.com styles.surveymonkey.com 222.surveymonkey.com pg.surveymonkey.com engineering.surveymonkey.com scitechinstitute.orgwww.surveymonkey.com surveymonkeysv.surveymonkey.com aide.surveymonkey.com levelaccess.surveymonkey.com roamrobotics.surveymonkey.com smonkey.surveymonkey.com resources.surveymonkey.com ar.surveymonkey.com bg.surveymonkey.com bs.surveymonkey.com et.surveymonkey.com hr.surveymonkey.com hu.surveymonkey.com id.surveymonkey.com is.surveymonkey.com lv.surveymonkey.com ms.surveymonkey.com pl.surveymonkey.com sk.surveymonkey.com sl.surveymonkey.com sr.surveymonkey.com th.surveymonkey.com tl.surveymonkey.com uk.surveymonkey.com vi.surveymonkey.com scfirststeps.surveymonkey.com www.qlzn6i1l.com secure.neck6bake.com go.universalanalyzers.com go.store.universalanalyzers.com cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com login.mailchimp.com kb.mailchimp.com blog.mailchimp.com us1.admin.mailchimp.com admin.mailchimp.com styleguide.mailchimp.com polyfill.mailchimp.com developer.mailchimp.com templates.mailchimp.com ux.mailchimp.com api.mailchimp.com connect.mailchimp.com us16.admin.mailchimp.com us19.admin.mailchimp.com us7.admin.mailchimp.com us17.admin.mailchimp.com us3.admin.mailchimp.com us10.admin.mailchimp.com us2.admin.mailchimp.com us11.admin.mailchimp.com us20.admin.mailchimp.com us4.admin.mailchimp.com us12.admin.mailchimp.com us18.admin.mailchimp.com us14.admin.mailchimp.com us8.admin.mailchimp.com apidocs.mailchimp.com us13.admin.mailchimp.com experts.mailchimp.com us1.api.mailchimp.com img.mailchimp.com us15.admin.mailchimp.com status.mailchimp.com us5.admin.mailchimp.com us6.admin.mailchimp.com us9.admin.mailchimp.com us1.mailchimp.com ls.mailchimp.com devs.mailchimp.com shopware.mailchimp.com postcards.mailchimp.com delivery.mailchimp.com plums.mailchimp.com linkedin.mailchimp.com mixpanel.mailchimp.com partner-assets.mailchimp.com patreon.mailchimp.com inspiration.mailchimp.com us11.mailchimp.com us9.mailchimp.com us16.mailchimp.com us19.mailchimp.com us20.mailchimp.com us15.mailchimp.com creative.mailchimp.com posthaste.mailchimp.com us3.mailchimp.com us6.mailchimp.com us4.mailchimp.com us12.mailchimp.com us14.mailchimp.com us2.mailchimp.com us12.api.mailchimp.com us10.mailchimp.com sopresto.mailchimp.com us17.mailchimp.com us7.mailchimp.com us18.mailchimp.com us13.mailchimp.com us8.mailchimp.com us20.api.mailchimp.com meowmart.mailchimp.com fastfives.mailchimp.com us2.api.mailchimp.com us5.mailchimp.com designlab.mailchimp.com us7.api.mailchimp.com img2.mailchimp.com us11.api.mailchimp.com us5.api.mailchimp.com us16.api.mailchimp.com sawa-usercontent.mailchimp.com us9.api.mailchimp.com docmakers.mailchimp.com us6.api.mailchimp.com help.mailchimp.com resources.mailchimp.com us15.api.mailchimp.com nonprofits.mailchimp.com m.mailchimp.com us4.api.mailchimp.com us19.api.mailchimp.com lurvin.mailchimp.com jungle.mailchimp.com us17.api.mailchimp.com us10.api.mailchimp.com us18.api.mailchimp.com us3.api.mailchimp.com privacyportal-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com www.onetrust.com privacyportal.onetrust.com cdn-ukwest.onetrust.com app.onetrust.com privacyportalde-cdn.onetrust.com geolocation.onetrust.com app-de.onetrust.com privacyportal-de.onetrust.com cdn-apac.onetrust.com app-eu.onetrust.com privacyportal-hulu-cdn.onetrust.com privacyportal-uk-cdn.onetrust.com cdn.onetrust.com privacyportal-uk.onetrust.com privacyportal-br-cdn.onetrust.com my.onetrust.com privacyportal-br.onetrust.com cruise-requests.my.onetrust.com privacyportal-na01-cdn.onetrust.com privacyportal-fr.onetrust.com iapp.onetrust.com sncf-portail.my.onetrust.com dpd-paris2.my.onetrust.com app.elq.onetrust.com tastemade-privacy.my.onetrust.com cdn-au.onetrust.com privacyportal-au.onetrust.com images.elq.onetrust.com allegion-privacy.my.onetrust.com privacyportal-ch.onetrust.com tcf.onetrust.com ggoutfitters-requests.my.onetrust.com privacyportal-apac.onetrust.com portal-verint.my.onetrust.com app-au.onetrust.com developer.onetrust.com uat-de.onetrust.com movado-privacy.my.onetrust.com privacyportal-allstate-cdn.onetrust.com proximospirits-privacy.my.onetrust.com free.onetrust.com privacy-portal-manpowergroup.my.onetrust.com privacyportal-discover-cdn.onetrust.com web.onetrust.com privacyportal-uat-cdn.onetrust.com privacyportal-uatde-cdn.onetrust.com info.onetrust.com support.onetrust.com chownow-requests.my.onetrust.com privacyportal-cisco-cdn.onetrust.com tv.onetrust.com data-protection-man-privacy.my.onetrust.com privacyportal-free-cdn.onetrust.com privacyportaluat.onetrust.com privacyportal-apac-cdn.onetrust.com privacyportal-free.onetrust.com smartfit-dsar.my.onetrust.com privacyportal-ch-cdn.onetrust.com privacyportaltrial-cdn.onetrust.com app-uk.onetrust.com app-apac.onetrust.com app-br.onetrust.com app-ca.onetrust.com app-ch.onetrust.com privacyportal-na01.onetrust.com lunagrill-requests.my.onetrust.com cbcfcu-requests.my.onetrust.com dropps-privacy.my.onetrust.com otcc-training.onetrust.com tdic-privacy.my.onetrust.com caire-requests.my.onetrust.com goodworldwide-requests.my.onetrust.com telteclgpd-privacy.my.onetrust.com privacyportaluatde.onetrust.com certain-requests.my.onetrust.com engieimpact-privacy.my.onetrust.com agriness-privacy.my.onetrust.com trial.onetrust.com ideas.onetrust.com lendico-privacy.my.onetrust.com go.pardot.com pi.pardot.com go.obcorp.com go.csiheat.com go.cardinaluhp.com go.barbenanalytical.com optinmonster.com cdn.datatables.net s7.addthis.com v1.addthisedge.com 'unsafe-eval'; style-src * 'unsafe-inline' creaform.my.site.com service.force.com ton.twimg.com platform.twitter.com ametekcdn2.azureedge.net ametekcdn.azureedge.net tagmanager.google.com fonts.googleapis.com; font-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net fonts.gstatic.com data:; img-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net img.mailchimp.com img2.mailchimp.com images.surveymonkey.com images.elq.onetrust.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; frame-src * 'unsafe-inline' js.driftt.com widget.drift.com enterprise-demo.tfaforms.net service.force.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com/video/ ametekcdn2.azureedge.net ametekcdn.azureedge.net; connect-src * 'unsafe-inline' creaform.my.site.com ametekcdn2.azureedge.net ametekcdn.azureedge.net www.google-analytics.com cloudflareinsights.com; worker-src 'self' ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; media-src 'self' *.akamaihd.net manifest.prod.boltdns.net *.wistia.com aifanfan.baidu.com ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; object-src 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net aifanfan.baidu.com 'self' 6 upgrade-insecure-requests; frame-ancestors 'self' https://*.hihaho.com 6 default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 6 frame-ancestors 'self' https://cms.nextmedia.com.au; 6 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 6 default-src 'self' data: gap: ws: wss: blob: https://api-js.datadome.co https://*.google-analytics.com https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.gstatic.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.optimizely.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.typekit.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.quadpay.com https://*.shopperapproved.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.adobeaemcloud.com https://*.smartystreets.com https://*.smarty.com https://*.microsoft.com https://*.wistia.com https://*.wistia.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nr-data.net https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://connect.facebook.net https://*.clarity.ms https://d-ipv6.mmapiws.com https://*.sharpen.cx https://*.sharpencx.com https://*.fortawesome.com https://*.newrelic.com https://*.googleusercontent.com https://*.bing.com https://*.mmapiws.com https://*.posthog.com https://m1.openfpcdn.io https://*.ssl.cf2.rackcdn.com https://js.captcha-display.com https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://*.salecycle.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.tt.omtrdc.net https://*.omnitagjs.com https://*.adgrx.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.listrakbi.com https://*.emjcd.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rakuten.com https://omnicard.com https://www.omnicard.com https://*.rd.linksynergy.com https://www.google.co.in https://t.lt02.net https://cdn.listrakbi.com https://intljs.rmtag.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://*.kore.ai https://*.shareasale.com https://*.niceincontact.com https://cdn.jsdelivr.net https://*.adyen.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.sentry.io https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://*.ada.support https://testing.conversionteam.com https://api.adtraction.net https://cnv.adt623.net https://log.adtraction.fail;script-src 'self' 'unsafe-inline' 'unsafe-eval' nonce-l-NjL0Hm00yqhriGLLlf8w data: gap: ws: wss: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://device.maxmind.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.microsoft.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://unpkg.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://gsap.com https://*.google-analytics.com https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.smartystreets.com https://*.smarty.com https://*.shopperapproved.com https://*.wistia.com https://*.wistia.net https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://greensock.com https://connect.facebook.net https://*.clarity.ms https://*.sharpen.cx https://use.fonticons.com https://*.newrelic.com https://*.posthog.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.xg4ken.com https://*.listrakbi.co https://*.sentry-cdn.com https://*.rd.linksynergy.com https://*.googleadservices.com https://*.doubleclick.net https://*.listrakbi.com https://*.googlesyndication.com https://t.lt02.net https://intljs.rmtag.com https://analytics.tiktok.com https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://js.sentry-cdn.com https://*.gstatic.com https://*.shareasale.com https://*.niceincontact.com https://*.wisepops.net https://*.wisepops.com https://wisepops.net https://*.ada.support https://*.kore.ai https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net https://*.px-cloud.net https://valuesportal.com https://cdn.adt348.net https://gtm.adt313.net https://cnv.adt623.net;img-src 'self' data: blob: https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.wistia.com https://*.wistia.net https://*.cloudfront.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.shopperapproved.com https://*.gstatic.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://*.day.com https://greensock.com https://*.clarity.ms https://*.googleusercontent.com https://*.bing.com https://*.cloudflare.com https://*.ssl.cf2.rackcdn.com https://*.google-analytics.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://data.adxcel-ec2.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.listrakbi.com https://*.bidswitch.net https://*.smartadserver.com https://*.taboola.com https://*.socdm.com https://*.casalemedia.com https://*.dable.io https://*.adingo.jp https://*.360yield.com https://*.media.net https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.ad.smaato.net https://*.clmbtech.com https://*.3lift.com https://*.1rx.io https://*.adnxs.com https://*.teads.tv https://*.ads.yieldmo.com https://sync.aralego.com https://cdn.aralego.net https://sync.ad-stir.com https://ad.as.amanad.adtdp.com https://*.send.microad.jp https://*.bluekai.com https://creativecdn.com https://sync.targeting.unrulymedia.com https://public-prod-dspcookiematching.dmxleo.com https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.omnitagjs.com https://*.adgrx.com https://cm.g.doubleclick.net https://sync.srv.stackadapt.com https://sync-tm.everesttech.net https://*.adform.net https://*.simpli.fi https://*.ybp.yahoo.com https://*.turn.com https://*.analytics.yahoo.com https://*.dotomi.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rd.linksynergy.com https://bh.contextweb.com https://sync.crwdcntrl.net https://*.v.fwmrm.net https://ws.rgtrk.eu https://www.google.co.in https://thrtle.com https://a.usbrowserspeed.com https://match.prod.bidr.io https://he.lijit.com https://email.traversedlp.com https://cdn.listrakbi.com https://pixel-config.reddit.com https://alb.reddit.com https://pm.w55c.net https://p.rfihub.com https://pippio.com https://sync.graph.bluecava.com https://*.thebrighttag.com https://mid.rkdms.com https://*.redinuid.imrworldwide.com https://*.disqus.com https://*.lijit.com https://*.springserve.com https://*.kore.ai https://*.shareasale.com https://*.nimbledeals.com https://*.adyen.com https://*.ada.support https://*.klarna.com https://cdn.valuesportal.com https://log.adtraction.fail;frame-ancestors 'self' https://*.paypal.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.adobedtm.com https://*.giftcardsstage.com;style-src 'self' data: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.googleapis.com https://*.googletagmanager.com https://google.com https://*.google.com https://*.typekit.net https://*.gstatic.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.shopperapproved.com https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://cdn.jsdelivr.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://*.sharpen.cx https://use.fonticons.com https://*.fortawesome.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.googleadservices.com https://*.doubleclick.net https://cdn.listrakbi.com https://*.niceincontact.com https://*.ada.support https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net 'unsafe-inline';frame-src 'self' https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://egift.activationspot.com https://*.blackhawknetwork.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nsureapi.com https://api.sardine.ai https://api.sandbox.sardine.ai https://pay.google.com https://collect.giftcards.com https://*.wistia.com https://*.wistia.net https://*.adobeaemcloud.com https://consent-pref.trustarc.com https://*.google.com https://google.com https://connect.facebook.net https://*.sharpen.cx https://*.paypalobjects.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.salecycle.com https://*.adsrvr.org https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.linksynergy.com https://*.criteo.com https://*.criteo.net https://*.rokt.com https://*.googleadservices.com https://*.doubleclick.net https://*.emjcd.com https://fpt.dfp.microsoft.com https://*.googletagmanager.com https://*.adyen.com https://*.klarna.com https://*.niceincontact.com https://*.klarnaservices.com https://*.arcot.com https://*.icicibank.com https://*.klarnacdn.net https://*.ada.support data: blob:;worker-src 'self' https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.adyen.com https://*.klarna.com data: blob:;object-src 'none';base-uri 'self'; 6 upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/ 6 default-src 'self' 'unsafe-inline'; 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 6 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.com https://metrica.yandex.ru https://metrica.yandex.com https://webvisor.com https://*.webvisor.com 6 frame-ancestors 'none'; upgrade-insecure-requests; 6 default-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src https: wss:; worker-src blob: 6 default-src https: 6 default-src https: data: wss://*.qualified.com wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss: 6 frame-ancestors 'self' https://*.hotjar.com 6 object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 6 https://dynamic.criteo.comhttps://sslwidget.criteo.com 6 worker-src * blob: data: 'unsafe-eval' 'unsafe-inline'; object-src data: ; base-uri 'self'; upgrade-insecure-requests; frame-ancestors 'none'; form-action 'self' https://codesandbox.io; 6 object-src 'self'; manifest-src 'self'; worker-src 'self' blob: https://customer-t79v13gisi5h8yrx.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com;; frame-ancestors 'self'; 6 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 6 default-src * data: 'unsafe-inline' 'unsafe-eval'; 6 frame-ancestors 'self';; upgrade-insecure-requests 6 frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; 6 upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 6 object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 6 object-src 'none'; form-action 'self'; frame-ancestors 'self' 6 report-to default 6 default-src 'self' blob: *.almaty-ffin.global bankffin.kz centinelapi.cardinalcommerce.com *.cloudflare.com *.consentmanager.net api.cyberity.ru *.doubleclick.net www.facebook.com ffin.ae ffin.global *.freedom24.com *.google-analytics.com *.analytics.google.com pay.google.com code.jivosite.com code.jivo.ru *.mail.ru api.sumsub.com *.tradernet.com *.tradernet.kz *.tradernet.global *.tradernet.ru *.tradernet.by widget.trustpilot.com ddc.worldpay.com yastatic.net youtube.com *.youtube.com *.zdassets.com; img-src 'self' 'unsafe-inline' blob: data: *.almaty-ffin.global *.appsflyer.com bat.bing.com *.carrotquest.app *.carrotquest.io inappstory.com/stories/loader.gif *.consentmanager.net *.clarity.ms *.doubleclick.net earn.broker earn.eu www.facebook.com ffin.global *.freedom24.com w8ben.freedomholdingcorp.com cs.getinappstory.com gocpa.cloud www.googletagmanager.com www.google-analytics.com www.google.am www.google.com www.google.kz www.google.ru www.google.com.cy www.google.com.vn google.com.cy google.am google.kz chart.googleapis.com www.gstatic.com trade.inveza.com code.jivosite.com code.jivo.ru *.kursiv.media top-fwz1.mail.ru trade.mind-money.eu content.mql5.com *.onelink.me t.co *.tradernet.by *.tradernet.com *.tradernet.kz *.tradernet.ru turlov.co.za analytics.twitter.com vk.com login.vk.com ddc.worldpay.com mc.yandex.ru v2.zopim.com mc.yandex.com *.oninvest.com *.ffin.tr *.ffin.ae *.youtube.com static.geetest.com static.geevisit.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: ffin.global *.freedom24.com www.google-analytics.com pay.google.com cdn.jsdelivr.net *.tradernet.com *.tradernet.ru yastatic.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fonts.googleapis.com www.gstatic.com code.jivosite.com code.jivo.ru cdn.jsdelivr.net yastatic.net static.geetest.com; font-src 'self' data: *.appsflyer.com cdn.carrotquest.app cs.getinappstory.com fonts.gstatic.com v2.zopim.com; connect-src 'self' blob: *.amazonaws.com wss://*.amazonaws.com *.appsflyer.com api.carrotquest.app rts-v2.carrotquest.app/websocket_connect_time wss://rts-v2.carrotquest.app/websocket_connect_time realtime-services-eu.carrotquest.io wss://realtime-services-eu-chat-2.carrotquest.io wss://realtime-services-eu.carrotquest.io api.carrottrack.app/users/$self_user/events api.carrottrack.app/users/$self_user/props wss://wss.cifra-broker.ru *.clarity.ms *.consentmanager.net/delivery/ suggestions.dadata.ru stats.g.doubleclick.net wss://wss.earn.broker wss://wss.ffdigital.ch wss://wss.ffin.ae ffin.global wss://wss.ffin.tr mo.ffinpay.ru eun1.fptls.com eun1.fptls.com *.freedom24.com wss://wss.freedom24.com wss://wss.freedombroker.kz api.getinappstory.com/v2/ *.google-analytics.com *.analytics.google.com analytics.google.com google.com pay.google.com www.google.com pagead2.googlesyndication.com *.gstatic.com iframe.ly wss://wss.inveza.com *.jivo.ru wss://*.jivo.ru *.jivosite.com wss://*.jivosite.com top-fwz1.mail.ru www.mczbf.com wss://wss.mind-money.eu content.mql5.com www.sjwoe.com *.taboola.com wss://wss.almaty-ffin.global wss://wss.tfos.com wss://wss.tradernet.am wss://wss.tradernet.by *.tradernet.com wss://wss.tradernet.com wss://wss.tradernet.dev wss://wssdev.tradernet.dev wss://wss.tradernet.global wss://wss.tradernet.kg wss://wss.tradernet.kz admin.tradernet.ru sentry.dev.tradernet.ru tradernet.ru wss://wss.tradernet.ru wss://wss2.tradernet.ru wss://wss.tradernet.ua wss://wss.tradernet.uz *.typi.team wss://wss.walletsolutions.eu wss://wss.wisdompointcapital.com ddc.worldpay.com mc.yandex.com mc.yandex.ru ekr.zdassets.com *.zendesk.com v2.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com; frame-ancestors 'self' https://*.bankffin.kz https://*.f.bank https://*.freedom24.com https://*.tradernet.com https://bankffin.kz https://freedom24.ru; 6 upgrade-insecure-requests; object-src 'none' 6 frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; report-uri https://o428203.ingest.sentry.io/api/4505516549210112/security/?sentry_key=6eb445158e4a410c830e7e424f2d7b56 6 default-src 'self';frame-src 'self' blob: https:;connect-src 'self' wss: blob: https:;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https:;img-src 'self' data: blob: blob: https:;media-src 'self' blob: https:;font-src 'self' data: blob: https:;worker-src 'self' blob: blob: https:;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 6 default-src https: 'unsafe-eval' 'unsafe-inline' 6 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 6 none 6 default-src 'self' https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net https://zip.getziptastic.com https://www.googletagmanager.com *.lambda-url.us-east-1.on.aws; img-src * data:; script-src 'self' 'sha256-4qHwYstA/HMoqYktYjfAnyNPmBqLeAqunX99JaEvimc=' https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com https://*.cookiebot.com/ https://cookiebot.com/*; frame-src https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://copayassets-test.aws.paysign.com/ https://s3.amazonaws.com/ https://*.cookiebot.com/ https://*.paysign.com https://*.s3.amazonaws.com/ https://copay-portalapi.paysign.net/ https://copay-portalapi.paysign.net/*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net; font-src 'self' https://fonts.gstatic.com; connect-src https://*.paysign.com https://*.3pea.net https://*.aws.paysign.com https://*.paysign.net https://*.s3.us-east-1.amazonaws.com/ https://zip.getziptastic.com https://www.googletagmanager.com https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ *.lambda-url.us-east-1.on.aws/ https://*.cookiebot.com/; manifest-src 'self' https://maps.googleapis.com/ https://www.google-analytics.com/; 6 frame-ancestors 'self' *.azdev.direct *.adobe.com direct.lvh.me:8080 6 default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob:;child-src * blob:;connect-src *;font-src * data:;object-src *;media-src *;frame-src *;base-uri *;form-action *;frame-ancestors *;script-src-attr *;upgrade-insecure-requests 6 default-src 'self' data: blob: *.conac.cn *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 6 frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/enforce 6 manifest-src 'self' 6 default-src * 'unsafe-inline' 'unsafe-eval' data: 6 frame-ancestors 'self' *.contentstack.com 6 script-src-elem 'self' https://www.gstatic.com/recaptcha/ *.ampproject.net/ https://ad.atdmt.com https://www.google.com/recaptcha/api.js www.google-analytics.com ajax.googleapis.com https://cdn.ampproject.org https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://adservice.google.com/adsid/integrator.js https://adservice.google.com.vn/adsid/integrator.js https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/pagead/js/r20190408/r20190131/show_ads_impl.js 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 6 frame-ancestors 'self' https://builder.io; 6 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com dwin1.com cl.qualaroo.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com d.la3-c2-ia7.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com s2.adform.net c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com dwin1.com cl.qualaroo.com ref.ccb-dev.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.artfut.com my.tealiumiq.com t.contentsquare.net d.la3-c2-ia7.salesforceliveagent.com canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com tags.srv.stackadapt.com members.cj.com *.adform.net *.kmtx.io c.la13-core1.sfdc-lywfpd.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com c.la11-core1.sfdc-yzvdd4.salesforceliveagent.com d.la11-core1.sfdc-yzvdd4.salesforceliveagent.com tag.demandbase.com c.amazon-adsystem.com ct.pinterest.com; 6 default-src 'self'; script-src 'self' 'strict-dynamic' 'sha256-l3tfobNGSDsiWwzSdX9QqvprTaL+kQGzfRzpdkbM1m0=' 'sha256-aXFWSsQLd4kfpqpWNQwLKFmiDgjd+I1iaw3mCViRRUc=' 'unsafe-inline' 'wasm-unsafe-eval' https://vrt.be https://*.vrt.be https://previewshared.mediahuis.be/cxense/cxense.vrtnu.js https://*.sentry-cdn.com https://assets.adobedtm.com https://cdn.cxense.com/cx.js https://api.cxense.com https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-performance-timing@latest/dist/index.umd.min.js https://gabe.hit.gemius.pl https://gdpr-wrapper.privacymanager.io https://gdpr.privacymanager.io https://imasdk.googleapis.com/js/sdkloader/ima3.js https://*.qualtrics.com https://www.gstatic.com https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js https://*.opecloud.com https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://vrt.be https://*.vrt.be https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://chat.stream-io-api.com wss://chat.stream-io-api.com wss://api-dev.vrt.radio/socket.io/ wss://api-stag.vrt.radio/socket.io/ wss://api.vrt.radio/socket.io/ https://vrt.be https://*.vrt.be https://*.vrtcdn.be https://vrtmax.stag.a51.be https://d33ksfmeznrrrv.cloudfront.net https://*.omtrdc.net https://*.streamtheworld.com https://*.akamaized.net https://o140591.ingest.sentry.io https://dpm.demdex.net https://siteintercept.qualtrics.com https://time.akamai.com https://license.theoplayer.com https://widevine-proxy.drm.technology/proxy https://gdpr-wrapper.privacymanager.io https://*.privacymanager.io https://*.uplynk.com https://gabe.hit.gemius.pl https://*.smartocto.com https://*.contentinsights.com https://fairplay-license.drm.technology https://csi.gstatic.com https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://vrt-live.cdn.vustreams.com https://*.buffup.net wss://*.buffup.net https://api.amplitude.com https://api-dev.vrt.radio https://api-stag.vrt.radio https://api.vrt.radio https://unpkg.com/theoplayer@6.7.0/ https://unpkg.com/theoplayer@7.6.1/ https://cdn.jsdelivr.net/npm/@mux/mux-data-theoplayer@5.1.7/ https://unpkg.com/theoplayer@8.12.1/THEOplayer.transmux.js https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://*.opecloud.com https://*.googlesyndication.com https://*.doubleclick.net https://*.doubleverify.com https://*.clarity.ms https://sporza-api.stag.a51.be https://api.sporza.be https://resources.vudrm.tech https://*.litix.io https://cdnjs.cloudflare.com/polyfill/v3/ https://growthbook-api.datascience.a51.be https://*.streamabc.net https://cdn.jsdelivr.net/npm/shaka-player@4.16.6/ https://cdn.jsdelivr.net/npm/@mux/mux-data-shakaplayer@5.12.8/ https://cdn.jsdelivr.net/npm/hls.js@1.6.13/ https://cdn.jsdelivr.net/npm/mux-embed@5.13.0/; font-src 'self' https://vrt.be https://*.vrt.be https://buffup-web-sdk.core.buffup.net https://files.qualifio.com/library/vrt/fonts/; frame-src 'self' https://vrt.be https://*.vrt.be https://*.ketnet.be https://vrtbe.demdex.net https://cdn.cxense.com https://*.privacymanager.io https://ls.hit.gemius.pl https://imasdk.googleapis.com https://unpkg.com/ https://interactief.radio2.be https://interactief.radio1.be https://interactief.mnm.be https://interactief.stubru.be https://interactief.een.be; img-src 'self' data: https://getstream.imgix.net/images/emoji-sprite.png https://vrt.be https://*.vrt.be https://vrt.sc.omtrdc.net https://comcluster.cxense.com https://licensing.theoplayer.com https://ib.adnxs.com https://secure.adnxs.com https://*.doubleclick.net https://*.postrelease.com https://*.cxense.com https://cm.everesttech.net https://*.demdex.net https://*.opecloud.com https://*.qualtrics.com https://*.buffup.net https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googlesyndication.com https://*.cloud.ovh.net https://dublin.stream-io-cdn.com/; manifest-src 'self'; media-src 'self' blob: data: https://*.vrt.be https://*.vrtcdn.be https://d33ksfmeznrrrv.cloudfront.net https://*.streamtheworld.com https://*.akamaized.net https://*.uplynk.com https://*.adnxs-simple.com https://buffup-public.s3.eu-west-2.amazonaws.com https://assets.vrt.buffup.net https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.gvt1.com https://*.adsafeprotected.com https://*.doubleverify.com https://*.moatads.com https://*.flashtalking.com https://*.adform.net https://*.mediahuis.be https://*.2mdn.net https://resources.vudrm.tech https://vrt.simplecastaudio.com https://*.stream-io-cdn.com; worker-src 'self' blob:; 6 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 6 default-src 'self'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com; form-action 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com *.sandbox.my.salesforce.com *.salesforceliveagent.com *.la13-core2.sfdc-lywfpd.salesforceliveagent.com la13-core2.sfdc-lywfpd.salesforceliveagent.com *.sandbox.my.salesforce-sites.com *.wexinc.com *.grafana.net *.thoughtspot.cloud unpkg.com static.lightning.force.com data:; upgrade-insecure-requests 6 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 6 frame-ancestors 'self' https://*.sagepay.com https://*.paypal.com https://*.klarna.com https://*.instagram https://*.evopaymentgateway.com https://*.boipapaymentgateway.com https://*.paypalobjects.com 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.crisis24.com https://*.garda.com https://*.gardaworld.com https://*.jotform.com https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.clarity.ms https://*.cloudinary.com https://*.cookiepro.com https://*.surveymonkey.com https://*.smassets.net https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.hs-scripts.com https://*.hs-sites.com https://*.hsappstatic.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.linkedin.com https://*.moneris.com https://*.onetrust.com https://*.salesforce.com https://*.usemessages.com https://*.youtube.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://*.zi-scripts.com https://*.zoominfo.com https://bat.bing.com https://c.bing.com https://cdn.fonts.net https://cdn.jsdelivr.net/ https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://pagead2.googlesyndication.com https://secure.data-insight365.com https://snap.licdn.com https://pardot.com https://*.pardot.com https://vercel.com https://vercel.live https://*.vercel.com https://*.vercel.app https://*.vercel-scripts.com wss://ws-us3.pusher.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.dayforcehcm.com https://*.mapbox.com https://player.simplecast.com https://js.zi-scripts.com https://*.zoominfo.com https://analytics.ahrefs.com google.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; frame-ancestors 'self' http://*.ddev.site https://*.purecobalt.com https://*.pcobalt.com https://*.garda.com https://*.crisis24.com; 6 frame-ancestors https://damascus.prod.evqt.net https://damascus.staging.evqt.net 6 frame-ancestors 'self' https://tippspiel.redbullsalzburg.at; 6 upgrade-insecure-requests;frame-ancestors 'self' ; 6 default-src * data: 'unsafe-inline' 'unsafe-eval' 6 default-src https: http: wss: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; object-src 'self' blob:; 6 frame-ancestors 'self' https://*.fynd.com 6 base-uri 'none'; frame-ancestors 'none'; object-src 'none'; script-src https: http: 'unsafe-eval' 'unsafe-inline'; report-uri /nelmio/csp/report; worker-src 'none' 6 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 6 default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-gAoLN6KJ0A9OafcVJMjzxNdkYgp5k6N6TAeX0LWP/FI=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-h0q/wc9bqEqBhdFWnKDHIxeXP11Ajil7n/hsjm6/dqM=' 'sha256-C5rDgRHg+vqKO7WuW9xWaUgdVJbqlhnjKIbfvsKF0xE=' 'sha256-JExGmEvC7ZiVWk+GdIt3rVoPWN4W8NCmOfUKXbey7ig=' 'sha256-xVILJh0lK70lVi3RoL4ILRgU+KTxxEWHvZDNRTV6JrA=' 'sha256-Xi0aUTero+2HCGXxqbCOJfZM32R2yQ2vJ1qfEx5uB2M=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-/JfUu6Zem/6hYsbOAALYRBMS6NOtpUCjDi0RlTS/qb8=' 'sha256-2+sA5gLjooF7uql+LE1YEJtYO9VyaPgYBt1rWu41zm0=' 'sha256-0D4HtGLdTewYCOXEfwwNl9/8Dl+VhGM1tNJGkLTdgE4=' 'sha256-S9ZGnLkZ7P/9E037KPJ434vL+yLVOncfSKLiJjet2bE=' 'sha256-6fQwbrnXjDFfyddlQVIIWnIbDc2fp+SIiOI+WBxcjr4=' 'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-A0/707MQdpfr/tR18VnYSk7JMJoUQSBURZEJa8wF6po=' 'sha256-kvqasyXMdm/oaFYV13Vo7H+iWofPfqO92EjT+TP30wQ=' 'sha256-3ajBc/dcb/EhkUUCWwgas0KdZImxjGdF3bpG8w8YRPY=' 'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE=' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com *.archgroup.com www.googletagmanager.com www.clarity.ms; script-src-elem 'self' 'unsafe-inline' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com www.archgroup.com www.googletagmanager.com platform.twitter.com www.clarity.ms c.clarity.ms e.clarity.ms scripts.clarity.ms; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com *.googletagmanager.com fonts.gstatic.com; frame-src *.archgroup.com www.podbean.com www.youtube.com www.google.com *.icims.com player.vimeo.com *.twitter.com; img-src 'self' data: www.archgroup.com archgroup.com ps.w.org p.adsymptotic.com wpengine.com dify.wpengine.com maps.gstatic.com *.googleapis.com *.ggpht.com secure.gravatar.com *.linkedin.com *.google-analytics.com *.analytics.google.com *.twitter.com c.clarity.ms c.bing.com; font-src 'self' data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.archgroup.com insurance.archgroup.com mortgage.archgroup.com reinsurance.archgroup.com *.google-analytics.com analytics.google.com *.analytics.google.com archcapital2020tf.q4web.com *.licdn.com stats.g.doubleclick.net my.wpengine.com yoast.com api.redirect.li px.ads.linkedin.com cdn.linkedin.oribi.io e.clarity.ms; media-src *.archgroup.com extend.vimeocdn.com; form-action 'self'; base-uri 'self'; frame-ancestors 'self' www.slipcase.com marketplace.marsh.com; upgrade-insecure-requests ; object-src 'self'; child-src 'self'; worker-src 'self' blob: *.archgroup.com; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 6 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob: 6 default-src 'self' https:; img-src 'self' data: https:; style-src-elem 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src-attr 'unsafe-inline'; font-src 'self' data: https:; frame-ancestors https://volkswagen-admin.porsche-holding.com; connect-src 'self' https: wss: ws: data:; manifest-src 'self' https:; media-src 'self' https: data: blob; frame-src 'self' https:; upgrade-insecure-requests 6 style-src * 'unsafe-inline'; font-src * data:; img-src * data:; connect-src *; object-src 'self'; frame-ancestors 'self'; 6 frame-ancestors 'self' *.roomlynx.net 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 6 upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 6 frame-ancestors https://app.pendo.io https://consentcdn.cookiebot.com https://consent.cookiebot.com; default-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.jsdelivr.net; font-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com blob:; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; frame-src 'self' https://app.pendo.io https://www.google.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; worker-src 'self' blob: 6 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 6 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://addtocalendar.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com https://graph.facebook.com https://www.linkedin.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.google.com.ua https://www.googletagmanager.com; font-src 'self' data: https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com https://www.google.com/ https://analytics.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net; object-src 'self'; frame-src 'self' https://www.google.com https://docs.google.com https://youtube.com https://www.youtube.com https://www.facebook.com https://public.tableau.com https://digital.bukoda.gov.ua https://prozorro.gov.ua https://bi.prozorro.org https://zakupivli.pro; frame-ancestors 'none'; worker-src 'none'; form-action 'self'; base-uri 'none' 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; font-src 'self' https: http: data:; img-src 'self' data: https: http:; frame-src 'self' https: http:; connect-src 'self' https: http:; 6 frame-ancestors 'self'; report-uri /log/csp-violation 6 default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://62.210.201.98 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' www.mexc.com bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 6 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-JfJ82reKxtqugVbfRGw/O/1x1Lm1I09rHueXSwvbRws=' 'sha256-BbV1i75oYRtLtfDWs7tnA8QLF5EOO1dVHKL0prVd/fQ=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d 6 frame-ancestors 'self' *.shoplineapp.com *.facebook.com; upgrade-insecure-requests; 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn01l.vaillant-group.com *.adalyser.com *.adform.com *.adform.net *.adroll.com *.bing.com *.consentmanager.net *.contentsquare.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.glp8.net *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.ibm.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.presage.io *.redditstatic.com *.clarity.ms *.serving-sys.com *.taboola.com *.tiktok.com *.tiktokw.us *.xo-matic.com *.youtube.com *.zenloop.com a.mgid.com acdn.adnxs.com c.seznam.cz c1.rfihub.net cdn-assets-prod.s3.amazonaws.com cdn.inis360.com cdn.oribi.io cdn.prod.uidapi.com cloudrizon.formstack.com contactis.ua graph.facebook.com heizungonline.vaillant.de heyzine.com io.fusedeck.net js.adsrvr.org mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be optimizely.s3.amazonaws.com popup.campaign.playable.com preventivi.vaillant.it s.pinimg.com s.yimg.com snap.licdn.com static.ads-twitter.com static.cleverpush.com static.criteo.net tags.creativecdn.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de vaillantp.ubiqubit.it verkoopkansen.vaillant.nl widget.trustpilot.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.instalxpert.be www.recaptcha.net; connect-src 'self' ws: *.adform.net *.analytics.google.com *.bing.com *.bing.net *.clarity.ms *.contentsquare.net *.criteo.com *.delivery.consentmanager.net *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.facebook.com *.facebook.net *.glp8.net *.hotjar.com *.hotjar.io *.linkedin.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.prod.uidapi.com *.reddit.com *.redditstatic.com *.serving-sys.com *.taboola.com *.tiktok.com *.tiktokw.us *.xo-matic.com ams.creativecdn.com api.cleverpush.com capi.vaillant.es capig.stape.cc heizungonline.vaillant.de ib.adnxs.com ice.360yield.com insight.adsrvr.org logx.optimizely.com mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be operator-integ.uidapi.com premiumstory.bvz.at premiumstory.noen.at branded-content.tt.com preventivi.vaillant.it prod.uidapi.com s.yimg.com story.nachrichten.at story.vienna.at story.vol.at toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; style-src 'self' 'unsafe-inline' *.loyjoy.com *.glp8.net *.zenloop.com app.optimizely.com cdn01l.vaillant-group.com cloudrizon.formstack.com contactis.ua fonts.googleapis.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be preventivi.vaillant.it tagmanager.google.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl www.googletagmanager.com www.instalxpert.be; img-src 'self' blob: data: *.1rx.io *.adalyser.com *.adform.net *.adlmerge.com *.adroll.com *.agkn.com *.atemda.com *.bidswitch.net *.bing.com *.bing.net *.clarity.ms *.consentmanager.net *.contentsquare.net *.creativecdn.com *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.glp8.net *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hit.gemius.pl *.linkedin.com *.loyjoy.com *.outbrain.com *.presage.io *.pubmatic.com *.reddit.com *.taboola.com *.xo-matic.com a.mgid.com a.twiago.com aax-eu.amazon-adsystem.com ad.360yield.com ad.as.amanad.adtdp.com ad.mail.ru ad.tpmn.co.kr ad.yieldlab.net ad.yieldlab.net adasta-pbs.relevant-digital.com adlmerge.com adn.caprofitx.com ads.betweendigital.com ads.betweendigital.com ads.enjoy4fun.com ads.stickyadstv.com ads.yieldmo.com an.yandex.ru an.yandex.ru analytics.ad.daum.net api.gov-img.site app.optimizely.com atemda.com bbnaut.ibillboard.com bbnaut.ibillboard.com bh.contextweb.com bh.contextweb.com c.seznam.cz c1.adform.net capturemedia-assets.com cdn.optimizely.com cdn.performax.cz cdn01l.vaillant-group.com ce.lijit.com clientes.saunierduval.es clientes.vaillant.es cm.adform.net cm.g.doubleclick.net cm.gammaplatform.com cm.gammaplatform.com cm.mgid.com cmeu.hit.gemius.pl cm-exchange.toast.com cmrtbhpl.hit.gemius.pl contactis.ua contextual.media.net cookiesync.axis-marketplace.com cookiesyncgotham.com criteo-partners.tremorhub.com criteo-sync.teads.tv cs.adingo.jp cs.gssprt.jp cs.gssprt.jp cs.mobfox.com cs.yellowblue.io cstb.adsinteractive.com csync.loopme.me csync.smilewanted.com delivery.swid.switchads.com delivery.swid.switchads.com dis.criteo.com dmx.districtm.io dot.wp.pl dpm.demdex.net dsum-sec.casalemedia.com dsum-sec.casalemedia.com e1.emxdgt.com e1.emxdgt.com eb2.3lift.com eb2.3lift.com eexsync.com elb.the-ozone-project.com exchange.mediavine.com fast.nexx360.io fusedeck.com glp8.net goo.gamx.io gum.criteo.com hb.adtarget.com.tr hb.r2b2.cz hb.r2b2.io hb.yahoo.net hb.yahoo.net hbx.media.net heizungonline.vaillant.de ib.adnxs.com ib.adnxs.com insight.adsrvr.org ice.360yield.com ice.360yield.com id5-sync.com idsync.admixer.co.kr idsync.rlcdn.com ih.adscale.de ih.adscale.de inv-nets.admixer.net jadserve.postrelease.com localhost mapping.lacunads.com match.c8.net.ua match.c8.net.ua match.sharethrough.com match.sharethrough.com matching.ivitrack.com mes-devis.saunierduval.fr mixer.mobon.net mkt.saunierduval.es mkt.vaillant.es mojklient.vaillant.pl ms-cookie-sync.presage.io mynet-pbs.theadx.com offer.vaillant.be offerte.bulex.be offre.bulex.be onetag-sys.com optimics-ads.aimatch.com pbjs.digitalmatter.services pbs.optidigital.com pbs.yahoo.com pixel.rubiconproject.com pixel.rubiconproject.com pixel.s3xified.com pixel.tapad.com prebid.admatic.de prebid.adocean.pl prebid.adtarget.com.tr prebid.jixie.io prebid.monetixads.com prebid.pixad.com.tr prebid.serve.admatic.com.tr prebid-s2s.media.net prebid-server.pbstck.com prebid-server.rtbhouse.net prebid-server.rubiconproject.com prebid-stag.setupad.net preventivi.vaillant.it profile.ssp.rambler.ru profile.ssp.rambler.ru public-prod-dspcookiematching.dmxleo.com r.casalemedia.com res.cloudinary.com rm.em.nscontext.eu rm.em.nscontext.eu router.infolinks.com rt.marphezis.com rt.udmserve.net rtb.adxpremium.services rtb-csync.smartadserver.com rtb-server.valuad.io s.ad.smaato.net s.amazon-adsystem.com s.seedtag.com s2s.yieldbird.com s-cs.rmp.rakuten.com s-cs.send.microad.jp s-cs.send.microad.jp server.seadform.net simage2.pubmatic.com simage2.pubmatic.com sofia.trustx.org sp.analytics.yahoo.com sp.gmossp-sp.jp ssc-cms.33across.com ssp.adriver.ru ssp.adriver.ru ssp.api.tappx.com ssp.wp.pl ssp-csync.smartadserver.com ssp-csync.smartadserver.com static.cleverpush.com sync.1rx.io sync.addlv.smt.docomo.ne.jp sync.adkernel.com sync.ad-stir.com sync.adtech.ink sync.adtelligent.com sync.aniview.com sync.bidence.net sync.bidmatic.io sync.cenarius.orangeclickmedia.com sync.connectad.io sync.console.adtarget.com.tr sync.cootlogix.com sync.dmp.otm-r.com sync.e-planning.net sync.go.sonobi.com sync.inmobi.com sync.kueezrtb.com sync.outbrain.com sync.pubrise.ai sync.taboola.com sync.teads.tv sync-criteo.ads.yieldmo.com sync-service.net t.adx.opera.com t.visx.net tg.socdm.com tg.socdm.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de toolbox-gb-glowworm.prod.cloud.heatingonline.de u.4dex.io ups.analytics.yahoo.com us.ck-ie.com us.ck-ie.com us.shb-sync.com us-east-pbs.automatad.com usersync.gumgum.com usersync-america.rtblab.net us-u.openx.net us-u.openx.net verkoopkansen.vaillant.nl vid.vidoomy.com visitor.omnitagjs.com visitor.omnitagjs.com x.bidswitch.net z.cdn.adtarget.market; font-src 'self' data: *.loyjoy.com *.glp8.net cdn01l.vaillant-group.com fonts.cdnfonts.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offer.vaillant.be offerte.bulex.be offre.bulex.be preventivi.vaillant.it script.hotjar.com toolbox-gb-glowworm.prod.cloud.heatingonline.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; object-src 'none'; base-uri 'self'; form-action 'self' *.columbusconnect.it *.facebook.com *.officego.de *.plansoft-online.de *.saunierduval.es *.vaillant-group.com *.vaillant.es eshopspares.protherm.sk http://sso.wigam.com http://www.columbusconnect.it https://sso.wigam.com:8016 pontbevaltas.saunierduval.hu self-service.vaillant.de shop.vaillant.at sso.wigam.com; frame-src 'self' *.adform.net *.adroll.com *.adsrvr.org *.captivate.fm *.cdn-pci.optimizely.com *.cdn.optimizely.com *.consentmanager.net *.criteo.com *.doubleclick.net *.elf.site *.facebook.com *.g.doubleclick.net *.glp8.net *.google.com *.oplead.com *.pinterest.com *.protherm.cz *.rfihub.com *.saunierduval-piecedetachee.fr *.saunierduval.es *.taboola.com *.xo-matic.com *.vaillant-systeme.de *.vaillant.es *.vaillant.ua *.vaillantkotle.cz *.vanmarcke.com 27052801.hs-sites-eu1.com aides.saunierduval.fr ams.creativecdn.com anzeigen.premium.salzburg24.at anzeigen.premium.sn.at apps.vaillantgroup.org bayi.demirdokum.net cat.hermann-saunierduval.it cat.vaillant.it cloud.at.vgmarketingcloud.com contotermicohsd.vaillantgroup.it contotermicovaillant.vaillantgroup.it customer.vaillant.com.tr epaper.paper2web.ch fiches-qce.saunierduval.fr foerdermittelsuche.betatool.de form.jotform.com forms.iframes-saunierduval.es forms.office.com gutschein.vaillant.de heyzine.com identity.vaillant-group.com iframe.vaillantbayiminternette.com iqg.vaillant.com mapapartnerov.protherm.sk marktraum.betatool.de mkt.saunierduval.es optimum.vaillant.at optimum.vaillant.pl pompe-a-chaleur.saunierduval.fr portal.vaillant.ua powerfinder.hermann-saunierduval.it powerfinder.vaillant.it servicevaillant.wufoo.com servis.demirdokum.net servis.protherm.sk share-eu1.hsforms.com simulator.vaillant.com tarif-public.saunierduval.fr tools.vaillant.nl ucretsizkesif.demirdokum.com.tr urunler.demirdokum.com.tr vaillant-group.campaign.playable.com vaillant-systeme.de vaillant.cleverpush.com vaillant.cyber-time.at vaillantclub.vaillant.com.tr vf.r3f.technology widget.trustpilot.com wpcalc.vaillant.ch www.foerderdata.at www.foerdermittelauskunft.de www.googletagmanager.com www.kalkulator-vaillant.pl www.mepcontent.com www.recaptcha.net www.youtube.com wwwvaillantbe.mycleverpush.com; upgrade-insecure-requests; 6 frame-ancestors https://fi.tav.aero 6 base-uri 'self'; font-src 'self' data: https:; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss: blob:; child-src 'self' https: wss: blob:; frame-src 'self' https:; form-action 'self' https: 6 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 6 style-src * 'self' 'unsafe-inline'; 6 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com chimeratool.com *.chimeratool.com *.elfsight.com data.chimeratool.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com *.payerone.com *.facebook.net wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com *.google.com *.dhru.com *.paypal.com *.paypalobjects.com *.googletagmanager.com t.me *.t.me wa.me *.wa.me ; img-src * data:; font-src * data: 6 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.hotjar.io *.hotjar.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://static.addtoany.com/ *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com https://*.dpdconnect.nl *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com https://www.magezon.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.google.nl *.usercentrics.eu *.etrusted.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com https://*.dpdconnect.nl *.avada.io *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com googletagmanager.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.clarity.ms *.hotjar.io *.hotjar.com *.usercentrics.eu *.cloudwaysapps.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com *.fontawesome.com *.multisafepay.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.typekit.net *.bootstrapcdn.com *.etrusted.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.trustedshops.com *.trustindex.io *.cookiebot.com https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.cloudflare.com *.twitter.com *.clarity.ms *.usercentrics.eu *.hotjar.io *.hotjar.com wss://*.hotjar.com *.cloudwaysapps.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.agricharts.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net code.jquery.com cdn.datatables.net *.googletagmanager.com twitter.com *.twitter.com *.windy.com *.financialcontent.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.websol.barchart.com media.agricharts.com *.barchart.com; object-src 'self' s3.amazonaws.com media.agricharts.com; frame-src 'self' *.youtube.com *.facebook.com www.google.com twitter.com *.twitter.com *.windy.com www.screencast.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.websol.barchart.com; worker-src 'self' s3.amazonaws.com media.agricharts.com blob:; frame-ancestors 'self'; 6 script-src 'unsafe-inline' 'self' data: 'unsafe-eval' blob: www.google.com maps.googleapis.com www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com players.brightcove.net vjs.zencdn.net assets.adobedtm.com ajax.googleapis.com;frame-src 'self' www.google.com www.googletagmanager.com 6 script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-exp.spotifycdn.com open-review.spotifycdn.com open-exp-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js https://get.microsoft.com/badge/ms-store-badge.bundled.js https://cdn.us.heap-api.com https://heapanalytics.com 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s=' 'sha256-o2wzIImHJ4+WWE5DCTR+myWU0UNml0+wwpDXRo++vII='; frame-ancestors 'self' https://adgen-dev.spotify.com/account/*/ad/*/details https://adgen-dev.spotify.com/preview/* https://local.spotify.net/account/*/ad/*/details https://local.spotify.net/preview/* https://app.smartly.io/*; 5 report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=_pH5SjQDVfKbITX-PQbrq&v=9; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok-usts.com *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokglobalshop.us *.tiktokmusic.me *.tiktokshop.com *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com api.music.apple.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu newassets.hcaptcha.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com static.captchami.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com tx41v.arkoselabs.com unpkg.com vimeo.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: http://localhost:* https://localhost:* wss://im-ws.tiktok.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-usts.com *.tiktok.com/passport/ *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.us *.tiktokglobalshopv.us *.tiktokmusic.me *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv-us.com *.tiktokv.us *.tiktokw.eu/passport/ *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.us.tiktok.com *.us.tiktokv.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com affiliate-us.tiktok.com analytics.tiktok.com api.music.apple.com code.jquery.com effecthouse.tiktok.com facebook.com google.com i.ticketweb.com im-api.tiktok.com im-image.tiktokv.com im-ws.tiktok.com image-va.tiktok.com images.universe.com interactives.ap.org livecenter.tiktok.com login-eu.www.tiktok.com login-no1a.www.tiktok.com login-row.www.tiktok.com login-us.www.tiktok.com media.ticketmaster.eu newassets.hcaptcha.com newsroom.tiktok.com p0-pu-private-useast8.tiktok.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net scm-us.tiktok.com seller-us.tiktok.com shop.tiktok.com starling-i18n.tiktokv.com/check_and_get_text/ starling-sg.tiktokv.com/check_and_get_text/ starling-va.tiktokv.com/check_and_get_text/ static-label.frontgatetickets.com static.captchami.com support.tiktok.com t.co t.tiktok.com tikitoks.com tiktok.captchami.com tiktokfollowersfree.com tv.tiktok.com tx41v.arkoselabs.com unpkg.com us.tiktok.com v16-webapp-prime.tiktok.com v16-webapp.tiktok.com v19-webapp-prime.tiktok.com vas-alisg16.tiktokv.com vas-maliva16.tiktokv.com vas-useast2a.tiktokv.com vas-va.tiktokv.com vcs-sg.tiktokv.com vcs-va.byteoversea.com vcs-va.tiktokv.com verification-i18n.tiktok.com verification-sg.tiktok.com verification-va.byteoversea.com verification-va.tiktok.com verification.tiktokw.eu verification16-normal-no1a.tiktokw.eu verify-sg.byteoversea.com vimeo.com web-i18n.tiktok.com/passport/ web-sg.tiktok.com/passport/ web-va.tiktok.com/passport/ webapp-sg.tiktok.com webapp-va.tiktok.com www.tiktok.com; script-src 'inline-speculation-rules' 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net interactives.ap.org js-cdn.music.apple.com/musickit/v3/musickit.js js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/bric-captcha-ttweb/core-captcha/ static.captchami.com tiktok.captchami.com tx41v.arkoselabs.com unpkg.com vimeo.com www.facebook.net www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js www.tiktok.com/tiktokstudio/static/worker/ www.tiktok.com/tiktokstudio/sw.js www.tiktok.com/web-static-js/ www.tiktok.com/webapp-desktop/static/worker/ 5 default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://yandex.ru https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com https://*.vkvideo.ru 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com https://*.vkvideo.ru 'self' 'unsafe-inline';report-uri /csp 5 frame-ancestors 'self' *.wal.co *.walmart-customcards.com *.walmart.com:* *.walmart.net *.walmartimages.com; report-uri https://csp.walmart.com/c/r/gl 5 default-src 'self' *.livejournal.com *.livejournal.net *.dsp-rambler.ru *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.24smi.net *.adfox.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru ad.mail.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org cdn.jsdelivr.net cdnjs.smi2.ru *.cdn-vk.ru content.adriver.ru *.criteo.com *.criteo.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.dsp-rambler.ru embed.bsky.app *.exelator.com *.facebook.com *.facebook.net gist.github.com googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com js.mamydirect.com *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com vk.com *.vk.com vk.ru *.vk.ru *.weborama.fm weborama.fm *.weborama.fr weborama.fr *.weborama.ru weborama.ru *.weborama-tech.ru weborama-tech.ru *.webturn.ru *.webvisor.org *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.adriver.ru ad.mail.ru *.ad-tech.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.dsp-rambler.ru *.eaglecdn.com export-download.canva.com sdk.canva.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru sve.online.sberbank.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru *.webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.net *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: blob: data: storage.mds.yandex.net; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self' blob: *.livejournal.net youtube.com *.youtube.com; child-src 'self' blob:; 5 frame-ancestors 'self' media.rakr.net rackspace.pathfactory.com docs.google.com; report-uri https://www.rackspace.com/report-uri/enforce 5 frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com https://otto.mpp360.cloud https://internal.otto.market; 5 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 5 frame-ancestors 'self' *.zdnet.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 5 default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 5 frame-ancestors 'self' tvn.pl *.tvn.pl tvn24.pl *.tvn24.pl tvn7.pl *.tvn7.pl tvnstyle.pl *.tvnstyle.pl tvnturbo.pl *.tvnturbo.pl ttv.pl *.ttv.pl discoverychannel.pl *.discoverychannel.pl travelchanneltv.pl *.travelchanneltv.pl tvnfabula.pl *.tvnfabula.pl tlcpolska.pl *.tlcpolska.pl metro.tv *.metro.tv foodnetwork.pl *.foodnetwork.pl wbdpoland.pl *.wbdpoland.pl hgtv.pl *.hgtv.pl itvn.pl *.itvn.pl itvnextra.pl *.itvnextra.pl tvnxrstudio.pl *.tvnxrstudio.pl tvnxrstudio.com *.tvnxrstudio.com player.pl wbd.com 5 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://cdn.mouseflow.com https://static.cloudflareinsights.com https://assets.adobedtm.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://pi.pardot.com https://static.ads-twitter.com https://go.elsevier.com https://script.leadboxer.com https://activitymap.adobe.com https://www.googleadservices.com https://digitalfeedback.us.confirmit.com https://www.surveygizmo.eu https://dotcom.tags.elsevier.com https://cdn.optimizely.com https://segment-cdn.app.optimizely.com https://app.optimizely.com https://cdn3.optimizely.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com; img-src 'self' data: https://secure-ecsd.elsevier.com images.ctfassets.net https://smetrics.elsevier.com metrics.elsevier.com https://cm.everesttech.net https://cdn.cookielaw.org https://cdn.nonprod.3d4medical.com https://cdn.3d4medical.com *.google-analytics.com https://dpm.demdex.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.nl https://t.co https://analytics.twitter.com https://id.rlcdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://osmose-it.s3.amazonaws.com https://survey.us.confirmit.com https://px4.ads.linkedin.com https://www.googleadservices.com https://www.googletagmanager.com https://dotcom.tags.elsevier.com https://s3.amazonaws.com https://cdn-assets-eu.frontify.com https://media.ffycdn.net; font-src 'self' https://app.optimizely.com; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://dpm.demdex.net elsevierlimited.tt.omtrdc.net https://smetrics.elsevier.com https://bam.nr-data.net *.notify.elsevier.com *.google-analytics.com https://account.elsevier.com https://account.staging.ecommerce.elsevier.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com localhost:* *.snplow.net https://tag-logger.demandbase.com https://kibana.leadboxer.com https://pagead2.googlesyndication.com https://digitalfeedback.us.confirmit.com https://adservice.google.com https://px.ads.linkedin.com https://o2.mouseflow.com https://widgixeu-beacon.s3.amazonaws.com https://business.api.elsevier.com https://gtm-dotcom.staging.webpresence.elsevier.com https://dotcom.tags.elsevier.com https://www.google.com/ccm/collect https://eu01.rec.mouseflow.com https://cdn.optimizely.com https://segment-cdn.app.optimizely.com https://app.optimizely.com https://tapi.optimizely.com logx.optimizely.com; media-src 'self' videos.ctfassets.net assets.ctfassets.net cdn-assets-eu.frontify.com; object-src 'none'; frame-ancestors 'self' https://app.contentful.com https://3d4medical.com https://completeanatomy.cn; frame-src 'self' https://elsevierlimited.tt.omtrdc.net https://campaigns.elsevier.com https://www.googletagmanager.com https://elsevier.demdex.net https://www.facebook.com https://s.company-target.com https://activitymap.adobe.com https://td.doubleclick.net https://survey.alchemer.eu https://dotcom.tags.elsevier.com https://a29442590540.cdn.optimizely.com; base-uri 'self'; form-action 'self'; 5 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://payments-prod-test-stable.corp.google.com https://payments.google.com/ https://www.youtube.com https://youtube.googleapis.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://ajax.googleapis.com https://mannequin.storage.googleapis.com https://static.corp.google.com https://storage.googleapis.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://payments.sandbox.google.com https://www.googleadservices.com https://maps.googleapis.com https://www.google.com/js/bg/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/Gstore/cspreport/allowlist;worker-src blob: 5 frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 5 default-src 'self' vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'inline-speculation-rules' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://www.youtube.com *.doubleclick.net cdn.vercel-insights.com va.vercel-scripts.com *.cr-relay.com vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;style-src 'self' 'unsafe-inline' vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;img-src 'self' blob: data: *.github.io avatars.githubusercontent.com user-images.githubusercontent.com vercel.com vercel.live *.vercel.sh assets.vercel.com cdn.raster.app https://images.ctfassets.net https://*.ads.linkedin.com https://www.google.com https://i.ytimg.com https://s3.amazonaws.com pbs.twimg.com https://www.gravatar.com https://lishhsx6kmthaacj.public.blob.vercel-storage.com;media-src 'self' blob: data: vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;connect-src 'self' data: *.chilipiper.com *.ingest.sentry.io *.ingest.us.sentry.io wss://ws-us3.pusher.com sockjs-use3.pusher.com https://analytics.google.com https://www.google-analytics.com *.ads.linkedin.com *.doubleclick.net *.cr-relay.com react-tweet.vercel.app https://*.contentful.com vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com *.chilipiper.com https://risk.clearbit.com https://react-tweet.vercel.app/*;font-src 'self' vercel.com assets.vercel.com vercel.live fonts.gstatic.com *.vercel.sh;frame-ancestors 'self' https://vercel.com https://app.contentful.com https://*.contentful.com https://*.vercel.sh https://*.vercel.com 5 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com www.google.com google.com adservice.google.com pagead2.googlesyndication.com td.doubleclick.net www.googletagmanager.com www.googleadservices.com ad.doubleclick.net; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-JfJ82reKxtqugVbfRGw/O/1x1Lm1I09rHueXSwvbRws=' 'sha256-BbV1i75oYRtLtfDWs7tnA8QLF5EOO1dVHKL0prVd/fQ=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com www.google.com/recaptcha/enterprise.js www.gstatic.com/recaptcha/releases/ www.googletagmanager.com/gtag/js www.googleadservices.com/pagead/ www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ adservice.google.com/pagead/ pagead2.googlesyndication.com/pagead/ www.googletagmanager.com/gtag/destination merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh play.vidyard.com www.google.com/recaptcha/ *.fls.doubleclick.net www.googletagmanager.com td.doubleclick.net li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 5 frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 5 object-src 'none'; frame-ancestors 'self' https://vwo.com https://wingify.com https://*.vwo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://vwo.com https://*.vwo.com https://www.instagram.com/embed.js https://googletagmanager.com https://pulse.vwo.io https://pxl.sprouts.ai https://fast.wistia.net https://fast.wistia.com https://api.cr-relay.com https://cdn.cr-relay.com https://cdn.vector.co https://static.licdn.com https://www.googletagmanager.com https://research.landingpageanalyzer.io https://www.google.com https://cdnjs.cloudflare.com https://alfred-chat.paramize.com https://cse.google.com https://static.getclicky.com https://stats.g.doubleclick.net https://code.jquery.com https://cdn.cookielaw.org https://platform.twitter.com https://js.sentry-cdn.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://www.google-analytics.com https://munchkin.marketo.net https://platform.linkedin.com https://widget.intercom.io https://js.intercomcdn.com https://snap.licdn.com https://pagead2.googlesyndication.com https://*.visualwebsiteoptimizer.com https://www.linkedin.com https://unpkg.com https://connect.facebook.net https://www.redditstatic.com https://bat.bing.com https://bat.bing-int.com https://s.adroll.com https://js.partnerstack.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://d.adroll.com https://cdn.pushcrew.com https://cdn.segment.com https://www.gstatic.com https://vwo-stats-blog.disqus.com https://c.disquscdn.com https://apis.google.com https://glitter.services.disqus.com https://referrer.disqus.com; style-src 'self' 'unsafe-inline' https://*.vwo.com https://static.licdn.com https://s3.amazonaws.com https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com https://cdn.cookielaw.org https://www.googletagmanager.com https://research.landingpageanalyzer.io https://app.vwo.com https://fast.wistia.com https://www.gstatic.com https://alfred-chat.paramize.com https://c.disquscdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net; frame-src 'self' blob: https://fast.wistia.net https://www.instagram.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://research.landingpageanalyzer.io https://spreadsheets.google.com https://www.linkedin.com https://platform.twitter.com https://www.slideshare.net https://es.slideshare.net https://player.vimeo.com https://docs.google.com https://demo.arcade.software https://open.spotify.com https://pca.st https://www.youtube-nocookie.com https://www.youtube.com https://td.doubleclick.net https://x.adroll.com https://app.vwo.com https://disqus.com https://pippio.com https://live.rezync.com https://accounts.google.com https://www.facebook.com https://www.google.com; worker-src 'self' blob:; report-uri https://o10907.ingest.us.sentry.io/api/4508420150788096/security/?sentry_key=8554c521f7daece1fb5ae0ba9ce98b2b; 5 frame-ancestors 'self' statistics.mpg.de statistik.mpg.de; 5 default-src * 'unsafe-eval' data: 'unsafe-inline'; frame-ancestors 'none'; worker-src * 'self' blob:; 5 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' *.alamy.com *.alamyimages.de *.alamyimages.it *.alamyimages.fr; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.alamy.com *.alamyimages.fr *.notifpush.com *.notifpush.com *.gjigle.com *.gddglis.com *.notifadz.com notifpush.com notifpush.com gjigle.com gddglis.com notifadz.com *.live.net *.link5view.com *.termly.io *.usersnap.com usersnap.com *.leadinfo.com alamy.my.site.com *.ads.google.com ads.google.com *.surveymonkey.com *.formisimo.com *.facebook.net *.impactradius-event.com *.cookieyes.com *.cdn-cookieyes.com *.leadinfo.net *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.depositphotos.com *.amazonaws.com *.addthis.com *.jquery.com *.cardinalcommerce.com *.postcodeanywhere.co.uk *.salesforce.com *.commercetools.com *.cybersource.com *.salesforceliveagent.com *.googleapis.com *.newrelic.com *.trackedlink.net *.force.com *.licdn.com *.trackedweb.net *.stackadapt.com *.abtasty.com *.clarity.ms *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com; style-src * 'unsafe-inline' data:; img-src * data:; font-src * data:; frame-ancestors 'self' *.alamy.com; frame-src 'self' https: http: ws: wss: data: mailto:; connect-src *; object-src 'none'; base-uri 'self'; manifest-src 'self' *.alamy.com; media-src 'self' *.alamy.com *.amazonaws.com *.depositphotos.com; worker-src 'self' *.alamyimages.fr notifpush.com gjigle.com gddglis.com notifadz.com *.notifpush.com *.gjigle.com *.gddglis.com *.notifadz.com; 5 frame-ancestors 'self' https://*.keenetic.com https://*.facebook.com https://*.google.com 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com *; upgrade-insecure-requests; block-all-mixed-content; 5 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; worker-src 'self' data: blob:; 5 default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com markdowneditor-public-e0gpfpcwcbbze3ag.b01.azurefd.net markdowneditor-external-Public-fmgmfefddycxdmfj.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net markdowneditor-public-e0gpfpcwcbbze3ag.b01.azurefd.net markdowneditor-external-Public-fmgmfefddycxdmfj.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn ai.azure.com *.ai.azure.com learn-video.azurefd.net docs.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 5 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.2o7.net *.ac-systems.com *.adobe.com *.adobe.io *.adobedtm.com *.adoberesources.net *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.amelia.com *.arcgis.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com bf72526xwo.bf.dynatrace.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.oribi.io *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.snapchat.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be:* *.telenet.be.seg.js *.telenetcampagnes.be *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.webgains.com *.webgains.io *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io *.binkies3d.com app.insites.com cdn.clinch.co trk.clinch.co cookies-data.onetrust.io eur01.safelinks.protection.outlook.com html5-player.libsyn.com playlist.megaphone.fm widget.euw1.chat.pega.digital sc-static.net binkiesproductionweu.servicebus.windows.net binkiescontentnode.blob.core.windows.net binkiesteaserstorage.blob.core.windows.net online.publuu.com *.bing.com bytedance.com sslocal.com analytics.tiktok.com widget.trustpilot.com;img-src 'self' blob: data: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com binkiescontentnode.blob.core.windows.net binkiesdevnode.blob.core.windows.net *.tiktok.com; 5 frame-ancestors 'self' https://easyweb.td.com https://banquenet.td.com 5 default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro pretalx.surf.nl feedback.communicatie.surf.nl 'unsafe-inline' 'unsafe-eval' https://app.vwo.com https://d5phz18u4wuww.cloudfront.net/vis_opt.js https://dev.visualwebsiteoptimizer.com https://eu.frcapi.co; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro surfnl.piwik.pro https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://eu.frcapi.com/; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com https://surf.apnd.me/OWD23/program https://surf.apnd.me/ACUD23/program https://app.vwo.com *.edu.nl https://eu.frcapi.com/; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com https://app.vwo.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro surfnl.piwik.pro pretalx.surf.nl *.surf.nl https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://eu.frcapi.com/; report-uri /report-csp-violation; upgrade-insecure-requests 5 base-uri 'none'; connect-src 'self' https:; default-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors files.prismic.io; frame-src vercel.live prismic.io *.prismic.io *.oncehub.com *.youtube.com *.twitter.com *.facebook.com *.google.com *.googletagmanager.com; img-src * data:; manifest-src 'self'; media-src *.prismic.io; object-src 'none'; script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com *.doubleclick.net *.g2crowd.com; style-src 'self' 'unsafe-inline'; worker-src 'self'; 5 default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 5 default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://js.adsrvr.org https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://*.decibelinsight.net https://*.decibel.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com https://public.flourish.studio/resources/embed.js https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv https://*.kampyle.com https://*.medallia.eu; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://insight.adsrvr.org https://t.teads.tv https://l.teads.tv https://ade.googlesyndication.com https://match.adsrvr.org https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com https://maersk.my.salesforce-sites.com https://public.flourish.studio https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv https://*.kampyle.com https://*.medallia.eu https://server.arcgisonline.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; frame-src https://*.maersk.com https://*.maersk.com.cn https://insight.adsrvr.org https://www.googletagmanager.com https://match.adsrvr.org https://*.maersk.io https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/ https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com https://*.razorpay.com https://flo.uri.sh/ https://*.facebook.net https://*.audiencemanager.de https://*.ads-twitter.com https://connect.facebook.net/en_US/fbevents.js https://cdn.audiencemanager.de/conpixel.min.js https://static.ads-twitter.com/uwt.js https://js.adsrvr.org/up_loader.1.1.0.js https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://maersk-designsystem.azureedge.net https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv; connect-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://login.microsoftonline.com https://t.teads.tv https://cm.teads.tv https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://maersk.my.salesforce-scrt.com https://chatbot-test-app.herokuapp.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com wss://proxy2.scm.maersk.com https://*.razorpay.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://*.kampyle.com https://*.medallia.eu; worker-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://insight.adsrvr.org https://acdn.adnxs.com https://px.ads.linkedin.com https://p.teads.tv blob:; 5 default-src 'self' static.pw.live; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' *.gstatic.com *.googletagmanager.com blob: *.moengage.com *.doubleclick.net *.cloudflare.com *.google-analytics.com *.youtube.com *.facebook.net *.googleapis.com *.juspay.in *.appsflyer.com *.razorpay.com *.facebook.com static.pw.live *.cloudfront.net *.google.com *.google.co.in *.jsdelivr.net *.mfilterit.net *.googleadservices.com *.clarity.ms unpkg.com otpless.com sc-static.net *.pw.live pw.live *.snapchat.com *.zoom.us zoom.us; connect-src 'self' *.pwskills.com unpkg.com *.iconify.design *.clarity.ms *.gstatic.com *.penpencil.co *.google.com *.google.co.in *.googleapis.com *.doubleclick.net *.sentry.io wss://*.penpencil.co wss://*.penpencil.net *.googletagmanager.com *.moengage.com wss://*.pwdev.link *.google-analytics.com *.razorpay.com *.juspay.in *.appsflyer.com static.pw.live blob: *.amazonaws.com *.conviva.com *.bitgravity.com *.cloudfront.net *.agora.io wss://*.agora.io:* *.sd-rtn.com wss://*.sd-rtn.com:* *.facebook.com *.youtube.com *.ytimg.com *.pw.live *.payu.in *.cloudflare.com *.jsdelivr.net *.physicswallah.live *.pallycon.com *.olamaps.io *.otpless.app api.penpencil.xyz us1.api-bdc.net api-bdc.io *.onelink.me *.gyaane.co.in *.snapchat.com *.leadsquared.com *.zoom.us zoom.us wss://*.zoom.us; frame-ancestors 'self' *.physicswallah.live *.pw.live *.pwgulf.com *.xylem.live *.curiousjr.com *.pwops.in *.penpencil.co pwolympiad.com *.gyaane.co.in file:; frame-src 'self' *.pw.live *.doubleclick.net *.youtube.com *.juspay.in *.xylem.live *.razorpay.com *.facebook.com *.youtube-nocookie.com *.cloudflare.com tel: * *.physicswallah.live *.zoom.us zoom.us; img-src 'self' data: *.google.co.in *.google.com static.pw.live *.googletagmanager.com *.ytimg.com blob: *.amazonaws.com data: *.cloudfront.net *.facebook.com *.moengage.com *.youtube.com *.googleusercontent.com *.physicswallah.live *.google.com *.pw.live *.gravatar.com *.snapchat.com *.curiousjr.com *.zoom.us zoom.us; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' static.pw.live *.cloudfront.net *.cloudflare.com *.google.com *.pw.live pw.live *.zoom.us; font-src static.pw.live *.gstatic.com *.cloudflare.com *.jsdelivr.net data:; worker-src 'self' blob:; Media-src 'self' static.pw.live blob: *.pw.live *.penpencil.co *.cloudfront.net blob: *.curiousjr.com *.penpencil.xyz *.zoom.us zoom.us; report-uri https://api.penpencil.co/v1/student-acquisition/public/csp-reports; 5 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://*.motorola.com;media-src https: blob: data; img-src https: data: blob:; 5 default-src 'self' https://feed.pghub.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://snippet.maze.co https://feed.pghub.io *.rudderstack.com cdn.rudderlabs.com https://z.moatads.com/ https://s.swiftypecdn.com/ https://connect.facebook.net/ https://js.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.googleadservices.com/ https://maps.googleapis.com https://unpkg.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://script.crazyegg.com https://api.ipify.org https://code.jquery.com/ https://c.lytics.io/ https://cdn.segment.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pghub.io/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://feed.pghub.io https://cdn.cookielaw.org/ https://c.lytics.io/ https://cdnjs.cloudflare.com https://unpkg.com; object-src https://images.ctfassets.net/; base-uri 'self'; connect-src 'self' https://feeds.businesswire.com https://csapi-nonprod.pg.com https://csapi.pg.com https://downloads.ctfassets.net https://cdn.segment.com https://privacytermsprod.azureedge.net https://assets.ctfassets.net/ https://cdn.contentful.com https://mw-ar-recom-prod.pgapi.io/ https://staging-api.fr.pg.com/ https://gpdb-staging.name-coach.com/api/public/v1/pronunciations/phonetics https://gpdb.name-coach.com/api/public/v1/pronunciations/phonetics https://prompts.maze.co https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://api.fr.pg.com https://pg-poc-regulatory-app-test.azurewebsites.net https://s.swiftypecdn.com https://maps.googleapis.com https://script.crazyegg.com https://consent-api.onetrust.com https://api.segment.io/ https://match.adsrvr.org/ https://lj18wdvpyu-3.algolianet.com/ https://lj18wdvpyu-2.algolianet.com/ https://lj18wdvpyu-1.algolianet.com/ https://lj18wdvpyu-dsn.algolia.net/ https://www.google-analytics.com/ https://region1.google-analytics.com https://cdn.cookielaw.org *.rudderstack.com cdn.rudderlabs.com *.doubleclick.net https://stats.g.doubleclick.net; font-src 'self' https://feed.pghub.io; frame-src 'self' https://pgn2020news.q4web.com https://images.ctfassets.net/ https://www.youtube-nocookie.com/ https://feed.pghub.io https://www.facebook.com/ https://d.agkn.com/ https://www.youtube.com https://pandg.tapad.com https://www.google.com/ https://www.googletagmanager.com/; img-src 'self' blob: data: https://mms.businesswire.com/ https://feed.pghub.io https://www.facebook.com/ https://downloads.ctfassets.net/ https://px.moatads.com/ https://googleads.g.doubleclick.net/ https://www.confianzaonline.es *.akamaihd.net https://maps.gstatic.com https://maps.googleapis.com https://t.co https://www.google.com/ https://www.google.hr/ https://analytics.twitter.com https://s.amazon-adsystem.com/ https://c.lytics.io/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://match.adsrvr.org/ https://images.ctfassets.net https://pixel.tapad.com https://www.google-analytics.com https://i.ytimg.com; manifest-src 'self'; frame-ancestors 'self' https://app.contentful.com; media-src 'self' https://feed.pghub.io https://videos.ctfassets.net/; worker-src blob:; 5 frame-ancestors 'self' *.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com https://www.home.saxo https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom https://www.investing.com https://*.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com https://zingbot.bz https://m.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://www.infinityfutures.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com *.chicago.cme.com:7822 https://uatm.cqg.com https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org https://cofcointl.plateau.com https://rise.articulate.com https://members.tradeday.com http://blf-django.herokuapp.com www.bluelinefutures.com www.bluelinefutures.live www.bluelinefutures.trade bluelinefutures.com https://login.chicago.cme.com https://loginnr.chicago.cme.com https://logincert.chicago.cme.com https://login-ny.chicago.cme.com https://ampfutures.com https://cme.ampfutures.com advantagefutures.com *.advantagefutures.com https://*.e-futures.com https://*.etrade.com https://*.gffbrokers.com https://infinityfutures-cn.com https://sweetfutures.com https://*.tradovate.com https://home.saxo https://*.directa.it *.big.pt https://big.pt https://*.tradestation-international.com http://tradinglessons.com https://tradinglessons.com *.ibroker.it *.ibroker.es *.cornertrader.ch *.whselfinvest.com *.banxbroker.de *.ameritrade.com *.sweetfutures.com *.danielstrading.com *.gainfutures.com gainfutures.com *.futuresonline.com *.tdainc.com *.lsvp.com *.schwab.com *.schwab.co.uk *.us.global.schwab.com *.dev.schwab.com *.cmegroupfoundation.org news.cqg.com https://www.banxbroker.de https://www.banxbroker.ch https://www.banxbroker.at https://www.banxbroker.com https://www.gulfcapitalmarket.org https://www.kqmarkets.co.uk https://dev.kqmarkets.co.uk https://www.kqmarkets.de https://dev.kqmarkets.de https://www.kqtrader.com https://dev.kqmarkets.com https://kqmarketportal.24livehost.com *.trendspider.com trendspider.com fxpronode12template.azurewebsites.net uat-fxpro-website.azurewebsites.net fxpro.com *.youfinance.it *.traderlink.it paradigmfutures.net www.e-mini.com www.e-futures.com www.foreigncurrencies.com www.cannontrading.com *.gcs-web.com www.rjobrien.com www.fxpro.com *.rjobrien.com acmfutures.com *.acmfutures.com www.directaccessusa.com *.topsteptrader.com *.progoldtrader.com https://progoldtrader.com *.thetradingpit.com adssgroup.sharepoint.com *.mandaracapital.com *.sidwellstrategies.com sidwellstrategies.com app.melver.com.br dev-phillipcapital-main.pantheonsite.io *.phillipcapital.com *.livesquawk.com *.webull.com *.webull.hk *.webull.sg *.webull.co.jp *.webull.au *.webull.co.za *.webull-uk.com *.comdinheiro.com.br *.invest.academy invest.academy *.nelogica.com.br *.vectorcrypto.com blackarrowtrading.com *.theniba.com *.wpenginepowered.com *.apmcapital.ae *.finanzen.ch apm-capital.webflow.io *.gocharting.com gocharting.com *.thearmchairtrader.com stonexone.com *.stonexone.com stonex.com *.stonex.com *.lynxbroker.de *.avafutures.com unusualwhales.com *.phillip.com.sg *.poems.com.sg *.phillipcapital.us *.qe.com.qa *.dxp.qe.qa straitsfinancial.com *.straitsfinancial.com appdev3.wixstudio.io *.straitsfinancial.gate39tech.com *.sitagri.com *.financeagri.com piqsuite.com *.piqsuite.com *.ironbeam.com insigniafutures.com *.tickmill.com *.cannontrading.com beta.mfpawards.com *.gigatrade.io gigatrade.io *.metrotrade.com metrotrade.com *.tradeday.com *.webullbroker.com *.webullapp.com.my *.schwab.tech *.laohu8.com laohu8.com ttmgoal.com sbisec.co.jp advisor.kgif.com.tw henghua.hk capitalfutures.com.tw *.directaccess.com.hk *.directaccess.com.sg; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.eventis.online *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.canto.global *.cdn.office.net *.cdninstagram.com *.chatcaptain.com *.chathero.ai *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.fbcdn.net *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk-berlin.org *.ihk.de *.ihk24.de *.ihk24.ihk.de *.jobcluster.de *.kununu.com *.lineupr.com *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.de *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.signalize.com *.spotify.com *.stage.bio *.staticflickr.com *.stream24.net *.sweap.io *.sylphen.com *.thinglink.com *.thinglink.me *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youstreamit.de *.youtube.com *.zynd.de api.flockler.app api.mapbox.com app.powerbi.com app.powr.io app.sli.do ausbildung.berlin auskunft.nvv.de baustellennavi.de berufsausbildung-aachen-ihk.de branchenpuls.odis-berlin.de bruecken.projekt.link bxb-festival.app cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.knightlab.com cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de client.inecos.de code.jquery.com/jquery-3.1.1.min.js code.jquery.com/jquery-3.4.1.min.js connect.facebook.net consentcdn.cookiebot.com cta.ihk.i40.de datawrapper.dwcdn.net detmold.ihk-beitragsrechner.de dihk.imageplant.de dms.licdn.com doo.net e.video-cdn.net easy-feedback.com easy-feedback.de embed.nexx.cloud embed.podcasts.apple.com eoa2.bildung1.gfi.ihk.de events-to-impress.activehosted.com events.ihk-berlin.de expertenpool.automatisierungsregion.de fahrinfo.vbb.de fl-1.cdn.flockler.com fonts.gstatic.com geometro-cockpit.com geometro-cockpit.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net heimatshoppen.ihk-industrie-treffpunkt.de hk24.sharepoint.com html5-player.libsyn.com iframe.gewerbe-miete.de iframe.mygma.prd.iib-it.de iframe.wvd-portfolio.de ihk-baustellen-portal.de:5555 ihk-berlin-meetings.webex.com ihk-darmstadt-portal.rexx-recruitment.com ihk-essen.jobs.personio.de ihk-export-admin.simplyorg-seminare.de ihk-hl.gr-live.de ihk-kassel.perbit-job.de ihk-wahl.info ihk-weiterbildung-oldenburg.de ihk-zu-dortmund-1.jobs.personio.de ihk.prototype.berlin ihk.selbstdenker.com ihk24.epccm19.com ihk24.omq.de ihk24.omq.io ihkakademie.de ihknw.pi-asp.de imagemarker.com isi.hdb-hamburg.de jobs.guidecom.de jobs.ihk-niederrhein.de jsfiddle.net kasskada.de konjunkturboard-bw.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html login.microsoftonline.com mailto: matomo.rexx-systems.commatomo.js maxcdn.bootstrapcdn.com media-api.flockler.com media.graphassets.com media.graphcms.com media.licdn.com media.video.taxi mediathek.ihk-gfi.de mukihk24.z6.web.core.windows.net my.immobilienfotograf-berlin.com my.tikee.io myihk.com myjobboard.de n873043.websitebuilder.online news.ihk-sh.de online.fliphtml5.com organigramm.cloud-ihk-cottbus.de p668079.webspaceconfig.de pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com pruefungen-cottbus-ihk.de publish.flyeralarm.digital register.ihk-exportakademie.de rh1.chatmodul.de roundme.com s2survey.net s3.fraunhofer.de service.tecintelli.de share.ihkzuschwerin.de share.synthesia.io sihk-zu-hagen.jobs.personio.de smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.arttacsolutions.com static.dvinci-easy.com stats-api.flockler.app stats.g.doubleclick.net streaming.sendewerk.berlin tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tel: userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com vimeo.com w.soundcloud.com walls.io web.inxmail.com weltmetropole.app widget.taggbox.com widgets.lineupr-dev.com widgets.lineupr.com widgets-v3.simplyorg.de widgets.thh.tours wms02.exmap.de wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.ahk.de www.architekt-krieger.de www.ardmediathek.de www.aufstiegs-bafoeg.de www.bahn.de www.berufe.tv www.branchenpuls.berlin www.bso-hessen.de www.chatbase.co www.cybersicher-check.de www.econda-monitor.de www.etermin.net www.eventbrite.de www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-lehrstellenboerse.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-rlp.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.leg-thueringen.de www.media42day.com www.menti.com www.mint-in-hessen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.stadtradeln.de www.terminland.de www.total-lokal.de www.tvo.de www.vvs.de www.webstream.eu www.youtube-nocookie.com zukunftsdialog-fachkraefte.berlin zukunftsforum-wirksame-bildung.de zukunftsforum.app zvlms.fraunhofer.de zynd.de ; report-uri /blueprint/servlet/csplogging/logViolation ; 5 default-src'self'; 5 frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com https://siteblocks.com; 5 frame-ancestors https://*.ptc.com https://livesocial.seismic.com https://ptc.seismic.com https://liveshareeast3.seismic.com https://*.mouseflow.com https://resources.servicemax.com https://servicemax.pathfactory.com https://support.rockwellautomation.com 5 frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 5 frame-ancestors 'self' nielseniq.com *.nielseniq.com; 5 frame-ancestors self https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com https://elmtec.fr https://elmtec.odoo.com 5 default-src 'self'; style-src https://*.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval' https://ams.wpml.org; frame-ancestors 'self' https://partner.hornetsecurity.com; img-src 'self' data: https://track.hubspot.com https://bat.bing.com https://bat.bing.net https://*.reddit.com https://*.g.doubleclick.net https://www.google.nl https://www.google.ca https://www.google.com https://logo.clearbit.com https://www.google.de https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://cdn-public.borlabs.io https://*.ytimg.com https://track.hubspot.com https://forms-eu1.hsforms.com; media-src 'self' https://cdn-public.borlabs.io; frame-src 'self' blob: https://*.doubleclick.nFet https://vade.storylane.io https://*.livechatinc.com https://*.typeform.com https://www.googletagmanager.com https://play.libsyn.com https://www.youtube-nocookie.com https://www.youtube.com https://*.hsforms.net https://youtube.de https://*.frcapi.com; connect-src 'self' https://static.hsappstatic.net https://api.typeform.com https://tracking-api.g2.com https://trk.hornetsecurity.com https://google.com/pagead/ https://track.hubspot.com https://api.hsforms.com https://*.hscollectedforms.net https://*.hubapi.com https://bat.bing.net https://bat.bing.com https://www.redditstatic.com https://*.reddit.com https://analytics.google.com https://www.google.com www.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://www.facebook.com https://*.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://yoast.com https://my.yoast.com https://*.friendlycaptcha.com https://*.friendlycaptcha.eu https://ams.wpml.org https://*.sendmarc.com; script-src-elem 'self' data: 'unsafe-inline' https://embed.typeform.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hsforms.net https://*.hs-analytics.net https://*.hsforms.com https://*.hs-banner.com https://tracking-api.g2.com https://trk.hornetsecurity.com https://bat.bing.com https://*.googlesyndication.com https://www.redditstatic.com https://www.googleadservices.com https://*.doubleclick.net https://*.livechatinc.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://ams.wpml.org https://yoast.com https://snap.licdn.com https://*.sendmarc.com https://cdnjs.cloudflare.com https://js.storylane.io https://cdn.jsdelivr.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'; font-src https://*.gstatic.com https://cdnjs.cloudflare.com 'self' data: ; worker-src 'self' blob: ; 5 upgrade-insecure-requests; frame-ancestors 'self' https://*.01net.com 5 frame-ancestors 'self';upgrade-insecure-requests; report-uri https://l.iplsc.com/logger/ 5 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co *.mnixdata.com https://optimizely-hrd.appspot.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app *.contentsquare.net *.ofgreencolumn.com *.fouanalytics.com https://cdn.mobius.highereducation.com/mobius-latest.min.js ; object-src 'none'; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ *.my.salesforce.com *.my.site.com/ *.force.com/; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://unpkg.com https://use.typekit.net/; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com *.force.com/ https://px0.pbbl.co https://aa.agkn.com *.t.eloqua.com/ *.my.site.com/ *.adnxs.com/ *.tapad.com/ *.adsrvr.org/ *.bttrack.com/ https://storage.googleapis.com/ https://di.rlcdn.com/ https://assets-pcor-dev.adtalem.com https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.gstatic.com https://maps.googleapis.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://api.wire.spbx.app *.ofgreencolumn.com https://ml314.com/ https://dpm.demdex.net/; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co https://unibuddy.co https://events.waldenu.edu https://investors.adtalem.com https://aa.trkn.us *.bttrack.com https://bttrack.com https://www.googletagmanager.com https://app.tintup.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://view-awesome-table.com/ https://gtm.waldenu.edu/ https://www.tiktok.com; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com *.contentsquare.net; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com *.my.salesforce.com *.my.site.com/ *.force.com/ https://px.ads.linkedin.com/ https://tr6.snapchat.com/ *.mnixdata.com https://integrations.optimizely-edge.com https://www.redditstatic.com https://conversions-config.reddit.com https://www.redditstatic.com *.reddit.com *.bttrack.com https://bttrack.com https://assets-pcor-dev.adtalem.com/ https://assets-pcor-qa.adtalem.com https://assets-pcor.adtalem.com https://maps.googleapis.com https://pcor-dev.adtalem.com https://pcor-qa.adtalem.com https://pcor.adtalem.com https://assets-atge-dev-outage.adtalem.com https://assets-atge-qa-outage.adtalem.com https://assets-atge-outage.adtalem.com https://dev-atge-outage.adtalem.com https://qa-atge-outage.adtalem.com https://atge-outage.adtalem.com https://mapsresources-pa.googleapis.com data: *.ofgreencolumn.com *.fouanalytics.com https://privacyportal.onetrust.com https://api.mobius.highereducation.com/ https://apix.b2c.com/ https://analytics-ipv6.tiktokw.us/ https://cdn.hypemarks.com/ https://www.facebook.com/privacy_sandbox/ https://cdnjs.cloudflare.com/ https://app.unpkg.com/tippy.js@6.3.7 https://unpkg.com/@popperjs/ 5 object-src 'none'; frame-ancestors 'self'; 5 default-src 'none'; script-src 'self' 'sha256-WN0hqek1jEauhlhWVVXeQPa5BD3f0rsMdmwSZtw1Cys=' 'sha256-VmEf2BGdqVUwcvyhTyarJo/bY7DNqS2+T2sz4IO/kbw=' 'sha256-eIXWvAmxkr251LJZkjniEK5LcPF3NkapbJepohwYRIc=' 'sha256-Jz4XDAN4f076pEj8cOt8mEdISulquB3CBdxFvEpSSyc='; child-src 'self'; frame-src https://*.youtube.com https://*.vimeo.com; font-src 'self'; img-src http: data: *; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tuta.com https://tuta.com data: * wss://app.tuta.com https://app.tuta.com https://api.github.com https://www.reddit.com https://mail.tutanota.com wss://mail.tutanota.com; 5 default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com connect.facebook.net static.ads-twitter.com *.twitter.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com www.googletagservices.com *.qualtrics.com *.service.force.com c.paypal.com *.doublethedonation.com doublethedonation.com *.adtrafficquality.google *.ep2.adtrafficquality.google js.zi-scripts.com/zi-tag.js d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com my.tealiumiq.com *.my.tealiumiq.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net static.ads-twitter.com t.co www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * c.paypal.com b.stats.paypal.com trk.osdrtb.net/u d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com content.psplugin.com s3.amazonaws.com trustspot.io d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com https://us.aicpa.org/bin/aicpaorg/uca assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com wss://*.vergic.com *.facebook.com *.google.com trustspot.io my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com *.qualtrics.com sit.test-aicpa.org *.adtrafficquality.google analytics-ipv6.tiktokw.us https://google.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com apisandbox.zuora-cima.dev.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.com api.zuora-cima.securedataplatform.com api.zuora-cima.securedataplatform.co.uk zuora-cima.securedataplatform.com sandbox.na.zuora-cima.uat.securedataplatform.co.uk sandbox.na.zuora-cima.uat.securedataplatform.com na.zuora-cima.securedataplatform.co.uk na.zuora-cima.securedataplatform.com sandbox.na.zuora.com *.aicpa-cima.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com *.doubleclick.net bid.g.doubleclick.net td.doubleclick.net *.ceros.com *.google.com my.tealiumiq.com *.my.tealiumiq.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.qualtrics.com *.zuora.com c.paypal.com www.googletagmanager.com ep2.adtrafficquality.google d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.geccontact-d2ekdcgjfggkcjb4.eastus-01.azurewebsites.net *.geccontact.azurewebsites.net *.azurewebsites.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io service.force.com *.salesforceliveagent.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com bat.bing.net *.onetrust.com wss://*.vergic.com *.vergic.com wss://*.puzzel.com *.puzzel.com app.ravecapture.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 5 frame-ancestors 'self'; form-action 'self'; 5 upgrade-insecure-requests; frame-ancestors 'none'; 5 default-src * 'unsafe-inline' 'unsafe-eval' data:; 5 default-src 'self' https:; base-uri 'self'; frame-ancestors *; frame-src * data:; object-src 'none'; img-src 'self' https: data: blob:; font-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' https: wss://*.salesmanago.com; form-action *; upgrade-insecure-requests; 5 object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fonts.bunny.net https://js-agent.newrelic.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://a.optnmstr.com https://www.youtube.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://bot.leadoo.com https://www.buzzsprout.com https://www.facebook.com https://platform.marksmen.nl *.mouseflow.com https://js-eu1.hs-scripts.com https://js-eu1.hsforms.net https://js-eu1.hs-banner.com https://js-eu1.hsleadflows.net https://js.hsforms.net https://forms.hsforms.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tag.simpli.fi https://bat.bing.com https://www.bing.com https://i.simpli.fi https://consent.trustarc.com https://ad.doubleclick.net https://js.adsrvr.org js.zi-scripts.com ws.zoominfo.com tags.clickagy.com cdn.jsdelivr.net dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' wss://socket.24live.co https: data: blob: 'unsafe-inline' 'unsafe-eval' 5 default-src *.licdn.com *.linkedin.com bf11981lkb.bf.dynatrace.com *.contentsquare.net *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net brp.my.site.com brp.my.salesforce-scrt.com monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.attribution.adswizz.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net stconsumercaseapiq01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com brp--qacopy.sandbox.my.salesforce-sites.com brp--qauat2.sandbox.my.site.com brp--qacopy.sandbox.my.site.com brp.my.salesforce.com brp--qacopy.sandbox.my.salesforce-scrt.com sp.analytics.yahoo.com *.ski-doo.com *.adsrvr.org alb.reddit.com *.googlesyndication.com data.adxcel-ec2.com s.pinimg.com yulvr.ca www.redditstatic.com ct.pinterest.com brp--digitaldev.sandbox.my.site.com brp--digitaldev.sandbox.my.salesforce-scrt.com *.axept.io *.axeptio.eu axeptio.imgix.net conversions-config.reddit.com pixel-config.reddit.com bat.bing.com *.adobeaemcloud.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; 5 frame-ancestors http://*.churchofjesuschrist.org 5 default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ocdn.eu onet.pl *.onet.pl *.gstatic.com *.google.com *.google.pl *; frame-ancestors 'self' https://www.onet.pl; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=konto.onet.pl::PROD 5 frame-ancestors 'self' https://betterhearing.lightning.force.com https://betterhearing--staging.sandbox.lightning.force.com; 5 frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 5 default-src *; img-src 'self' 'unsafe-eval' data: https://ct.capterra.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://www.youtube.com/embed/ blob:; style-src * 'unsafe-inline'; font-src * data:; media-src *; frame-src * https://www.youtube.com https://www.youtube.com/embed/ data:; worker-src blob:; 5 default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'none'; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ads-twitter.com *.adyen.com *.agilone.com *.algolia.net *.algolianet.com *.analytics.google.com *.bing.com *.bounceexchange.com *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.collect.igodigital.com *.contentsquare.net *.criteo.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.igodigital.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.liadm.com *.monetate.net *.nextdoor.com *.nr-data.net *.onetrust.com *.pepperjam.com *.pinimg.com *.pinterest.com *.revlifter.io *.rsa3dsauth.co.uk *.scene7.com *.securesuite.co.uk *.smarterhq.io *.snapchat.com *.staging.bigcontent.io *.studentbeans.com *.twitter.com *.ventrica.io *.wknd.ai *.zdassets.com *.zendesk.com *.zopim.com ad.doubleclick.net ade.googlesyndication.com algolia.net algolianet.com analytics.tiktok.com api.addressy.com api.official-coupons.com api.official-deals.co.uk app.contentsquare.com bid.g.doubleclick.net clarks.a.bigcontent.io cdn.c1.amplience.net cdn.cookielaw.org cdn.media.amplience.net cdn.static.amplience.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com clarkscs.zendesk.com cloud.email.clarks.com cookie-cdn.cookiepro.com edgeshoppingstatic.azureedge.net ekr.zdassets.com ekr.zendesk.com fonts.googleapis.com insights.algolia.io int-ds-shared-1.monetate.org js-agent.newrelic.com kargo.clarks.com localhost:2323 marketer.monetate.net pay.google.com pippio.com *.experticity.com *.expertvoice.com private-media-node12.s3.eu-west-1.amazonaws.com res.cloudinary.com sc-static.net static.zdassets.com t.co t.contentsquare.net t.paypal.com t.pepperjamnetwork.com tagmanager.google.com td.doubleclick.net the.sciencebehindcommerce.com tr2.smarterhq.io v2assets.zopim.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com wss://clarkscs.zendesk.com www.ascendpartner.com www.awin1.com *.clarity.ms www.dwin1.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.upsellit.com www.youtube.com youtube.com https://www.clarks.co.uk/assets/ https://www.clarksusa.com/assets/ https://google.com/pay x.bidswitch.net ib.adnxs.com dis.criteo.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net c1.adform.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com ib.adnxs.com dpm.demdex.net gum.criteo.com beacon.krxd.net *.smooch.io metatest.clarks.com metaevents-1p.stitcherads.com kargo.clarks.com metaevents.stitcherads.com prf.hn form.jotform.com/241913106756052 cdn.jotfor.ms/s/umd/latest/for-form-embed-handler.js *.awin1.com *.zenaps.com https://www.dwin1.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://*.roeyecdn.com https://*.roeye.com access.myunidays.com images.unidays.world *.myunidays.com *.unidays.world *.prod.unidays.io https://flo.uri.sh/ https://flo.uri.sh/visualisation/* https://public.flourish.studio/resources/* *.attentivemobile.com *.attn.tv https://clarks.attn.tv/* *.klaviyo.com *.gocertify.me *.narvar.com *.trustpilot.com https://d3k81ch9hvuctc.cloudfront.net/company/SzjbVD/images/ https://d3k81ch9hvuctc.cloudfront.net/company/Vi474Y/images/ https://d3k81ch9hvuctc.cloudfront.net/company/X8bLXb/images/ https://d3k81ch9hvuctc.cloudfront.net/company/XyZ4PK/images/ https://d3k81ch9hvuctc.cloudfront.net/company/X68UL9/images/ https://d3k81ch9hvuctc.cloudfront.net/company/TUPhxz/images/ https://d3k81ch9hvuctc.cloudfront.net/company/SCGrft/images/ https://d3k81ch9hvuctc.cloudfront.net/company/TNqrkg/images/ https://d3k81ch9hvuctc.cloudfront.net/company/XPmW2X/images/ *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://bff.prod.aws.clarks.com/graphql cognito-idp.eu-west-1.amazonaws.com https://www.clarks.com https://preview.clarks.com; worker-src blob:; font-src 'self' data: fonts.gstatic.com *.klarnacdn.net *.unidays.world *.klaviyo.com; frame-ancestors 'self'; upgrade-insecure-requests ; 5 default-src 'self'; script-src 'self' 'unsafe-inline' https://mm-uxrv.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.google.com/ccm/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.google.co.uk/ads/ *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.hubspot.com https://*.hsforms.com; media-src 'self' data: blob:; frame-src 'self' colocation-hosting.safenames.net/ https://interactive-img.com https://www.youtube.com https://www.googletagmanager.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.google-analytics.com https://*.analytics.google.com https://*.gstatic.com https://*.hscollectedforms.net https://stats.g.doubleclick.net https://*.googletagmanager.com https://www.google.com/ccm/ https://www.google.co.uk https://*.hubspot.com 5 style-src 'unsafe-inline' https://*.sitecore.com https://*.clarity.ms https://*.bing.com;base-uri 'self';connect-src wss://*.qualified.com https://*.qualified.com https://*.sitecore.com https://*.sitecorecloud.io https://*.6sc.co https://*.6sense.com https://*.adnxs.com https://cdn.dreamdata.cloud https://*.google.com https://google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://api.ipify.org https://px.ads.linkedin.com https://*.bing.com https://*.clarity.ms https://*.bing.net https://*.salesloft.com;default-src data: blob: https://*.sitecore.com https://*.sitecore.net https://*.googleapis.com https://*.gstatic.com https://*.6sc.co https://*.6sense.com;font-src https://*.sitecore.com;frame-src https://*.sitecore.com https://*.sitecorecontenthub.cloud https://app.qualified.com https://*.google.com https://td.doubleclick.net https://*.googletagmanager.com https://capture.navattic.com https://sitecore.navattic.com/ https://s.pointerpro.com/ https://*.sequel.io;frame-ancestors 'self' https://*.sitecorecloud.io https://*.sitecore.com https://forresterstage.mainstayadvisor.com https://*.forrester.com;img-src *;media-src https://app.qualified.com 'self' https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud data:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitecore.com http://localhost http://*.6sc.co https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.recaptcha.net https://*.gstatic.cn https://*.gstatic.com https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://d35vb5cccm4xzp.cloudfront.net https://*.bing-int.com https://cdn.dreamdata.cloud https://cdn.drda.io https://*.g.doubleclick.net https://*.clarity.ms https://*.bing.com;style-src-attr 'unsafe-inline' https://*.sitecore.com;worker-src blob:; 5 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 5 frame-ancestors 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; 5 frame-ancestors 'self' http://localhost:8080 https://cms.dev.ecom.mueller.de https://cms.prod.ecom.mueller.de; 5 frame-ancestors 'self' https://*.build.com/ https://*.fergusonhome.com https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://bcom.my.salesforce-sites.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ https://*.cybersource.com/ https://*.ferguson.com/ 5 script-src 'self'; 5 default-src 'self' * data: blob:;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:;style-src 'self' * 'unsafe-inline';media-src 'self' * blob:;frame-ancestors 'self' http://localhost:3000 https://the-gui.testing.nxt.zone https://the-gui.staging.nxt.zone/ https://the-gui.production.nxt.zone/ https://the-gui.cloud 5 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' ; frame-ancestors 'self' ; base-uri 'self' ; prefetch-src 'self' ; img-src https: data: ; 5 frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com *.visualwebsiteoptimizer.com app.vwo.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: useruploads.vwo.io *.visualwebsiteoptimizer.com app.vwo.com; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com 'self' blob:; style-src * 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https: 5 frame-ancestors 'self' https://cms.hanleywood.com 5 require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport 5 object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 5 default-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.routledge.com mailto: https://privacy.informa.com/ https://transcend-cdn.com/ https://*.transcend.io/ https://app.gotowebinar.com/ https://*.cookielaw.org/ https://*.ads-twitter.com https://*.adsymptotic.com https://*.advancedcustomfields.com https://*.akamaihd.net https://*.altmetric.com https://*.baidu.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://*.cnzz.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.formstack.com https://*.github.io https://*.google-analytics.com https://*.google.be https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gravatar.com https://*.gravityforms.com https://*.gravityforms.local https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com/ https://*.jquery.com https://*.jsdelivr.net https://*.licdn.com https://*.linkedin.com https://*.oribi.io/ https://*.netdna-ssl.com https://*.newrelic.com https://*.googlesyndication.com/ https://*.pardot.com https://*.tandf.co.uk https://*.tandfonline.com https://*.taylorandfrancis.com https://*.thinglink.com https://*.twimg.com https://*.twitter.com https://*.typekit.net https://*.vimeo.com https://*.w.org https://*.wistia.com https://*.wp.com https://*.wpengine.co.uk https://*.wpengine.com https://*.wpengineapi.com https://*.wpmudev.org https://*.youtube.com https://abc123-wpengine.netdna-ssl.com https://bam.eu01.nr-data.net https://cnzz.mmstat.com https://i.ytimg.com https://placehold.it https://t.co https://tandfapi.co.uk https://web-player.art19.com https://wpengine.com https://wpmudev.com https://yoast.com; font-src https: 'self' data: ; img-src * 'self' data: blob: ; worker-src https: 'self' blob: ; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.everbridge.com https://*.everbridge.net https://*.g2crowd.com https://*.site.com https://*.salesforce-sites.com https://cdn.cookielaw.org https://*.onetrust.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://google.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io https://*.g2.com https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://*.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://www.peerspot.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://*.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.linkedin.oribi.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://*.adsrvr.org https://script.googleusercontent.com https://*.ziftsolutions.com https://*.ziftmarcom.com https://*.ziftone.com https://*.goconsensus.com https://*.metadata.io https://*.folloze.com https://cdn.jsdelivr.net/npm/@material-icons/svg@1.0.23/svg/arrow_drop_up/outline.svg https://cdn.jsdelivr.net/npm/@material-icons/svg@1.0.23/svg/arrow_drop_down/outline.svg https://cdn.jsdelivr.net/npm/@material-icons/svg@1.0.23/svg/keyboard_backspace/outline.svg https://cdn.jsdelivr.net/npm/@material-icons/svg@1.0.23/svg/favorite_border/outline.svg https://cdn.jsdelivr.net/npm/@material-icons/svg@1.0.23/svg/file_download/outline.svg https://cdn.jsdelivr.net/npm/@material-icons/svg@1.0.23/svg/chevron_left/outline.svg https://cdn.jsdelivr.net/npm/@material-icons/svg@1.0.23/svg/chevron_right/outline.svg https://cdn.jsdelivr.net/npm/@material-icons/svg@1.0.23/svg/launch/outline.svg https://folloze-optimized.s3.amazonaws.com https://unpkg.com/web-vitals@5.0.1/dist/web-vitals.attribution.iife.js; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; media-src 'self' https://js.driftt.com; object-src 'self' https://*.everbridge.com; style-src 'self' 'unsafe-inline' https://*.everbridge.com https://*.site.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com https://*.ziftsolutions.com https://*.folloze.com; 5 frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707147/security/?sentry_key=839cab03978446cdbf603f5f5022e843&sentry_environment=production; report-to csp-endpoint 5 default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: 'unsafe-inline' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self' blob:; block-all-mixed-content 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://resources-library.keyfactor.com https://jukebox.pathfactory.com https://www.quantumquestgames.com https://js.hsforms.net https://code.jquery.com https://cdnjs.cloudflare.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn-app.pathfactory.com https://cdn.jsdelivr.net https://fast.wistia.com https://fast.wistia.net https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://www.googletagmanager.com https://browser.sentry-cdn.com https://bat.bing.com https://www.clarity.ms https://www.brighttalk.com https://js.qualified.com https://tracking.g2crowd.com https://static.oktopost.com https://js.adsrvr.org https://okt.to https://js.hubspot.com https://static.hsappstatic.net https://cdn.cookielaw.org https://snap.licdn.com https://a.quora.com https://www.redditstatic.com https://nitroscripts.com https://dev.visualwebsiteoptimizer.com https://googleads.g.doubleclick.net https://connect.facebook.net https://j.6sc.co https://cdn-ilbndhj.nitrocdn.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://js.hsforms.net https://cdn.dreamdata.cloud https://cdn.drda.io https://platform.twitter.com https://scripts.clarity.ms https://r3.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://r2.visualwebsiteoptimizer.com https://r1.visualwebsiteoptimizer.com https://www.google.com https://www.google.ca https://www.google.co.uk https://www.google.de https://www.google.fr https://www.google.es https://www.google.it https://www.google.nl https://www.google.com.au https://www.google.com.br https://www.google.co.jp https://www.google.co.in https://*.google.ca https://cdn.pathfactory.com ; style-src 'self' 'unsafe-inline' data: blob: https://fonts.googleapis.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.typekit.net https://cdn-app.pathfactory.com https://p.typekit.net https://js.hs-analytics.net https://browser.sentry-cdn.com https://fast.wistia.com https://app.cdn.lookbookhq.com https://cdn-app.pathfactory.com https://cdn-ilbndhj.nitrocdn.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://fonts.gstatic.com https://www.quantumquestgames.com https://cdn.pathfactory.com; img-src 'self' data: blob: https://customer-assets.qualified.com https://www.google.ca https://p.typekit.net https://cdnjs.cloudflare.com https://fast.wistia.com https://secure.gravatar.com https://forms.hsforms.com https://q.quora.com https://alb.reddit.com https://px.ads.linkedin.com https://forms-na1.hsforms.com https://forms-na1.hsforms.com https://cdn.cookielaw.org https://forms-na1.hsforms.com https://c.clarity.ms https://*.bing.com https://www.linkedin.com https://embed-ssl.wistia.com https://app.cdn.lookbookhq.com https://fast.wistia.net https://track.hubspot.com https://dev.visualwebsiteoptimizer.com https://plugin-updates.wpengine.com https://b.6sc.co https://www.facebook.com https://www.keyfactor.com https://px4.ads.linkedin.com https://s.w.org https://r4.visualwebsiteoptimizer.com https://cdn.pathfactory.com https://fonts.gstatic.com https://r3.visualwebsiteoptimizer.com https://r1.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://forms.hsforms.com https://track.hubspot.com https://www.quantumquestgames.com https://raw.githubusercontent.com https://www.googletagmanager.com https://www.google.com https://cdn.cookielaw.org wss://*.qualified.com https://fast.wistia.net https://insight.adsrvr.org ; connect-src 'self' data: https://pipedream.wistia.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://distillery.wistia.com https://fast.wistia.net https://forms.hsforms.com https://js.hs-banner.com https://forms.hscollectedforms.net https://cdn.cookielaw.org https://px.ads.linkedin.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://geolocation.onetrust.com https://forms.hubspot.com https://*.clarity.ms https://jukebox.pathfactory.com https://privacyportal.onetrust.com https://fast.wistia.com https://embed-cloudfront.wistia.com https://dev.visualwebsiteoptimizer.com wss://ws.qualified.com https://app.qualified.com https://okt.to https://tracking.g2crowd.com https://tracking-api.g2.com https://exceptions.hubspot.com https://yoast.com https://nitropack.io https://www.google.com https://to.getnitropack.com https://pagead2.googlesyndication.com https://spcollector.pathfactory.com https://epsilon.6sense.com https://bat.bing.com https://connect.facebook.net https://j.6sc.co https://c.6sc.co https://ipv6.6sc.co https://secure.adnxs.com https://c.6sc.co https://cdn-ilbndhj.nitrocdn.com https://boards.greenhouse.io https://www.recaptcha.net https://js.hsforms.net https://google.com https://cdn.dreamdata.cloud https://r5.visualwebsiteoptimizer.com https://insight.adsrvr.org https://r6.visualwebsiteoptimizer.com wss://ws5.qualified.com https://www.facebook.com https://r4.visualwebsiteoptimizer.com https://fg8vvsvnieiv3ej16jby.litix.io https://r2.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://www.google-analytics.com https://www.google.com https://www.google.ca https://www.google.co.uk https://www.google.de https://www.google.fr https://www.google.es https://www.google.it https://www.google.nl https://www.google.com.au https://www.google.com.br https://www.google.co.jp https://www.google.co.in https://*.google.ca https://www.quantumquestgames.com https://cdn.pathfactory.com https://resources-library.keyfactor.com https://jukebox.pathfactory.com https://cdn-app.pathfactory.com https://static.hsappstatic.net https://js.hs-banner.com wss://*.qualified.com https://fast.wistia.net https://*.google.com https://*.doubleclick.ne ; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com https://use.typekit.net https://cdnjs.cloudflare.com https://fast.wistia.com https://fast.wistia.net https://cdn-app.pathfactory.com https://cdn.pathfactory.com https://www.quantumquestgames.com; object-src 'self' ; media-src 'self' blob: https://app.qualified.com; frame-src 'self' https://fast.wistia.net blob: data: https://www.keyfactor.com https://www.brighttalk.com https://insight.adsrvr.org https://match.adsrvr.org https://td.doubleclick.net https://app.qualified.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://app.hubspot.com https://keyfactor.com http://keyfactorstage.wpenginepowered.com https://app.qualified.com https://www.facebook.com https://forms.hsforms.com https://dev.visualwebsiteoptimizer.com https://www.keyfactor.com https://open.spotify.com https://online.fliphtml5.com https://app.qualified.com https://www.googletagmanager.com; child-src 'self' blob: ; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' ; 5 default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' 'self' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src data: 'self' https://*.typekit.net https://fonts.gstatic.com https://c1.sfdcstatic.com; media-src 'self' https://*.cloudfront.net https://*.azureedge.net; worker-src 'self' blob: *; form-action 'self' https://www.googleapis.com/oauth2/v2/userinfo https://accounts.google.com/o/oauth2/auth https://www.facebook.com/tr/ https://*.cdn-net.com https://www.pages01.net https://*.sandbox.my.salesforce.com https://*.sandbox.my.site.com https://acco1.my.salesforce.com https://acco1.my.site.com; frame-ancestors 'self'; 5 worker-src blob: https://*.georgeson.com;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://content-assets.computershare.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.evidon.com https://img03.en25.com https://js.adsrvr.org https://snap.licdn.com https://view.ceros.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://secure.quantserve.com https://*.pub.sfmc-content.com https://rules.quantcount.com https://*.adsrvr.org https://snap.licdn.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.crazyegg.com https://bat.bing.com https://gateway.zscloud.net https://*.usw2.pure.cloud https://*.nr-data.net https://*.newrelic.com https://*.computershare.com https://*.mypurecloud.com;connect-src https://www.googletagmanager.com https://www.google-analytics.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://*.evidon.com https://cdn.linkedin.oribi.io https://siteintercept.qualtrics.com https://rules.quantcount.com https://pixel.quantcount.com https://stats.g.doubleclick.net https://*.crazyegg.com https://px.ads.linkedin.com https://content-images.computershare.com https://*.nr-data.net https://shyrka-prod-usw2.s3.us-west-2.amazonaws.com https://*.newrelic.com https://*.usw2.pure.cloud https://www.google.com https://*.mypurecloud.com wss://*.mypurecloud.com ;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://content-images.computershare.com data: https://content-images.computershare.com https://*.evidon.com https://px.ads.linkedin.com https://insight.adsrvr.org https://siteintercept.qualtrics.com https://pixel.quantcount.com https://pixel.quantserve.com https://pixel.rubiconproject.com https://*.crazyegg.com https://secure.adnxs.com https://bat.bing.com https://bs.serving-sys.com https://gateway.zscloud.net https://*.usw2.pure.cloud ;frame-src https://bc-unclaimedassets-uat.computershare.co.uk https://bc-unclaimedassets.computershare.co.uk https://view.ceros.com https://player.vimeo.com https://landing.computershare.com https://www.youtube.com https://www.military.com https://sls.co1.qualtrics.com https://*.pub.sfmc-content.com https://*.adsrvr.org https://widget.trustpilot.com https://*.pub.s6.sfmc-content.com https://www.canva.com https://*.crazyegg.com https://www.youtube-nocookie.com https://gateway.zscloud.net https://*.computershare.com https://*.usw2.pure.cloud https://www.googletagmanager.com https://*.doubleclick.net https://*.mypurecloud.com; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' 5 default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca https://gameduell.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://the.sciencebehindecommerce.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: blob: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es blob: https://assets.gameduell.de https://media.gameduell.de https://www.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com https://lh3.google.com https://lh3.googleusercontent.com https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com https://www.awin1.com https://lantern.roeye.com https://lantern.roeyecdn.com https://www.wepowerconnections.com 'report-sample'; style-src 'self' blob: 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca wss://www.gameduell.es https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://the.sciencebehindecommerce.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: blob: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; report-uri /gd/rest/jslog/csp 5 default-src 'self' https://*.magenta.at; upgrade-insecure-requests; report-to csp-endpoint; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.magenta.at https://*.t-mobile.at https://*.magentabusiness.at https://*.s-budget-mobile.at https://*.esp.ownsolutions.net https://magenta-at.cleverq.de https://*.youtube.com https://*.youtube-nocookie.com https://eu-dg.knowmax.ai https://*.google.com https://*.google.de https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.tiktok.com https://*.facebook.net https://*.licdn.com https://*.sc-static.net https://*.clarity.ms https://*.crwdcntrl.net https://*.cookielaw.org https://*.cookiebot.com https://*.googleadservices.com https://*.doubleclick.net https://*.medallia.eu https://*.krxd.net https://*.snapchat.com https://*.usercentrics.eu https://*.facebook.com https://*.readpeak.com https://*.evergage.com https://*.bing.com https://*.teads.tv https://*.adnxs.com https://*.fusedeck.net https://*.pinimg.com https://*.sprinklr.com https://*.hotjar.com https://*.googlesyndication.com https://*.evgnet.com https://siteimproveanalytics.com https://sc-static.net https://form.virtualq.tech https://magenta.jobbase.io https://cdn.jsdelivr.net https://magenta.onlyfy.jobs; img-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at blob: data: https://*.google-analytics.com https://*.tiktok.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://www.google.de https://*.google.de https://www.google.com https://*.google.at https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.doubleclick.net https://*.licdn.com https://*.clarity.ms https://*.siteimproveanalytics.io https://*.snapchat.com https://*.facebook.com https://*.readpeak.com https://*.senderinfo.de https://*.teads.tv https://*.adnxs.com https://*.fusedeck.net https://*.youtube.com https://*.youtube-nocookie.com https://*.medallia.eu https://*.linkedin.com https://*.usercentrics.eu https://*.bing.com https://*.s3.eu-central-1.amazonaws.com https://magenta.jobbase.io https://magenta.onlyfy.jobs; connect-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at https://*.google-analytics.com https://*.googlesyndication.com https://*.googleadservices.com https://*.tiktokw.us https://google.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.tiktok.com https://*.bing.com https://*.licdn.com https://*.clarity.ms https://*.crwdcntrl.net https://*.cookielaw.org https://*.cookiebot.com https://*.snapchat.com https://*.usercentrics.eu https://*.facebook.com https://*.readpeak.com https://*.teads.tv https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://*.adnxs.com wss://*.fusedeck.net https://*.fusedeck.net https://*.pinterest.com wss://*.sprinklr.com https://*.sprinklr.com https://*.linkedin.com https://*.medallia.eu https://tmobileaustria.germany-2.evergage.com https://*.senderinfo.de https://*.usercentrics.eu https://*.bing.com https://form.virtualq.tech https://magenta.jobbase.io https://magenta.onlyfy.jobs; form-action 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at https://*.facebook.com https://form.virtualq.tech; media-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at blob: data: https://*.sprinklr.com https://*.senderinfo.de; frame-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at https://*.googletagmanager.com https://*.google.com https://google.com https://*.googleapis.com https://*.doubleclick.net https://*.clarity.ms https://*.usercentrics.eu https://eu-dg.knowmax.ai https://*.licdn.com https://*.sprinklr.com https://*.bing.com https://*.readpeak.com https://*.medallia.eu https://*.snapchat.com https://*.usercentrics.eu https://*.youtube.com https://*.youtube-nocookie.com https://magenta-shopfinder.pgsdemo.com https://*.adnxs.com https://magenta-at.cleverq.de https://app.wigeogis.com https://form.virtualq.tech https://magenta.onlyfy.jobs; frame-ancestors 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://*.magentabusiness.at; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://fonts.googleapis.com https://form.virtualq.tech; font-src 'self' https://*.magenta.at https://*.t-mobile.at https://*.s-budget-mobile.at https://fonts.googleapis.com https://fonts.gstatic.com data: 5 frame-ancestors 'self' https://*.sdcounty.ca.gov:*; 5 frame-ancestors 'self' https://www.ringier-advertising.ch https://ringier-staging.hacepiby.cyon.site https://blumen.palantirfoundry.de; 5 frame-ancestors 'self' https://app.contentstack.com 5 base-uri 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.magnolia-platform.com dashboard.trustprofile.com *.unzer.com *.mouseflow.com *.inpost.pl *.unzer.com *.etrusted.com *.campaign.playable.com *.games.playable.com; form-action *.salesforce.com; frame-ancestors 'self' *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt view.publitas.com scripts.publitas.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com; img-src 'self' data: *.usercentrics.eu *.luigisbox.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.magnolia-platform.com *.wt-eu02.net bat.bing.com *.google.com *.google.de *.google.at *.google.pl google.com google.de google.at google.pl static.phrase.com *.trustedshops.com *.gstatic.com *.myracloud.com dashboard.trustprofile.com commission.europa.eu *.facebook.net *.heidelpay.com *.unzer.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com *.online-metrix.net *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com *.app.playable.com *.tiktok.com; object-src 'self' blob:; style-src 'self' *.luigisbox.com 'unsafe-inline' *.magnolia-platform.com d2bgdldl6xit7z.cloudfront.net *.googletagmanager.com tagmanager.google.com fonts.googleapis.com trck.linkster.co *.visualwebsiteoptimizer.com app.vwo.com *.unzer.com sandbox-easy-geowidget-sdk.easypack24.net *.inpost.pl *.etrusted.com view.publitas.com scripts.publitas.com *.campaign.playable.com *.games.playable.com *.app.playable.com; script-src 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com paypalobjects.com *.trustedshops.com blob: *.googleadservices.com googleads.g.doubleclick.net google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl 'self' *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.unzer.com *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com *.app.playable.com *.leadfamly.com; upgrade-insecure-requests; default-src 'self' blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com paypalobjects.com *.magnolia-platform.com bat.bing.com googleads.g.doubleclick.net *.trustedshops.com blob: d2bgdldl6xit7z.cloudfront.net *.smarketer.de trck.linkster.co google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl dashboard.trustprofile.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.unzer.com *.online-metrix.net *.mouseflow.com sandbox-easy-geowidget-sdk.easypack24.net *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com *.app.playable.com *.leadfamly.com *.facebook.net *.tiktok.com; connect-src 'self' *.luigisbox.com *.usercentrics.eu *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net api.phrase.com d2bgdldl6xit7z.cloudfront.net blob: *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.trustedshops.com *.trustbadge.com *.analytics.google.com bat.bing.com trck.linkster.co *.smarketer.de google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl *.visualwebsiteoptimizer.com app.vwo.com app.varify.io editor.varify.io view.publitas.com scripts.publitas.com *.heidelpay.com *.unzer.com *.online-metrix.net *.mouseflow.com *.inpost.pl *.etrusted.com *.etracker.com *.etracker.de *.campaign.playable.com *.games.playable.com *.app.playable.com *.tiktok.com; child-src *.trustedshops.com *.mouseflow.com *.campaign.playable.com *.games.playable.com; frame-src 'self' *.usercentrics.eu dashboard.trustprofile.com *.doubleclick.net parcelshop.dhl.pl *.googletagmanager.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.visualwebsiteoptimizer.com app.vwo.com view.publitas.com scripts.publitas.com *.heidelpay.com *.unzer.com *.online-metrix.net *.mouseflow.com sandbox-easy-geowidget.easypack24.net *.inpost.pl *.campaign.playable.com *.games.playable.com *.app.playable.com google.com google.de google.at google.pl *.google.com *.google.de *.google.at *.google.pl; manifest-src 'self'; media-src 'self' *.magnolia-platform.com; worker-src 'self' blob: *.online-metrix.net; 5 default-src *; font-src 'self' data: blog.easycosmetic.de; connect-src * ; media-src 'self' blob: data:; manifest-src 'self'; base-uri 'self'; form-action *; frame-src *; frame-ancestors *; object-src 'none'; worker-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: https: http: ;style-src 'unsafe-inline' 'self' * 5 frame-ancestors 'self' https://event.on24.com/ https://insightsoftware.highspot.com/ 5 default-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https: wss: data:; font-src 'self' https: data:; img-src 'self' data: blob: https:; worker-src 'self' http: blob: data: 5 frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.healthybenefitsplus.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org optum.ceros.site; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.healthybenefitsplus.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net *.lpsnmedia.net *.liveperson.net https://va.idp.liveperson.net match.adsrvr.org optum.ceros.site; 5 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 5 frame-ancestors 'none'; form-action 'self' https://forms-eu1.hsforms.com; base-uri 'self' 5 frame-ancestors 'self' https://*.clasquin.com https://clasquin.com 5 object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self' 5 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src blob:; object-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-ancestors 'self' 5 frame-ancestors https://*.builder.io https://builder.io 5 frame-ancestors 'self' *.facebook.com 5 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; font-src 'self' * http://* data: https://*; object-src * blob:; worker-src 'self' blob:; media-src * blob: data: http: https:; 5 default-src blob: https: wss: data: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src https: data:; worker-src blob: data:; 5 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; 5 frame-ancestors www.kaufland.de www.kaufland-pp.de media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com leaflets.kaufland.com www.kaufland.cz www.kaufland-pp.cz www.kaufland.sk www.kaufland-pp.sk www.kaufland.pl www.kaufland-pp.pl www.kaufland.at www.kaufland-pp.at www.kaufland.fr www.kaufland-pp.fr 'self' 5 frame-ancestors 'self' *.hivelocity.net 5 default-src http: 'unsafe-inline' 'unsafe-eval' 5 upgrade-insecure-requests; base-uri 'none'; default-src 'self' https://*.crazyegg.com; connect-src 'self' https: ws: https://*.crazyegg.com; img-src 'self' https: data: blob: https://*.sovos.com https://cdn.bfldr.com https://*.crazyegg.com; media-src 'self' data: blob: https://*.sovos.com; object-src 'self' https://*.sovos.com https://cdn.bfldr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; worker-src 'self' blob:; frame-src 'self' https://*.sovos.com https://*.youtube.com https://*.marketo.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://www.google.com https://www.googletagmanager.com https://documentcloud.adobe.com https://*.flowpaper.com https://e.infogram.com https://td.doubleclick.net https://recruit.hirebridge.com https://maps.google.com https://app.getreprise.com https://cdn.bfldr.com https://*.crazyegg.com; frame-ancestors 'self' https://*.sovos.com; 5 https://miclarocorp.z01.azurefd.net https://fonts.googleapis.com 5 base-uri 'self'; frame-ancestors 'none'; report-uri /report-csp-violation 5 default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 5 frame-ancestors 'self' https: 5 default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 5 font-src fonts.gstatic.com use.typekit.net https://*.gopersonal.ai *.fontawesome.com *.bootstrapcdn.com data: *.gstatic.com 'self' data: *.moosend.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.gopersonal.ai *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.vnforapps.com h.online-metrix.net *.loginextsolutions.com widget.botlers.io somosngr.com.pe td.doubleclick.net PJCLAIM http://r1.dotdigital-pages.com http https email.papajohns.com.pe r1.ddlnk.net/signup.ashx cdn-images-pj-admin-prod.s3.amazonaws.com *.getblue.io *.widget.scoopsxi.com delivery.yango.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://*.gopersonal.ai www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.designer-images.net maps.gstatic.com maps.googleapis.com accounts.google.com 'self' data: cdn.cookielaw.org google.com c.clarity.ms www.google.com.ar c.bing.com *.t.co *.twitter.com *.google.com.pe fonts.gstatic.com https://ad.soicos.com/ *.afilio.com.br *.getblue.io https://www.popeyes.com.pe/ https://www.papajohns.com.pe/ https://www.bembos.com.pe/ https://www.donbelisario.com.pe/ https://www.chinawok.com.pe/ https://bat.bing.com https://c.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://*.gopersonal.ai https://*.gstatic.com *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com polyfill.io *.moosend.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://www.google.com *.gstatic.com https://maps.googleapis.com cdn.cookielaw.org cdn.onesignal.com *.hotjar.com widget.botlers.io onesignal.com *.vnforapps.com h.online-metrix.net *.cdn.stat-track.com https://www.clarity.ms/ *.tiktok.com *.ads-twitter.com http://r1.dotdigital-pages.com http://email.papajohns.com.pe email.papajohns.com.pe *.web.app *.afilio.com.br *.getblue.io https://static.targethaus.net/analytics.js https://237.logstracker.com/237.js https://js.admediasales.com/ https://stalkoda.com/code/ https://cdn.tangoo.it/aud/clientjs/ptag.js?9198 https://bing.com https://bat.bing.com/bat.js https://bat.bing.com/p/action/343214966.js *.widget.scoopsxi.com/api/widget/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.gopersonal.ai *.fontawesome.com *.moosend.com *.bootstrapcdn.com cdn.dnky.co *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookielaw.org widget.botlers.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io https://*.gopersonal.ai https://*.goshops.ai https://*.googleapis.com https://*.gstatic.com *.izipay.pe www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com *.m-pages.com *.m-operations.com maps.googleapis.com api.comapi.com bam.nr-data.net *.google-analytics.com *.cookielaw.org *.moosend.com region1.analytics.google.com *.hotjar.io oldenterprise.botlers.io vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.clarity.ms cors-anywhere.herokuapp.com www.google.com.ar geolocation.onetrust.com privacyportal.onetrust.com *.tiktok.com www.google.com https://lib-us-1.brilliantcollector.com *.customerscoops.app/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 default-src 'self' api-v2.psg777.com https://www.google.com *;script-src 'self' 'unsafe-eval' blob: cdnjs.cloudflare.com https://www.google.com;img-src 'self' * blob: data: https://www.google.com;connect-src 'self' api-v2.psg777.com https://www.google.com;frame-ancestors 'self' https://www.google.com;base-uri 'self';form-action 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 5 frame-ancestors 'self' https://triple.nl/; 5 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 5 frame-ancestors 'self' wss://*.zopim.com wss://*.hotjar.com *.api.friendlycaptcha.com *.jobsplice.com *.eu-api.friendlycaptcha.eu secure-ds.serving-sys.com *.goldenbees.fr *.botrecruiter.com *.evergage.com *.youtube-nocookie.com *.evgnet.com secure.adnxs.com *.criteo.net *.addthisedge.com *.ads-twitter.com *.infogram.com *.adnxs.com *.optimalworkshop.com *.audioboom.com *.acsbapp.com acsbap.com *.appcast.io *.bizographics.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.d3fw5vlhllyvee.cloudfront.net vc.hotjar.io *.addthis.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com secure.imaginative-trade7.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com prefmgr-cookie.truste-svc.net hm.baidu.com data: 5 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 5 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 5 frame-ancestors 'self' *.maxon.net 5 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 5 frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 5 frame-ancestors 'self' https://*.contentstack.com 5 frame-ancestors 'self' https://oas.esf.edu.hk/ https://oasweb-stg.esf.edu.hk/ https://oasweb-uat.esf.edu.hk/ https://oasweb-dev.esf.edu.hk/ https://oasweb-dev2.esf.edu.hk/ https://srs-uat.esf.edu.hk https://www.1823.gov.hk https://api.data.gov.hk; 5 default-src 'self';frame-src 'self' *.youtube.com youtu.be *.smartertools.com docs.google.com;script-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data: blob:;style-src * 'unsafe-inline';media-src *;frame-ancestors 'self';connect-src *; 5 frame-ancestors https://*.contentstack.com; 5 object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; 5 default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 5 frame-ancestors 'self' *.qidian.com *.hongxiu.com *.yuewen.com *.qq.com *.qdmm.com *.readnovel.com *.xs8.cn *.xxsy.net *.tingbook.com *.lrts.me *.ywurl.cn *.qdwenxue.com *.if.qidian.com www.gameloop.com *.xs.cn *.rongshuxia.com 5 frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 5 frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com https://*.paperflite.com https://*.cleverstory.io; 5 frame-ancestors 'self' https://*.sonepar.coremedia.cloud/ https://*.sciquest.com https://*.jaggaer.com https://*.danisco.com:57101 https://*.danisco.com:57201 https://*.danisco.com:57301 https://*.danisco.com:44300 http://*.danisco.com:8000 https://*.global.iff.com:8000 https://*.global.iff.com:44300 https://*.global.iff.com:57201 https://*.global.iff.com:57301 https://*.global.iff.com:57101 https://*.ariba.com:44300 https://*.ariba.com:8000 https://*.ariba.com https://*.sirti.net:8001 https://*.sirti.net http://*.sirti.net:8001 https://*.linde.grp:8001 https://*.linde.grp http://*.linde.grp:8001 https://*.linde.grp:44350 https://*.hopperix.it; 5 script-src * 'self' 'unsafe-inline' 'unsafe-eval' 5 default-src 'self' *.google.com *.addthis.com *.brazenconnect.com *.youtube.com *.vimeo.com *.dvidshub.net *.military.com *.cloudfront.net; img-src 'self' data: *.mapbox.com *.sharethis.com *.bing.com *.clarity.com *.clarity.ms *.linkedin.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.storeimaging.com *.ytimg.com *.vimeocdn.com *.click2apply.net *.staticflickr.com *.cloudfront.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.mapbox.com *.jsdelivr.net *.googleapis.com *.fonts.net *.cloudfront.net *.brazenconnect.com; font-src 'self' *.jsdelivr.net *.gstatic.com *.fonts.net; script-src-elem 'self' 'unsafe-inline' *.mapbox.com *.sharethis.com *.clarity.com *.clarity.ms *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.licdn.com *.brazenconnect.com *.addthis.com *.moatads.com *.addthisedge.com *.military.com *.cloudfront.net *.vimeo.com; connect-src 'self' *.mapbox.com *.sharethis.com *.clarity.com *.clarity.ms *.googleapis.com *.google-analytics.com *.addthis.com *.brazenconnect.com *.linkedin.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net wss://*.live *.doubleclick.net; form-action 'self' *.gdmissionsystems.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 5 script-src https: 'unsafe-inline' 'unsafe-eval' 5 child-src 'self' blob: https://embed.windy.com/ https://bid.g.doubleclick.net/ https://td.doubleclick.net https://www.youtube.com/ https://youtube.com/ https://www.google.com/ https://hostadmin.dev.bushelsites.com/ https://www.nass.usda.gov/ https://www.facebook.com/ https://bigriverresources.applicantpro.com/ https://weatherwidget.io/ https://bqci.us11.list-manage.com/ https://inetsgi.com/ https://www.typeform.com/ https://form.typeform.com/ https://use.fontawesome.com/ https://skyviewgldw.frontieraginc.com/ https://skyviewglds.frontieraginc.com/ https://calendar.google.com/ https://forms.office.com/ https://recruiting.paylocity.com/ https://platform.twitter.com https://syndication.twitter.com/ https://mesonet.org/ https://player.vimeo.com/ https://enterprisegrain.com/ https://www.buzzsprout.com/ http://m.mesonet.org/ https://weather.wsu.edu/ https://www.uswheat.org/ https://bushelstaging7.o.bushelsites.com/ https://twitter.com/ https://www.youtube-nocookie.com/ https://www.bruglermarketing.com/ https://www.ers.usda.gov/ https://droughtmonitor.unl.edu/ https://www.usgs.gov/ https://www.thedailyscoop.com/CustSite_5_20_2022 http://scoularview.com/ http://scoularview.com:443/ https://scoularkansas.com/ https://scoulariowa.com/ https://scoularandres.com/ https://www.scoularkansas.com/ https://scoularwaverly.com/ https://scoularvirginia.com/ https://intermountain.scoular.com/ https://montana.scoular.com/ https://idaho.scoular.com/ https://missouri.scoular.com/ https://utah.scoular.com/ https://canada.scoular.com http://scoularview.com https://www.scoularview.com/ http://www.scoularview.com/ https://forecast.weather.gov/ https://www.windy.com/ https://widget.taggbox.com https://riceland.us15.list-manage.com/ https://app2.simpletexting.com/ https://mailchi.mp/ https://securepubads.g.doubleclick.net https://01a11ef3c27694652b46dcdcef7412f2.safeframe.googlesyndication.com/ https://tpc.googlesyndication.com https://www.cmegroup.com/ https://widget.tagembed.com/ https://embed.twitch.tv/ https://bushelstaging5.o.bushelsites.com/ ; font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ https://hostadmin.dev.bushelsites.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://use.typekit.net/ https://use.fontawesome.com/ ; img-src * data: blob: https://hostadmin.dev.bushelsites.com/ ; object-src 'self' https://hostadmin.dev.bushelsites.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cp-docs.dtn.com/ https://content-packages.dtn.com/ https://js.hsforms.net/ https://www.recaptcha.net/ https://www.recaptcha.net/ https://downloads.mailchimp.com/ https://mc.us15.list-manage.com/ https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/ https://beefmarketcentral.com/ https://www.googletagmanager.com/ https://www.amcharts.com/ https://maps.google.com/ https://www.google.com/ https://platform.twitter.com/ https://maxcdn.bootstrapcdn.com/ http://portal.farmcentric.com/ https://pagead2.googlesyndication.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/ https://fccontent.wirelessag.com/ https://localhost:* http://localhost:* https://www.googletagservices.com/ https://weatherwidget.io/ https://hostadmin.dev.bushelsites.com/ https://kit.fontawesome.com/ https://app.jazz.co/ https://embed.typeform.com/ https://bqci.us11.list-manage.com/ https://content-services.dtn.com/ https://emagrain.agricharts.com/ https://www.buzzsprout.com/ https://securepubads.g.doubleclick.net/ https://scoularview.com/ https://static.ctctcdn.com https://www.christianity.com https://fast.wistia.com https://chimpstatic.com https://player.vimeo.com https://www.convergepay.com/ https://tpc.googlesyndication.com/ https://embed.twitch.tv/ https://www.buzzsprout.com/ https://pinnaclend.o.bushelsites.com/fccp-location-prototype-23532 https://www.weatherworld.com/ ; style-src 'self' 'unsafe-inline' https://use.typekit.net/ https://fonts.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://maps.gstatic.com/ https://khms0.googleapis.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://embed.typeform.com/ https://localhost:* http://localhost:* https://use.fontawesome.com/ https://content-services.dtn.com/ https://hostAdmin.farmcentric.com https://downloads.mailchimp.com/ https://hostadmin.dev.bushelsites.com/ ; frame-ancestors 'self' https://agp.o.bushelsites.com/ https://www.highlinegrain.com/ https://highlinegrain.com/ https://kayloragriservices.com/ https://kaylorag.flywheelsites.com/ https://conrefco.com/ https://hostadmin.farmcentric.com/ https://www.recaptcha.net/ https://www.recaptcha.net/ https://www.agp.com http://www.agp.com https://opnutritionfeed.com https://hostadmin.farmcentric.com/ https://www.facebook.com/ https://hostadmin.dev.bushelsites.com/ https://inetsgi.com/ https://scoulariowa.com/ https://enterprisegrain.com/ https://sidwellstrategies.o.bushelsites.com/ https://sidwellstrategies.com/ https://www.sidwellstrategies.com/ https://weskangrain.com/ https://weskangrain.com/ https://scoularview.com/ http://scoularview.com/ https://scoularkansas.com/ https://scoulariowa.com/ https://scoularandres.com/ https://www.scoularkansas.com/ https://scoularwaverly.com/ https://scoularvirginia.com/ https://intermountain.scoular.com/ https://montana.scoular.com/ https://idaho.scoular.com/ https://missouri.scoular.com/ https://utah.scoular.com/ https://canada.scoular.com https://www.scoularview.com/ http://www.scoularview.com/ https://profitpartner.unitedgrain.com/ ; frame-src 'self' https://sotw.agricharts.com/ https://dtn.michag.com/ https://form.123formbuilder.com/ https://agp.o.bushelsites.com/ https://www.highlinegrain.com/ https://highlinegrain.com/ https://www.agp.com http://www.agp.com https://agp.com/ http://agp.com/ https://openweathermap.org/ https://api.leadconnectorhq.com/ https://www.rainviewer.com/ https://feed.surfing-waves.com/ https://share.transistor.fm/ https://www.pinnaclend.com/ https://portal.bushelpowered.com/ https://widget.taggbox.com/ https://tpc.googlesyndication.com/ https://f49bcfcd84940dbb7e41a72a221c3acb.safeframe.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://www.googletagmanager.com/ https://form.jotform.com/ https://share.hsforms.com https://soysales.conrefco.com/ https://skyview.frontieraginc.com/ https://skyviewgldn.frontieraginc.com/ https://skyviewglde.frontieraginc.com/ https://forecast.weather.gov/ https://www.nass.usda.gov/ https://onedrive.live.com/ https://calendar.google.com/ https://www.google.com/ https://conrefco.com/ https://hostadmin.farmcentric.com/ https://weather.wsu.edu/ https://recruiting.paylocity.com/ https://forms.office.com/ https://www.forms.office.com/ https://mailchi.mp/ https://www.mailchi.mp/ https://app2.simpletexting.com/ https://riceland.us15.list-manage.com/ https://www.weatherlink.com/ https://skyviewgldw.frontieraginc.com/ https://skyviewglds.frontieraginc.com/ https://www.typeform.com/ https://enterprisegrain.com/ https://www.facebook.com/ https://player.vimeo.com/ https://embed.twitch.tv/ https://form.typeform.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://bushelstaging7.o.bushelsites.com/ https://www.youtube.com/ https://youtube.com/ https://platform.twitter.com/ https://embed.windy.com/ https://trioak.o.bushelsites.com/ https://www.agp.o.bushelsites.com https://www.agp.com http://www.agp.com https://www.recaptcha.net/ https://www.recaptcha.net/ https://bid.g.doubleclick.net/ https://td.doubleclick.net https://www.scoularview.com/ https://scoularview.com/ https://weatherwidget.io/ https://sidwellstrategies.o.bushelsites.com/ https://sidwellstrategies.com/ https://www.sidwellstrategies.com/ https://online.fliphtml5.com/ https://www.buzzsprout.com/ https://e.issuu.com/ https://www.uswheat.org/ https://jobs.appone.com https://apply.appone.com https://embed.theperfectplant.com/ https://fb.watch/ https://docs.google.com/ https://drive.google.com/ https://pinnaclend.o.bushelsites.com/ https://pinnaclend.com/ https://inetsgi.com/ https://weather.com/ https://maps.zoomradar.net/ https://api.wo-cloud.com/ https://radar.weather.gov/ https://explore.careerviewxr.com/ 5 frame-ancestors https://*.myshopify.com https://admin.shopify.com 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: https: http:; font-src 'self' data: https: http:; media-src 'self' data: https: http: blob:; frame-src 'self' https: http:; connect-src 'self' https: http: wss: ws:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 5 upgrade-insecure-requests;connect-src *;frame-ancestors 'self' 5 object-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 5 worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.audioeye.com cdn.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com *.jst.ai ajax.googleapis.com *.affirm.com *.launchdarkly.com connect.facebook.net *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com *.demdex.net www.googletagmanager.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.vimeo.com *.hotjar.com *.doubleclick.net *.jst.ai *.paymetric.com *.affirm.com *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws *.zdassets.com *.visualwebsiteoptimizer.com app.vwo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net validator.swagger.io *.cdninstagram.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com via.placeholder.com *.klaviyo.com *.google.com *.google.ca *.facebook.com *.fls.doubleclick.net googleapis.com *.affirm.com *.jst.ai cdn.cookielaw.org *.audioeye.com *.imgur.com blob: *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io https://imgs.signifyd.com https://*.online-metrix.net s7d9.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.instagram.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.affirm.com *.launchdarkly.com *.audioeye.com *.imgur.com cdn.cookielaw.org *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com api.smooch.io wss://api.smooch.io app.vwo.com *.visualwebsiteoptimizer.com *.mountain.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.affirm.com *.launchdarkly.com connect.facebook.net *.jst.ai *.audioeye.com web.hyro.ws *.zdassets.com *.visualwebsiteoptimizer.com app.vwo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com blob: web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.affirm.com *.launchdarkly.com *.jst.ai *.audioeye.com *.imgur.com hyropublic.blob.core.windows.net *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com web.hyro.ws wss://web.hyro.ws wss://widget-mediator.zopim.com *.zdassets.com *.adobedtm.com api.smooch.io wss://api.smooch.io wheelpros.tt.omtrdc.net *.visualwebsiteoptimizer.com app.vwo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 default-src 'self' https: blob:; style-src 'self' 'unsafe-inline' *.ensemblevideo.com *.ntst.com *.marketo.net *.marketo.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai; script-src 'self' 'unsafe-inline' fast.wistia.net fast.wistia.com blob: *.marketo.net *.marketo.com *.mktoresp.com *.terminus.services *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.twimg.com *.sounder.fm *.facebook.net *.ntst.com *.licdn.com dg0hgb42195s9.cloudfront.net *.ramblechat.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai *.google.com *.gstatic.com;; object-src 'self'; connect-src 'self' px.ads.linkedin.com stats.g.doubleclick.net analytics.google.com *.wistia.com *.litix.io *.terminus.services *.securiti.ai *.ntst.com dg0hgb42195s9.cloudfront.net wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com *.ramblechat.com *.mktoutil.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com fast.wistia.net *.fast.wistia.net wss://*.ramblechat.com data:; font-src 'self' *.bootstrapcdn.com *.typekit.net *.gstatic.com data:; img-src * *.jwpltx.com data:; frame-ancestors 'self' *.ensemblevideo.com *.marketo.com *.marketo.net netsmart.highspot.com; 5 default-src 'self' data: snippet.maze.co heapanalytics.com js.hs-analytics.net tag.demandbase.com prompts.maze.co/api/widgets js.hs-analytics.net secure.intelligent-business-7.com api.investisdigital.com;child-src blob:;style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com *.gbg.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud *.stackadapt.com ifaqs.flexanswer.com du89v9a480hlb.cloudfront.net *.jquery.com heapanalytics.com https://*.maze.co/ *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net webeo-web-content.s3-eu-west-1.amazonaws.com;img-src 'self' 'unsafe-inline' *.gravatar.com data: gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.gbg.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net analytics.twitter.com googleads.g.doubleclick.net *.stackadapt.com *.azr.footprintdns.com *.hsforms.com *.6sc.co *.6sense.com *.jquery.com heapanalytics.com https://*.maze.co/ js.hscta.net no-cache.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net webeo-web-content.s3-eu-west-1.amazonaws.com bat.bing.net;font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud heapanalytics.com https://*.maze.co/;media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com *.hs-banner.com *.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com *.gbgplc.com *.gbg.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net *.hs-analytics.net *.hsleadflows.net *.hsadspixel.net js.hscta.net *.hubspot.com static.hsappstatic.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hubspotfeedback.com feedback.hubapi.com sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com *.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com *.hsforms.net *.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com *.atmrum.net *.stackadapt.com www.googleoptimize.com resources.customersure.com du89v9a480hlb.cloudfront.net js.hubspot.com *.6sc.co *.6sense.com cdn.heapanalytics.com heapanalytics.com https://*.maze.co/ secure.intelligent-business-7.com www.clarity.ms webeo-web-content.s3-eu-west-1.amazonaws.com ldynamicspublicapi.leadforensics.com secure.leadforensics.com assets.calendly.com browser.sentry-cdn.com;connect-src 'self' *.google-analytics.com *.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.gbg.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net *.stackadapt.com maps.googleapis.com api.investisdigital.com hubspot-forms-static-embed.s3.amazonaws.com gbg.customersure.com *.6sc.co *.6sense.com uksouth-1.in.applicationinsights.azure.com cdn.linkedin.oribi.io heapanalytics.com https://*.maze.co/ js.hscta.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com client-api.auryc.com *.clarity.ms ldynamicspublicapi.leadforensics.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com px.ads.linkedin.com bat.bing.net;frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.net *.hsforms.com play.hubspotvideo.com *.hubspot.net *.hs-sites.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com codepen.io *.loqate.com *.buzzsprout.com www.edisoninvestmentresearch.com otp.tools.investis.com www.connectidfeed.com gbg.customersure.com *.6sc.co *.6sense.com *.hs-sites.com td.doubleclick.net calendly.com *.idology.com outlook.office365.com;frame-ancestors 'self' *.loqate.com gbgplc.interactgo.com;worker-src blob:; 5 default-src 'self';media-src 'self' cdn.conversationalsdevelopment.nl/eneco/client/v2/sounds/beep.mp3 pingvp.com *.pingvp.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js acdn.adnxs.com/dmp/up/pixie.js mktdplp102cdn.azureedge.net bat.bing.com scripts.clarity.ms cdn-dxp.enecogroup.com cdn.conversationalsdevelopment.nl api.seamly-app.com *.g.doubleclick.net svc.dynamics.com connect.facebook.net www.google-analytics.com www.googleadservices.com www.google.nl pagead2.googlesyndication.com www.google.com/recaptcha//api.js www.gstatic.com www.google.com/recaptcha/ *.googletagmanager.com *.hotjar.com pixels.lemonpi.io snap.licdn.com/li.lms-analytics/insight.min.js snap.licdn.com/li.lms-analytics/insight.beta.min.js snap.licdn.com/li.lms-analytics/insight.old.min.js s.pinimg.com ct.pinterest.com www.reddit.com ads.reddit.com www.redditstatic.com api.salesfeed.com *.segmentstream.com static.ads-twitter.com w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net pingvp.com *.pingvp.com target.digitalaudience.io cdn.leadinfo.net;connect-src 'self' wss: api.adcalls.nl *.in.applicationinsights.azure.com js.monitor.azure.com/scripts/b/ai.config.1.cfg.json ib.adnxs.com bat.bing.com api.seamly-app.com api-digital.enecogroup.com ad.doubleclick.net stats.g.doubleclick.net bf53370xjr.bf.dynatrace.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com www.google.com adservice.google.com googleads.g.doubleclick.net www.googleadservices.com www.google.com/recaptcha/ stm.eneco.nl www.googletagmanager.com *.hotjar.com vc.hotjar.io content.hotjar.io d.lemonpi.io cdn.linkedin.oribi.io/partner/533658/domain/acc.eneco.nl/token cdn.linkedin.oribi.io/partner/533658/domain/eneco.nl/token px.ads.linkedin.com ct.pinterest.com www.reddit.com www.redditstatic.com conversions-config.reddit.com pixel-config.reddit.com track.segmentstream.com analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com api.usabilla.com target.digitalaudience.io api.leadinfo.com collector.leadinfo.net;img-src 'self' data: ib.adnxs.com bat.bing.com cdn-dxp.enecogroup.com *.frontify.com lt45.net www.lt45.net www.rkn3.net rkn3.net ds1.nl www.ds1.nl *.fls.doubleclick.net ad.doubleclick.net *.g.doubleclick.net https://static.duurzaamwonen.eneco.nl https://edw-test.ams3.digitaloceanspaces.com www.facebook.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com www.google.nl ade.googlesyndication.com adservice.google.com *.googleadservices.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.hotjar.com d.lemonpi.io px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com ct.pinterest.com www.reddit.com ads.reddit.com alb.reddit.com analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com w.usabilla.com d6tizftlrpuof.cloudfront.net img.youtube.com pingvp.com *.pingvp.com collector.leadinfo.net;font-src 'self' cdn-dxp.enecogroup.com fonts.gstatic.com *.hotjar.com d6tizftlrpuof.cloudfront.net pingvp.com *.pingvp.com;style-src 'self' 'unsafe-inline' *.hotjar.com d6tizftlrpuof.cloudfront.net pingvp.com *.pingvp.com;frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net td.doubleclick.net *.facebook.com connect.facebook.net www.google.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha stm.eneco.nl *.googletagmanager.com vars.hotjar.com ct.pinterest.com d6tizftlrpuof.cloudfront.net *.youtube.com;child-src 'self' blob:;object-src 'none' 5 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app data: fonts.googleapis.com *.fontawesome.com *.survicate.com/ *.accessibly.app/ *.oct8ne.com/ *.hotjar.com/ *.modo.com.ar/ *.readysize.ai/ https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.despegar.com *.koin.com.br *.googletagmanager.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.despegar.com *.koin.com.br *.googletagmanager.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app cm.everesttech.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.despegar.com *.koin.com.br *.googletagmanager.com fonts.googleapis.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mookie1.com/ *.adnxs.com/ *.google.com/ *.bing.com/ *.doubleclick.net/ *.google.com.ar/ *.carocuore.com.ar/ https://mcprod.carocuore.com/ *.groovinads.com/ *.accessibly.app/ *.qrserver.com/ *.oct8ne.com/ *.e-planning.net/ *.facebook.net/ https://www.em.rapsodia.com/ https://www.em.babycottons.com/ *.carocuore.com/ *.clarity.ms/ *.herolens.com/ *.rapsodia.com.ar/ *.rapsodia.cl/ *.rapsodia.com.co/ *.carocuore.com.uy/ *.babycottons.com.ar/ *.babycottons.com/ *.babycottons.com.pe/ *.rapsodia.com.uy/ *.babycottons.mx/ *.modo.com.ar/ *.cloudfront.net/ *.readysize.ai/ *.icommkt.online https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ *.equalweb.com/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io *.commerce-payment-services.com *.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.despegar.com *.koin.com.br *.googletagmanager.com *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://maps.googleapis.com *.hotjar.com/ *.adnxs.com/ *.tiktok.com/ *.getblue.io/ *.inspectlet.com/ *.bing.com/ *.clarity.ms/ *.naiz.fit/ *.survicate.com/ *.crazyegg.com/ *.embluemail.com/ *.icommarketing.com/ *.accessibly.app/ *.pinimg.com/ *.pinterest.com/ *.cloudfront.net/ *.oct8ne.com/ *.modo.com.ar/ *.readysize.ai/ *.fitprenda.com/ https://rapsodia.my.site.com/ https://scripts.icommkt.online/ *.icommkt.online https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ https://rum.hlx.page/ *.equalweb.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app cdn.dnky.co *.fontawesome.com assets.braintreegateway.com *.googletagmanager.com *.cookielaw.org *.survicate.com/ https://rapsodia.my.salesforce-scrt.com/ https://rapsodia.my.site.com/ *.icommkt.online https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ *.equalweb.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://mcprod.carocuore.com/ *.icommkt.online https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com maps.googleapis.com api.comapi.com bam.nr-data.net *.despegar.com *.googletagmanager.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.cookielaw.org *.tiktok.com/ *.clarity.ms/ *.naiz.fit/ *.run.app/ *.bing.com/ *.doubleclick.net *.accessiblyapp.com/ *.pinterest.com/ https://track-icommkt.com/ https://notifications-icommkt.com/ *.accessibly.app *.inspectlet.com/ *.oct8ne.com/ wss://ws.hotjar.com/ *.hotjar.io/ https://server-side-tagging-f3nc3owz5a-uc.a.run.app/ *.facebook.com/ *.playdigital.com.ar/ *.amplitude.com/ *.modo.com.ar/ *.readysize.ai/ https://rapsodia.my.salesforce-scrt.com/ *.icommkt.online/ https://*.grupo-alas.com.ar/ https://grupo-alas.com.ar/ *.equalweb.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 default-src 'none'; script-src 'unsafe-inline'; base-uri 'none'; form-action 'none'; frame-ancestors 'none' 5 default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src 'self' blob:; child-src blob:; 5 default-src https: data: 'unsafe-inline' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net *.google-analytics.com https://www.googleanalytics.com https://www.google.com/recaptcha/ https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://connect.facebook.com https://connect.facebook.net https://bat.bing.com https://js.stripe.com https://*.googletagmanager.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://beacon-v2.helpscout.net/ https://api.mapbox.com/ https://*.hotjar.com https://*.hotjar.io https://widget.surveymonkey.com/ https://ajax.googleapis.com/ https://js.sentry-cdn.com https://browser.sentry-cdn.com https://o4507096105549824.ingest.de.sentry.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://widget.trustpilot.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; img-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.babysits.com https://*.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bat.bing.com https://www.facebook.com https://www.facebook.net https://ade.googlesyndication.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://*.googleusercontent.com https://*.hotjar.com https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com data: blob: ; connect-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.babysits.com https://events.babysits.com https://events.staging.babysits.net https://events.babysits.com.development.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://www.googleadservices.com/ https://www.facebook.com https://api.stripe.com https://maps.babysits.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://bam.nr-data.net https://bam-cell.nr-data.net wss://*.pusher.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://o4507096105549824.ingest.de.sentry.io https://cdn.liveness.rekognition.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com wss://streaming-rekognition.eu-west-1.amazonaws.com/start-face-liveness-session-websocket https://*.visualwebsiteoptimizer.com https://app.vwo.com https://unpkg.com/@rive-app/ https://cdn.jsdelivr.net/npm/@rive-app/ https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ads.tiktok.com; frame-src 'self' bytedance: sslocal: https://www.google.com https://td.doubleclick.net/ https://*.googletagmanager.com https://bid.g.doubleclick.net https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net https://*.hotjar.com https://*.hotjar.io https://*.surveymonkey.com/ https://app.vwo.com https://*.visualwebsiteoptimizer.com https://widget.trustpilot.com; worker-src blob: ; child-src blob: ; font-src https://cdn.babysits.com https://*.hotjar.com https://*.hotjar.io https://app.vwo.com https://*.visualwebsiteoptimizer.com https://maxcdn.bootstrapcdn.com/font-awesome/; frame-ancestors 'self'; object-src 'none' ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://maxcdn.bootstrapcdn.com; 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://res.cloudinary.com https://images.unsplash.com https://*.discordapp.net https://cdn.t4b.top https://img.t4b.top https://lh3.googleusercontent.com; connect-src 'self' https://api.garenabd.com https://us.i.posthog.com; frame-src 'self' https://www.youtube.com https://youtube.com; 5 frame-ancestors 'self' pro.leparking.ch pro.dasparking.de pro.leparking.fr pro.theparking-cars.co.uk pro.theparking.ca pro.theparking-cars.com pro.leparking.be bresil.leparking.fr pro.nl.leparking.be pro.fr.theparking.ca roextpro.ads4all.fr atextpro.ads4all.fr bgextpro.ads4All.fr czextpro.ads4all.fr eeextpro.ads4all.fr grextpro.ads4all.fr hrextpro.ads4all.fr huextpro.ads4all.fr ltextpro.ads4all.fr luextpro.ads4all.fr lvextpro.ads4all.fr siextpro.ads4all.fr skextpro.ads4all.fr pro.de.leparking.ch keextpro.ads4all.fr pro.el-parking.es pro.oparking.pt pro.theparking.eu pro.el-parking.pe pro.leparking.ma pro.ilparking.it; 5 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 5 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:; 5 default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 5 default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com https://*.rudderlabs.com/ blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline' https://*.rudderstack.com/; font-src * data: https:; frame-src *; 5 frame-ancestors 'self' my.enboarder.com nine.enboarder.io; 5 style-src 'self' blob: 'unsafe-inline' *.maze.co *.google.com *.gstatic.com *.abtasty.com *.crazyegg.com *.googleapis.com *.satisfait-ou-rembourse-braun.fr *.offre-promotionnelle.fr *.salesforce-sites.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleanalytics.com *.pg.com *.bazaarvoice.com *.force.com *.pricespider.com *.lytics.io *.mapbox.com *.akamaihd.net feed.pghub.io ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: api.gcp.pgcloud.com *.rudderlabs.com *.pinterest.com s.pinimg.com static.affilae.com grafana-alloy.rum.gcp.pgcloud.com de-grafana-agent-prod.pg.com de-grafana-agent-dev.pg.com unpkg.com *.maze.co *.abtasty.com *.googleoptimize.com *.crazyegg.com *.googleanalytics.com *.impactcdn.com *.crwdcntrl.net *.googleadservices.com *.pg.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.salesforce.com *.my.salesforce.com *.criteo.com *.adform.net *.outbrain.com *.pypestream.com *.serving-sys.com *.tiktok.com *.youtube.com *.braun.com *.googletagmanager.com *.dynatrace.com dynatrace.com *.ads-twitter.com *.salesforceliveagent.com google.com gstatic.com *.gstatic.com *.google.com *.abtasty.com *.pypestream.eu *.force.com *.salesfoce.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com *.lytics.io *.jebbit.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.iesnare.com *.ipify.org *.bazaarvoice.com *.moatads.com *.mapbox.com *.akamaihd.net feed.pghub.io ; font-src 'self' *.maze.co *.gstatic.com *.googleapis.com *.gstatic.com *.pg.com *.windows.net fonts.gstatic.com maxcdn.bootstrapcdn.com res.cloudinary.com data: feed.pghub.io ; img-src * 'self' data: https: blob: *.maze.co *.google.com *.abtasty.com *.amazonaws.com *.crazyegg.com *.pricespider.com *.ctfassets.net ; default-src 'self' data: wss: api.gcp.pgcloud.com *.rudderstack.com *.rudderlabs.com *.pinterest.com www.jeu-ete-braun.com lb.affilae.com *.maze.co *.twitch.tv *.sjv.io *.azureedge.net *.flashtalking.com www.cashback-silkepil-et-accessoires.fr *.sor-braun.fr *.lightyearapi.com *.crazyegg.com *.google.com *.abtasty.com *.crwdcntrl.net *.youtube-nocookie.com youtube-nocookie.com pg-lex--dev.sandbox.my.salesforce-sites.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.analytics.google.com *.braun-concours-jenifer.fr *.concours-braun.fr *.offre-promotionnelle.fr *.pg.com *.criteo.com *.serving-sys.com *.serving-sys.com *.tiktok.com *.cashback-braun.fr *.cashbackipls2.fr *.cashbackshaverss2.fr *.satisfaitourembourse-braun.fr *.digital-promo.de *.dynatrace.com *.azure-api.net *.braun-ics.com *.braun.com *.braun.de *.youtube.com *.force.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.tapad.com *.segment.io *.segment.com *.lytics.io *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.jebbit.com *.windows.net geolocation-db.com *.onetrust.com *.iesnare.com *.bazaarvoice.com *.moatads.com *.mapbox.com *.pricespider.com *.akamaihd.net *.pg.com *.algolia.net *.contentful.com *.ctfassets.net feed.pghub.io 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fenster.com *.fensterversand.com *.fensterversand.at *.fensterversand.ch *.fenetre24.com *.fenetre24.be *.haustueren.de *.finestre.com *.ventanas.es *.windows24.com *.neuffer.de *.neuffer-payment.com *.k8s.nng-stage.de *.nng-prod.de *.amazonaws.com *.cloudflare.com *.cloudfront.net *.google.com *.google.de *.googleapis.com *.googlecode.com *.googletagmanager.com *.gstatic.com *.adtrafficquality.google https://syndicatedsearch.goog *.attributy.com *.spoteffects.net *.google-analytics.com *.googlecommerce.com *.googleadservices.com unpkg.com *.matomo.cloud *.etrusted.com *.trustedshops.com *.trustpilot.com *.bootstrapcdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.jquery.com *.typeform.com *.doubleclick.net *.userlike.com wss://*.userlike.com userlike-cdn-umm.b-cdn.net *.optimizely.com *.facebook.net *.facebook.com s7.addthis.com thdoan.github.io blob: data: *.geschuetzteinkaufen.commerzbank.de *.usd.de *.ogone.com *.sofort.com *.billpay.de *.paypal.de *.paypal.com *.paypalobjects.com *.pay1.de *.klarnacdn.net *.klarna.com *.klarnaevt.com https://*.klarnaservices.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.hotjarconsent.com *.hotjar.io *.mouseflow.com *.bing.com *.bing.net *.mozilla.org *.jsdelivr.net *.trackjs.com *.consensu.org *.consentmanager.net *.taboola.com *.googleusercontent.com cdn.datatables.net *.criteo.com *.criteo.net *.twiago.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.teads.tv *.3lift.com *.yahoo.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.emxdgt.com *.solutenetwork.com *.ubembed.com *.1rx.io *.adsensecustomsearchads.com *.openai.com *.dwin1.com *.awin1.com *.roeyecdn.com *.roeye.com *.sciencebehindecommerce.com *.wepowerconnections.com https://*.kameleoon.com https://*.kameleoon.io https://*.kameleoon.eu https://*.kameleoon.net *.zendesk.com zendesk-eu.my.sentry.io *.smooch.io *.twilio.com *.zdassets.com *.zdusercontent.com 5 frame-ancestors 'self' https://admin.hifiklubben.dk https://businesscentral.dynamics.com https://lshardware.audionord.dk https://bctest.audionord.dk https://bc.audionord.dk 5 frame-ancestors 'self' yousign.app; 5 worker-src 'http://test.datalex.org' 'http://www.lawnet.sg'; 5 script-src * 'unsafe-eval' 'unsafe-inline'; worker-src data: blob: * 5 upgrade-insecure-requests; form-action 'self' https://api.staticforms.xyz/submit; frame-ancestors 'self'; object-src 'none'; base-uri 'none' 5 frame-ancestors 'self' *.hotmart.com hotmart.com *.hotmart.host *.klickpages.com.br sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly 5 object-src 'self'; frame-ancestors 'self' 5 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5 default-src https: data: blob: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 5 policy 5 5 default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://cdn.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://wcs.naver.net https://cdn01.boxcdn.net https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://cdn.sprig.com https://assets.customer.io https://track.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com https://*.jam.dev;connect-src 'self' data: blob: https://img.notionusercontent.com https://notion.so/eap https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://api.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://assets.customer.io https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://tiles.versatiles.org https://maps.googleapis.com https://places.googleapis.com https://api.ipify.org https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://api.mail.dev.notion.so/graphql https://api.mail.notion.so/graphql https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com wss://msgstore.www.notion.so wss://msgstore-001.www.notion.so wss://msgstore-002.www.notion.so https://msgstore.www.notion.so https://msgstore-001.www.notion.so https://msgstore-002.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://local-workers-code-bundles.s3.us-west-2.amazonaws.com https://dev-space-euc1-0001-workers-code-bundles.s3.eu-central-1.amazonaws.com https://dev-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://dev-space-usw2-0002-workers-code-bundles.s3.us-west-2.amazonaws.com https://stg-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-euc1-0001-workers-code-bundles.s3.eu-central-1.amazonaws.com https://prod-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0002-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0003-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0004-workers-code-bundles.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn01.boxcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://img.notionusercontent.com https://mail-resource-proxy.mail.notion.so https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com;frame-ancestors 'self' https://www.notion.so notion://www.notion.so https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://notion.notion.site https://notion-templates.notion.site https://identity.notion.so https://*.jam.dev 5 default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 5 img-src * blob: data:; default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 5 upgrade-insecure-requests; default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; worker-src 'self' blob:; 5 frame-ancestors 'self' svb.matomo.cloud cbs.svb-hb.de cbs-local.svb-hb.de 5 frame-ancestors 'self' *.appcard.com 5 frame-ancestors https://next.ritr.eu https://www.alfagames.sk https://alfagames.sk; 5 font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: oct8necdneu.azureedge.net *.oct8ne.com https://widgets.trustedshops.com https://fonts.gstatic.com use.fontawesome.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.vimeo.com *.oct8ne.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.googletagmanager.com *.cookiebot.com *.retailrocket.net *.google.com *.google.es *.facebook.net *.facebook.com *.facebook.es *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.oct8ne.com *.cookiebot.com *.google.com.ua *.facebook.com *.bing.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.etrusted.com *.retailrocket.net *.facebook.net *.facebook.es eu1-doofinderuser.s3.amazonaws.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com cdn.datamanager.arinet.com partstream.arinet.com cdn.doofinder.com *.ggpht www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ polyfill.io *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.facebook.net *.bing.com *.googlesyndication.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.trustedshops.com/ connect.facebook.net bat.bing.com *.retailrocket.net *.facebook.com *.facebook.es *.instagram.com *.klarna.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com services.arinet.com partstream.arinet.com use.fontawesome.com cdn.doofinder.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.etrusted.com *.trustedshops.com *.cookiebot.com *.retailrocket.net *.google.com *.google.es *.facebook.net *.facebook.com *.facebook.es https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://fonts.googleapis.com use.fontawesome.com partstream.arinet.com *.doofinder.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.trackingplan.com *.cookiebot.com *.googlesyndication.com *.bing.com *.greenlandmx.es *.greenlandmx.fr *.greenlandmx.it *.greenlandmx.de *.greenlandmx.co.uk *.greenlandmx.com *.retailrocket.net *.facebook.net *.facebook.com *.facebook.es *.klarnaevt.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.doofinder.com wss://*.doofinder.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; font-src * data:; img-src * data:; media-src 'self' * blob: data:; 5 default-src 'self'; frame-src 'self' blob: data: application/pdf *.vimeo.com *.fnb.co.za *.ebucks.com authentication.cardinalcommerce.com *.fnbbotswana.co.bw *.doubleclick.net *.fnbconnect.co.za *.rmb.co.za:10443 *.fnbswaziland.co.sz:10443 *.fnbzambia.co.zm:10443 *.firstnationalbank.com.gh:10443 *.fnb.co.ls:10443 *.fnbci.co.uk:10443 *.fnbnamibia.com.na:10443 *.rmbprivatebank.com:10443 *.fnb.co.za:10443 *.rmb.co.za *.fnbswaziland.co.sz *.google.com *.gstatic.com *.fnbzambia.co.zm msgfnb.bankserv.co.za *.firstnationalbank.com.gh *.fnb.co.ls *.fnbci.co.uk *.fnbnamibia.com.na *.id.opendns.com *.rmbprivatebank.com https://*.googletagmanager.com; frame-ancestors 'self' *.fnb.co.za *.doubleclick.net https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://connect.facebook.net https://*.doubleclick.net https://*.fnb.co.za https://*.google.com https://*.google.co.za; worker-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com; object-src 'self'; img-src 'self' https://*.google.com https://*.google.co.za https://www.facebook.com https://*.google-analytics.com *.doubleclick.net https://*.fnb.co.za https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.vimeocdn.com https://*.vimeo.com https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com blob: data: https://*.google.co.za https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://media.tenor.com https://media.giphy.com https://*.googlesyndication.com; media-src 'self' blob: data: https://*.fnb.co.za https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com https://*.cloudfront.net https://download-video.akamaized.net https://*.vimeo.com https://*.googleapis.com; font-src 'self' https://*.gstatic.com; connect-src 'self' https://*.fnbconnect.co.za https://eu.whatfix.com https://*.gstatic.com https://*.fnbwealthandinvestments.co.za wss://*.fnbconnect.co.za:* https://*.googleapis.com https://media.tenor.com https://media.giphy.com https://*.fnb.co.za https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com https://*.google.com https://*.google.co.za https://*.google-analytics.com https://*.googlesyndication.com https://qa-sgtm-kdhtvzc.uc.r.appspot.com https://fnb-za-sgtm-km7z7r4k.ey.r.appspot.com *.doubleclick.net; form-action 'self' https://*.fnb.co.za https://*.fnbwealthandinvestments.co.za https://*.fnbnamibia.com.na https://*.firstrand.co.za https://*.fnbci.co.uk https://*.fnb.co.ls https://*.fnbbotswana.co.bw https://*.fnbswaziland.co.sz https://*.fnbzambia.co.zm *.rmb.co.za https://*.rmbprivatebank.com; 5 frame-ancestors 'self' ;upgrade-insecure-requests; 5 frame-ancestors 'self'; img-src *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.frontify.com *.cloudinary.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data:; default-src *.doubleclick.net 'self'; script-src https://*.googletagmanager.com 'self' *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ *.cloudinary.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src https://fonts.google.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; connect-src https://*.googletagmanager.com 'self' *.mktoresp.com *.google-analytics.com *.frontify.com *.cloudinary.com https://analytics.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src *.frontify.com *.cloudinary.com 'self'; child-src 'self' *.frontify.com cloudinary.com *.cloudinary.com 5 script-src 'self' 'unsafe-inline' 5 object-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ 5 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com https://auth.services.adobe.com/ 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com https://js.klevu.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com c.amazon-adsystem.com https://s.pinimg.com/ct/core.js ct.pinterest.com s.pinimg.com/ct/ *.usablenet.com bam.nr-data.net js-agent.newrelic.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com cdn.leadmanagerfx.com agent.marketingcloudfx.com use.fontawesome.com *.truevaultcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.cdninstagram.com *.adobe.com player.vimeo.com download-video.akamaized.net https://download-video-ak.vimeocdn.com/v3-1/playback/9fd159ef-cfc8-425b-b81d-00002b57d3dd/9f99cd6f-bf6cd135 'self' 'unsafe-inline'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com *.cdninstagram.com *.mapbox.com cdnjs.cloudflare.com polaris.truevaultcdn.com https://samples.woodstream.com/ *.google.com.ua *.google.pl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com player.flipsnack.com https://auth.services.adobe.com/ www.facebook.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app *.pricespider.com cdnjs.cloudflare.com https://pagead2.googlesyndication.com/ https://prod-180.westus.logic.azure.com/ googleads.g.doubleclick.net js.go2sdk.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.google-analytics.com https://www.facebook.com/ *.truevaultcdn.com *.mapbox.com *.marketingcloudfx.com *.leadmanagerfx.com bam.nr-data.net *.tiktok.com recs.listrakbi.com *.mmapiws.com paypal.com *.googleapis.com maps.googleapis.com https://ct.pinterest.com/v3/ https://ct.pinterest.com/user/ ws://localhost:* https://prod-40.westus.logic.azure.com/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com www.gstatic.com *.tiktok.com recs.listrakbi.com wss://*.hotjar.com/ 'self' 'unsafe-inline'; 5 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 5 worker-src blob:; 5 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://deviceid.notolytix.com https://*.userguiding.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://apis.google.com https://omg.toptex.fr https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google.com https://ajax.cloudflare.com/ https://www.gstatic.com https://ipinfo.io https://cdn.jsdelivr.net https://*.lyra.com https://static.cloudflareinsights.com https://tag.toptex.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.lyra.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.privacy-center.org https://*.lyra.com https://www.googletagmanager.com https://www.facebook.com https://px.ads.linkedin.com https://www.google.com https://cdn.toptex.com https://tag.toptex.com https://region1.analytics.google.com https://www.google.fr https://stats.g.doubleclick.net https://www.toptex.fr https://*.toptex.com https://pagead2.googlesyndication.com https://files.europeancatalog.fr https://files.toptex.fr https://blog.toptex.com; connect-src 'self' https://*.privacy-center.org https://*.toptex.com wss://ws.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.userguiding.com https://px.ads.linkedin.com https://www.google.com https://insights.algolia.io https://ipinfo.io https://api.privacy-center.org https://pagead2.googlesyndication.com https://*.algolia.net; frame-src 'self' https://public.traceforgood.com https://vimeo.com https://www.youtube.com https://tag.toptex.com https://www.googletagmanager.com https://www.google.com https://api.lyra.com https://player.vimeo.com https://ns.europeancatalog.com https://www.europeancatalog.com https://challenges.cloudflare.com; object-src 'self' www.toptex.com; base-uri 'self'; form-action 'self' https://secure.lyra.com; upgrade-insecure-requests; worker-src 'self' blob:; 5 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net *.twistoo.co; connect-src 'self' *.googletagmanager.com *.igodigital.com *.maxcdn.com *.polyfill.io *.facebook.net *.facebook.com *.searchnode.io *.omnisrc.com *.bitrec.io *.google.com *.google.ee *.google.fi *.google.lv *.google.lt *.google-analytics.com *.doubleclick.net *.soundestlink.com *.nr-data.net *.esto.ee *.hotjar.io *.cookieinformation.com *.searchnode.net *.bing.com *.googleapis.com *.googleadservices.com *.issuu.com *.cookiebot.com stape.io capig.stape.host analytics.tiktok.com *.twistoo.co t.cometlytrack.com google.com *.nosto.com respondent.survicate.com survey.survicate.com survey-prd.survicate-cdn.com *.cookieyes.com cdn-cookieyes.com; font-src 'self' *.gstatic.com data: *.123formbuilder.com *.issuu.com *.bootstrapcdn.com *.twistoo.co surveys-static.survicate.com surveys-static-prd.survicate-cdn.com cdn.jsdelivr.net; frame-src 'self' *.123formbuilder.com *.facebook.com *.cookieinformation.com *.youtube.com *.youtube-nocookie.com *.issuu.com *.videoly.net *.cookiebot.com *.doubleclick.net *.flippingbook.com publuu.com googletagmanager.com *.google.com; img-src 'self' data: kotrynagroup.lt *.kotrynagroup.lt *.babycity.lt *.babycity.lv *.babycity.ee *.kidzone.lt *.kidzone.lv *.kidzone.ee *.kidzone.fi *.toycity.lt *.toycity.lv *.zaisluplaneta.lt *.jukukeskus.ee *.toysplanet.lv *.igodigital.com *.bing.com *.facebook.com *.google-analytics.com *.google.com *.google.lt *.google.lv *.google.ee *.google.fi *.ytimg.com *.videoly.co *.adnxs.com *.reddit.com *.googleapis.com *.gstatic.com *.youtube.com *.ckeditor.com *.doubleclick.net *.kotrynagroup.com *.googleadservices.com *.googletagmanager.com *.issuu.com *.wistia.com *.wistia.net *.cookiebot.com analytics.tiktok.com *.twistoo.co surveys-static.survicate.com surveys-static-prd.survicate-cdn.com assets.survicate.com img.survicate.com images.unsplash.com cdn-cookieyes.com; media-src *.twistoo.co data:; script-src 'self' 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.nr-data.net *.google.com *.google.lt *.google.lv *.google.fi *.google.ee *.igodigital.com polyfill.io *.bitrec.com *.googletagmanager.com *.facebook.net *.searchnode.io *.google-analytics.com *.doubleclick.net *.hotjar.com *.bing.com *.youtube.com omnisrc.com *.sentry-cdn.com *.soundestlink.com omnisnippet1.com *.doubleclick.net *.newrelic.com *.videoly.co *.123formbuilder.com *.esto.ee *.redditstatic.com *.cookieinformation.com *.adnxs.com *.googleapis.com *.ckeditor.com *.jsdelivr.net *.googleadservices.com *.issuu.com *.youtube-nocookie.com *.ytimg.com *.videoly.net *.cookiebot.com stape.io capig.stape.host analytics.tiktok.com *.publuu.com cdnjs.cloudflare.com *.twistoo.co t.cometlytrack.com static.cloudflareinsights.com *.nosto.com nosto.stackla.com *.cloudfront.net survey.survicate.com surveys-static.survicate.com surveys-static-prd.survicate-cdn.com survey-prd.survicate-cdn.com cdn-cookieyes.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.123formbuilder.com *.ckeditor.com *.jsdelivr.net *.issuu.com *.bootstrapcdn.com cdnjs.cloudflare.com *.twistoo.co *.cloudfront.net surveys-static.survicate.com surveys-static-prd.survicate-cdn.com 5 report-to default; 5 font-src data: https: 'self';connect-src data: https: wss: blob:;default-src 'unsafe-eval' 'unsafe-inline' data: https:;form-action https:;img-src 'self' data: https: blob:;media-src 'self';object-src 'none';script-src data: https: blob: 'unsafe-inline' 'unsafe-eval' id3.expertus.com.ua;style-src data: https: 'self' 'unsafe-inline' 5 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 5 default-src 'unsafe-inline' 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' *; img-src 'self' data: * 5 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 5 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' report-sample blob: https://www.youtube.com https://*.gstatic.com https://www.google.com/recaptcha/api.js https://*.tiktok.com https://*.cookiebot.com https://*.talention.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.jameda-elements.de https://snap.licdn.com https://empfehlungen.aerzte.de/app.js; style-src 'self' 'unsafe-inline' 'report-sample' https://*.talention.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com https://*.cookiebot.com https://*.doubleclick.net https://www.googletagmanager.com; report-uri https://csp.ew72.net?site=osg 5 frame-ancestors https://lk.udpauto.ru https://metrika.yandex.ru https://webvisor.com http://webvisor.com 5 script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://s.go-mpulse.net/boomerang/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://apis.google.com/js/platform.js https://www.privacylab.it/metisCookiePrivacy.php https://www.privacylab.it/elmo.php https://bnr.elmobot.eu/ https://ingestion.webanalytics.italia.it/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://connect.facebook.net/it_IT/sdk.js https://player.vimeo.com/api/player.js https://events.matterport.com/api/v1/event https://okaccedo.com/ https://widget.okaccedo.com/ https://www.instagram.com/embed.js https://bundle.keplero.ai/min.js https://synvision.ai/ https://chatling.ai/ https://eu.jotform.com/ https://leem2.ploomberapp.io/ https://arsolutionsgeneral.s3.us-east-1.amazonaws.com/ https://*.hs-scripts.com/ https://*.usemessages.com/ https://*.hubspot.com/;frame-ancestors 'self' file: *.spaggiari.eu; 5 frame-ancestors *; frame-src * 5 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com bat.bing.com www.google.com google.com adservice.google.com pagead2.googlesyndication.com td.doubleclick.net www.googletagmanager.com www.googleadservices.com ad.doubleclick.net; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-JfJ82reKxtqugVbfRGw/O/1x1Lm1I09rHueXSwvbRws=' 'sha256-BbV1i75oYRtLtfDWs7tnA8QLF5EOO1dVHKL0prVd/fQ=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com www.google.com/recaptcha/enterprise.js www.gstatic.com/recaptcha/releases/ merchantpool1.linkedin.com www.googletagmanager.com/gtag/js www.googleadservices.com/pagead/ www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ adservice.google.com/pagead/ pagead2.googlesyndication.com/pagead/ www.googletagmanager.com/gtag/destination merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh play.vidyard.com www.google.com/recaptcha/ *.fls.doubleclick.net www.googletagmanager.com td.doubleclick.net li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 4 default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://*.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://yandex.ru https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.ru https://*.serving-sys.ru https://*.weborama-tech.ru https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com https://*.vkvideo.ru 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com https://*.vkvideo.ru 'self' 'unsafe-inline' 4 frame-ancestors *.mi.com; 4 frame-ancestors 'self' app.storyblok.com; 4 default-src * 'self' blob: data: 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 4 frame-ancestors 'self' https://*.nbcnews.com https://*.today.com https://*.msnbc.com https://*.telemundo.com https://*.nbcnewstools.net https://*.eonline.com https://*.cnbc.com; 4 default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://cdn.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://wcs.naver.net https://cdn01.boxcdn.net https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://cdn.sprig.com https://assets.customer.io https://track.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com; connect-src 'self' data: blob: https://img.notionusercontent.com https://notion.so/eap https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://api.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://assets.customer.io https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://www.google.com https://hcaptcha.com https://*.hcaptcha.com https://tiles.versatiles.org https://maps.googleapis.com https://places.googleapis.com https://api.ipify.org https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://info.notion.com https://bat.bing.com https://s.yimg.jp https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://api.mail.dev.notion.so/graphql https://api.mail.notion.so/graphql https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cloud.memsource.com https://editor.memsource.com https://adora-cdn.com https://c.adora-cdn.com; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn01.boxcdn.net https://fonts.gstatic.com; img-src 'self' data: blob: https: https://img.notionusercontent.com https://mail-resource-proxy.mail.notion.so https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com; frame-ancestors 'self' https://www.notion.so notion://www.notion.so; worker-src 'self' blob:; child-src 'self' blob:; media-src blob: https: http: https://*.mux.com; frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://notion.notion.site https://notion-templates.notion.site 4 frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 4 default-src https://www.oreilly.com/Zdc7w3/Vvk/r9e/U__is7SG/Yz5iQpwkbzDGp8/ZXVGCTE/Zhw/AXC8FJQg * 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: moz-extension: ms-browser-extension: chrome-extension: ios-log:; 4 frame-ancestors 'self' *.trust-provider.com secure.sectigo.com 4 frame-ancestors https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org 4 frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com *.thesun.co.uk *.the-sun.com *.thescottishsun.co.uk *.thesun.ie *.staging-thesun.co.uk *.staging-the-sun.com *.staging-thescottishsun.co.uk *.staging-thesun.ie au-script.dotmetrics.net dscms.newscorp.com 4 frame-ancestors 'self' https://dashboard.weglot.com https://*.translations.weglot.io; base-uri 'self'; upgrade-insecure-requests; 4 object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://www.eventbrite.com http://rsdk.grafana.com https://rsdk2.grafana-dev.com http://rsdk2.grafana.com https://heypal.chat https://www.heypal.chat https://pal-api-production.up.railway.app https://faro-collector-prod-us-central-0.grafana.net https://*.fullstory.com https://rsi.grafana.com https://cdn.mouseflow.com https://widget.intercom.io https://js.intercomcdn.com https://*.qualtrics.com https://js.zi-scripts.com https://tags.clickagy.com https://widget.kapa.ai https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://grafana.chilipiper.com https://static.zuddl.com https://js.stripe.com https://node-api-test-sand.vercel.app https://cdn.cookielaw.org https://track.customer.io https://cdn.rudderlabs.com 4 form-action https: 4 media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; 4 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleoptimize.com https://*.cookielaw.org https://*.cloud.coveo.com https://*.googletagmanager.com https://*.fundraiseup.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://*.quantserve.com https://*.adsrvr.org https://*.vimeocdn.com https://*.pixel.ad https://*.pardot.com https://*.optimizely.com https://*.doubleclick.net https://*.googleadservices.com https://*.sascdn.com https://*.id5-sync.com https://*.licdn.com https://*.ads-twitter.com https://*.googlesyndication.com *; style-src 'self' 'unsafe-inline' *; connect-src 'self' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; frame-src 'self' *; media-src 'self' blob: data: * 4 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 4 frame-ancestors 'self' https://*.brightsites.co.uk; 4 default-src 'none'; form-action 'self' https://login.microsoftonline.com https://madmimi.com https://www.facebook.com; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; connect-src 'self' https://matomo.org https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org https://api.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://v1.api.service.cmp.usercentrics.eu https://privacy-proxy.usercentrics.eu https://graphql.usercentrics.eu; script-src 'self' https://snap.licdn.com https://userlike-cdn-umm.b-cdn.net https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline' https://app.usercentrics.eu https://api.usercentrics.eu https://web.cmp.usercentrics.eu https://privacy-proxy.usercentrics.eu; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://app.usercentrics.eu; img-src 'self' https://*.matomo.org https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://video.matomo.org https://app.usercentrics.eu https://uct.service.usercentrics.eu api.userlike.com https://userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://matomo.org https://*.matomo.org https://userlike-cdn-umm.b-cdn.net https://demo-web.matomo.org https://web.innocraft.cloud data: https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.facebook.com https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org https://app.usercentrics.eu https://web.cmp.usercentrics.eu; 4 frame-ancestors 'none'; font-src 'self' 4 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.thebalancemoney.com; upgrade-insecure-requests; 4 frame-ancestors 'self' *.adobe.com *.assets.adobedtm.com 4 upgrade-insecure-requests; frame-ancestors 'self' https://www.elespanol.com https://*.elespanol.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org 4 frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ https://c.lytics.io/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 4 default-src 'unsafe-inline' 'unsafe-eval' 'self' *.cloudflare.com www.yola.com unpkg.com *.yolacdn.net cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.googleusercontent.com *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net *.yola.com *.yolaqa.com *.storylane.io *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.f.vimeocdn.com *.i.vimeocdn.com jitter.video stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com *.wikimedia.org www.youtube.com wp-themes.com *.sitebuilderhostqa.net data: blob:;frame-ancestors 'self'; form-action 'self'; 4 frame-ancestors https://events.searchengineland.com https://searchengineland.com 4 frame-ancestors 'self' https://*.scaleway.com http://localhost:9000 http://localhost:9001; 4 frame-ancestors 'self' https://*.shaw.ca 4 frame-ancestors 'self' https://www.facebook.com; frame-src 'self' https://www.youtube.com https://*.youtube.com https://www.youtube-nocookie.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google.com https://*.googlevideo.com https://static.addtoany.com https://*.snapengage.com https://*.freshchat.com https://embed.fillout.com https://www.googletagmanager.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://connect.facebook.net https://munchkin.marketo.net https://script.crazyegg.com https://static.zdassets.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://cdn.cookie-script.com https://s.adroll.com https://c.seznam.cz https://mc.yandex.ru https://www.snapengage.com https://*.googleapis.com https://d.adroll.com https://snap.licdn.com https://storage.googleapis.com https://u.heatmap.it https://script.hotjar.com https://static.hotjar.com https://*.doubleclick.net https://*.google.com https://*.cloudfront.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleoptimize.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com https://www.gstatic.com https://www.google.com/recaptcha/ https://static.addtoany.com http://www.zyxel.com https://js.hubspot.com https://js.hscollectedforms.net https://report.cookie-script.com https://ind-widget.freshworks.com https://zyxel-support-help.freshchat.com https://server.fillout.com https://media.campaigner.com https://mpsnare.iesnare.com https://www.youtube.com https://*.youtube.com https://*.ytimg.com; style-src 'self' 'report-sample' 'unsafe-inline' *.nebula.zyxel.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com https://*.s3.amazonaws.com https://www.gstatic.com https://zyxel-support-help.freshchat.com https://ind-widget.freshworks.com https://media.campaigner.com https://mpsnare.iesnare.com; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://storage.googleapis.com; img-src 'self' data: https://*.zyxel.com https://*.zyxelgroup.com https://*.cloudfront.net https://*.googleusercontent.com https://*.google.com https://*.google.com.tw https://*.gstatic.com https://*.doubleclick.net https://*.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.googlevideo.com https://*.facebook.com https://*.linkedin.com https://px.ads.linkedin.com https://storage.googleapis.com https://*.googletagmanager.com; connect-src 'self' https://*.zyxel.com https://*.zyxelgroup.com https://*.googleapis.com https://*.google.com https://*.google.com.tw https://*.hotjar.com https://*.hsforms.net https://*.hubspot.com https://*.snapengage.com https://*.cloudfront.net https://*.facebook.com https://*.linkedin.com https://*.campaigner.com https://*.freshchat.com https://*.fillout.com https://www.google-analytics.com https://script.crazyegg.com https://*.cookie-script.com https://*.jsdelivr.net; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 4 SAMEORIGIN 4 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com intent: wss://127.0.0.1:* https://*.8select.io https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.parcellab.com https://*.paypalobjects.com https://*.paypal.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.solutenetwork.com https://analytics.google.com https://analytics.tiktok.com https://balancechecks.tx-gate.com https://cloud.mail.lidl.de https://dmp.theadex.com https://facebook.com https://fonts.gstatic.com https://h.online-metrix.net https://tracking.s24.com https://utiqcontent.com https://www.google-analytics.com https://www.lacmp.net https://www.moebel.de https://*.tailortool.de https://utiq.mno.link https://mobile-token.telekom.de https://tmi.vodafone.de https://o2de.mno.link data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com intent: https://*.adyen.com https://*.bizrate.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.ftrace.com https://*.lidl-info.com https://*.mynetfair.com https://*.paypal.com https://*.sit.az.odj.cloud https://*.sit.sys.odj.cloud https://*.vrxs.de https://api.theadex.com https://ar.lidl.com https://balancechecks.tx-gate.com https://facebook.com https://h.online-metrix.net https://lidl-giftcard.eu https://review.apps.01.cf.eu01.stackit.cloud https://www.edge-cdn.net https://www.lidl-gewinnspiel.de https://www.lidl-giftcard.eu https://utiq.mno.link; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz moz-extension: https://*.adition.com https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.bizrate.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.paypalobjects.com https://*.paypal.com https://*.pubmatic.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.solutenetwork.com https://*.stickyadstv.com https://*.taboola.com https://*.twiago.com https://*.yahoo.com https://*.yieldlab.net https://analytics.google.com https://analytics.tiktok.com https://balancechecks.tx-gate.com https://contextual.media.net https://dmp.theadex.com https://facebook.com https://h.online-metrix.net https://lh3.googleusercontent.com https://match.adsrvr.org https://match.sharethrough.com https://pubsaf.global.ssl.fastly.net https://prodeastusmappscreative.azureedge.net https://sync.outbrain.com https://translate.google.com https://via.placeholder.com https://visitor.omnitagjs.com https://utiqcontent.com https://www.econda-monitor.de https://www.google-analytics.com https://www.ladenzeile.de https://www.lead-alliance.net https://*.tailortool.de data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com https://*.lidl-info.com https://*.online-metrix.net https://facebook.com https://h.online-metrix.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' https://*.8select.io https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.online-metrix.net https://*.parcellab.com https://*.paypalobjects.com https://*.paypal.com https://*.semtrack.de https://*.simplesurance.de https://adservice.google.de https://ajax.googleapis.com https://analytics.tiktok.com https://api.theadex.com https://balancechecks.tx-gate.com https://cdn.ravenjs.com https://cloud.mail.lidl.de https://cm.g.doubleclick.net https://code.etracker.com https://dmp.theadex.com https://dsp.adfarm1.adition.com https://facebook.com https://h.online-metrix.net https://s.ytimg.com https://tracking.s24.com https://www.dwin1.com https://www.etracker.de https://www.google-analytics.com https://www.lacmp.net https://www.ladenzeile.de https://www.moebel.de https://*.tailortool.de https://frontend.prod.utiq-aws.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline' https://*.epoq-systems.de https://*.epoq.de https://*.fitanalytics.com https://*.lidl-info.com https://*.parcellab.com https://*.sit.sys.odj.cloud https://facebook.com; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com https://*.sit.az.odj.cloud; 4 frame-ancestors 'self' https://splytech.io https://*.splytech.io 4 frame-ancestors 'self' https://c360.cricketwireless.com; 4 base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests; 4 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 4 upgrade-insecure-requests; frame-ancestors *.brigitte.de *.gala.de *.guj.digital *.wpf.digital *.guj.rocks *.eltern.de *.essen-und-trinken.de *.urbia.de *.vorname.com; frame-src *; 4 frame-ancestors 'self' *.ampproject.org *.zdbb.net 4 child-src blob:; connect-src 'self' 'unsafe-inline' https:; default-src 'self'; font-src 'self' data: https://*.wcms.basf.com; frame-ancestors https://*.wcms.basf.com; frame-src https://* blob:; img-src 'self' data: https://*.wcms.basf.com https://cdn.cookielaw.org https://collect.tealiumiq.com https://platform.b4u-cloud.de *.kampyle.com *.medallia.eu *.facebook.com; media-src 'self' blob: https://*.wcms.basf.com; object-src 'none'; script-src 'wasm-unsafe-eval' 'unsafe-inline'; script-src-elem 'self' https: 'sha256-ttfnBjqp3Wtmn9FUPKkR3GLb0D3xMFCg7QcjYux8Y+o='; style-src 'unsafe-inline' 'self'; style-src-elem 'self' 'unsafe-inline' https://*.wcms.basf.com https://player.youku.com https://platform.b4u-cloud.de; worker-src blob: 4 default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; form-action 'self' *; frame-src 'self' *; 4 frame-ancestors 'self' https://adobemc.com https://nfcu.experiencecloud.adobe.com https://experience.adobe.com 4 base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com offline-page.pages.dev *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net https://challenges.cloudflare.com *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com https://challenges.cloudflare.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 4 frame-ancestors 'self' https://frida.main.messefrankfurt.com/ *.messefrankfurt.com 4 frame-ancestors 'self' *.commscope.com *.ruckusnetworks.com *.punchout2go.com *.ariba.com; 4 default-src 'self' https: blob:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://build.cloudbees.com;font-src 'self' https: data:;img-src 'self' https: data:;frame-ancestors 'self' https://*.contentful.com;object-src 'none';upgrade-insecure-requests 4 upgrade-insecure-requests;block-all-mixed-content 4 default-src 'self' http://*.jwpcdn.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://*.jwpcdn.com http://*.googleapis.com http://*.googletagservices.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *; script-src-elem 'self' 'unsafe-inline' *; media-src 'self' blob: data: *; img-src 'self' blob: data: *; font-src 'self' http://*.gstatic.com http://*.civicscience.com; frame-src 'self' *; object-src 'self' *; base-uri 'self'; form-action 'self'; frame-ancestors 'self' http://localhost:* https://*.dev-univision.com https://*.univision.com https://*.tudn.com https://*.mulher.com.br https://*.delicioso.com.br https://*.zappeando.com.br https://*.tasaudavel.com.br https://*.lasestrellas.tv https://*.canal5.com https://*.elnu9ve.com https://*.distritocomedia.com https://*.televisa.com https://*.unicable.tv https://*.telehit.com https://*.losbingers.com https://*.bandamax.tv https://*.lacasadelosfamososmexico.tv http://*.uvn.io http://*.psdops.com https://static.univision.com https://viz.flowics.com https://*.flowics.com https://asset-cdn.flowics.com https://*.lightboxcdn.com https://www.lightboxcdn.com; block-all-mixed-content; 4 frame-ancestors 'self' https://cyon.ch https://www.cyon.ch https://blog.cyon.ch; 4 frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/ https://front-video-tool.aftenposten.no/ https://*.pr.sls.schibsted.tech; upgrade-insecure-requests 4 frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' *.mutinycdn.com data.hockeystack.com *.mutinyhq.io tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com wss://ws.qualified.com perf-na1.hsforms.com app.qualified.com td.doubleclick.net pagead2.googlesyndication.com ws.qualified.com d3cy9zhslanhfa.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com youtube.com cdn.linkedin.oribi.io rs.fullstory.com forms-na1.hsforms.com cdn.contentful.com phenompeople.na.chilipiper.com js.chilipiper.com api.na.chilipiper.com api.chilipiper.com tracking.chilipiper.com ipv6.6sc.co cdn.cookielaw.org images.ctfassets.net assets.ctfassets.net videos.ctfassets.net app.clearbit.com api.hubapi.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com *.clearbitscripts.com *.litix.io alb.reddit.com *.clarity.ms secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com cdn.cookielaw.org optanon.blob.core.windows.net c.bing.com geolocation.onetrust.com youtu.be abm2.listenloop.com notify.bugsnag.com pt37ad6f6a.execute-api.us-east-1.amazonaws.com data slideshare.net:;script-src 'self' 'unsafe-inline' 'unsafe-eval' home.integrate.com *.mutinycdn.com data.hockeystack.com *.mutinyhq.io tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com code.jquery.com ajax.googleapis.com images.ctfassets.net www.googleadservices.com videos.ctfassets.net *.phenom.com c.bing.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net *.clarity.ms j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com www.redditstatic.com js.usemessages.com alb.reddit.com cdn.cookielaw.org static.ads-twitter.com *.clearbitscripts.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com js.chilipiper.com js.usemessages.com js.hsadspixel.net js.na.chilipiper.com snap.licdn.com www.google.com images.ctfassets.net videos.ctfassets.net js.driftt.com googleads.g.doubleclick.net stats.g.doubleclick.neti edge.fullstory.com secure.adnxs.com cb3034c4ce68477bb69489e3e49e4588.js.ubembed.com assets.ubembed.com js.zi-scripts.com ws-assets.zoominfo.com js.qualified.com js.hubspot.com v2.listenloop.com launcher.1mind.com static.oktopost.com js.storylane.io cdn.storylane.io; connect-src 'self' data: https: http: wss://ws.qualified.com; frame-src 'self' data: https: http:; img-src 'self' data: https: http:; 4 frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:* https://*.ub.oru.se:* https://*.griffith.edu.au:* https://*.uexternado.edu.co:* http://*.s3-website-us-west-2.amazonaws.com:* https://*.s3-website-us-west-2.amazonaws.com:* https://*.msu.edu:* https://*.library.nova.edu:* https://*.dev-scholarone.com:* https://*.clarivate.cn:* https://*.dev-incites.com:* https://*.targetsafety.info:* https://*.gethealthbase.com:* https://*.clarivate.net:* http://*.library.vanderbilt.edu:* https://*.library.vanderbilt.edu:* https://*.dev-innovation.com:* https://*.derwentinnovation.com:* http://*.globalq.com:* https://*.globalq.com:* http://*.globalqinc.com:* https://*.globalqinc.com:* https://*.proxyucr.elogim.com:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms allow-modals 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://gravatar.com https://www.gravatar.com; frame-src 'self' https://play.libsyn.com; base-uri 'none'; form-action 'self' https://duckduckgo.com; frame-ancestors 'none'; 4 default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: js.qualified.com bat.bing-int.com www.googleadservices.com analytics.ahrefs.com obs.forroundprince.com ob.forroundprince.com *.stackadapt.com app.vwo.com munchkin.marketo.net *.mktoweb.com challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' *.visualwebsiteoptimizer.com play.vidyard.com wss://ws6.qualified.com app.vwo.com app.qualified.com google.com tsvc.bluebeam.com tsvc.bluebeam.com.au tsvc.bluebeam.se tsvc.bluebeam.co.uk tsvc.bluebeam-dev.com refer.bluebeam.com *.sheerid.net *.sheerid.com analytics.ahrefs.com obs.forroundprince.com tsvc.bluebeam.de *.stackadapt.com *.mktoresp.com *.execute-api.us-east-1.amazonaws.com *.execute-api.eu-west-2.amazonaws.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.eu-central-1.amazonaws.com *.execute-api.eu-north-1.amazonaws.com region1.analytics.google.com *.analytics.google.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io wss://ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io attr.ml-api.io secure.adnxs.com s.ml-attr.com www.googleadservices.com obs.forroundprince.com ade.googlesyndication.com arttrk.com imgsct.cookiebot.com www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com p.typekit.net use.typekit.net *.stackadapt.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' use.typekit.net p.typekit.net *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' app.qualified.com *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' *.visualwebsiteoptimizer.com app.vwo.com blob: app.qualified.com www.googletagmanager.com challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; worker-src 'self' blob: ; 4 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 4 frame-ancestors 'self' amadeus.com outpayce.com www.amadeus.com www.outpayce.com amadeus.seismic.com seismic.com liveshareeu1.seismic.com jobs.amadeus.com corporate.amadeus.com startups.amadeus.com hotels.amadeus.com opportunities.jobs.amadeus.com brand-marketing-center.internal.amadeus.com brandcenter.amadeus.com contentsourcing.amadeus.com partners.amadeus.com vdp.amadeus.com brand-guidelines.internal.amadeus.com cytric.amadeus.com amadeusitgroup.demdex.net cdn.cookielaw.org unpkg.com cdn.decibelinsight.net collection.decibelinsight.net www.googletagmanager.com ipapi.co tools.eurolandir.com flo.uri.sh resources.digital-cloud.medallia.eu; frame-src https://corporate.amadeus.com https://www.youtube.com https://www.googletagmanager.com https://amadeusitgroup.demdex.net https://cdn.cookielaw.org https://unpkg.com https://cdn.decibelinsight.net https://collection.decibelinsight.net https://ipapi.co https://tools.eurolandir.com https://flo.uri.sh https://resources.digital-cloud.medallia.eu 4 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 4 frame-ancestors 'self' http://api.securedvisit.com http://track.securedvisit.com http://content.securedvisit.com http://images.securedvisit.com http://track.sv.rkdms.com https://cdn-us.algoliaradar.com https://insights.algolia.io/1/events https://insights.algolia.io/1/searches 4 frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 4 default-src 'none'; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net blob:; script-src 'self' 'unsafe-inline' https://www.dwin1.com https://cdn.signly.co/release/latest/ https://dam.santander.co.uk https://md-scp.kampyle.com https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://sc-static.net https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://lptag.liveperson.net https://lo.v.liveperson.net https://lo.msg.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net https://www.google.com https://google.com https://*.santander.co.uk; connect-src 'self' 'unsafe-inline' https://google.com https://www.google.com https://analytics-fe.digital-cloud-uk.medallia.eu https://signly.azurewebsites.net https://tr.snapchat.com https://pagead2.googlesyndication.com https://dam.santander.co.uk https://events.launchdarkly.com https://app.launchdarkly.com wss://int-cb.santander.co.uk https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://santanderuk.tt.omtrdc.net https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://lpcdn.lpsnmedia.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' 'unsafe-inline' https://cdn.signly.co/release/latest/ https://md-scp.kampyle.com; font-src 'self' https://dam.santander.co.uk; frame-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.signly.co/release/latest/ https://portal-benefits-calculator.turn2us.org.uk https://td.doubleclick.net https://www.youtube-nocookie.com https://activitymap.adobe.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src https://british-sign-language-videos.signly.co https://signlymediaservice-ukso1.streaming.media.azure.net https://signlystorageaccount.blob.core.windows.net https://cdn.signly.co/images/ https://lpcdn.lpsnmedia.net; worker-src blob:; 4 default-src 'self' data: https://fonts.gstatic.com/ https://cdn.podigee.com/ https://*.podigee-cdn.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; connect-src 'self' https://cdn.cookielaw.org/ https://*.onetrust.com/ https://quality.dpdhl.com/ https://t.leadlab.click/ https://insight.adsrvr.org/ https://assets.adobedtm.com/ https://deutschepostag1.d3.sc.omtrdc.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://meinservice-dhl-sites.secure.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://depst-salaut-prod1.pegacloud.net/ https://depst-mara-dt1-decisionhub.pegacloud.net/ https://depst-mara-stg1-decisionhub.pegacloud.net/ https://depst-mara-prod1-decisionhub.pegacloud.net/ https://t.ssl.ak.tiles.virtualearth.net/ https://*.dynamic.tiles.ditu.live.com/ https://*.braintreegateway.com/ https://*.braintree-api.com/ https://braintree-sample-merchant.herokuapp.com/ https://*.heidelpay.com/ https://autocomplete2.postdirekt.de/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; img-src https: data: blob:; form-action 'self' https://*.dhl.de/ https://*.deutschepost.de/ https://www.sofort.com/ https://*.dhl.com/ https://meinservice.my.salesforce-sites.com/; frame-ancestors 'self' https://facebook.com/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://deutschepost.elaine-asp.de/ https://*.plentymarkets-cloud-de.com/ https://*.plentymarkets-cloud-ie.com/ https://dhl.vendidero.de/ https://dhl-paket.plentymarkets-cloud02.com/ https://*.billbee.io/ https://*.dreamrobot.de/ https://tl-meinservice-dhl.cs107.force.com/; frame-src 'self' https://www.simplydhl.com/ https://deutschepost.elaine-asp.de/ https://www.youtube.com/ https://www.google.com/ https://assets.adobedtm.com/ https://rdevpro-meinservice-dhl.cs160.force.com/ https://gateway.zscalerthree.net/ https://*.braintreegateway.com/ https://payment.heidelpay.com/ https://dhlglobalmail.secure.force.com/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://dhlglobalmail.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://dhlglobalmail.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/ https://app.webinargeek.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.youtube.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/ https://assets.adobedtm.com/ https://cdn.tt.omtrdc.net/ https://*.google.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://*.virtualearth.net/ https://*.ditu.live.com/ https://*.salesforceliveagent.com/ https://static.lightning.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://meinservice-dhl-sites.secure.force.com/ https://assets.braintreegateway.com/ https://static.heidelpay.com/ https://cdn.jsdelivr.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://cdn.cookielaw.org/ https://googletagmanager.com/ https://track.adform.net/ https://www.youtube.com/ https://connect.facebook.net/ https://*.virtualearth.net/ https://*.ditu.live.com/ https://*.salesforceliveagent.com/ https://static.lightning.force.com/ https://meinservice--rqa.sandbox.my.salesforce.com/ https://meinservice--tl.sandbox.my.salesforce.com/ https://assets.braintreegateway.com/ https://cdn.jsdelivr.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; style-src 'self' 'unsafe-inline' https://meinservice-dhl-sites.secure.force.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.com/ https://*.deutschepost.de/ https://dpm.demdex.net/ https://*.paypal.com/ https://*.cardinalcommerce.com/ https://dpcomepost.tt.omtrdc.net/ https://*.bing.com/ https://meinservice.my.salesforce.com/ https://meinservice.my.salesforce-sites.com/ https://service.force.com/ https://*.zscaler.net/ https://*.zscloud.net/ https://*.zscalertwo.net/; 4 frame-ancestors https://r1132100004725-eu1-ifwe.3dexperience.3ds.com https://r1132100257819-eu1-ifwe.3dexperience.3ds.com https://dsext001-eu1-215dsi0708-ifwe.3dexperience.3ds.com https://r1132100381839-eu1-academia-ifwe.3dexperience.3ds.com https://dspart004-eu1-partners-ifwe.3dexperience.3ds.com https://dspart011-eu1-partners-ifwe.3dexperience.3ds.com https://my.3dexperience.3ds.com https://www.3ds.com; base-uri 'self' 4 img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 4 frame-ancestors 'self' https://*.osp.tech 4 frame-ancestors https://*.bw-infra.de https://*.baden-wuerttemberg.de; 4 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 4 frame-ancestors 'self' https://rtsports.com https://www.rtsports.com; 4 upgrade-insecure-requests; default-src 'self' *.leuchtfeuer.com; frame-src 'self' *.consentmanager.net *.youtube.com *.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.googletagmanager.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.facebook.net *.googleapis.com *.googletagmanager.com *.bing.com *.virtualearth.net www.cdn.botfriendsx.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.doubleclick.net *.flockler.com *.flockler.systems *.continental.com *.google.com *.googleapis.com *.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com *.trkkn.com unpkg.com *.consentmanager.net *.equitystory.com www.cdn.botfriendsx.com api.eu-1.smooch.io blob:; font-src 'self' www.cdn.botfriendsx.com data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.facebook.net *.linkedin.com *.flockler.com *.flockler.app *.continental.com *.leuchtfeuer.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.mouseflow.com *.consentmanager.net *.trkkn.com cdn.linkedin.oribi.io www.cdn.botfriendsx.com *.config.eu-1.smooch.io api.eu-1.smooch.io wss://api.eu-1.smooch.io; img-src * data: *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.virtualearth.net; media-src * blob:; report-uri https://sentry.leuchtfeuer.com/api/13/security/?sentry_key=66362f3cb1034383abbd3702c8d1a340 4 frame-ancestors https://app.storyblok.com; 4 frame-ancestors 'self' https://*.breuninger.com 4 default-src 'self' https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: http://*.marketo.net https://*.6sc.co https://*.bing.com https://*.bizible.com https://*.brandwatch.com https://*.capterra.com https://*.clarity.ms https://*.claydar.com https://*.cloudflare.com https://*.cloudfront.net https://*.cookielaw.org https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.instagram.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.neutral.ttwstatic.com https://*.optimizely.com https://*.podscribe.com https://*.qualified.com https://*.quora.com https://*.reddit.com https://*.segreencolumn.com https://*.storylane.io https://*.tiktok.com https://*.ttwstatic.com https://*.twitter.com https://*.wistia.com https://*.wistia.net https://*.youtube.com https://*.zi-scripts.com https://*.zoominfo.com https://js.zi-scripts.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co https://snap.licdn.com https://static.ads-twitter.com https://unpkg.com/@dotlottie/player-component@2.7.5/dist/dotlottie-player.js https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js wss://*.qualified.com; style-src 'self' 'unsafe-inline' https://*.ttwstatic.com https://fonts.googleapis.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co; font-src 'self' data: https://fonts.gstatic.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co; img-src 'self' data: http://1.gravatar.com https: https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co; media-src *.qualified.com; connect-src 'self' *.clarity.ms *.google.co.in *.google.de *.google.ro *.googleadservices.com http://*.mktoresp.com https://*.6sc.co https://*.6sense.com https://*.adnxs.com https://*.analytics.google.com https://*.bing.com https://*.bing.net https://*.bizible.com https://*.brandwatch.com https://*.capterra.com https://*.claydar.com https://*.cloudflare.com https://*.cookielaw.org https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.marketo.net https://*.mktoresp.com https://*.mktoutil.com https://*.onetrust.com https://*.optimizely.com https://*.podscribe.com https://*.qualified.com https://*.quora.com https://*.segreencolumn.com https://*.sentry.io https://*.tiktok.com https://*.tiktokw.us https://*.wistia.com https://*.wistia.net https://*.zi-scripts.com https://*.zoominfo.com https://google.com https://s14415.pcdn.co https://s14416.pcdn.co https://s14417.pcdn.co https://s14418.pcdn.co https://s14419.pcdn.co https://server-side-tagging-o6xcwbv53a-uc.a.run.app wss://*.hotjar.com wss://*.qualified.com; frame-src 'self' *.linkedin.com https://*.cdn.optimizely.com https://*.driftt.com https://*.reddit.com https://*.storylane.io https://*.tiktok.com https://*.wistia.com https://*.wistia.net https://app.qualified.com https://connect.facebook.net https://facebook.com https://instagram.com https://platform.twitter.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.tiktok.com https://www.youtube.com https://youtube.com; frame-ancestors 'self' *.brandwatch.com https://insights.hotjar.com; form-action 'self' https://*.facebook.com https://www.brandwatch.com; base-uri 'self'; object-src 'none'; worker-src 'self' blob:; report-uri /csp-report/; 4 frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn http://www3.renesas.cn https://www3.renesas.cn 4 img-src 'self' data: blob: pancake.vn pancake.biz pages.fm pancake.id pancake.in pancake.ph fbcdn.net fbsbx.com facebook.com cdninstagram.com zadn.vn zdn.vn shopee.vn shopee.sg shopee.co.id shopee.co.th shopee.tw shopee.ph shopeemobile.com unpkg.com line-scdn.net fbsbx.com *.pancake.vn *.pancake.biz *.pages.fm *.pancake.id *.pancake.in *.pancake.ph *.fbcdn.net *.fbsbx.com *.facebook.com *.cdninstagram.com *.zadn.vn *.zdn.vn *.shopee.vn *.shopee.sg *.shopee.co.id *.shopee.co.th *.shopee.tw *.shopee.ph *.shopeemobile.com *.unpkg.com *.line-scdn.net *.fbsbx.com; 4 frame-ancestors 'self' https://www.tubev.sex https://www.tubevinsex.com https://www.tbvsex.com https://www.tubevcn2.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rtx.com https://*.raytheon.com https://*.rtxapps.com https://*.prattwhitney.com blob: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.crazyegg.com https://ipmeta.io https://*.licdn.com https://*.linkedin.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com https://listgrowth.ctctcdn.com https://visitor2.constantcontact.com/api/v1/signup_forms/209bf8ea-ae37-4c00-b293-172a892f887b https://siteimproveanalytics.com https://rockwellcollinsaerospace.us-7.evergage.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: data: https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/development/scripts/evergage.min.js https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/production/scripts/evergage.min.js; img-src 'self' https://*.rtx.com data: www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.linkedin.com https://p.adsymptotic.com https://*.licdn.com https://t.co https://www.facebook.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com https://*.siteimproveanalytics.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.ggpht.com data:; style-src 'self' 'unsafe-inline' https://*.rtx.com https://*.raytheon.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.licdn.com https://*.twitter.com https://*.twimg.com https://static.ctctcdn.com; font-src 'self' https://*.rtx.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://app.prattwhitney.com https://*.twitter.com https://*.fls.doubleclick.net https://*.rtx.com https://*.youtube.com/ https://*.raytheon.com https://www.rockwellcollins.com https://*.salesforce.com *.google.com; upgrade-insecure-requests; block-all-mixed-content; worker-src blob: ; 4 default-src 'self' https://www.rapid7.com https://old.rapid7.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://newdev.rapid7.com https://staging.rapid7.com https://assets.contentstack.io https://*.qualified.com https://*.vwo.com; script-src 'self' blob: https://www.rapid7.com https://old.rapid7.com https://www.googletagmanager.com http://997-fka-652.mktoweb.com https://997-fka-652.mktoweb.com http://411-nak-970.mktoweb.com https://411-nak-970.mktoweb.com http://information.rapid7.com http://munchkin.marketo.net https://cdn.cookielaw.org https://play.vidyard.com https://packages.prmcdn.io https://connect.facebook.net https://*.6sc.co https://cdn.bizible.com https://*.g2crowd.com https://snap.licdn.com https://px.ads.linkedin.com https://munchkin.marketo.net https://*.clarity.ms https://ws.zoominfo.com https://bat.bing.com https://googleads.g.doubleclick.net https://*.google.com https://www.gstatic.com https://*.impartner.live https://*.qualified.com https://*.googleadservices.com https://*.zi-scripts.com https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com 'unsafe-inline'; style-src 'self' https://www.rapid7.com https://old.rapid7.com https://use.typekit.net https://p.typekit.net https://packages.prmcdn.io https://997-fka-652.mktoweb.com http://997-fka-652.mktoweb.com https://411-nak-970.mktoweb.com http://411-nak-970.mktoweb.com https://information.rapid7.com https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://cdn.pushcrew.com 'unsafe-inline'; font-src 'self' data: https://www.rapid7.com https://old.rapid7.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://*.vwo.com; img-src 'self' data: blob: https: https://www.rapid7.com https://old.rapid7.com http://play.vidyard.com http://*.6sc.co https://*.6sc.co https://px.ads.linkedin.com https://bat.bing.com https://googleads.g.doubleclick.net https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://useruploads.vwo.io https://cdn.pushcrew.com; connect-src 'self' https://www.rapid7.com https://old.rapid7.com https://*.googletagmanager.com https://*.adnxs.com https://*.6sense.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://graphql.contentstack.com https://*.insight.rapid7.com https://newdev.rapid7.com https://staging.rapid7.com https://cdn.cookielaw.org https://*.google-analytics.com https://partners.rapid7.com https://*.algolia.net https://*.algolianet.com https://*.googlesyndication.com http://997-fka-652.mktoresp.com http://411-nak-970.mktoresp.com http://*.6sc.co https://*.6sc.co https://munchkin.marketo.net https://997-fka-652.mktoresp.com https://411-nak-970.mktoresp.com https://ws.zoominfo.com https://*.bing.com https://*.doubleclick.net https://google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.gstatic.com https://*.clarity.ms https://*.6sc.co https://*.onetrust.com https://*.my.onetrust.com https://*.google-analytics.com https://sessions.bugsnag.com https://*.pusher.com https://*.brighttalk.com https://*.g2.com https://*.qualified.com https://*.ads.linkedin.com https://*.zi-scripts.com https://*.bing.net https://*.analytics.google.com https://*.doubleclick.net wss://*.qualified.com wss://ws-mt1.pusher.com https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://play.vidyard.com; frame-src https://product-tour.rapid7.com https://www.rapid7.com https://old.rapid7.com https://rapid7-website-development.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website.contentstackapps.com https://newdev.rapid7.com https://staging.rapid7.com https://play.vidyard.com https://*.googletagmanager.com https://997-fka-652.mktoweb.com http://997-fka-652.mktoweb.com https://www.brighttalk.com https://411-nak-970.mktoweb.com http://411-nak-970.mktoweb.com https://google.com https://www.rapid7.com/impartner.html https://rapid7-website.contentstackapps.com/impartner.html https://*.doubleclick.net https://*.qualified.com https://*.facebook.com https://information.rapid7.com https://www.google.com https://*.vwo.com https://app.vwo.com https://*.visualwebsiteoptimizer.com; worker-src 'self' blob:; frame-ancestors 'self' https://www.rapid7.com https://old.rapid7.com https://newdev.rapid7.com https://staging.rapid7.com https://rapid7-website.contentstackapps.com https://rapid7-website-staging.contentstackapps.com https://rapid7-website-development.contentstackapps.com https://app.contentstack.com; 4 upgrade-insecure-requests; frame-ancestors *.centurylink.com *.corp.intranet; 4 frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 4 frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 4 default-src 'self' *.bim.com.tr *.bim.ma *.bim.eg *.bimcell.com.tr *.file.com.tr *.google.com *.google.com.tr *.cloudflare.com *.gstatic.com *.doubleclick.net *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.jquery.com *.facebook.net *.youtube.com *.youtube-nocookie.com *.hr-link.net hr-link.net 'unsafe-inline' 'unsafe-eval' data:; 4 frame-ancestors depositfiles.com *.depositfiles.com depositfiles.org *.depositfiles.org dfiles.eu *.dfiles.eu dfiles.com *.dfiles.com 4 frame-ancestors 'self' *.paessler.com 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://connect.facebook.net https://static.doubleclick.net https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://recaptcha.net https://www.recaptcha.net/recaptcha/api.js https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'report-sample' https://www.facebook.com https://connect.facebook.net https://www.gstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com platform.careemapis.com https://stats.g.doubleclick.net https://jnn-pa.googleapis.com https://play.google.com https://*.googlevideo.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.google.com https://www.google-analytics.com https://remittance-service.pvt-cx.gw.staging.teamdisplayed.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com recaptcha.net https://www.youtube.com; img-src 'self' data: https://careem-catalog-media.imgix.net https://www.facebook.com https://yt3.ggpht.com https://i.ytimg.com https://www.gstatic.com https://www.google.com/pagead https://googleads.g.doubleclick.net https://www.google.com.pk https://careem-public-web-media.imgix.net https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' blob: https://upload-cdn.careem.com https://careem-public-web-media.imgix.net; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src https://recaptcha.net; form-action 'self' 4 upgrade-insecure-requests; frame-ancestors 'self' https://*.xn--d1aqf.xn--p1ai 4 font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io *.googleapis.com;, frame-ancestors 'self' data: *.kornferry.com *.kfadvance.com; 4 object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 4 frame-ancestors 'self' commander.weatherops.com 4 object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 4 default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk services.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com api.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com npmcdn.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com j.6sc.co tracking.g2crowd.com js.hubspot.com *.customersure.com *.visualwebsiteoptimizer.com www.atmrum.net *.cloudfront.net scout-cdn.salesloft.com https://*.maze.co/ esm.sh secure.imaginative-24.com webeo-web-content.s3-eu-west-1.amazonaws.com www.clarity.ms secure.intelligent-business-7.com secure.agile-company-365.com webeo-web-content.s3-eu-west-1.amazonaws.com ldynamicspublicapi.leadforensics.com secure.leadforensics.com scripts.webeo.com my.g2.com *.sentry-cdn.com cdn.segment.com hm.baidu.com https://s3-us-west-2.amazonaws.com/b2bjsstore/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com idx.liadm.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com googletagmanager.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud ifaqs.flexanswer.com *.cloudfront.net unpkg.com https://*.maze.co/ webeo-web-content.s3-eu-west-1.amazonaws.com; img-src 'self' data: blob: 'unsafe-inline' *.gravatar.com gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com *.hsforms.com analytics.twitter.com b.6sc.co *.visualwebsiteoptimizer.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net https://*.maze.co/ secure.imaginative-24.com *.clarity.ms webeo-web-content.s3-eu-west-1.amazonaws.com images.g2crowd.com www.g2.com hm.baidu.com; font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud https://*.maze.co/; media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com; worker-src blob:; child-src blob:; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net gbg-cms-web-uat-staging.azurewebsites.net gbg-cms-web-dev.azurewebsites.net gbg.local maps.googleapis.com *.execute-api.ap-southeast-2.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com m1.openfpcdn.io *.applicationinsights.azure.com ipv6.6sc.co *.6sc.co content.hotjar.io *.customersure.com gbgplc.com demotiles.maplibre.org api.maptiler.com *.analytics.google.com scout.salesloft.com https://*.maze.co/ *.6sense.com cdn.jsdelivr.net tracking.g2crowd.com secure.adnxs.com *.clarity.ms ldynamicspublicapi.leadforensics.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com my.g2.com www.g2.com api.segment.io cdn.segment.com unpkg.com https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.execute-api.us-west-2.amazonaws.com/b2bjsstore/b/ https://a.usbrowserspeed.com *.googleadservices.com *.google.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com *.hs-sites.com codepen.io *.loqate.com *.buzzsprout.com *.umbraco.com www.edisoninvestmentresearch.com *.customersure.com td.doubleclick.net docs.google.com www.g2.com https://www.fxiaoke.com/ https://www.googletagmanager.com https://td.doubleclick.net; frame-ancestors 'self' *.loqate.com gbgplc.sharepoint.com; 4 default-src 'self' http: https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 4 frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 4 frame-src *; frame-ancestors 'self'; 4 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.beuth.de *.dinmedia.de *.aks-dinmedia.net https://blickinsbuch.de/gateway/ https://*.blickinsbuch.de/gateway/ *.podigee-cdn.net *.etracker.com *.etracker.de *.ytimg.com *.hotjar.com *.soundcloud.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.youtube.com/iframe_api https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://code.jquery.com https://public.flourish.studio/resources/embed.js *.freshworks.com *.bing.com siteimproveanalytics.com https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.14/widget.module.min.js; style-src 'self' 'unsafe-inline' *.podigee-cdn.net https://fonts.googleapis.com *.freshworks.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.freshdesk.com https://beuth.prudsys-rde.de https://flourish-api.com https://public.flourish.studio https://*.hotjar.com https://stats.g.doubleclick.net https://*.hotjar.io *.etracker.de wss://*.hotjar.com *.freshworks.com *.openstreetmap.org *.friendlycaptcha.com *.googleadservices.com bat.bing.net bat.bing.com *.google.com; font-src 'self' *.podigee-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' blob: data: https://*.blickinsbuch.de https://*.blickinsbuch.net *.soundcloud.com *.podigee-cdn.net https://flourish-api.com https://googleads.g.doubleclick.net https://*.hotjar.com *.google.com *.google.de *.googletagmanager.com *.youtube-nocookie.com *.youtube.com https://flo.uri.sh https://www.openstreetmap.org https://cdn.knightlab.com/; img-src * data:; frame-ancestors 'self' *.dinmedia.de *.aks-dinmedia.net *.din.de *.etracker.com; worker-src 'self' blob:; 4 frame-ancestors 'self' https://lojaonline.nos.pt 4 frame-ancestors 'self' https://*.easyname.com https://*.easyname.at; 4 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.doubleclick.net *.hawksearch.net *.g2crowd.com *.sentry-cdn.com/ *.google.com *.vimeo.com *.hs-scripts.com *.hs-analytics.net *.baidu.com *.bcebos.com https://vi.ml314.com https://pagead2.googlesyndication.com https://wwwstage.siemens.com *.usercentrics.eu assets.adobedtm.com w3.siemens.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com *.hawksearch.net *.usercentrics.eu 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com/ https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.g2crowd.com *.hawksearch.net *.hawksearch.com *.baidu.com https://aff-im.cdn.bcebos.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net *.googletagmanager.com *.hsforms.net *.baidu.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.doubleclick.net *.linkedin.com *.hawksearch.net *.hawksearch.com *.redditstatic.com *.reddit.com *.g2crowd.com *.wistia.net *.g2.com *.google.com https://google.com *.hsforms.com *.baidu.com https://www.facebook.com https://www.googletagmanager.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net *.baidu.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 4 default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 4 frame-ancestors 'self' *.ncmec.org *.missingkids.org *.adobecqms.net *.ncmecad.net *.articulate.com articulateusercontent.com ncmec.docebosaas.com learn.secondcity.com *.dcbstatic.com; 4 upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx creative-preview-an.com ib.adnxs-simple.com mediation.adnxs.com adsdk.microsoft.com *.safeframe.googlesyndication.com *.espacior.com *.kromatica.com *.grupo.reforma.com; 4 script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://cdn.ampproject.org https://code.jquery.com https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.site https://*.bitget.live https://*.bitget.vin https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://tcsdk.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://mc.yandex.com https://*.bitget.style https://api-web.wwmxd.info https://api-web.wwmxd.site https://pixel.mathtagmedia.com http://www.googletagmanager.com https://*.bitget.com https://cdn.dingxiang-inc.com https://*.storm.tg https://*.ston.fi https://*.jarvisbot.ai https://*.pxlvrs.io https://*.onetime.dog https://*.tomarket.ai https://*.newcoolproject.io https://*.catizen.ai https://*.glados.app https://*.yescoin.gold https://*.tonapi.io https://infragrid.v.network https://*.forter.com https://js.volt.io https://static.ads-twitter.com https://js.adsrvr.org https://goldwater.cloud;connect-src 'self' 'report-sample' data: blob: ws: wss: https://www.turingfraud.net https://cdn.ampproject.org https://*.hdmune.cn https://*.nlviwq.cn https://oauth.telegram.org https://*.qq.com https://*.tencent-cloud.com https://*.intltencentcos.com https://*.tencentcos.cn https://*.tencentcloud.com https://*.my-cpaas.com https://*.tlivewebrtc2.com https://*.tlivecloud.com https://*.rtclivekit.com https://*.xuundv.cn https://*.tencentcloudapi.com https://*.myqcloud.com https://www.googletagmanager.com https://*.rtc-web.com https://*.qcloud.com https://*.my-imcloud.com https://*.tlivewebrtc.com https://*.tliveplay.com https://*.tlivesource.com https://*.rtc-web.io https://*.cloud-rtc.com https://*.vod-qcloud.com https://*.minigitlab.top https://wa.appsflyer.com https://ces2007.org https://*.google.com https://stats.g.doubleclick.net wss://*.bitgetpro.site https://*.google-analytics.com https://analytics.tiktok.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitgetpro.site https://*.bgbstatic.com https://*.bitget.site https://*.bitget.live https://*.bitget.vin wss://*.bitget.site wss://*.bitget.live wss://*.bitget.vin https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.bitget.online https://*.bitgettr.com wss://*.bitgettr.com wss://*.gdrichem.com https://pagead2.googlesyndication.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.duoyihubei.top https://duoyihubei.top wss://*.duoyihubei.top wss://duoyihubei.top https://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.glassgs.com https://mc.yandex.com wss://*.bitget.style https://*.bitget.style https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://pixel.mathtagmedia.com https://www.google.co.kr https://www.google.com.bd https://google.com https://www.google.co.in https://www.google.ru https://sensors-ab.gdrichem.com:8443 https://img.gurenla.com https://img.bitgetimg.com https://*.bitget.com https://cdn.dingxiang-inc.com https://*.storm.tg https://*.ston.fi https://*.jarvisbot.ai https://*.pxlvrs.io https://*.onetime.dog https://*.tomarket.ai https://*.newcoolproject.io https://*.catizen.ai https://*.glados.app https://*.yescoin.gold https://*.tonapi.io https://ton-connect.github.io https://browser-http-intake.logs.datadoghq.com https://infragrid.v.network https://cdnjs.cloudflare.com https://pre.ssqhome.top https://ssqhome.top https://*.forter.com https://*.bgstatic.com https://goldwater.cloud;frame-src 'self' 'report-sample' blob: data: https://callback.osl-pay.com https://ramp.osl-pay.com https://*.bgstatic.com https://*.bitgetimg.com https://*.gurenla.com https://*.google.com https://*.bitgetimg.com https://*.bitgetpro.site https://*.bitget.site https://*.bitget.live https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.duoyihubei.top https://duoyihubei.top https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://www.bitgetwidget.com https://*.bitget.style https://mc.yandex.com https://*.nihaopay.com https://onramp.money https://*.simplexcc.com https://pixel.mathtagmedia.com https://td.doubleclick.net https://www.bitgetapp.com https://www.bitgetapps.com https://pixel.mathtag.com https://*.bitget.com https://*.revolut.com https://*.multiexc.com https://*.thedecard.com https://forms-prod.sprinklr.com https://thedecard.com https://pre.ssqhome.top https://ssqhome.top https://checkout.volt.io https://openapi-uatdcd.com https://openapi-thedecard.com https://khipu.com https://checkout.pagsmile.com https://gateway.kashio.com.pe https://apiin.monnetpayments.com https://pmt-01.etpayment.com https://registro.pse.com.co https://secure-checkout.payvalida.com https://api.openpay.co https://s.tradingview.com https://insight.adsrvr.org;frame-ancestors 'self' https://ramp.osl-pay.com https://*.bitgetpro.site https://xdreampay.com https://forms-prod.sprinklr.com;report-uri /v1/buried/log/cspSecurity; 4 default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 4 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: ; 4 frame-ancestors 'self' https://*.ensineme.com.br https://*.estacio.br https://*.yduqs.com.br https://*.wyden.com.br https://*.ibmec.br https://*.idomed.com.br https://*.damasio.com.br 4 frame-ancestors experience.adobe.com service.experiencecloud.adobe.com scandichotelsab.experiencecloud.adobe.com 4 default-src * data: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self'; 4 frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com https://fuse-event.com farapulse.stage.apps.bsci.com eligibility.farapulse.com www.relievant.com www.intracept.com relievantstage.wpengine.com https://urologynation.com https://urologynationsandbox.skipta.com; frame-src 'self' blob: https:; default-src 'self' 'unsafe-inline' blob: https:; font-src 'self' https: data:; script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; connect-src 'self' wss: data: https: blob:; 4 frame-ancestors self https://*.wayfair.com https://*.wayfair.ca https://*.wayfair.co.uk https://*.wayfair.de https://*.wayfair.ie https://*.jossandmain.com https://*.allmodern.com https://*.birchlane.com https://*.perigold.com 4 connect-src * ; default-src 'self' *.gs.com:* *.cft.gs:* data: blob: ; frame-ancestors 'self' *.gs.com:* *.cft.gs:* ; img-src 'self' *.gs.com:* *.cft.gs:* https://images.ctfassets.net 'unsafe-inline' https://consent.trustarc.com data: blob: ; font-src https://consent.trustarc.com 'self' *.gs.com:* *.cft.gs:* data: ; script-src 'self' *.gs.com:* *.cft.gs:* ; worker-src 'self' *.gs.com:* *.cft.gs:* blob: data: ; style-src 'self' 'unsafe-inline' *.gs.com:* *.cft.gs:* ; media-src 'self' *.gs.com:* *.cft.gs:* data: blob: https://media-gsam.akamaized.net/ ; frame-src 'self' *.gs.com:* *.cft.gs:* *.gsam.com:* https://consent-pref.trustarc.com/ https://na-ab44.marketo.com/ https://*.jiji.com https://tools.euroland.com https://tools.eurolandir.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://na-ab44.marketo.com https://unpkg.com https://gateway.zscalerthree.net https://ds-aksb-a.akamaihd.net https://s.go-mpulse.net ; style-src-elem 'self' 'unsafe-inline' https://na-ab44.marketo.com https://unpkg.com https://login.idfs.gs.com https://cdn.gs.com 4 frame-ancestors 'self' *.backushospital.org *.charlottehungerford.org *.ctorthoinstitute.org *.ctorthomidstate.org *.ctorthostvincents.org *.hartfordhealthcare.org *.hartfordhealthcare.org *.hartfordhealthcareathome.org *.hartfordhealthcaremedicalgroup.org *.hartfordhealthcarerehabnetwork.org *.hartfordhospital.org *.hartfordhospital.org *.hhcandme.com *.hhcbehavioralhealth.org *.hhcconnect.com *.hhcconnect.net *.hhcconnect.org *.hhchealth.com *.hhchealth.net *.hhchealth.org *.hhcseniorservices.org *.hhcsystem.org *.instituteofliving.org *.integratedcarepartners.org *.midstatemedical.org mychartplus.org *.mychartplus.org *.natchaug.org *.rushford.org *.stvincents.org *.thocc.org 4 frame-ancestors intapp.seismic.com intapp.com www.intapp.com seismic.com www.seismic.com intapp.wpengine.com intapp.gcs-web.com investors.intapp.com; 4 default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 4 media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' *.onlinereservationsystems.com; 4 default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://*.addsearch.com https://*.searchcdn.com https://d20vwa69zln1wj.cloudfront.net https://www.google-analytics.com https://www.googleanalytics.com https://*.outbrain.com https://snap.licdn.com https://assets.apollo.io https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://www.youtube.com https://apollo.io https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://cta-service-cms2.hubspot.com https://tagmanager.google.com https://www.gstatic.com https://bat.bing.com https://*.omappapi.com https://widget.manychat.com https://app.calculatorstudio.co https://cdn.userway.org https://static.oktopost.com https://okt.rapyd.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.addsearch.com https://*.searchcdn.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://*.omappapi.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.userway.org; img-src 'self' https: data: blob:; connect-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://aplo-evnt.com https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://api.hubapi.com https://*.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://*.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.omappapi.com https://app.vwo.com https://api.userway.org https://cdn.userway.org https://*.api.userway.org; font-src 'self' data: https://fonts.gstatic.com https://cdn.userway.org; frame-ancestors 'self' https://www.google.com https://grid.is https://www.rapyd.is; frame-src https://www.rapyd.net https://*.outbrain.com https://td.doubleclick.net https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com https://www.googleoptimize.com https://www.youtube.com https://apollo.io https://s-eu1.hscta.net https://no-cache.hubspot.com https://*.hs-sites-eu1.com https://*.hs-sites.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.googletagmanager.com https://app.calculatorstudio.co https://cdn.userway.org 4 block-all-mixed-content; default-src 'self' blob: https://*.wistia.com https://*.wistia.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.googletagmanager.com cdn.cookielaw.org *.sdworx.com *.pardot.com a458c8fcc5c8447d898446e84c87217b.js.ubembed.com www.google-analytics.com assets.ubembed.com cdn.landbot.io connect.facebook.net *.clarity.ms bat.bing.com snap.licdn.com *.firebaseio.com www.googleoptimize.com *.googleapis.com https://assets.calendly.com https://web103.reachmee.com https://tracking.intentsify.io https://secure.norm0care.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://static.landbot.io https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://secure.agile-company-365.com https://cdn.leadinfo.net https://form.jotform.com https://*.hotjar.com https://optimize.google.com my.visme.co https://*.skedify.io *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://app.readpeak.com/js/rpa.js https://sdworx.stackbase.nl/ https://tags.inzynk.io/6ol4roju/iztag.js https://*.inzynk.io https://vercel.live/ https://webeo-web-content.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net https://ldynamicspublicapi.leadforensics.com https://secure.intelligent-business-7.com https://vercel.live https://va.vercel-scripts.com/v1/speed-insights/script.debug.js https://plugin.skedify.io https://*.sleeknote.com px.ads.linkedin.com/ *.convertexperiments.com https://bat.bing.net https://sdworx-payhr.co.uk/ https://cdn.dmsales.com https://analytics.greensender.pl https://cdn.jotfor.ms https://d-code.liadm.com/ https://*.vector.co https://*.usbrowserspeed.com https://*.ip-api.com https://*.pexipengage.com https://*.lfeeder.com https://*.leadfeeder.com https://tags.sdworx.com https://*.wistia.com https://*.wistia.net http://*.wistia.com http://*.wistia.net https://src.litix.io https://*.sentry-cdn.com/; style-src 'self' 'report-sample' 'unsafe-inline' data: *.typekit.net fonts.googleapis.com cdn.landbot.io *.googletagmanager.com https://assets.calendly.com https://plugin.skedify.io https://*.hotjar.com https://optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://vercel.live https://*.sleeknote.com https://fonts.googleapis.com https://cdn.jotfor.ms https://tags.sdworx.com https://fast.wistia.com; img-src 'self' data: blob: *.typekit.net cdn.cookielaw.org fonts.gstatic.com www.google-analytics.com *.googleapis.com https://px.ads.linkedin.com www.linkedin.com bat.bing.com www.facebook.com p.adsymptotic.com https://*.ads.linkedin.com https://*.gstatic.com https://assets.calendly.com i.ytimg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://develop-sr3snxi-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://country-cms.prd.sdworx.com https://*.hotjar.com https://optimize.google.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws *.sleeknote.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://c.clarity.ms https://webeo-web-content.s3-eu-west-1.amazonaws.com https://vercel.live https://vercel.com https://development-q5nzhaa-srgqxffdos4hk.eu-5.platformsh.site https://acceptance-yfiuy3a-srgqxffdos4hk.eu-5.platformsh.site https://sdworx-lms-cms.prd.reference.be https://strgeuwaccsdworxlearning.blob.core.windows.net https://static.landbot.io https://www.sdworx.com https://strgeuwprdsdworxlearning.blob.core.windows.net https://cdne-euw-acc-ext-sdworxlearning.azureedge.net https://cdne-euw-dev-ext-sdworxlearning.azureedge.net https://cdne-euw-prd-ext-sdworxlearning.azureedge.net blob: sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com https://lms-cms.prd.sdworx.com https://bat.bing.net https://sdworx-payhr.co.uk/ https://www.dmsales.com https://analytics.greensender.pl https://cdn.jotfor.ms https://*.sdworx.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.convertexperiments.com https://collector.leadinfo.net https://*.lfeeder.com https://*.leadfeeder.com https://tags.sdworx.com https://*.wistia.com https://*.wistia.net; font-src 'self' data: fonts.googleapis.com use.typekit.net https://use.typekit.net https://fonts.gstatic.com cdn.landbot.io https://*.hotjar.com *.sleeknote.com https://vercel.live https://assets.vercel.com https://cdn.jotfor.ms https://*.wistia.com https://*.wistia.net; connect-src 'self' *.typekit.net fonts.gstatic.com *.onetrust.com *.googleapis.com cdn.cookielaw.org googleads.g.doubleclick.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.pardot.com *.landbot.io *.sdworx.com *.clarity.ms wss://*.firebaseio.com *.firebaseio.com *.analytics.google.com https://*.algolia.net https://*.algolianet.com https://*.apm.eu-west-1.aws.cloud.es.io https://cdn.linkedin.oribi.io https://idx.liadm.com https://www.facebook.com https://ldynamicspublicapi.leadforensics.com https://collector.leadinfo.net https://api.leadinfo.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://a458c8fcc5c8447d898446e84c87217b.events.ubembed.com https://bat.bing.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws cdnjs.cloudflare.com *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://px.ads.linkedin.com/wa/ https://sdworx.stackbase.nl/ px.ads.linkedin.com/ https://ldynamicspublicapi.leadforensics.com https://vercel.live wss://ws-us3.pusher.com https://*.ingest.sentry.io https://*.sleeknote.com *.convertexperiments.com https://*.inzynk.io https://bat.bing.net https://sdworx-payhr.co.uk/ https://*.leadinfo.net https://eu-api.jotform.com https://pro.ip-api.com/ https://api.vector.co/ https://*.google-analytics.com https://*.googletagmanager.com https://tags.sdworx.com https://*.litix.io https://*.wistia.com https://*.wistia.net http://*.wistia.com http://*.wistia.net https://*.algolia.net https://*.sentry-cdn.com/; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/ https://eu-submit.jotform.com; frame-src https://player.springcast.app/ *.firebaseio.com https://*.hotjar.com https://calendly.com go.sdworx.com https://www.youtube.com https://www.youtube-nocookie.com https://trainings.sdworx.de https://datawrapper.dwcdn.net https://survey.sdworx.com https://web103.reachmee.com https://www.videoask.com https://embed.acast.com https://a458c8fcc5c8447d898446e84c87217b.pages.ubembed.com https://www.google.com https://outlook.office365.com https://www.sd.be https://optimize.google.com https://form.jotform.com https://www.facebook.com my.visme.co https://eu-submit.jotform.com/ https://*.skedify.io *.sleeknote.com onsite-subscribe.getdrip.com app.vwo.com *.visualwebsiteoptimizer.com https://iswebb.com/ https://td.doubleclick.net/ https://vercel.live/ https://www.googletagmanager.com/ https://sdworx-payhr.co.uk/ https://forms.office.com/ https://widgets-cache.jotform.io https://www.jotform.com https://*.sdworx.com https://*.ivoox.com https://*.pexipengage.com https://tags.sdworx.com https://fast.wistia.com https://www.calculatorvenituri.ro/ https://fast.wistia.com https://fast.wistia.net; worker-src 'self' blob:; media-src 'self' https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://develop-sr3snxi-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://country-cms.prd.sdworx.com https://lms-cms.prd.sdworx.com https://*.wistia.com, https://*.wistia.net; frame-ancestors 'none'; object-src 'none' 4 frame-ancestors https://sc10cm https://rg-sitecore-website-qa-330340-single.azurewebsites.net https://web-ih-sc-tst-cd-wus2.azurewebsites.net https://web-ih-sc-prd-cm-wus2.azurewebsites.net https://intermountain.dev.local https://intermountainhealth.formstack.com 4 object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca *.arcgis.com 4 default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: beta.career.io *.beta.career.io career.io *.career.io careercenter.intent-usa.com *.careercenter.intent-usa.com careerio.careerminds.com *.careerio.careerminds.com careerio.topresume.com *.careerio.topresume.com cv.dk *.cv.dk cvapp.ar *.cvapp.ar cvapp.bg *.cvapp.bg cvapp.cl *.cvapp.cl cvapp.cz *.cvapp.cz cvapp.de *.cvapp.de cvapp.es *.cvapp.es cvapp.fi *.cvapp.fi cvapp.fr *.cvapp.fr cvapp.gr *.cvapp.gr cvapp.hu *.cvapp.hu cvapp.ie *.cvapp.ie cvapp.it *.cvapp.it cvapp.mx *.cvapp.mx cvapp.no *.cvapp.no cvapp.nz *.cvapp.nz cvapp.ro *.cvapp.ro cvapp.rs *.cvapp.rs cvapp.vn *.cvapp.vn cveasy.pl *.cveasy.pl cvkungen.se *.cvkungen.se cvster.nl *.cvster.nl lebenslaufapp.at *.lebenslaufapp.at lebenslaufapp.ch *.lebenslaufapp.ch onlinecurriculo.com.br *.onlinecurriculo.com.br onlinecurriculo.pt *.onlinecurriculo.pt resume-test.io *.resume-test.io resume.io *.resume.io resume.io *.resume.io resumeapp.co.kr *.resumeapp.co.kr rirekisho.jp *.rirekisho.jp widget.resume.io *.widget.resume.io ust.stape.io *.ust.stape.io; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 4 frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com carltoncards.ca *.papyrusonline.com *.facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com *.contentstack.com papyrus-develop.go-vip.net papyrus-preprod.go-vip.net papyrus.go-vip.net homeiswherethemanais.webflow.io holidayhouse.teremana.com 4 frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl http://*.odido.nl https://*.odido.nl 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 4 default-src 'self'; img-src 'self' https://ak-d.tripcdn.com/images/05E1412000cmevvp5D2FE.png; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://use.fontawesome.com; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; font-src https://fonts.gstatic.com https://use.fontawesome.com; frame-ancestors 'none'; 4 frame-ancestors 'self' mijn.hosting.nl 4 default-src 'self' data: https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net https://consentcdn.cookiebot.com https://consent.cookiebot.com http://localhost:* ws://localhost:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://as.stock3.com https://track.adform.net https://s1.adform.net https://s2.adform.net https://code.createjs.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://feed.goldencross.de https://cdn.adspirit.de https://kerlundcie.adspirit.de https://ad.doubleclick.net https://s0.2mdn.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagservices.com; connect-src https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com https://crypto.donaucapital.de wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net http://localhost:* ws://localhost:* https://track.adform.net https://googleads4.g.doubleclick.net https://pagead2.googlesyndication.com https://ade.googlesyndication.com; style-src 'unsafe-inline' 'self' https://is.stock3.com https://data.boerse-go.de https://api.stock3.com https://s1.adform.net https://s2.adform.net https://fonts.googleapis.com; frame-src https://account.stock3.com 'self' https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://tradematch.sgmarkets.com https://open.spotify.com https://embed.podcasts.apple.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://c1.adform.net https://cdn.adspirit.de https://s0.2mdn.net https://tpc.googlesyndication.com https://c.bannerflow.net; img-src 'self' https: data: blob: *.googleusercontent.com http://localhost:* ws://localhost:*; font-src 'self' https://fonts.gstatic.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net secure.payu.com script.hotjar.com static.hotjar.com js.stripe.com chat.dropped.net.pl widget.trustpilot.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl; 4 font-src 'self' data:; 4 img-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.usabilla.com http://*.usabilla.com https://*.newrelic.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io https://cdn.wisepops.com https://*.quantserve.com https://*.livechatinc.com https://flightcentre.r-cubed.co.uk https://rules.quantcount.com https://*.criteo.com https://code.jquery.com https://*.creativecdn.com https://*.rokt.com https://*.mypurecloud.com.au https://s.yimg.com https://sp.analytics.yahoo.com *.feroot.com https://*.taboola.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://register.feefo.com https://cdn.cookielaw.org https://d6tizftlrpuof.cloudfront.net; connect-src https://*.fcl.cloud wss://*.fcl.cloud https://*.flightcentre.com https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://*.fclmedia.com https://fcl-sydney-geo-7.ent.ap-southeast-2.aws.found.io https://flowise-dev.dse.fctg.global https://*.launchdarkly.com https://*.optimizely.com *.nr-data.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.google.ca https://*.google.co.nz https://*.google.co.za https://*.google.co.uk https://*.evergage.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://analytics.pangle-ads.com https://*.pinterest.com https://*.linkedin.com https://*.outbrain.com https://*.g.doubleclick.net https://wisepops.net https://*.wisepops.com https://*.feefo.com https://cdn.cookielaw.org https://developer.livehelpnow.net https://*.snapchat.com https://www.facebook.com https://bat.bing.com https://bat.bing.net https://*.onetrust.com https://flightcentre.r-cubed.co.uk https://adservice.google.com https://www.google.com https://analytics.google.com https://www.googleadservices.com https://*.browser-intake-datadoghq.com https://*.criteo.com https://*.usabilla.com https://*.creativecdn.com https://*.mypurecloud.com.au wss://*.mypurecloud.com.au https://*.salesforce.com https://d1nojfewl3tku3.cloudfront.net/assets https://maps.googleapis.com https://s.yimg.com *.feroot.com https://insight.adsrvr.org https://*.taboola.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; font-src https: blob: data:; frame-ancestors 'self'; report-uri /api/csp_report 4 base-uri none; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://*.trustarc.com https://uk.personalcard.net https://www.facebook.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://es6-elasticapm.kbc.be https://es6-elasticapm-a.kbc.be https://onesignal.com https://*.googleapis.com https://www.google.com https://adservice.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.adobe.com https://viewlicense.adobe.io https://*.adobedc.net https://adobedc.demdex.net http://localhost:8443 https://x9y-p.local.intapp.eu/ https://d36ygvu01nuobw.cloudfront.net https://*.komgo.io; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://*.adobedc.net; default-src 'self'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.googleapis.com https://fonts.gstatic.com https://*.trustarc.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbc-group.com https://*.kbcgroup.eu https://*.adobe.com; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://*.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://img.youtube.com https://youtu.be https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net https://refini.tv https://product.datastream.com https://d36ygvu01nuobw.cloudfront.net https://*.komgo.io; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: filesystem: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kbc-group.com https://*.24plus.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.google.com/pagead/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com https://player.hihaho.com/ https://documentservices.adobe.com/ https://uk.personalcard.net https://d36ygvu01nuobw.cloudfront.net https://*.komgo.io; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://cdn.tt.omtrdc.net https://*.googleapis.com https://uk.personalcard.net https://d36ygvu01nuobw.cloudfront.net https://*.komgo.io; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cdn.tt.omtrdc.net https://*.googleapis.com; worker-src 'self' blob: 4 base-uri 4 default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline'; 4 default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 4 default-src *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self' ; img-src 'self' data: https:; font-src 'self' data: * https://fonts.gstatic.com; connect-src 'self' *; media-src * data: https:; base-uri 'self'; 4 worker-src blob:;default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://go.to.peoplefluent.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com https://td.doubleclick.net https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.g2.com https://*.ubembed.com https://js.storylane.io https://peoplefluent.storylane.io;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://www.youtube.com https://*.brilliantlocco.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.ubembed.com https://*.g2.com https://jscloud.net https://js.storylane.io https://peoplefluent.storylane.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://cdn.inspectlet.com https://go.to.peoplefluent.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.brilliantlocco.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://*.ubembed.com https://js.storylane.io https://peoplefluent.storylane.io;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net https://fonts.gstatic.com https://js.storylane.io https://peoplefluent.storylane.io;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://js.storylane.io https://peoplefluent.storylane.io;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.clarity.ms https://c.bing.com https://*.clarity.ms https://*.brilliantchap.com https://i.ytimg.com https://googleads.g.doubleclick.net https://*.brilliantlocco.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://www.googleadservices.com https://bat.bing.net https://js.storylane.io https://peoplefluent.storylane.io https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.ubembed.com https://*.g2.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://js.storylane.io https://peoplefluent.storylane.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://go.to.peoplefluent.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://adservice.google.com https://*.google.com https://cdn.linkedin.oribi.io https://s.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.api.sanity.io https://px.ads.linkedin.com https://*.brilliantlocco.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.propensity.com https://*.js.ubembed.com https://*.ubembed.com https://*.g2.com https://*.ubembed.com https://www.googleadservices.com https://bat.bing.net https://jscloud.net https://js.storylane.io https://peoplefluent.storylane.io 4 object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 4 default-src 'none'; script-src 'self' 'sha256-LhgjEUDTB5uVcQPxB7ClpuZyNmHM6EsxG6GFSRQyGrM='; img-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://files2.bovision.se https://mb.cision.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.se https://9848475f-428b-4380-8d26-dfe74eb251f7.at.rivsec.eu; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net https://qcnl.tv; connect-src 'self' https://*.demdex.net https://cm.everesttech.net https://feed.jobylon.com https://publish.ne.cision.com https://handelsbanken-marknadsinformation.se https://assets.adobedtm.com https://*.handelsbanken.se https://*.handelsbanken.no https://*.handelsbanken.nl https://*.handelsbanken.com https://*.handelsbanken.co.uk https://*.qbrick.com:443 https://qcnl.tv; style-src 'self' 'unsafe-inline'; frame-src https://assets.adobedtm.com https://handelsbanken-marknadsinformation.se *.demdex.net *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com handelsbanken.fondlista.se secure.msse.se www.efn.se borsrum.episerverhosting.com shbfxcalc.millistream.com mws-2.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com cphspk01.shbmain.shb.biz irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com qcnl.tv; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 4 default-src * https: data: 'unsafe-inline' 'unsafe-eval'; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://players.brightcove.net/ https://www.recaptcha.net https://www.gstatic.com https://js-agent.newrelic.com https://pi.pardot.com https://www.youtube.com https://in2.taskanalytics.com https://bam.nr-data.net https://snap.licdn.com https://googleads.g.doubleclick.net https://info.weareplanet.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://tag.demandbase.com https://j.6sc.co https://tracking.g2crowd.com https://connect.facebook.net https://tpc.googlesyndication.com https://cdn.weglot.com/weglot.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com maps.googleapis.com; frame-ancestors 'self'; report-uri https://www.weareplanet.com/report-uri/enforce 4 frame-ancestors 'self' http://dezshira.in/ http://www.dezshira.com/ https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.middleeastbriefing.com/ 4 font-src *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.googleapis.com *.gstatic.com *.cloudinary.com *.fontawesome.com https://fonts.bunny.net *.typekit.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.facebook.com attn.tv taboola.com maps.google.com maps.googleapis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com cloudinary.com *.cloudinary.com blob: https://media.knfilters.com *.pricespider.com *.powerreviews.com https://cookie-cdn.cookiepro.com bat.bing.com *.facebook.com *.facebook.net adservice.google.com adsrvr.org insight.adsrvr.org s.amazon-adsystem.com attn.tv *.doubleclick.net *.taboola.com *.visualwebsiteoptimizer.com maps.gstatic.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.cookiepro.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.afterpay.com *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.vimeo.com unpkg.com https://media.knfilters.com *.cloudflare.com *.pricespider.com https://api.tiles.mapbox.com *.webeyez.com *.powerreviews.com https://cookie-cdn.cookiepro.com bat.bing.com connect.facebook.net ct.pinterest.com s.pinimg.com *.adsrvr.org advisor.com s.amazon-adsystem.com events.attentivemobile.com cdn.attn.tv cdn.b0e8.com cdn.bc0a.com script.crazyegg.com https://www.googletagmanager.com/ munchkin.marketo.net 990-nkx-292.mktoresp.com www.mczbf.com *.taboola.com *.visualwebsiteoptimizer.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.cookiepro.com https://mpsnare.iesnare.com optanon.blob.core.windows.net static.cloudflareinsights.com *.searchatlas.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.afterpay.com/ *.afterpaycdn.com *.squarecdn.com *.cash.app *.sharethis.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cloudinary.com *.cloudinary.com *.googleapis.com unpkg.com *.fontawesome.com *.pricespider.com *.powerreviews.com https://api.tiles.mapbox.com *.taboola.com b0e8.com *.crazyegg.com cdn.jsdelivr.net *.visualwebsiteoptimizer.com https://static.klaviyo.com https://fonts.bunny.net *.cookiepro.com *.klaviyo.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.afterpay.com *.afterpay-beta.com *.afterpaycdn.com *.squarecdn.com *.cash.app api.lab.amplitude.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com cloudinary.com *.cloudinary.com *.cloudflare.com *.pricespider.com wss://*.pricespider.com https://*.mapbox.com *.webeyez.com *.powerreviews.com https://cookie-cdn.cookiepro.com bat.bing.com *.facebook.com ct.pinterest.com *.adsrvr.org events.attentivemobile.com *.attn.tv b0e8.com bc0a.com *.crazyegg.com *.doubleclick.net https://www.googletagmanager.com/ marketo.net 990-nkx-292.mktoresp.com www.mczbf.com *.taboola.com *.visualwebsiteoptimizer.com get.geojs.io api.ipify.org ixfd-api.bc0a.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cookiepro.com https://mpsnare.iesnare.com optanon.blob.core.windows.net geolocation.onetrust.com static.cloudflareinsights.com *.searchatlas.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://www.knfilters.com/kn-csp/report/index; base-uri 'self' 'unsafe-inline'; 4 upgrade-insecure-requests; default-src 'self' https://*.canadalife.com; connect-src 'self' https://*.canadalife.com https://*.greatwestlife.com https://www.google-analytics.com https://pdx-col.eum-appdynamics.com https://greatwestlife.sc.omtrdc.net https://dpm.demdex.net https://maps.googleapis.com https://greatwestlife.tt.omtrdc.net https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://*.qualtrics.com https://*.tt.omtrdc.net https://analytics.google.com https://ct.pinterest.com https://*.force.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.gwl.bz https://*.mouseflow.com https://edge.adobedc.net https://analytics.tiktok.com https://*.onetrust.com https://cdn.cookielaw.org https://cookies-data.onetrust.io https://pagead2.googlesyndication.com https://www.tickertech.com https://lifeco--fit.sandbox.my.site.com https://lifeco--mop.sandbox.my.site.com https://lifeco.my.site.com https://lifeco--ecrmagent.sandbox.my.site.com https://*.ads.linkedin.com; script-src 'self' 'unsafe-eval'; script-src-attr 'unsafe-hashes' 'sha256-s03MppK+yldqebQIUHl/a3rnlThCtQkSXSmmZOF3+F4=' 'sha256-8lDeP0UDwCO6/RhblgeH/ctdBzjVpJxrXizsnIk3cEQ='; script-src-elem 'self' 'sha256-rxbB0dwoVgxFLovO+2QdlowWXjNRQqQ2N+l1eql3idk=' 'sha256-FBNK2rdRWFlHdRsYGZZBmuYu5+CkAl+Wn1JoYWqrksM=' 'sha256-F4BYc9lsI/Vrx9C9i80ixfUTjvillF19Ozmb78mybec=' 'sha256-AQOwIQfwXmjGkJa3okk527EAh1ebFJRpTTZl+5jRXbY=' 'sha256-g2Pta/3ikSvMxquiOYn0GW46rWdTYOpxkQZQy4WkDmg=' 'sha256-KoHyQmm+D9hBDaBTR6+gxOIONQBIayKMbpsmhIC1btA=' 'sha256-aPmuEA+YTJeUe5vchynnoiv3QTQuOLlWWoFTWMZ0g1g=' 'sha256-qLzKpw2YpqphcZ2dUfDq+nZ5lHCEZFVVMQAG3QzDYFs=' 'sha256-mpui/uSvBk50FoZaT31+E4TDh6X31gDoxHjIJDzRJZg=' 'sha256-77v6+Y2oUkIbs8c4pNz/22z+7s+raZVjnYoWAy3n340=' 'sha256-E7YCGQ5MRgDfOE83WCZrO5WMF47b8DMQrCCUsSG4BZA=' 'sha256-7sAcIrWL0oWh2ze3yV6tqz1RbnGmqhIx1Qus9jRracQ=' 'sha256-M+nrL1i0jyqg3asaQwtMrGR3HewAhiK/bpVvlDbxPVA=' 'sha256-2w2VuPWkQ3e1VTwZBpAMJr/J8SGDI2TAq/lDdYX5rCM=' 'sha256-QmTlplZrwxtcIjf0Qw5pH3wwugda+oguLrKTkvZcEZg=' 'sha256-c/UuTsNI4PzkW3h2TEBTba6cHzrxCGLRLm7e7JFOMTA=' 'sha256-iyqTc3hqwkLOBdzXfypaUKkfBjoe6ISFWFJymJlkhi0=' 'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg=' 'sha256-6vmJe+REQ2uvXdOcmOA0gV2Ghe2w9VIMFQMDJ6mfiIY=' 'sha256-djABxqtTxWmFtje0qzMk5v6m47EuSHXoA7G6ISvWRcM=' 'sha256-IkjtHJi30pQL4HJunVbbOb0eddxKbzQS73A/uLX1dxc=' 'sha256-y5DfkiVFp/0+RV2R/V4+yuEwoazHEGO2dtoyyobVfMg=' 'sha256-sjwHEvEEd6LOECfafoaXLp4pSwGYpxKixkV7uzUd1mI=' 'sha256-hUAVVCKUCsvj/NRR8gA7De+28k1VzMT2WZInYuEgow4=' 'sha256-Hts4iOCYzEeuX6rdSp2aiZrU4RwBn9aQiN5om8ue+WU=' 'sha256-myEuPW+nKtNfz374HWMHz0UGYwyue8KuWk8jIG/3GeQ=' 'sha256-47hygcsCeuaz/wFDcfGceDzFRbsMCTKLzIipw5aiGI4=' 'sha256-y4f9W+6dx+NJrSoXaIp4Z68xghYiTAOTKAc+aAakarg=' 'sha256-Nj9ZkTPsRdNRP79R2LmmJ6tqxvZLVGv/R2HV0/4hAuM=' 'sha256-VSXobtrxfF6D1p+BtC9xltlwQmAVWcyRIJuSFJqFdSQ=' 'sha256-UslN52emMX/WzG5xOZW4SSmhTC38p8AM6nfHugezhSI=' https://*.canadalife.com https://*.gwl.bz https://assets.adobedtm.com https://cdn.appdynamics.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/ https://*.qualtrics.com https://dpm.demdex.net https://ad.doubleclick.net https://*.fls.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://px.ads.linkedin.com https://secure.adnxs.com https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/ https://play.vidyard.com https://p.adsymptotic.com https://www.googletagmanager.com/gtag/ https://mboxedge35.tt.omtrdc.net https://s.pinimg.com/ct/ https://ct.pinterest.com https://googleads.g.doubleclick.net https://bat.bing.com/bat.js https://bat.bing.com/p/action/11042675.js https://bat.bing.com/p/insights/t/11042675 https://www.googleadservices.com https://analytics.google.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.mouseflow.com https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://www.redditstatic.com/ads/pixel.js https://analytics.tiktok.com https://cdn.cookielaw.org https://embed.myadvocado.com https://canada-life.gitlab.io https://lifeco--fit.sandbox.my.site.com https://lifeco--mop.sandbox.my.site.com https://lifeco.my.site.com https://lifeco--ecrmagent.sandbox.my.site.com; style-src 'self' blob: 'unsafe-inline' https://*.canadalife.com https://*.gwl.bz https://*.vidyard.com https://*.qualtrics.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com https://lifeco--fit.sandbox.my.site.com https://lifeco--mop.sandbox.my.site.com https://lifeco.my.site.com https://lifeco--ecrmagent.sandbox.my.site.com; img-src 'self' data: https://*.canadalife.com https://*.gwl.bz https://*.ggpht.com https://*.googleapis.com/ https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net https://www.facebook.com https://*.qualtrics.com https://cm.everesttech.net https://*.fls.doubleclick.net https://maps.googleapis.com https://*.ads.linkedin.com https://www.linkedin.com https://ad.doubleclick.net https://secure.adnxs.com https://analytics.twitter.com https://p.adsymptotic.com https://adservice.google.com/ddm/ https://adservice.google.ca/ddm/ https://dpm.demdex.net https://maps.gstatic.com https://*.vidyard.com https://*.qualtrics.com https://www.google.ca/ads/ https://www.google.com/ads/ https://www.google-analytics.com https://www.google.com/pagead/ https://www.google.ca/pagead/ https://www.googletagmanager.com https://t.co https://s.pinimg.com/ct/ https://ct.pinterest.com https://bat.bing.com https://*.force.com https://*.salesforce-sites.com https://ca-gmtdmp.mookie1.com https://cdn.cookielaw.org https://alb.reddit.com https://www.redditstatic.com; font-src 'self' data: https://*.canadalife.com https://*.gwl.bz https://fonts.googleapis.com https://fonts.gstatic.com https://*.qualtrics.com https://*.vidyard.com; frame-src 'self' blob: https://player.vimeo.com https://play.vidyard.com https://*.gwl.bz https://*.qualtrics.com https://www.youtube.com https://www.pinterest.com https://gwl.demdex.net https://*.force.com https://www.google.com https://td.doubleclick.net https://ct.pinterest.com https://embed.myadvocado.com; child-src https://*.canadalife.com https://*.gwl.bz https://*.qualtrics.com https://greatwestlife.sc.omtrdc.net https://greatwestlife.tt.omtrdc.net; object-src 'none'; base-uri 'none'; 4 frame-ancestors https://kpmg.experiencecloud.adobe.com https://assets.kpmg.com https://kpmg.com 4 connect-src *; default-src 'self'; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4 default-src * blob: 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self'; form-action *; report-to endpoint-1 4 img-src * data:; 4 connect-src 'self' index-education.matomo.cloud cdn.matomo.cloud https://*.friendlycaptcha.com/ https://vimeo.com https://apm-web.index-education.com/ ndx.plus *.ndx.plus https://*.datatables.net https://data.geopf.fr https://*.clarity.ms;default-src 'self' *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com;frame-ancestors 'self' ;frame-src 'self' *.index-education.france https://static.scelliuspaiement.labanquepostale.fr *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.index-education.com https://app.mailjet.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self' *.index-education.france *.index-education.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' index-education.matomo.cloud cdn.matomo.cloud ndx.plus *.ndx.plus https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com *.datatables.net https://*.index-education.com https://*.bootstrapcdn.com https://app.mailjet.com https://*.clarity.ms;style-src 'self' 'unsafe-inline' ndx.plus *.ndx.plus https://static.scelliuspaiement.labanquepostale.fr *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com ndx.plus *.ndx.plus https://*.index-education.com *.index-education.net data:;worker-src 'self' blob: https://*.index-education.com;img-src 'self' https://*.index-education.com index-education.matomo.cloud cdn.matomo.cloud ndx.plus *.ndx.plus *.linkedin.com blob: data:; 4 default-src 'self' 'unsafe-inline' *.2degreesmobile.co.nz *.2degreesbroadband.co.nz *.2degrees.nz *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.lift.acquia.com *.sentry.io *.addsearch.com *.qualtrics.com *.youtube.com unpkg.com *.nice-incontact.com staticcdn.co.nz *.doubleclick.net *.google.com *.hotjar.com *.newrelic.com *.bugsnag.com *.nr-data.net *.googleadservices.com *.segment.com *.segment.io *.amplitude.com *.contentsquare.net *.youtube-nocookie.com *.rawgit.com *.licdn.com blob: wss: *.googleapis.com *.facebook.net *.fullstory.com chosen.css *.jquery.js *.visualwebsiteoptimizer.com *.vwo.com; object-src *.2degrees.nz; img-src * data: 4 frame-src 'self' https://player.vimeo.com/ https://fast.wistia.net https://www.youtube.com/ https://www.google.com/ https://forms.hsforms.com https://td.doubleclick.net https://www.googletagmanager.com/ https://scribehow.com/ https://momentivenonprofitstudy.gravitate-nucleus.com https://cbassociationresearch.gravitate-nucleus.com https://46621835.hs-sites.com/ https://k-12.wistia.com/; 4 img-src 'self' data: https: 4 default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' data: blob: edge.adobedc.net adobedc.demdex.net *.adobe.com *.adobe.io cdn.cookielaw.org assets.adobedtm.com kit.fontawesome.com ka-p.fontawesome.com munchkin.marketo.net adobedc.demdex.net snap.licdn.com *.drift.com js.driftt.com js.zi-scripts.com j.6sc.co geolocation.onetrust.com ipv6.6sc.co c.6sc.co b.6sc.co epsilon.6sense.com px.ads.linkedin.com static.cloud.coveo.com boards.greenhouse.io *.mktoresp.com ws.zoominfo.com job-boards.greenhouse.io api.company-target.com *.org.coveo.com synopsysnonproduction2yln023as.analytics.org.coveo.com *.brighttalk.com brighttalk.com js.zi-scripts.com *.blackduck.com blackduck.com players.brightcove.net *.brightcove.com manifest.prod.boltdns.net *.brightcovecdn.com googletagmanager.com *.googletagmanager.com *.google.com *.google.ca *.google.co.uk google.co.in google.com *.google-analytics.com google-analytics.com googleads.g.doubleclick.net td.doubleclick.net *.googleapis.com *.gstatic.com *.leadspace.com *.clarity.ms *.bing.com *.bing.net *.bing-int.com *.6sc.co *.6sense.co 846-esg-342.mktoutil.com *.youtube.com; 4 frame-ancestors 'self' https://*.nethealth.com https://*.therapy.nethealth.com 4 default-src https:; style-src 'self' 'unsafe-inline' https: data:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data:; frame-src *; frame-ancestors 'none'; base-uri 'self'; form-action * 4 frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 4 default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' * https://heapanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: * https://cdn.us.heap-api.com https://heapanalytics.com; img-src 'self' blob: data: * https://heapanalytics.com; connect-src 'self' blob: data: * https://c.us.heap-api.com https://heapanalytics.com; font-src 'self' blob: data: * https://heapanalytics.com; frame-ancestors 'self' https://xodo-web.sanity.studio; 4 connect-src 'self' https://*.acsbapp.com/ https://*.clarity.ms https://*.clarity.ms/ https://*.equalweb.com https://*.equalweb.com/ https://*.optimizely.com https://*.realtime.webflow.com https://*.snapchat.com/p https://*.website-files.com https://adservice.google.com https://analytics.google.com https://analytics.liftoff.io/pixel/ https://api.griffin-ww-prd.lightricks.com https://api.typeform.com/ https://api.typeform.com/single-embed/01HVKF45154PQMHD8GZ9PZA2ZW https://api.typeform.com/single-embed/01HVKFC1SWRFSXDZE422TF61ZC https://api.typeform.com/single-embed/01HYZ4MM14CHAC8B4S0925JJZE https://aplo-evnt.com/api/v1/intent_pixel/track_request https://assets-global.website-files.com https://bat.bing.com https://bg-removal.api.photoleapapp.com/api/v1/generate https://c.bing.com https://capi.facetuneapp.com https://capi.ltx.studio https://capi.ltx.video https://capi.photoleapapp.com https://capi.videoleapapp.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/25431500446.js/ https://cdn.acsbapp.com/cache/app/en.build.json https://cdn.acsbapp.com/cache/app/website-staging.videoleapapp.com/config.json https://cdn.cookielaw.org https://cdn.equalweb.com/assets/ https://cdn.equalweb.com/style/ https://cdn.jsdelivr.net/npm/@finsweet/attributes-selectcustom@1/selectcustom.js/ https://cdn.jsdelivr.net/npm/@mediapipe/tasks-vision@latest/wasm/vision_wasm_internal.wasm https://cdn.plyr.io/3.7.8/plyr.js https://cdn.plyr.io/3.7.8/plyr.svg https://cdn.prod.website-files.com https://cdn.segment.com https://cloudflareinsights.com https://editor-api.webflow.com https://errors.client.optimizely.com/log https://face-shape.facetuneapp.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net/pagead/ https://gtm.facetuneapp.com https://gtm.ltx.studio https://gtm.ltx.video https://gtm.ltx.io https://gtm.photoleapapp.com https://gtm.videoleapapp.com https://lightricks.pxf.io https://lightricks.zendesk.com/embeddable/ https://logx.optimizely.com https://ltx.studio/cdn-cgi/ https://ltx.video/cdn-cgi/ https://modest.lightricks.com/apps/ https://pagead2.googlesyndication.com/pagead/ https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://realtime.webflow.com https://rest.iad-05.braze.com/api/ https://sessions.bugsnag.com https://staging.facetuneapp.com/cdn-cgi/challenge-platform/h/b/cv/result/ https://stats.g.doubleclick.net https://storage.googleapis.com https://test-drive-20-1053047382554.us-central1.run.app/events/10b1623b4e72ebe68eb7ef4666d043962b02f8d89cec7b22053de538ceace3cc https://test.res.lightricks.com/ https://tr.snapchat.com/config/com/ https://tracking-api.g2.com/attribution_tracking/conversions/assign https://tracking-api.production.g2.com/ https://tti.photoleapapp.com/api/v1/generate https://tti.stg.photoleapapp.com/api/v1/generate https://uagw.lightricks.com https://uagw.stg.lightricks.com https://web-payment-gtm.wl.r.appspot.com https://web.facebook.com https://webflow-user-file-uploads-tmp-production.s3.amazonaws.com/ https://webflow.com/api/v1/form/ https://www.clarity.ms https://www.facebook.com https://www.facetuneapp.com/api/color-analysis-test/ https://www.facetuneapp.com/api/color-analysis/ https://www.facetuneapp.com/api/face-shape/ https://www.facetuneapp.com/cdn-cgi/ https://www.facetuneapp.com/pv https://www.google-analytics.com https://www.google.co.il/ https://www.google.com/ https://www.googletagmanager.com https://www.photoleapapp.com/cdn-cgi/ https://www.videoleapapp.com/cdn-cgi/ wss://capi.facetuneapp.com wss://capi.ltx.studio wss://capi.ltx.video wss://capi.ltx.io wss://capi.photoleapapp.com wss://capi.videoleapapp.com wss://realtime.webflow.com https://px.ads.linkedin.com https://conversionsapigateway.com https://www.googleadservices.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com/ https://cdn.jsdelivr.net/npm/@splidejs/splide@4.1.4/dist/js/splide.min.js.map https://unpkg.com/lenis@1.1.20/dist/lenis.min.js.map https://demo-1.conversionsapigateway.com/ https://mpc-prod-14-s6uit34pua-ue.a.run.app/ https://lightricks.chilipiper.com/; default-src 'self'; font-src 'self' data: https://*.website-files.com https://acsbapp.com/apps/app/dist/fonts/ https://assets.website-files.com/ https://cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://fonts.gstatic.com https://uploads-ssl.webflow.com https://use.fontawesome.com/releases/ https://use.typekit.net; form-action 'self' https://lightricks.pxf.io https://www.facebook.com/tr/; frame-ancestors 'none'; frame-src 'self' https://*.equalweb.com/ https://a24945110014.cdn-pci.optimizely.com https://a24945110014.cdn.optimizely.com https://accounts.google.com/ https://bid.g.doubleclick.net/ https://c.amazon-adsystem.com/aat/amzn.js https://cdn.embedly.com https://embedsocial.com https://form.typeform.com/ https://giphy.com https://google.com/ https://gtm.facetuneapp.com https://gtm.ltx.studio https://gtm.ltx.video https://gtm.ltx.io https://gtm.photoleapapp.com https://gtm.videoleapapp.com https://optimize.google.com https://platform.twitter.com/ https://player.vimeo.com https://s.amazon-adsystem.com/ https://td.doubleclick.net/ https://tpc.googlesyndication.com https://tr.snapchat.com/ https://twitter.com https://webflow.com/ https://www.facebook.com https://www.google.com/ https://www.instagram.com https://www.tiktok.com/ https://www.youtube.com https://lightricks.chilipiper.com/; img-src 'self' * blob: data: https://cdn.optimizely.com https://lightricks.pxf.io https://logs-01.loggly.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.ojrq.net; media-src https://*.website-files.com https://assets-global.website-files.com https://assets.website-files.com https://cdn.prod.website-files.com https://s3.amazonaws.com/webflow-prod-assets/ https://storage.googleapis.com https://uploads-ssl.webflow.com https://videos.facetuneapp.com https://videos.ltx.studio/ https://videos.ltx.video https://videos.ltx.io; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.clarity.ms https://*.equalweb.com/ https://*.optimizely.com https://*.website-files.com https://access.equalweb.com/ https://account.lightricks.com/wp-sdk/ https://acsbapp.com/apps/app/dist/js/app.js https://app-assets.website-files.com/js/jquery-3.5.1.min.dc5e7f18c8.js https://assets-global.website-files.com/ https://assets.apollo.io/micro/website-tracker/ https://assets.website-files.com https://bat.bing.com https://c.amazon-adsystem.com/aat/amzn.js https://c.bing.com https://cdn-assets-prod.s3.amazonaws.com https://cdn-public.liftoffintl.io https://cdn.cookielaw.org https://cdn.embedly.com https://cdn.equalweb.com/core/ https://cdn.finsweet.com/files/cmslibrary-v1.8.js https://cdn.jsdelivr.net/gh/studio-freight/lenis@1.0.23/bundled/lenis.min.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-animation@1/animation.esm.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-autovideo@1/autovideo.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmscore@1/cmscore.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsload@1/cmsload.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsnest@1/cmsnest.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-richtext@1/richtext.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-selectcustom@1/selectcustom.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-toc@1/toc.js https://cdn.jsdelivr.net/npm/@mediapipe/tasks-vision@latest/wasm/vision_wasm_internal.js https://cdn.jsdelivr.net/npm/@splidejs/ https://cdn.jsdelivr.net/npm/gsap@3.12.5/dist/Flip.min.js https://cdn.jsdelivr.net/npm/js-cookie@2/ https://cdn.jsdelivr.net/npm/uuid@latest/ https://cdn.jsdelivr.net/npm/vanilla-lazyload@16.1.0/ https://cdn.optimizely.com/js/ https://cdn.plyr.io/3.7.8/plyr.js https://cdn.prod.website-files.com https://cdn.prod.website-files.com/65bb6b901cb133d784d16166/js/webflow.1d27bb018.js https://cdn.prod.website-files.com/65bb6b901cb133d784d16166/js/webflow.7ee8f7d6c.js https://color-analysis.facetuneapp.com https://connect.facebook.net/ https://d3e54v103j8qbb.cloudfront.net/ https://embed.typeform.com/ https://embedsocial.com https://f4tjpw.csb.app/flip.js https://face-shape.facetuneapp.com https://fonts.googleapis.com https://google.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://gtm.facetuneapp.com https://gtm.ltx.studio https://gtm.ltx.video https://gtm.ltx.io https://gtm.photoleapapp.com https://gtm.videoleapapp.com https://js.appboycdn.com/web-sdk/ https://lib.facetuneapp.com https://lib.ltx.studio https://lib.ltx.video https://lib.ltx.io https://lib.photoleapapp.com https://lib.videoleapapp.com https://lightricks.us4.list-manage.com/subscribe/post-json https://modest.facetuneapp.com/ https://onelinksmartscript.appsflyer.com https://optimize.google.com https://optimize.google.com/optimize/inject/inject.js https://optimizely.s3.amazonaws.com https://platform.twitter.com https://platform.twitter.com/js/tweet.5b94507822be1b77b58bef86fc7cd9f7.js https://platform.twitter.com/widgets.js https://player.vimeo.com https://sc-static.net/scevent.min.js https://sf16-website- https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.js https://static.ads-twitter.com/uwt.js https://static.cloudflareinsights.com https://static.zdassets.com/ https://tagmanager.google.com https://tr.snapchat.com/config/com/ https://tracking.g2crowd.com/attribution_tracking/conversions/ https://unpkg.com/split-type https://use.typekit.net https://utt.impactcdn.com https://web-payment-gtm.wl.r.appspot.com https://webflow-local-dev.ltx.studio https://webflow-local-dev.ltx.video https://webflow-local-dev.ltx.io https://wp-sdk.facetuneapp.com https://wp-sdk.ltx.studio https://wp-sdk.ltx.video https://wp-sdk.ltx.io https://wp-sdk.photoleapapp.com https://wp-sdk.videoleapapp.com https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.tiktok.com/embed.js login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://ajax.googleapis.com https://snap.licdn.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/@splidejs/splide@4.1.4/dist/js/splide.min.js.map https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/ScrollTrigger.min.js https://cdn.equalweb.com/core/5.2.0/accessibility.js https://cdn.jsdelivr.net/npm/@finsweet/attributes@2/attributes.js https://unpkg.com/lenis@1.1.20/dist/lenis.min.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-scrolldisable@1/scrolldisable.js https://cdn.jsdelivr.net/npm/@finsweet/attributes@2/dist https://haircut.facetuneapp.com https://lightricks.chilipiper.com/ https://cdn.jsdelivr.net/gh/videsigns/webflow-tools@latest/multi-step.js; style-src 'self' 'unsafe-inline' https://*.equalweb.com/ https://*.twimg.com https://*.website-files.com https://assets-global.website-files.com https://assets.website-files.com https://cdn.jsdelivr.net/ https://cdn.prod.website-files.com https://cdn.prod.website-files.com/65bb6b901cb133d784d16166/css/ltx- https://cdn.prod.website-files.com/65bb6b901cb133d784d16166/css/ltx-studio.webflow.baa5d1ac0.min.css https://d3e54v103j8qbb.cloudfront.net/fonts/inter/ https://embed.typeform.com/ https://embedsocial.com https://fonts.googleapis.com https://optimize.google.com https://platform.twitter.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css https://use.fontawesome.com/ ow.baa5d1ac0.min.css studio.webflow.e5748a061.min.css https://www.googletagmanager.com https://unpkg.com/lenis@1.1.20/dist/lenis.css; upgrade-insecure-requests; worker-src https://cdn.jsdelivr.net; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.googletagmanager.com *.bing.com *.licdn.com *.hotjar.com *.driftt.com *.terminus.services *.demandbase.com *.doubleclick.net *.vidyard.com *.facebook.com *.facebook.net *.marketo.net *.monitor.azure.com *.googleadservices.com *.adobedtm.com analytics-sm.com *.24-astute.com *.affec.tv *.adnxs.com *.adentifi.com *.google.com *.gstatic.com *.cloudflareinsights.com *.redditstatic.com *.bat.bing-int.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.googletagmanager.com *.googleapis.com; img-src 'self' data: *.everesttech.net *.vidyard.com *.cookielaw.org *.ads.linkedin.com *.terminus-services.com *.terminus.services *.bing.com *.rlcdn.com *.google.com *.adsrvr.org *.company-target.com *.adentifi.com *.doubleclick.net *.facebook.com *.linkedin.com driftt.imgix.net *.googleadservices.com *.everesttech.net *.demdex.net *.google.ca analytics-sm.com *.go.affec.tv *.adnxs.com trkn.us *.reddit.com *.googletagmanager.com; font-src 'self' data:; connect-src 'self' wss: https:; media-src 'self' 'unsafe-inline'; frame-src 'self' *.doubleclick.net *.googletagmanager.com *.company-target.com *.driftt.com *.vidyard.com *.demdex.net *.google.com hackerone.com; 4 default-src https: wss://*.hotjar.com wss://*.qualified.com; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; child-src blob:; upgrade-insecure-requests; 4 worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://embed.cloudflarestream.com *.google.com *.gstatic.com *.googletagmanager.com *.stripe.com *.hscollectedforms.net *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hscollectedforms.net *.hsforms.net *.hsforms.com *.vimeo.com *.hs-scripts.com *.sentry.io *.freshworks.com embed.cloudflarestream.com js-agent.newrelic.com *.nr-data.net cdn.jsdelivr.net https://www.youtube.com *.b-cdn.net *.r-cdn.net; frame-src localhost *.realms.tv youtube.com *.youtube.com twitch.tv *.twitch.tv vimeo.com *.vimeo.com facebook.com *.facebook.com transistor.fm *.transistor.fm apple.com *.apple.com spotify.com *.spotify.com rumble.com *.rumble.com 1a-1791.com *.1a-1791.com *.cloudflarestream.com *.soundslice.com *.google.com *.stripe.com *.hs-sites.com *.hubspot.com *.hsforms.net *.hsforms.com *.freshdesk.com *.audent.ai https://www.youtube-nocookie.com/ https://www.youtube.com *.b-cdn.net *.r-cdn.net; frame-ancestors 'self' popdaze.com; img-src * data: blob: *.b-cdn.net *.r-cdn.net; 4 frame-ancestors *.tostadora.fr *.tostadora.co.uk *.tostadora.com *.tostadora.it *.latostadora.com tostadora.fr tostadora.co.uk tostadora.com tostadora.it latostadora.com www.latostadora.dock:* www.tostadora.fr.dock:* www.tostadora.it.dock:* www.tostadora.co.uk.dock:* www.tostadora.com.dock:* mx.latostadora.dock:*; 4 default-src 'self'; script-src 'self' 'nonce-6901f61c-f396-48f9-adea-00bfb3a560de' dnstest2.ficora.fi dnstest.traficom.fi stat.traficom.fi analytiikka.ahtp.fi; img-src 'self' data: *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; style-src 'self' 'nonce-6901f61c-f396-48f9-adea-00bfb3a560de' dnstest2.ficora.fi dnstest.traficom.fi; font-src 'self'; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; connect-src 'self' https://stat.traficom.fi analytiikka.ahtp.fi; form-action 'self' 4 frame-ancestors https://*.netinfo.bg/ 4 frame-ancestors 'self'; default-src 'self' https://*.clarity.ms https://c.bing.com https://*.webinargeek.com wss://*.liveperson.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.conversationalsdevelopment.nl wss://api.seamly-app.com wss://api.qooqie.com https://api.seamly-app.com https://*.sharethis.com https://*.visualwebsiteoptimizer.com https://useruploads.vwo.io https://app.vwo.com https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; 4 default-src 'self' 'unsafe-inline'; img-src 'self' data: 4 frame-src 'self' https://js.stripe.com https://app.aiden.cx https://api.dpdconnect.nl https://www.youtube.com https://www.obelink.be https://vars.hotjar.com https://www.facebook.com https://surfly.com https://www.google.com https://docs.google.com https://api.growthbook.io https://tcp.googlesyndication.com; 4 frame-ancestors 'self' https://portal.mapp.com; 4 default-src https: wss: 'self' *.mightycause.com api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com *.awswaf.com *.flockler.com *.hsforms.net *.thefamousgroup.com *.visualwebsiteoptimizer.com app.vwo.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' blob: nimbleswan.io static.tagboard.com *.mightycause.com api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com *.awswaf.com *.flockler.com *.hsforms.net *.thefamousgroup.com *.visualwebsiteoptimizer.com app.vwo.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net; style-src 'self' https: 'unsafe-inline' *.mightycause.com api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com *.awswaf.com *.flockler.com *.hsforms.net *.thefamousgroup.com *.visualwebsiteoptimizer.com app.vwo.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net; img-src 'unsafe-eval' https: data: blob: mediastream:; media-src https: 'self' *.mightycause.com w.chatlio.com blob:; font-src https: data: 'self' *.mightycause.com *.gstatic.com cdn.embedly.com; manifest-src 'self' *.mightycause.com; report-uri https://mightycause.report-uri.com/r/d/csp/reportOnly 4 default-src * 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors *.zywave.com *.zywave.net; img-src * data:; font-src * data:; media-src * blob:; report-uri zywave.com 4 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; img-src https: data: 4 frame-ancestors 'self' redbus.my.site.com partners.apnacomplex.com m-redbus-id.cdn.ampproject.org www.google.com www.google.co.id m.redbus.id m.redbus.my m.redbus.sg seocms.redbus.com seoplatform.redbus.com:3000; worker-src 'self' blob:; default-src 'self' firebasestorage.googleapis.com c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com h.online-metrix.net s3.rdbuz.com *.doubleclick.net graph.facebook.com *.redbus.in *.redbus.com *.googleapis.com www.google-analytics.com www.googletagmanager.com *.google.com *.google.co.in *.facebook.net www.googleadservices.com www.facebook.com recorder.sessionstack.com o2.mouseflow.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com flackr.github.io *.moengage.com dynamic.criteo.com *.newrelic.com *.sentry-cdn.com *.ttwstatic.com *.clarity.ms www.lacmp.net cdn.debugbear.com flackr.github.io redbus.my.site.com www.youtube.com stackpath.bootstrapcdn.com unpkg.com *.redbus.com *.moengage.com in.fw-cdn.com *.freshchat.com cdn.conveythis.com *.googleoptimize.com app.link cdn.branch.io beacon.riskified.com tags.tiqcdn.com cdn-akamai.mookie1.com *.firebaseio.com h.online-metrix.net *.twitter.com static.ads-twitter.com *.googletagservices.com bam.nr-data.net *.doubleclick.net maxcdn.bootstrapcdn.com *.google.com cdn.jsdelivr.net sslwidget.criteo.com static.criteo.net cdn.mouseflow.com maps.googleapis.com sg-pl.vizury.com cdnjs.cloudflare.com adservice.google.co.in ssl.google-analytics.com pagead2.googlesyndication.com www.google-analytics.com cdn.sessionstack.com www.googletagmanager.com connect.facebook.net *.googleadservices.com *.rdbuz.com *.redbus.in www.gstatic.com; img-src 'self' data: blob: unicorn.indorent.co.id tiles.stadiamaps.com iconslib.rapyd.net rbdatum.s3.amazonaws.com *.clarity.ms bs.serving-sys.com product-image.globaltix.com img.youtube.com *.makemytrip.com moe-email-campaigns.s3.amazonaws.com *.moengage.com mmt.servedbyadbutler.com servedbyadbutler.com iconslib.rapyd.net *.twitter.com gos3.ibcdn.com lh3.googleusercontent.com i.ytimg.com img.riskified.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com *.gstatic.com maps.googleapis.com *.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net www.google.co.in *.redbus.in *.google.com www.google-analytics.com ssl.google-analytics.com *.facebook.com *.rdbuz.com api.midtrans.com www.glassdoor.co.in; style-src 'self' 'unsafe-inline' blob: *.ttwstatic.com redbus.my.site.com cdn.jsdelivr.net stackpath.bootstrapcdn.com *.freshchat.com www.googletagmanager.com maxcdn.bootstrapcdn.com *.google.com cdnjs.cloudflare.com fonts.googleapis.com fonts.googleapis.com *.rdbuz.com st.redbus.in *.rdbuz.com; font-src 'self' data: maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.rdbuz.com st.redbus.in fonts.gstatic.com; frame-src 'self' gumi.criteo.com redbus.my.site.com partners.apnacomplex.com m.redbus.sg m.redbus.my *.moengage.com m.redbus.my *.freshchat.com payment.pagoefectivo.pe st.redbus.in *.twitter.com www.youtube-nocookie.com *.firebaseapp.com *.firebaseio.com www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com www.googletagmanager.com *.redbus.com h.online-metrix.net *.doubleclick.net *.vizury.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' *.moengage.com browser.sentry-cdn.com *.ingest.de.sentry.io *.clarity.ms data.debugbear.com www.lacmp.net *.redbus.my redbus.my.salesforce-scrt.com wss://tracking.yourbus.in:1031 barcode-latam.s3-ap-southeast-1.amazonaws.com cxselfhelp.s3-ap-southeast-1.amazonaws.com recorder.sessionstack.com *.moengage.com *.makemytrip.com pagead2.googlesyndication.com *.google.com *.aws.elastic-cloud.com api2.branch.io wss://rbpub.redbus.vn wss://rbpub.redbus.com *.googleapis.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com www.google-analytics.com *.facebook.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:; worker-src blob: https:; 4 default-src 'self' https://geodis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com unpkg.com *.cloudflare.com cdn.jsdelivr.net *.smart-tribune.com polyfill.io cdn.cookielaw.org tag.aticdn.net *.googleapis.com *.adroll.com snap.licdn.com *.optimonk.com connect.facebook.net *.newrelic.com *.pardot.com bat.bing.com hcaptcha.com crm.geodis.com *.iti-maps.fr lex.33across.com static.hotjar.com script.hotjar.com www.gstatic.com matomojs.trackify.info *.extranet.geodis.org polyfill-fastly.io googleads.g.doubleclick.net www.googleadservices.com analytics.geodis.com analytics.intranet.geodis.org; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com *.smart-tribune.com https://cdn.jsdelivr.net uloga.github.io www.gstatic.com analytics.intranet.geodis.org; img-src * 'self' 'unsafe-inline' https://geodis.com data: www.googletagmanager.com https://geodis.widen.net https://server.arcgisonline.com *.widencdn.net *.xiti.com https://cdn.cookielaw.org https://www.google.com *.smart-tribune.com https://maps.gstatic.com *.ads.linkedin.com www.google.fr *.adroll.com pixel.rubiconproject.com sync.outbrain.com dsum-sec.casalemedia.com image2.pubmatic.com sync.taboola.com eb2.3lift.com www.facebook.com www.google.pl bat.bing.com www.google-analytics.com px.ads.linkedin.com www.google.be; media-src 'self' https://geodis.com https://geodis.widen.net *.widencdn.net; frame-src 'self' https://www.youtube.com geodis.widen.net cf-store.widencdn.net cf-store.widencdn.net newassets.hcaptcha.com *.doubleclick.net x.adroll.com *.googletagmanager.com; frame-ancestors 'self' https://sites-ms.lumapps.com https://dwp.geodis.com https://wishes.geodis.com; font-src 'self' data: *.smart-tribune.com fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net github.com unpkg.com; connect-src 'self' geodis.com *.google.com adservice.google.com *.smart-tribune.com cdn.cookielaw.org www.google-analytics.com *.doubleclick.net *.onetrust.com maps.googleapis.com *.optimonk.com *.analytics.google.com bam.nr-data.net cdn.linkedin.oribi.io *.hcaptcha.com bat.bing.com bat.bing.net px.ads.linkedin.com www.google.fr analytics.google.com www.google.pl *.google.com www.google.ca region1.analytics.google.com *.analytics.google.com www.google.com.mx www.google.co.uk www.google.sk stats.g.doubleclick.net www.google.ae vc.hotjar.io metrics.hotjar.io *.hotjar.io wss://ws.hotjar.com www.google.de www.google.co.nz www.google.bg www.google.es *.extranet.geodis.org google.com unpkg.com region1.google-analytics.com analytics.geodis.com *.googlesyndication.com; upgrade-insecure-requests 4 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https:; object-src 'none'; 4 base-uri 'self'; object-src 'none'; script-src 'self' 'nonce-k2iiDLex0wPdtnKdFO8zYg==' 'sha256-dJSGrQqWOkW5FV1SxGz9aOITy27r7Kju9n/YZzkcTrQ=' 'nonce-yaeUDtMCkSdVIRgnAIJUdA=='; style-src 'self' 'nonce-k2iiDLex0wPdtnKdFO8zYg==' 'sha256-lGnbjdq0KvUx7UAmUJO6Rl+EpfroIiDR8uMvdHzuo98=' 'nonce-AbQ5EBivZKsegLxjd4JqoQ=='; report-to csp 4 default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 4 frame-ancestors 'self' https://*.scoalaintuitext.ro https://*.intuitext.com https://*.intuitext.ro https://assessment-player.intuitext.com 4 frame-ancestors 'self'; report-uri https://reuters.report-uri.com/r/t/csp/enforce; report-to report-uri 4 base-uri 'self'; object-src 'self'; frame-ancestors 'self' 4 frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 4 frame-ancestors 'self' https://app.kontent.ai; 4 connect-src 'self' https: wss:; default-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' blob:; script-src https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 4 default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.nakanohito.jp *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org *.ddev.site *.friendlycaptcha.com cdn.jsdelivr.net px.ads.linkedin.com snap.licdn.com data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com *.hcaptcha.com; frame-ancestors 'self' https://*.wibu.com at.alicdn.com; worker-src blob:; 4 upgrade-insecure-requests; script-src * 'unsafe-inline' 'unsafe-eval' blob:; object-src *; frame-ancestors 'self' www.vliz.be vliz.be form.vliz.be www.omes-monitoring.be omes-monitoring.be; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.orsted.com *.azureedge.net orsted.com.au *.app.cookieinformation.com *.euroland.com *.eurolandir.com cdn.appdynamics.com *.eum-appdynamics.com *.googletagmanager.com *.gstatic.com *.googleoptimize.com www.googleadservices.com *.googleapis.com *.bing.com *.doubleclick.net *.t.co *.pardot.com *.youtube.com *.linkedin.com *.twitter.com *.globenewswire.com *.23video.com delivery.twentythree.com orsted.containers.piwik.pro orsted.piwik.pro *.crazyegg.com unpkg.com cs.lf-discover.com *.puzzel.com *.arcgis.com code.jquery.com *.lfeeder.com orsted-global-graduate-programme.simplecast.com omny.fm cdnjs.cloudflare.com *.bootstrapcdn.com *.defgo.com *.defgo.net *.vimeo.com presscloud.com *.ritzau.dk *.simplecast.com *.elnet.danskenergi.dk *.sli.do *.audioboom.com *.licdn.com *.adsrvr.org *.soundcloud.com *.google.com *.google.com.my *.google.nl *.google.dk *.facebook.net; 4 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https: ; worker-src 'self' blob: ; media-src 'self' blob: https: ; frame-ancestors 'self' https: ; 4 base-uri 'self'; connect-src 'self' blob: data: https://*.applicationinsights.azure.com https://matomo.dekra.bawue.com https://*.clarity.ms https://c.bing.com https://*.g.doubleclick.net https://dekra-dev-search-api.e-spirit.cloud https://dekra-search-api.e-spirit.cloud https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://maps.googleapis.com https://*.googletagmanager.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://*.linkedin.com https://api.newsletter2go.com https://*.snapengage.com https://bat.bing.net https://bat.bing.com https://mapsresources-pa.googleapis.com https://aorta.clickagy.com https://hemsync.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com https://*.zkcdn.net https://*.doubleclick.net https://*.crwdcntrl.net https://*.adobedtm.com https://webforms-live-qa.dekra.com; default-src 'self'; manifest-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; form-action 'self'; frame-ancestors 'self' https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting; frame-src 'self' https://*.doubleclick.net https://*.googletagmanager.com https://vars.hotjar.com https://player.vimeo.com https://www.youtube.com https://v.qq.com https://hemsync.clickagy.com https://dekracloud.sharepoint.com https://global.frcapi.com https://eu.frcapi.com; img-src 'self' data: https://*.baidu.com https://*.bing.com https://*.clarity.ms https://media.dekra.com https://media-test.dekra.com https://*.g.doubleclick.net https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://maps.gstatic.com https://*.hotjar.com https://px.ads.linkedin.com https://*.snapengage.com https://i.ytimg.com https://twin-iq.kickfire.com https://bat.bing.net https://bat.bing.com; media-src https://dekra-media.e-spirit.cloud https://dekradev-media.e-spirit.cloud https://dekraqa-media.e-spirit.cloud https://dekraprod-media.e-spirit.cloud https://dkrcamarasprt.cl:502 https://dkrcamarasprt.cl:503 https://dkrcamarasprt.cl:504 https://dkrcamarasprt.cl:505 https://dkrcamarasprt.cl:506 https://dkrcamarasprt.cl:507 https://dkrcamarasprt.cl:508 https://dkrcamarasprt.cl:509; object-src 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://hm.baidu.com https://matomo.dekra.bawue.com https://*.clarity.ms https://googleads.g.doubleclick.net https://dekra.e-spirit.hosting https://dekradev.e-spirit.hosting https://dekraqa.e-spirit.hosting https://connect.facebook.net https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hs-scripts.com https://snap.licdn.com https://*.snapengage.com https://twin-iq.kickfire.com https://webforms-live.dekra.com/static/formcentric.js https://bat.bing.net https://bat.bing.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://*.zkcdn.net https://*.doubleclick.net https://*.crwdcntrl.net https://*.adobedtm.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; worker-src blob:; upgrade-insecure-requests 4 default-src 'self'; img-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://trc.taboola.com https://www4.celibest.com https://www.celibest.com https://www.celibnord.com https://www.celibouest.com https://www.celibparis.com https://www.celiblyon.com https://www.celibrhonealpes.com https://www.celibsud.com https://www.celibsudouest.com https://toodate-rekognition.s3.eu-west-1.amazonaws.com https://toodate-rekognition-a.s3.eu-west-1.amazonaws.com *.paypal.com *.paypalobjects.com *.venmo.com data:; script-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://www.googletagmanager.com https://code.createjs.com https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://systempay.cyberpluspaiement.com https://www.paypal.com; media-src 'self'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com; frame-src 'self' https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com; frame-ancestors 'self'; child-src 'self' https://www.paypal.com *.paypal.com *.paypalobjects.com *.venmo.com; object-src 'none'; 4 upgrade-insecure-requests; report-to endpoint; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' forms-eu1.hsforms.com www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' forms-eu1.hsforms.com api-eu1.hubapi.com forms-eu1.hscollectedforms.net hubspot-forms-static-embed-eu1.s3.amazonaws.com static.hsappstatic.net www.paypal.com api.personio.de/recruiting/applicant px.ads.linkedin.com/wa/ px.ads.linkedin.com/attribution_trigger www.googleadservices.com/ googleads.g.doubleclick.net adservice.google.com/pagead www.google.com/ccm/collect *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz analytics.google.com/g/collect www.google-analytics.com region1.analytics.google.com region1.google-analytics.com/g/collect stats.g.doubleclick.net/g/collect stats.g.doubleclick.net/j/collect region1.analytics.google.com/g/collect maps.googleapis.com www.facebook.com/tr/ *.clarity.ms/collect bat.bing.net/actionp/0 bat.bing.com/actionp/0 stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com fonts.gstatic.com/s/roboto/v30/ data:;frame-src 'self' forms-eu1.hsforms.com www.paypal.com www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.googletagmanager.com/ www.facebook.com/tr/ consent.jtl-software.de;child-src 'self' forms-eu1.hsforms.com www.paypal.com www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.googletagmanager.com/ www.facebook.com/tr/ consent.jtl-software.de;img-src 'self' cdn.jtl-software.com forms-eu1.hsforms.com track-eu1.hubspot.com data: t.paypal.com www.paypalobjects.com img.youtube.com i.ytimg.com px.ads.linkedin.com googleads.g.doubleclick.net/pagead/ google.com *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz www.google-analytics.com stats.g.doubleclick.net/g/collect www.googletagmanager.com maps.googleapis.com/maps/ maps.gstatic.com/mapfiles/ www.facebook.com/tr/ www.facebook.com/privacy_sandbox/pixel/register/trigger/ c.clarity.ms/c.gif c.bing.com/c.gif bat.bing.net/action/0 bat.bing.com/action/0 bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com js-eu1.hsforms.net js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hs-analytics.net js-eu1.hubspt.com www.paypal.com www.paypalobjects.com www.youtube.com/iframe_api www.youtube.com/s/player/ snap.licdn.com/li.lms-analytics/ www.googleadservices.com/ googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.recaptcha.net/recaptcha/api.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.googletagmanager.com/gtm.js www.googletagmanager.com/ maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.clarity.ms/tag/kmqrcg56hz scripts.clarity.ms bat.bing.com/bat.js bat.bing.net/bat.js bat.bing.com/p/action/ stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com www.googletagmanager.com/debug/ fonts.googleapis.com/css crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline';worker-src 'self' www.google.com/recaptcha/api2/webworker.js www.googletagmanager.com/ blob:; 4 object-src 'self';frame-ancestors 'self'; 4 frame-ancestors 'self' https://www.alandsbanken.fi https://www.alandsbanken.ax https://www.alandsbanken.se https://www.alandsbanken.com 4 default-src https: 'unsafe-inline'; frame-ancestors 'self' 4 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 4 frame-ancestors 'self' https://www.facebook.com 4 default-src 'self' *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com ; connect-src 'self' *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net ; script-src 'self' 'unsafe-inline' *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net ; style-src 'self' 'unsafe-inline' *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net *.googleapis.com ; style-src-elem 'self' 'unsafe-inline' *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net *.googleapis.com ; font-src 'self' data: *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net *.gs.com fonts.gstatic.com ; img-src 'self' data: *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com syndicatedsearch.goog *.quotemedia.com d3cxgmmmi7oxsv.cloudfront.net *.googleapis.com syndicatedsearch.goog ; child-src 'self' blob: *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com syndicatedsearch.goog ; object-src 'none' ; frame-ancestors 'self' *.foliofn.com folioinvesting.com *.folioinvesting.com folioinstitutional.com *.folioinstitutional.com *.folioidentity.com *.ria.site.gs.com *.advisorsolutions.site.gs.com *.gstatic.com ; upgrade-insecure-requests; block-all-mixed-content 4 frame-src 'self' hubbell.my.salesforce.com hubbellcdn.com *.google.com *.addthis.com *.windows.net cdn.krxd.net *.paymentsradius.com *.googletagmanager.com *.doubleclick.net *.hsforms.com www.youtube.com *.brightcove.net resources.hubbellwiringsystems.com www.youtube-nocookie.com hiwebar.azureedge.net flickrembed.com www.powr.io w2.countingdownto.com bcove.video www.linkedin.com go.bluevolt.com widget.spreaker.com cm-hubbell01-prod.web.app hubbellwiringsystems.com www.slideshare.net progresslighting.wufoo.com my.matterport.com e.issuu.com www.kooltronic.com www.surveymonkey.com forms.office.com hubbell.dcatalog.com service.force.com app.hubspot.com 2897803.hs-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monitor.azure.com *.cdn.applicationinsights.io cdn.channelsight.com cscoreproweustor.blob.core.windows.net hubbell-inc.secure.force.com b.static.lightning.force.com static.lightning.force.com hubbell.my.salesforce-sites.com *.salesforceliveagent.com d.la13-core1.sfdc-lywfpd.salesforceliveagent.com ajax.googleapis.com maps.googleapis.com kit.fontawesome.com cdnjs.cloudflare.com js.hsleadflows.net 2897803.hs-sites.com 9281193.fls.doubleclick.net ajax.aspnetcdn.com analytics.google.com assets.map.brightcove.com bat.bing.com bcove.video blog.hubbell.com c.bing.com c.office.com careers.hubbell.com cdn.cookielaw.org connect.facebook.net ct.pinterest.com cta-service-cms2.hubspot.com d.la5-c1-ia5.salesforceliveagent.com docs.google.com dokumfe7mps0i.cloudfront.net e.issuu.com edge.api.brightcove.com edge.fullstory.com experiences.assets.brightcove.com forms-na1.hsforms.com forms-na1.hubspot.com forms.cloud.microsoft forms.hsforms.com forms.hubspot.com forms.office.com googleads.g.doubleclick.net hubbell.com hubbell.dcatalog.com hubbell.my.salesforce.com hubbellcdn.com id.hubbell.com img.youtube.com info.hubbell.com info.hubbellpowersystems.com investor.hubbell.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hubspot.com map.brightcove.com media-exp1.licdn.com metrics.brightcove.com no-cache.hubspot.com pagead2.googlesyndication.com perf-na1.hsforms.com pixel.quantserve.com play.google.com players.brightcove.net progresslighting.wufoo.com public.slidesharecdn.com px.ads.linkedin.com s.pinimg.com salespersonlookup.hubbellapps.com service.force.com snap.licdn.com static.doubleclick.net static.hubspot.com stats.g.doubleclick.net store.hubbell.com tagmanager.google.com track.hubspot.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.hubbell.com www.linkedin.com www.redditstatic.com www.slideshare.net www.surveymonkey.com www.youtube-nocookie.com www.youtube.com youtube.com app.hubspot.com; object-src 'self' *.brightcove.net *.dcatalog.com *.flickrembed.com *.google.com *.hubbell.com *.hubbellcdn.com hubbellcdn.com *.hubbellwiringsystems.com *.issuu.com *.killarkar.blob.core.windows.net *.matterport.com *.office.com *.slideshare.net *.wufoo.com *.youtube.com bluevolt.com cm-hubbell01-prod.web.app docs.google.com forms.office.com hieeewebar.blob.core.windows.net hiwebar.azureedge.net 4 default-src 'self'; style-src 'self' 'unsafe-inline'; 4 frame-ancestors 'self' https://*.batchgeo.com 4 connect-src 'self' *.laerdal.com laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.monitor.azure.com *.applicationinsights.azure.com *.google.com *.gigya.com *.cookielaw.com *.cookielaw.org *.onetrust.com *.posthog.com googleads.g.doubleclick.net *.salesforce-scrt.com *.talkdeskapp.com *.dynatrace.com *.us1.twilio.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.facebook.net *.ubembed.com ipapi.co *.googleadservices.com *.googletagmanager.com *.linkedin.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; default-src 'self' data: blob: laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com; font-src 'self' data: blob: *.laerdal.com laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.bootstrapcdn.com *.gstatic.com *.blob.core.windows.net *.cloudfront.net *.cloudflare.com *.talkdeskapp.com at.alicdn.com *.hotjar.com; frame-ancestors 'self'; frame-src laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.gigya.com *.livechatinc.com laerdal.my.site.com *.buzzsprout.com *.talkdeskapp.com *.youtube.com youtube.com youtu.be *.googletagmanager.com *.google.com s.surveyanyplace.com *.youku.com *.flipsnack.com *.pointerpro.com; img-src 'self' data: https: laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com googleads.g.doubleclick.net laerdal.info *.googletagmanager.com cdn.brandfolder.io *.convertflow.co *.facebook.com *.facebook.net *.talkdeskdev.com *.talkdesk.com *.google-analytics.com *.linkedin.com *.baidu.com *.doubleclick.net *.ytimg.com *.hotjar.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.blob.core.windows.net *.cloudflareinsights.com *.monitor.azure.com *.azure.com *.cookielaw.org *.convertflow.co *.en25.com code.jquery.com *.bootstrapcdn.com *.gigya.com *.gstatic.com *.google.com *.googleapis.com googleads.g.doubleclick.net *.livechatinc.com laerdal.my.site.com *.talkdeskapp.com *.ubembed.com *.google-analytics.com *.doubleclick.net *.vo.msecnd.net *.googletagmanager.com cdn.jsdelivr.net snap.licdn.com *.facebook.net *.hotjar.com youtube.com *.youtube.com; style-src 'self' 'unsafe-inline' laerdal.com *.laerdal.com laerdalglobalhealth.com *.laerdalglobalhealth.com *.blob.core.windows.net *.bootstrapcdn.com *.googleapis.com *.posthog.com laerdal.my.site.com cdn.jsdelivr.net *.gstatic.com; report-to csp-report-to 4 default-src 'self'; img-src 'self'; script-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; 4 block-all-mixed-content; connect-src 'self' www.dreamland.be www.dreamland.nl https://*.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.google.com https://*.g.doubleclick.net https://in.hotjar.com https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://survey.alchemer.com https://www.facebook.com https://*.adnxs.com https://*.adnxs-simple.com https://*.icecat.biz https://*.googleapis.com https://cdn.plyr.io https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.playable.com https://*.campaign.playable.com https://*.leadfamly.com https://*.api.leadfamly.com https://*.visualwebsiteoptimizer.com app.vwo.com https://sibautomation.com https://in-automate.brevo.com https://static.zohocdn.com https://desk.zoho.eu https://ct.pinterest.com https://*.clarity.ms/ https://sst.dreamland.be; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.icecat.biz https://*.campaign.playable.com https://static.zohocdn.com https://webfonts.zohowebstatic.com; frame-ancestors 'self' https://*.campaign.playable.com; frame-src data: https://www.youtube.com/ https://publish.folders.eu/ https://app.folders.eu/ https://www.facebook.com https://vars.hotjar.com https://survey.alchemer.com https://*.adnxs.com https://optimize.google.com https://*.icecat.biz https://js.mollie.com https://swiftcdn6.global.ssl.fastly.net https://gleam.io https://view.publitas.com/ https://folders.toychamp.be/ https://folders.toychamp.nl/ https://*.awin1.com https://*.zenaps.com https://*.campaign.playable.com app.vwo.com https://*.visualwebsiteoptimizer.com https://bethenexthero.com https://space-worlds.bricks.plus https://legobelgium.s3.eu-west-1.amazonaws.com/ https://space-game.be https://gaming-contest.eu https://f1-contest.com https://desk.zoho.eu https://ar.salta.com https://www.googletagmanager.com https://td.doubleclick.net https://ct.pinterest.com https://*.cloudflare.com https://dreamlandbe.zohodesk.eu https://sst.dreamland.be https://*.g.doubleclick.net 'self'; img-src 'self' data: about: www.dreamland.be www.dreamland.nl https://placeholder.inventis.be https://placehold.it https://*.ytimg.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://www.facebook.com https://www.google.com https://www.google.be https://*.g.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://script.hotjar.com https://www.mollie.com https://*.adnxs.com https://*.adnxs-simple.com https://js.gleam.io https://*.icecat.biz https://*.awin1.com https://*.zenaps.com https://files.cdn.leadfamly.com https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://static.zohocdn.com https://sst.dreamland.be; style-src 'self' https://optimize.google.com 'unsafe-inline' https://fonts.googleapis.com https://survey.alchemer.com https://*.icecat.biz https://*.campaign.playable.com https://*.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://static.zohocdn.com; upgrade-insecure-requests 4 frame-ancestors 'self' https://*.ageoflearning.com https://*.abcmouse.com; 4 default-src 'self'; base-uri 'self'; img-src 'self' https: data: ssl.gstatic.com *.vimeocdn.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.ggpht.com; font-src 'self' https://fonts.gstatic.com f.hubspotusercontent-eu1.net 25126500.fs1.hubspotusercontent-eu1.net *.delen.bank data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com tagmanager.google.com srv.stackadapt.com static.hsappstatic.net *.delen.bank; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: tagmanager.google.com *.marker.io *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com; connect-src 'self' https: data: blob: *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io *.google.com https://*.googleapis.com https://*.gstatic.com; frame-src 'self' *.google.com *.marker.io *.hotjar.com player.vimeo.com *.cookiebot.com *.googletagmanager.com cdn.raffle.ai player.clevercast.com *.webflow.io vimeo.com *.vimeo.com *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com *.doubleclick.net https://app httpsdelen://app https://forms.office.com https://oyensappsimulator.acpt.delen.be https://delenappsimulator.acpt.delen.be https://login.acpt.delen.be https://online.acpt.delen.bank https://loginoyens.acpt.delen.be https://delenappsimulator.acpt.delen.lu https://delenchappsimulator.acpt.delen.lu https://login.acpt.delen.lu https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com vimeo.com blog.delen.bank https://app.skeeled.com/api/offers https://js-eu1.hscollectedforms.net/collectedforms.js https://delen.bank/_hcms/api/apicall; worker-src blob:;; upgrade-insecure-requests 4 frame-ancestors 'self'; base-uri 'self'; 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 4 default-src 'none'; media-src 'self' *.scene7.com *.stryker.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.scene7.com *.cookielaw.org *.cvent-assets.com *.cvent.com *.doubleclick.net *.facebook.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.hlx.page *.licdn.com *.marketo.com *.marketo.net *.mktoweb.com *.serving-sys.com *.smtrk.net *.stackadapt.com *.stryker.com *.tribalfusion.com *.zi-scripts.com *.zoominfo.com assets.adobedtm.com bh.contextweb.com magnetic.t.domdex.com maps.googleapis.com pixel.mathtag.com rules.quantcount.com s.ytimg.com secure.quantserve.com ssl.google-analytics.com stryker-h.assetsadobe.com tags.srv.stackadapt.com www.gstatic.com www.youtube.com blob:; connect-src 'self' https://*; img-src 'self' data: https://*; style-src 'self' 'unsafe-inline' *.cvent-assets.com *.mktoweb.com *.scene7.com *.stackadapt.com *.stryker.com fast.fonts.net fonts.googleapis.com www.gstatic.com; font-src 'self' https://*; manifest-src 'self'; frame-src 'self' https://*; frame-ancestors 'self' *.adobecqms.net; block-all-mixed-content; upgrade-insecure-requests; 4 img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; upgrade-insecure-requests; frame-ancestors 'self'; 4 upgrade-insecure-requests; base-uri 'self' 4 script-src 'unsafe-inline' self; 4 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 4 default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 4 default-src https: 'unsafe-eval' 'unsafe-inline' data: 'self' *.kiavi.com *.lh-qa.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hs-sites.com *.hsadspixel.net *.hsappstatic.net *.hscollectedforms.net *.hscta.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubapi.com *.hubspot.com *.hubspot.net *.hubspotfeedback.com *.hubspotusercontent20.net *.hubspotvideo.com *.usemessages.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.adroll.com https://*.adsymptotic.com https://*.analytics.yahoo.com https://*.bing.com https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com; object-src 'none';; upgrade-insecure-requests 4 default-src https: *.hotjar.com *.hotjar.io *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: *.hotjar.com *.hotjar.io *.wistia.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: *.hotjar.com *.hotjar.io *.tawk.to cdn.jsdelivr.net tawk.link *.iubenda.com *.wistia.com *.wistia.net data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com *.wistia.com *.wistia.net *.tawk.to cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src https: wss://*.qualified.com *.ws7.qualified.com *.litix.io *.wistia.com *.tawk.to wss://*.tawk.to *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src https: 'self' blob: *.hotjar.com *.hotjar.io *.tawk.to fast.wistia.com fast.wistia.net; style-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com fast.wistia.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; media-src * blob: data: https: *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; 4 frame-ancestors 'self'; upgrade-insecure-requests; frame-src 'self' *.adsrvr.org *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net acrobatservices.adobe.com player.vimeo.com app.supademo.com app.heygen.com documentcloud.adobe.com insight.adsrvr.org *.demdex.net consent.cookiebot.com consentcdn.cookiebot.com *.youtube.com *.infrontfinance.com *.doubleclick.net *.googletagmanager.com; connect-src 'self' wss://*.infrontservices.com *.adsrvr.org https://www.facebook.com *.google-analytics.com *.leadinfo.com *.leadinfo.net https://li-replay.s3-accelerate.amazonaws.com https://*.ldnfrpl.com *.infrontservices.com *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net *.adobe.io wss://*.adobe.io *.doubleclick.net *.google.com analytics.ahrefs.com *.googlesyndication.com cdn.linkedin.oribi.io 633-ybp-923.mktoresp.com 633-ybp-923.mktoutil.com analytics.funnelfuel.io *.linkedin.com static1.r66net.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.salesloft.com *.clarity.ms *.tt.omtrdc.net bat.bing.net; img-src 'self' *.leadinfo.net *.leadinfo.net *.videostep.com *.infrontservices.com assets.adoberesources.net lh3.googleusercontent.com *.doubleclick.net *.linkedin.com *.b26net.com *.googletagmanager.com *.clarity.ms *.facebook.com *.bing.com *.bing.net *.google.com s.videostep.com dev.day.com secure.adnxs.com *.invibes.com *.demdex.net cm.everesttech.net assets.adobedtm.com *.cookiebot.com *.2o7.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; font-src *.infrontfinance.com *.leadinfo.net *.infront.co *.typekit.net data:; style-src *.infrontfinance.com *.leadinfo.net *.googleapis.com *.infront.co 'unsafe-inline' *.typekit.net; script-src *.infrontfinance.com *.leadinfo.net https://*.ldnfrpl.com *.infrontservices.com *.googleadservices.com *.infront.co scout-cdn.salesloft.com connect.facebook.net analytics.ahrefs.com *.marketo.com *.marketodesigner.com *.mktoweb.com *.experience.adobe.com *.adobe.net munchkin.marketo.net static.r66net.com static.r66net.net *.doubleclick.net k.r66net.com u.videostep.com *.licdn.com analytics.funnelfuel.io bat.bing.com js.adsrvr.org *.adobeaemcloud.com assets.adoberesources.net acrobatservices.adobe.com documentcloud.adobe.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.google-analytics.com dqm.crownpeak.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net *.salesloft.com *.clarity.ms 'self' 'unsafe-eval' 'unsafe-inline'; 4 frame-ancestors 'self'; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com *.chilipiper.com; 4 default-src https:; font-src 'unsafe-inline' https: data:; child-src https: blob:; connect-src https: blob:; worker-src https: blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https:; object-src; base-uri 'none'; style-src 'unsafe-inline' https: data:; img-src https: data:; 4 frame-ancestors *.df-automotive.de *.felgenshop.de 4 frame-ancestors 'self' https://aderantonline.force.com; 4 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn-ukwest.onetrust.com https://img.en25.com https://connect.facebook.net https://use.typekit.net https://az416426.vo.msecnd.net https://www.civica.com https://snap.licdn.com https://cdnjs.cloudflare.com https://*.episerver.net https://www.youtube.com https://geolocation.onetrust.com/ https://s3121.t.eloqua.com https://cdn.tiny.cloud/ https://static.oktopost.com/ https://okt.to/ https://*.demandbase.com/ https://s2079104782.t.eloqua.com/ https://cdn.cookielaw.org/ https://*.hotjar.com https://js.monitor.azure.com/scripts/a/ai.0.js; connect-src 'self' https://*.onetrust.com https://*.visualstudio.com https://*.google-analytics.com https://stats.g.doubleclick.net https://s3121.t.eloqua.com https://civica-privacy.my.onetrust.com https://cookiesuksouth.blob.core.windows.net/ https://cdn.linkedin.oribi.io https://img.en25.com https://*.demandbase.com/ https://api.company-target.com https://www.google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cdn.cookielaw.org/ https://segments.company-target.com https://tracking.civica.co.uk/ https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://pagead2.googlesyndication.com/; object-src 'none'; media-src 'self' data:; img-src 'self' data: https://www.facebook.com https://*.eloqua.com https://p.typekit.net https://*.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://licensebuttons.net https://p.adsymptotic.com https://sp.tinymce.com https://*.onetrust.com https://www.googletagmanager.com https://id.rlcdn.com/ https://segments.company-target.com/ https://www.hootsuite.com/; style-src 'self' 'unsafe-inline' data: https://cdn.tiny.cloud; frame-ancestors 'self'; child-src 'self'; frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net/ https://player.vimeo.com https://www.facebook.com/ https://s.company-target.com/ https://www.googletagmanager.com/; font-src 'self' https://use.typekit.net; 4 frame-src 'self' youtube.com www.youtube.com www.dailymotion.com assirmforum21-backend.liveforum.space assirmforum21.liveforum.space; worker-src 'self' blob: assirmforum21-backend.liveforum.space assirmforum21.liveforum.space; child-src 'self' assirmforum21-backend.liveforum.space assirmforum21.liveforum.space 4 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://wts.anexia-it.com https://www.googletagmanager.com https://bat.bing.com https://snap.licdn.com https://www.facebook.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://www.youtube.com https://www.youtube-nocookie.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.livechatinc.com https://api.livechatinc.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.clarity.ms https://www.googletagmanager.com https://wts.anexia-it.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://bat.bing.com https://snap.licdn.com https://connect.facebook.net https://ws.sharethis.com https://d1l6p2sc9645hc.cloudfront.net https://dwhbridge.anexia-it.com https://www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://anexia.com https://www.linkedin.com https://px4.ads.linkedin.com https://region1.analytics.google.com https://px.ads.linkedin.com https://bat.bing.com https://a.clarity.ms https://c.clarity.ms https://www.google-analytics.com https://www.google.com https://www.google.at https://c.bing.com https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://td.doubleclick.net https://facebook.com https://www.facebook.com https://*.facebook.com https://*.doubleclick.net https://*.bing.com https://*.licdn.com https://bat.bing.net https://www.googleadservices.com https://zertifikat.creditreform.at https://static.anexia-it.com; font-src 'self' data:; connect-src 'self' https://www.facebook.com https://wts.anexia-it.com https://www.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.clarity.ms https://eu-api.friendlycaptcha.eu https://request.anexia.com https://anexia.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://api.friendlycaptcha.com https://www.google.com https://td.doubleclick.net https://*.doubleclick.net https://*.facebook.com https://facebook.com https://*.bing.com https://*.licdn.com https://px.ads.linkedin.com https://bat.bing.net https://www.google.at https://google.com https://www.youtube.com https://www.youtube-nocookie.com; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://*.doubleclick.net https://www.facebook.com https://*.facebook.com https://facebook.com https://*.bing.com https://*.licdn.com https://*.sharethis.com https://www.googleadservices.com https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; worker-src 'self' blob:; base-uri 'self'; report-to csp-endpoint 4 default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; frame-ancestors 'self'; 4 frame-ancestors 'self' *.gestionradioqc.com *.cogecolive.com;upgrade-insecure-requests 4 default-src 'self' https://download.teamviewer.com/ https://dl.teamviewer.com/ https://cdn.cookielaw.org/ https://reportsession.teamviewer.com; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://code.jquery.com data:; script-src data: 'unsafe-inline' 'self' https://code.jquery.com; object-src 'self'; style-src 'unsafe-inline' 'self' https://code.jquery.com; img-src 'self' https://code.jquery.com; frame-src 'self' *.teamviewer.com teamviewer8: tvassign1: tvsqcustomer1: tvcustomqs: intent: 4 default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 4 frame-ancestors 'self' https://wood.showpad.biz https://www.wood.showpad.biz https://www.wood.showpad.com https://wood.showpad.com; 4 frame-ancestors 'self' https://explore.medius.com https://www.medius.com https://www.expensya.com 4 frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.ergocarbon.com *.ergo-reiseversicherung.de *.dkv.com; 4 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 4 frame-ancestors 'self' https://app.contentful.com https://app.eu.contentful.com 4 frame-ancestors 'self' https://app.contentful.com https://anypoint.mulesoft.com 4 default-src 'self'; img-src 'self' data: https://im16.inviewer.se https://mfstatic.com https://i3.ytimg.com https://cdn.cookielaw.org https://matomo.internetstiftelsen.se https://fonts.gstatic.com https://secure.gravatar.com https://*.libsyn.com https://*.internetstiftelsen.se https://internetstiftelsen.se https://s3-eu-north-1.amazonaws.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.rekai.se https://dj5ytzb70q57z.cloudfront.net https://internetstiftelsen.confetti.events https://mfstatic.com https://cdn.jsdelivr.net https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://graphtool.internetstiftelsen.se https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.lordicon.com https://*.readspeaker.com https://www.youtube.com https://connect.facebook.net; font-src 'self' data: https://d2wd18kp3k18ix.cloudfront.net https://*.onetrust.com https://fonts.gstatic.com https://*.internetstiftelsen.se; style-src 'self' 'unsafe-inline' https://*.onetrust.com https://mfstatic.com https://*.internetstiftelsen.se https://matomo.internetstiftelsen.se https://www.googletagmanager.com https://fonts.googleapis.com; manifest-src 'self' https://*.internetstiftelsen.se; connect-src 'self' https://*.rekai.se https://graphtool.internetstiftelsen.se https://api.services.confetti.events https://internetstiftelsen.confetti.events https://im16.inviewer.se https://*.mediaflow.com https://api.friendlycaptcha.com https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://www.facebook.com https://region1.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.lordicon.com https://*.bugsnag.com https://*.readspeaker.com https://yoast.com; frame-src 'self' blob: https://internetstiftelsen.confetti.events https://www.google.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://*.libsyn.com; frame-ancestors 'self'; media-src 'self' https://*.libsyn.com 4 default-src https: 'unsafe-inline' 'unsafe-eval' data: 4 https: 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io https://solve-widget.forethought.ai https://decagon.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://app.cal.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://cdn.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://wcs.naver.net https://cdn01.boxcdn.net https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://cdn.sprig.com https://assets.customer.io https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com https://unpkg.com/react@18.2.0/umd/react.development.js https://unpkg.com/react-dom@18.2.0/umd/react-dom.development.js https://unpkg.com/@babel/standalone@7.26.9/babel.min.js https://unpkg.com/dayjs-with-plugins@1.0.4/dist/dayjs-with-plugins.min.js https://unpkg.com/@tailwindcss/browser@4 https://unpkg.com/d3@7.9.0/dist/d3.min.js https://unpkg.com/three@0.150.0/build/three.min.js https://dev-custom-views-modules-usw2.s3.us-west-2.amazonaws.com/components.js https://*.jam.dev;connect-src 'self' data: blob: https://img.notionusercontent.com https://notion.so/eap https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com https://makenotion.zendesk.com https://api.smooch.io wss://api.smooch.io https://api.forethought.ai https://http-inputs-notion.splunkcloud.com https://*.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://api.cr-relay.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://api.box.com https://api.tailorhq.ai https://app.tailorhq.ai https://cdn.tailorhq.ai https://cached-api.tailorhq.ai https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://track.customer.io https://*.api.gist.build https://*.cloud.gist.build https://hcaptcha.com https://*.hcaptcha.com https://tiles.versatiles.org https://maps.googleapis.com https://places.googleapis.com https://api.ipify.org wss://msgstore.www.notion.so wss://msgstore-001.www.notion.so wss://msgstore-002.www.notion.so https://msgstore.www.notion.so https://msgstore-001.www.notion.so https://msgstore-002.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://prod-files-secure-euc1.s3.eu-central-1.amazonaws.com https://prod-notion-temporary-files-euc1.s3.eu-central-1.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://local-workers-code-bundles.s3.us-west-2.amazonaws.com https://dev-space-euc1-0001-workers-code-bundles.s3.eu-central-1.amazonaws.com https://dev-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://dev-space-usw2-0002-workers-code-bundles.s3.us-west-2.amazonaws.com https://stg-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-euc1-0001-workers-code-bundles.s3.eu-central-1.amazonaws.com https://prod-space-usw2-0001-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0002-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0003-workers-code-bundles.s3.us-west-2.amazonaws.com https://prod-space-usw2-0004-workers-code-bundles.s3.us-west-2.amazonaws.com https://file.notion.so notion://file.notion.so https://www.notion.com https://calendar.notion.so;font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://img.notionusercontent.com https://mail-resource-proxy.mail.notion.so https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.mux.com https://track.customer.io https://file.notion.so notion://file.notion.so;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://cdn01.boxcdn.net https://code.gist.build https://hcaptcha.com https://*.hcaptcha.com;frame-ancestors 'self' https://mail.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://*.mux.com https://file.notion.so notion://file.notion.so;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://identity.notion.so https://*.jam.dev 4 default-src 'self' gap: 'unsafe-inline'; script-src 'self' data: https://cdn.amcharts.com data: https://c.mql5.com/ data: https://cdn.ampproject.org/ data: https://content.mql5.com/ data: https://connect.facebook.net/ data: https://ifccd.net data: code.jquery.com data: *.ifcmarkets.com data: *.ifcmiran.asia data: *.tradeifcm.asia data: https://apis.google.com data: www.google-analytics.com data: www.googleadservices.com data: www.googletagmanager.com data: https://www.google.com/ data: www.googleapis.com/ data: cse.google.com/ data: clients1.google.com/ data: https://www.gstatic.com/ data: https://www.googleadservices.com data: trade.mql5.com data: https://ipinfo.io data: https://ajax.cloudflare.com data: https://yastatic.net/share2/share.js data: https://mc.yandex.ru/metrika/tag.js data: https://dsp-media.eskimi.com data: https://ssl.pstatic.net data: wcs.naver.net data: *.bing.com data: *.twitter.com data: *.adroll.com data: widget.trustpilot.com data: connect.facebook.net data: https://www.aparat.com data: https://www.aparat.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' data: *.trustpilot.com data: *.google.com data: https://*.adroll.com data: https://component.autochartist.com data: *.ifcm-invest.com data: https://www.tradays.com data: https://www.mql5.com data: https://www.youtube.com data: https://chat.ifcmtz.com data: https://chat.ifctr.asia data: https://chat.fxifcm.asia data: https://chat.ifcmfx.com data: https://chat.ifcmfx.cn data: https://chat.ifcm.co.uk data: https://chat.ifcmarkets.tw data: https://chat.ifcmarkets.my data: https://chat.ifcmarkets.net data: https://chat.ifcmarkets.hk data: https://chat.ifcmarkets.mx data: https://chat.ifcmarkets.com.br data: https://chat.ifcmarkets.co.id data: https://chat.ifcmarkets.co.in data: https://chat.ifcmarkets.co data: https://chat.ifcmarkets.ae data: https://trade.mql5.com data: https://td.doubleclick.net data: *.googletagmanager.com data: *.ifcmarkets.com data: *.ifcmiran.asia data: *.tradeifcm.asia data: *.ifcmarkets.co.za data: https://*.facebook.com data: https://www.aparat.com data: https://ifccd.net; media-src * data: https://www.ifcmarkets.com/downloads/video/; object-src *; style-src 'self' data: *.ifcmarkets.com data: *.ifcmiran.asia data: https://ifccd.net data: https://pr.ifccd.net data: https://www.google.com data: https://fonts.googleapis.com 'unsafe-inline'; img-src * data: http://www.w3.org/; font-src 'self' data: *.ifcmiran.asia data: https://ifccd.net data: https://fonts.gstatic.com data: https://fonts.googleapis.com data: https://pr.ifccd.net; connect-src *; manifest-src 'self' data: https://ifccd.net data: https://be1.ifcmfar.com data: *.ifcmiran.asia 4 frame-ancestors 'self' https://*.saleshood.com; 4 frame-ancestors 'self'; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub16f8f4157f115b184e143716929b3d8c&dd-evp-origin=content-security-policy&ddsource=csp-report; 4 default-src 'self' *.gstatic.com 'unsafe-inline'; img-src 'self' www.gstatic.com *.hcaptcha.com; script-src *.googletagmanager.com *.gstatic.com *.hcaptcha.com *.googleapis.com *.recaptcha.net 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.hcaptcha.com *.recaptcha.net 'self'; connect-src 'self' *.google.com *.gstatic.com *.hcaptcha.com *.googleapis.com *.recaptcha.net; 4 base-uri 'self'; frame-ancestors 'self' https://*.worldanimalprotection.org.uk; 4 default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 4 frame-ancestors app.storyblok.com 4 default-src 'self'; frame-src 'self' aax-eu.amazon-adsystem.com ct.pinterest.com https://www.googletagmanager.com www.google.com www.youtube.com live.brame-gamification.com *.paypal.com www.facebook.com weatherwidget.io tpc.googlesyndication.com td.doubleclick.net; media-src 'self'; img-src 'self' data: https://p1.outbrain.com https://a.mgid.com https://tr.blismedia.com maps.gstatic.com sp.analytics.yahoo.com maps.googleapis.com *.paypal.com uip.semasio.net www.google.com www.facebook.com www.google.gr bold.adman.gr cdn.cookielaw.org www.googletagmanager.com www.google.nl ads.travelaudience.com sherlock.adman.gr ad.doubleclick.net googleads.g.doubleclick.net adservice.google.com tr.outbrain.com cm.g.doubleclick.net ad.yieldlab.net pixel.rubiconproject.com image2.pubmatic.com ice.360yield.com ih.adscale.de ib.adnxs.com ads.betweendigital.com p1.zemanta.com a.mgid.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://sitepixel.blis.com https://a.mgid.com *.zemanta.com c.amazon-adsystem.com ct.pinterest.com *.pinimg.com *.tiktok.com https://*.adform.net *.paypal.com *.paypalobjects.com *.braintreegateway.com sp.analytics.yahoo.com connect.facebook.net s.yimg.com maps.googleapis.com www.googletagmanager.com www.google.com www.youtube.com www.gstatic.com cdn.cookielaw.org weatherwidget.io ads.travelaudience.com www.googleadservices.com theferries.com tpc.googlesyndication.com tr.outbrain.com amplify.outbrain.com wave.outbrain.com js-tag.zemanta.com a.mgid.com; connect-src 'self' https://www.facebook.com https://analytics-ipv6.tiktokw.us https://tr.blismedia.com aax-eu.amazon-adsystem.com ara.paa-reporting-advertising.amazon ct.pinterest.com *.tiktok.com *.zemanta.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.googleadservices.com https://amplify.outbrain.com maps.googleapis.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com cdn.cookielaw.org *.analytics.google.com stats.g.doubleclick.net s.yimg.com privacyportal-eu.onetrust.com geolocation.onetrust.com adservice.google.com www.google.com www.google.gr tr.outbrain.com p1.outbrain.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'none' 4 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://login.microsoftonline.com https://adfs5.metro.info https://www.google-analytics.com *.qualtrics.com 1634.global.siteimproveanalytics.io ssl.siteimprove.com *.linkedin.com *.facebook.com csi.gstatic.com maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com www.gstatic.com app.miag.com maintenance.metroag.de mfpembedcdnweu.azureedge.net *.metroag.de *.metroag.eu *.metrogroup.de *.miag.com *.metro-cc.com *.metronom.com *.metro-wholesale.de *.metro-wholesale.com *.metro-properties.de *.metro-gruenderstudie.de *.metro-startupstudy.com *.metrosystems.ro *.handel-erklaert.de *.metro-sourcing.hk *.metro-logistics.de *.metro-campus.de *.metro-vto.es *.careers.metroag.de *.karriere.metroag.de *.metro-properties.com.tr *.metro-campus-services.de *.metro-services.in *.metro-services.pl *.mpulse.de *.metro-unboxed.de *.metro-unboxed.com *.metro-potentials.com *.arbeitgeber-ahd.de *.metro-competencies.com *.metro-trainingcenter.de www.openpetition.de *.wirsindgekommenumzubleiben.de *.metro-global-solution-center.in *.metro.digital *.metro-gsc.in *.metro-gsc.pl *.metro-gsc.com px.ads.linkedin.com bscmiagbot.metro.de i.ytimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cloud.typography.com *.metroag.de *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net *.twimg.com; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com fonts.googleapis.com d1azc1qln24ryf.cloudfront.net www.openpetition.de; frame-src 'self' *.googletagmanager.com *.facebook.com https://video.metro.de www.youtube.com *.walls.io plugins.flockler.com charts3.equitystory.com *.twitter.com www.google.com dev.dieproduktion.de *.own-business-day.com forms.office.com login.microsoftonline.com t.email.metro.de feedback.metro-cc.com metro.online-report.eu bscmiagbot.metro.de; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com https://www.googletagmanager.com https://www.google-analytics.com *.qualtrics.com ssl.siteimprove.com siteimproveanalytics.com connect.facebook.net ajax.googleapis.com code.jquery.com maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com cdn.jsdelivr.net edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com www.gstatic.com mfpembedcdnweu.azureedge.net app.mailjet.com www.openpetition.de bscmiagbot.metro.de snap.licdn.com; connect-src 'self' *.google.com *.googlesyndication.com content-eu-discoveryengine.googleapis.com *.google-analytics.com *.qualtrics.com *.twitter.com *.ads.linkedin.com *.facebook.com bscmiagbot.metro.de 1634.global.siteimproveanalytics.io; frame-ancestors 'self'; worker-src blob:; media-src 'self' data: https://video.metro.de; report-uri MagReport.csp?cspReport=true 4 default-src 'self' * 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.google.com www.youtube.com cdn.cookielaw.org www.youtube-nocookie.com snap.licdn.com connect.facebook.net b2b.intrum.com b2b.intrum.fi b2b.intrum.dk track.adform.net googleads.g.doubleclick.net pi.pardot.com www.gstatic.com *.intrum.com *.hotjar.com *.inzynk.io *.lfeeder.com *.leadfeeder.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com; object-src 'none'; img-src * 'self' data:; worker-src 'self' data: blob:; 4 img-src * data:; font-src * data:; connect-src *; form-action *; default-src 'self'; object-src *; media-src *; child-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; 4 default-src *.cloudflare.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 4 connect-src 'self' *.google.com *.google-analytics.com *.disqus.com disqus.com *.disquscdn.com *.addthis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.rlcdn.com 4 default-src 'self'; base-uri 'self'; form-action 'self' https://forms.hsforms.com https://forms.hsforms.net; frame-ancestors 'self'; frame-src 'self' https://polaris.brighterir.com https://www.google.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://player.vimeo.com https://cdn.cookielaw.org https://privacyportal.onetrust.com; connect-src 'self' https://js.zi-scripts.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com https://analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://api.usemessages.com https://*.vimeo.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.zi-scripts.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.licdn.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googleapis.com https://js.usemessages.com https://player.vimeo.com https://cdn.cookielaw.org https://privacyportal.onetrust.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hsappstatic.net; img-src 'self' data: blob: https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hubspotusercontent00.net https://*.hubspotusercontent-na1.net https://*.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://ssl.gstatic.com https://*.vimeo.com https://cdn.cookielaw.org; font-src 'self' data: https://fonts.gstatic.com https://*.hsappstatic.net; media-src 'self' blob: data: https://*.hubspotusercontent00.net https://*.vimeo.com; worker-src 'self' blob:; upgrade-insecure-requests; 4 frame-ancestors 'self' https://*.storyblok.com; 4 default-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; frame-ancestors * 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: cdn.intersport.serv.si www.intersport.si www.intersport.hr www.intersport.ba www.intersport.me intersport.si preview.ssgtm.intersport.si ssgtm.intersport.si appleid.cdn-apple.com/appleauth/ applepay.cdn-apple.com apple-pay-gateway.apple.com *.cookiebot.com cdnjs.cloudflare.com ajax.googleapis.com fcm.googleapis.com fonts.googleapis.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.googleoptimize.com maps.googleapis.com maps.gstatic.com fonts.gstatic.com www.gstatic.com *.google.com google.com www.google.si www.google.de googleads.g.doubleclick.net stats.g.doubleclick.net omara.cdn-cnj.si img.cdn-cnj.si cpx.smind.si cpx.smind.hr chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com *.paypal.com www.paypal.com www.paypalobjects.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com *.mercator.si maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz www.pimcore.org yoast.com *.braintreegateway.com *.braintree-api.com *.segmentify.com cdn.sgmntfy.com api.instacloud.io *.fna.fbcdn.net *.vimeo.com i.vimeocdn.com my.matterport.com my.mpskin.com graph.instagram.com *.cdninstagram.com cdn.crobox.io api.crobox.com pagead2.googlesyndication.com region1.google-analytics.com td.doubleclick.net cm.g.doubleclick.net firebaseinstallations.googleapis.com rt.udmserve.net fibbl.com *.fibbl.com fibblar.com *.fibblar.com; frame-ancestors 'self' blob: https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.ba https://vr.intersport.me; 4 default-src 'self' *.amazonaws.com;media-src 'self' *.amazonaws.com data: *.ace.teliacompany.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;style-src 'self' 'unsafe-inline' *.teliacompany.com *.google.com *.humany.net *.googleapis.com *.gstatic.com *.amazonaws.com;connect-src 'self' *.google-analytics.com *.linkedin.com *.googletagmanager.com *.amazonaws.com *.humany.net *.google.com *.google.se *.resursbank.se *.resursbank.no *.resursbank.dk *.resursbank.fi *.resurs.com *.integration.resurs.com *.doubleclick.net *.googleapis.com *.amplitude.com *.teliacompany.net *.resurs.loc *.ellos.resursbank.24hr.se wss://*.resurs.se wss://*.resurs.fi wss://*.resurs.dk wss://*.resurs.no *.hotjar.io *.hotjar.com wss://*.hotjar.com wss://*.hotjar.io widget.datablocks.se *.taboola.com *.bing.com *.bing.net *.mfn.se *.googlesyndication.com;form-action 'self';frame-ancestors 'self';frame-src 'self' *.youtube.com player.vimeo.com *.google.com *.teliacompany.com resurs.onfluid.dk *.doubleclick.net *.office365.com *.googletagmanager.com *.resursbank.se *.resursbank.no *.resursbank.dk *.resursbank.fi;child-src 'self';font-src * data:;object-src 'none';manifest-src 'self' 'unsafe-inline' data:;upgrade-insecure-requests 4 frame-ancestors 'self' https://wdgt.dathuis.nl; 4 default-src wss: https: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; font-src https: data:;img-src https: data:; 4 connect-src http://ip-api.com/ 'self' https: data: 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.clarity.ms *.bing.com *.smooch.io smooch.io https://*.mobinterier.com https://googleapis.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://biano.sk https://*.biano.sk https://biano.cz https://*.biano.cz https://biano.hu https://*.biano.hu https://biano.ro https://*.biano.ro https://biano.hr https://*.biano.hr https://prefixbox.com https://*.prefixbox.com https://gstatic.com https://*.gstatic.com https://novynabytok.sk https://*.novynabytok.sk https://hezkynabytek.cz https://*.hezkynabytek.cz https://zondo.hu https://*.zondo.hu https://zondo.ro https://*.zondo.ro https://zondo.hr https://*.zondo.hr https://*.zdassets.com https://*.zopim.com https://prefixbox.com https://*.prefixbox.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://google-analytics.com https://*.google-analytics.com https://clarity.ms https://*.clarity.ms https://*.doubleclick.net https://*.imedia.cz https://*.seznam.cz https://chimpstatic.com https://google.com https://*.google.com https://google.sk https://*.google.sk https://google.cz https://*.google.cz https://google.hu https://*.google.hu https://google.ro https://*.google.ro https://google.hr https://*.google.hr https://google.fr https://*.google.fr https://t.co https://google.de https://*.google.de https://googleadservices.com https://*.googleadservices.com https://*.zopim.io https://meblemirjan.pl https://*.meblemirjan.pl https://youtube.com https://*.youtube.com https://creativecdn.com https://*.creativecdn.com https://zendesk.com https://*.zendesk.com https://sentry.io https://*.sentry.io https://*.amio.io *.getsitecontrol.com https://*.facebook.net https://www.facebook.com/ https://*.mailchimp.com https://*.list-manage.com https://*.cloudfront.net https://*.amazonaws.com https://*.ecomailapp.cz https://scaleflex.cloudimg.io https://*.cloudflareinsights.com https://*.ads-twitter.com https://analytics.twitter.com/ https://*.favicdn.net https://*.favicdn.sk https://*.favicdn.cz https://*.favicdn.hu https://*.favicdn.ro https://*.favicdn.hr https://*.favi.sk https://*.favi.cz https://*.favi.hu https://*.favi.ro https://*.favi.hr https://*.twimg.com https://analytics.x.com https://api.twitter.com https://api.x.com https://platform.twitter.com https://platform.x.com https://syndication.twitter.com https://syndication.x.com https://x.com https://twitter.com https://*.cloudflare.com https://*.zbozi.cz 4 frame-ancestors 'self' pages.sitecorecloud.io; 4 img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data: 4 default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 4 frame-ancestors "none" 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4 default-src * 'unsafe-inline' 'unsafe-eval'; 4 frame-ancestors https://matomo.druide.com; 4 default-src https://www.youtube-nocookie.com https://www.google.com/ https://storage.googleapis.com 'self'; connect-src wss://ws-eu.pusher.com wss://sage.kindly.ai https://ib.adnxs.com https://www.google.com https://f.clarity.ms https://www.clarity.ms https://consent.app.cookieinformation.com https://policy.app.cookieinformation.com https://adressesok.posten.no https://cdn.jsdelivr.net https://in3.taskanalytics.com https://js.arcgis.com https://www.arcgis.com https://basemaps.arcgis.com https://cdn.arcgis.com https://static.arcgis.com https://utility.arcgis.com https://services.geodataonline.no https://vector.services.geodataonline.no https://geocode.arcgis.com https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/ https://posten-bring.force.com https://posten-bring.my.site.com https://posten-bring--crmfull.sandbox.my.site.com https://livestats.kaltura.com https://pagead2.googlesyndication.com https://klive.kaltura.com https://chat.kindlycdn.com https://bot.kindly.ai https://sage.kindly.ai https://ws-eu.pusher.com https://sockjs-eu.pusher.com https://storage.googleapis.com https://api.uxsignals.com https://api-us.mida.so 'self'; base-uri 'self'; form-action https://tracking.bring.com https://tracking.bring.dk https://tracking.bring.se https://sporing.bring.no https://sporing.posten.no https://tracking.qa.bring.com https://tracking.qa.bring.dk https://tracking.qa.bring.se https://sporing.qa.bring.no https://sporing.qa.posten.no wss://ws-eu.pusher.com wss://sage.kindly.ai 'self'; script-src https://f.clarity.ms https://www.clarity.ms https://unpkg.com https://cdnapisec.kaltura.com https://in3.taskanalytics.com https://cdnapi.kaltura.com https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://player.vimeo.com https://posten-bring.force.com https://posten-bring.my.site.com https://posten-bring--crmfull.sandbox.my.site.com https://widget.trustpilot.com https://www.youtube.com https://chat.kindlycdn.com https://widget.uxsignals.com https://cdn.mida.so 'unsafe-inline' 'unsafe-eval' 'self'; frame-src https://www.google.com https://www.googletagmanager.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://www.gstatic.com https://player.vimeo.com/ https://www.youtube-nocookie.com https://form.typeform.com https://policy.app.cookieinformation.com https://widget.trustpilot.com https://td.doubleclick.net https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com; object-src 'none'; img-src * data: blob:; style-src 'unsafe-inline' * ; font-src * data; worker-src blob:; media-src blob: https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://www.kaltura.com https://storage.googleapis.com 4 default-src 'self' *.visualwebsiteoptimizer.com app.vwo.com www.youtube.com www.youtube-nocookie.com *.gstatic.com *.google.com *.doubleclick.net *.google-analytics.com; script-src 'self' app.tolkie.nl cdn.tolkie.nl 'unsafe-inline' 'unsafe-eval' blob: static.hsappstatic.net feedback-eu1.hubapi.com feedback.hubapi.com *.hubspotfeedback.com *.hs-scripts.com uwzorgonline.nl *.hubspot.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net static.hsappstatic.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.usemessages.com *.hs-banner.com *.doubleclick.net *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.googleoptimize.com *.googletagmanager.com *.zoho.eu *.maillist-manage.eu maillist-manage.eu cdn.pushcrew.com; style-src * 'unsafe-inline' app.tolkie.nl cdn.tolkie.nl uwzorgonline.nl *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com cdn2.hubspot.net *.googletagmanager.com fonts.googleapis.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; frame-src app.tolkie.nl cdn.tolkie.nl app-eu1.hubspot.com *.hsforms.net *.hsforms.com *.hs-banner.com *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com *.hubspot.net play.hubspotvideo.com play-eu1.hubspotvideo.com youtube.com www.youtube.com *.google.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com; connect-src 'self' api.tolkie.nl https://app.tolkie.nl https://cdn.tolkie.nl *.hubapi.com *.hscollectedforms.net *.hsforms.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.doubleclick.net *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com region1.google-analytics.com *.google.com; img-src 'self' app.tolkie.nl cdn.tolkie.nl uwzorgonline.nl *.hsforms.net *.hsforms.com js.hscta.net js-eu1.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com *.googletagmanager.com app.vwo.com useruploads.vwo.io cdn.pushcrew.com api.media.atlassian.com uwzorgonline.atlassian.net data: *.uwzorgonline.nl uwzorgonline.nl *.gravatar.com *.google-analytics.com; font-src 'self' data: app.tolkie.nl cdn.tolkie.nl *.gstatic.com fonts.googleapis.com; object-src 'none'; frame-ancestors 'self' *.visualwebsiteoptimizer.com app.vwo.com; child-src *.hsforms.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com; worker-src 'self' blob: 4 default-src http: data: 'unsafe-inline' 'unsafe-eval' 4 object-src 'self' data: 4 frame-ancestors 'self' https://t.easystreetrealty.com http://t.easystreetrealty.com https://t.highgarden.com http://t.highgarden.com 4 frame-ancestors 'self' https://training.lynxbroker.de 4 frame-ancestors 'self' *.alineops.com; 4 frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr *.mapfre.cr; 4 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.gammagroup.co *.leadinfo.net *.messengerpeople.com *.clarity.ms *.jsdelivr.net ipecs-engage-admin-prod-tpnjp2gz4q-ew.a.run.app rest.ably.io internet-up.ably-realtime.com answer.engage.cosoft.co.uk one1.ipecs-cloud.co.uk *.cosoft.co.uk *.sopro.io *.cookiebot.com *.yolawo.de *.teads.tv teads.tv *.adnxs.com *.fullstory.com *.zi-scripts.com gstatic.com www.gstatic.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com wpmudev.com *.metadata.io metadata.io *.6sc.co *.wpengine.com *.youtube.com *.vimeo.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hscta.net *.hs-analytics.net *.wistia.com *.wistia.net *.cloudfront.net *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.co.uk *.google.dk *.google.com *.googlesyndication.com *.doubleclick.net *.hotjar.com *.facebook.net *.twitter.com *.twimg.com *.litix.io *.yoast.com yoast.com *.clicktale.net *.cloudflare.com *.helpforsmartphone.com *.usemessages.com *.licdn.com *.linkedin.com *.pardot.com *.gamma.co.uk *.luckyorange.net *.luckyorange.com *.qualified.com *.ampproject.org *.bing.com *.nitrocdn.com nitropack.io nitroscripts.com *.mutinycdn.com *.adroll.com *.zoominfo.com *.clickagy.com; connect-src 'self' 'unsafe-inline' *.leadinfo.com *.leadinfo.net *.messengerpeople.com *.sinch.com *.msgp.pl api.ipify.org ipecs-engage-admin-prod-tpnjp2gz4q-ew.a.run.app rest.ably.io internet-up.ably-realtime.com answer.engage.cosoft.co.uk one1.ipecs-cloud.co.uk *.clickagy.com *.clarity.ms *.bing.com *.bing.net facebook.com *.sopro.io *.googlesyndication.com *.cookiebot.com *.metadata.io metadata.io *.yolawo.de *.teads.tv teads.tv *.zi-scripts.com google.com noembed.com *.plyr.io *.linkedin.com *.sleeknote.com cdnjs.cloudflare.com fonts.googleapis.com images.sleeknote.com sleeknotestaticcontent.sleeknote.com sleeknotecustomerscripts.sleeknote.com wpmudev.com *.6sc.co *.fullstory.com *.mutinycdn.com *.mutinyhq.io *.wpengine.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.akamaihd.net *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.google.com *.google.co.uk *.google.fi *.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.net *.litix.io *.yoast.com yoast.com ws.zoominfo.com wss://*.luckyorange.net wss://*.luckyorange.com *.luckyorange.net *.pardot.com *.luckyorange.com wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ *.visitors.live *.socket.io *.qualified.com wss://*.qualified.com *.twiliocdn.com *.twilio.com wss://*.twilio.com *.apps.gamma.co.uk *.ampproject.org wss://*.visitors.live *.adnxs.com *.nitrocdn.com *.getnitropack.com nitropack.io nitroscripts.com; style-src 'self' 'unsafe-inline' data: sleeknotestaticcontent.sleeknote.com *.jsdelivr.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.twitter.com *.twimg.com *.qualified.com *.typekit.net *.nitrocdn.com; font-src 'self' data: fonts.gstatic.com sleeknotestaticcontent.sleeknote.com *.mutinycdn.com *.wpengine.com *.bootstrapcdn.com *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.slideshare.net *.slidesharecdn.com *.qualified.com *.typekit.net *.gamma.co.uk *.wearegamma.co.uk *.nitrocdn.com *.adroll.com; frame-src 'self' blob: data: 'unsafe-inline' clarity.microsoft.com *.googletagmanager.com *.statuspage.io *.gammagroup.co *.office.com *.circleloop.com *.cookiebot.com *.yolawo.de *.teads.tv *.maptive.com *.linkedin.com *.wpengine.com *.hsforms.com *.pardot.com *.hsforms.net *.vimeo.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.twitter.com *.slideshare.net *.helpforsmartphone.com *.googlesyndication.com *.google.se *.google.com *.youtube.com *.hubspot.com *.qualified.com *.mobilethink.net *.instagram.com; child-src 'self' blob: 'unsafe-inline' *.mutinycdn.com *.wpengine.com *.wistia.com *.wistia.net *.gamma.co.uk *.hotjar.com *.litix.io *.doubleclick.net *.facebook.net *.yoast.com yoast.com *.cloudfront.net *.flife.de *.investis.com *.three.co.uk *.apnsettings.mobi *.slideshare.net *.qualified.com; media-src * blob: *.wpengine.com *.bing.net *.wistia.com *.wistia.net *.hotjar.com *.yoast.com yoast.com *.cloudfront.net *.akamaihd.net *.qualified.com *.sleeknote *.nitrocdn.com; object-src 'self' *.cloudfront.net; img-src 'self' data: blob: 'unsafe-inline' *.cookiebot.com *.clarity.ms *.clickagy.com claritystatic.blob.core.windows.net *.youtube.com i.ytimg.com *.yolawo.de *.teads.tv teads.tv *.adxns.com *.edkt.io sleeknotestaticcontent.sleeknote.com analytics.sleeknote.com *.6sc.co *.mutinycdn.com *.wpengine.com *.wp.com *.yoast.com yoast.com *.cloudfront.net *.pardot.com *.hubspot.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.wistia.com *.wistia.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.google.com google.com *.google.co.uk *.google.se *.google.ae *.google.nl *.google.es *.google.ie *.google.lv *.googleapis.com *.wpmudev.org *.adroll.com *.doubleclick.net *.hotjar.com *.akamaihd.net *.rubiconproject.com *.advertising.com *.facebook.com *.twitter.com *.twimg.com *.casalemedia.com *.outbrain.net *.outbrain.com *.pubmatic.net *.pubmatic.com *.taboola.net *.taboola.com *.yahoo.com *.bidswitch.net *.openx.net *.adnxs.com *.digitru.st *.3lift.com *.adsymptotic.com *.rundsp.com *.bidr.io *.w55c.net *.adsrvr.org *.placelocal.com *.demdex.net *.nexac.com *.gravatar.com *.bing.com *.mathtag.com *.yume.com *.liadm.com *.exelator.com *.turn.com *.undertone.com *.tidaltv.com *.w.org *.everesttech.net *.pippio.com *.eyeviewads.com *.mxptint.net *.cardlytics.com *.ml314.com *.crwdcntrl.net *.simpli.fi *.addthis.com *.insightexpressai.com *.entitytag.co.uk *.rfihub.com *.adlucent.com qualified-production.s3.amazonaws.com *.qualified.com *.linkedin.com *.scatec.io *.nitrocdn.com *.nitropack.io *.getnitropack.com; 4 default-src data: 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 4 default-src 'self'; script-src 'report-sample' 'self' https://contentkit.t-mobile.com https://hu.us4.list-manage.com/ https://www.youtube.com/iframe_api 'unsafe-inline'; base-uri 'self'; style-src 'report-sample' 'self' 'unsafe-inline'; img-src 'self' data: blob: https://contentkit.t-mobile.com https://t-mobile.scene7.com https://cdn.shopify.com https://images.prismic.io https://cbbhbarr.api.sanity.io https://cdn.sanity.io https://images.unsplash.com; connect-src 'self' https://*.mapbox.com/ https://*.t-mobile.com https://dev-checkout.humane.com https://carry-checkout.humane.com https://checkout.humane.com https://webapi.dev.humane.cloud https://webapi.carry.humane.cloud https://webapi.prod.humane.cloud https://support.humane.com https://cbbhbarr.api.sanity.io wss://cbbhbarr.api.sanity.io https://images.unsplash.com https://*.myshopify.com https://boards-api.greenhouse.io; manifest-src 'self'; font-src 'self' https://assets.vercel.com https://hp-iq.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com/ https://beta.hp-iq.com https://dev.hp-iq.com https://carry.hp-iq.com https://hp-iq.com; media-src 'self' https://humane-content.cdn.prismic.io https://prismic-io.s3.amazonaws.com/humane-content/ https://bgtyb5tggz7dcsgj.public.blob.vercel-storage.com; object-src 'none'; worker-src blob:; frame-ancestors 'self'; form-action 'self' 4 default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ad.doubleclick.net performance.autofintech.link my.advertisingmarketplace.ai www.googleadservices.com googleads.g.doubleclick.net tags.srv.stackadapt.com bat.bing.com bat.bing.net dpm.demdex.net www.google-analytics.com googleads.g.doubleclick.net adservice.google.* pagead2.googlesyndication.com api.ipify.org px.ads.linkedin.com *.outbrain.com *.akamaihd.net *.akstat.io *.analytics.google.com *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com cdn.linkedin.oribi.io s.yimg.com *.report.gbss.io cdn.gbqofs.com api.fundpress.io api-uk.kurtosys.app assets.adobedtm.com cdn.cookielaw.org cm.everesttech.net geolocation.onetrust.com mandg.scene7.com privacyportal-de.onetrust.com search-api.swiftype.com smetrics.mandg.com stats.g.doubleclick.net prudentialdistributi.tt.omtrdc.net policylookup.mandg.com pdx-col.eum-appdynamics.com api.pru.co.uk www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat analytics.google.com adservice.google.com prudential.distribution.team.prudential.co.uk cas.zma.gs c.zmags.com fml-x.com *.fundslibrary.net dc.services.visualstudio.com *.googlesyndication.com; font-src 'self' data: fonts.gstatic.com api.fundpress.io fonts.gstatic.com use.typekit.net at.alicdn.com images.getfastr.com; form-action 'self' wwwx.pruadviser.co.uk; frame-ancestors 'self' mypru.pru.co.uk www.mymandg.co.uk *.fundslibrary.co.uk www.platformservices.co.uk www.mandg.com; frame-src 'self' googleads.g.doubleclick.net ad.doubleclick.net www.mandg.com interactive.mandg.com *.demdex.net *.pruadviser.co.uk www.brighttalk.com digitalsecure.mandg.com forms.mymandg.co.uk securedigital.wealth.mandg.com securedigital.pru.mandg.com securedigital.prudential.co.uk secure.digital.mandg.com www.google.com irpages2.equitystory.com insight.adsrvr.org infogram.com e.infogram.com match.adsrvr.org mandg.fidainformatica.it mandg.videomarketingplatform.co mandg-podcast.videomarketingplatform.co prudential.videomarketingplatform.co recaptcha.google.com assets.ceros.com media.ceros.com view.ceros.com www.youtube-nocookie.com igccharges.mandg.com *.doubleclick.net adclick.g.doubleclick.net sustainabilityprofiletool.mandg.com api.pru.co.uk digital-api.dg.pru.co.uk open.spotify.com wwwx.pruadviser.co.uk flo.uri.sh contentcontrol.api.zmags.com cas.zma.gs *.t.eloqua.com *.googletagmanager.com; img-src 'self' data: googleads.g.doubleclick.net www.google.com www.google.co.uk www.googleadservices.com tags.srv.stackadapt.com bat.bing.com bat.bing.net googleads.g.doubleclick.net www.google-analytics.com googleads.g.doubleclick.net prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co fonts.googleapis.com *.akstat.io *.demdex.net *.google-analytics.com *.googletagmanager.com ad.doubleclick.net api.fundpress.io api-uk.kurtosys.app adservice.google.com assets.adobedtm.com cdn.cookielaw.org cm.everesttech.net www.google.com www.google.co.uk i.ytimg.com mandg.scene7.com smetrics.mandg.com ttcontacts.com 797110.global.siteimproveanalytics.io insight.adsrvr.org *.wealth.mandg.com lantern9.mandg.com lanternmg.mandg.com sp.analytics.yahoo.com www.facebook.com px.ads.linkedin.com www.google.co.in www.linkedin.com privacy-digital.mandg.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat wwwx.pruadviser.co.uk public.flourish.studio img.creator-prod.zmags.com cas.zma.gs images.getfastr.com getfastr.com zmags.com c.zmags.com mypru.pru.co.uk analytics.twitter.com fonts.gstatic.com mandg.videomarketingplatform.co report.23video.com delivery.twentythree.com www.fundslibrary.co.uk fcscdn.broadridge.com; media-src data: blob: mandg.scene7.com mandg.videomarketingplatform.co mandg-podcast.videomarketingplatform.co prudential.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' performance.autofintech.link tags.srv.stackadapt.com bat.bing.com bat.bing.net tags.tiqcdn.com www.googletagservices.com securepubads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com *.siteintercept.qualtrics.com *.outbrain.com *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.report.gbss.io assets.adobedtm.com api.fundpress.io api-uk.kurtosys.app cdn.cookielaw.org cdn.gbqofs.com www.brighttalk.com cm.everesttech.net e.infogram.com geolocation.onetrust.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com js.adsrvr.org mandg.scene7.com report.23video.com siteimproveanalytics.com connect.facebook.net img.en25.com snap.licdn.com fml-x.com assets.ceros.com media.ceros.com view.ceros.com www.mandg.com; script-src-elem 'self' 'unsafe-inline' performance.autofintech.link tags.srv.stackadapt.com bat.bing.com bat.bing.net pagead2.googlesyndication.com prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co *.demdex.net *.go-mpulse.net *.google-analytics.com *.googletagmanager.com *.report.gbss.io assets.adobedtm.com api.fundpress.io api-uk.kurtosys.app cdn.cookielaw.org cdn.gbqofs.com www.brighttalk.com cm.everesttech.net e.infogram.com geolocation.onetrust.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com js.adsrvr.org mandg.scene7.com report.23video.com siteimproveanalytics.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com img.en25.com connect.facebook.net snap.licdn.com s.yimg.com assets.ceros.com media.ceros.com view.ceros.com privacy-digital.mandg.com infogram.com prudential.distribution.team.prudential.co.uk public.flourish.studio cas.zma.gs getfastr.com zmags.com tr.outbrain.com wave.outbrain.com amplify.outbrain.com static.ads-twitter.com mandg.videomarketingplatform.co fml-x.com www.mandg.com fcscdn.broadridge.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.googleapis.com mandg.scene7.com; style-src-elem 'self' 'unsafe-inline' tags.srv.stackadapt.com prudential.videomarketingplatform.co mandg-podcast.videomarketingplatform.co fonts.googleapis.com mandg.scene7.com use.typekit.net p.typekit.net prudential.distribution.team.prudential.co.uk cas.zma.gs mandg.videomarketingplatform.co fcscdn.broadridge.com; worker-src 'self' blob:; base-uri 'self'; upgrade-insecure-requests; report-uri /csp/log 4 frame-ancestors accounts.shopbase.com:443 legacy-templates.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 templates-test.shopbase.com:443 new-templates.shopbase.com:443 themes.shopbase.com:443 *.onshopbase.com:443 *.shopbase.net.cn:443 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://framerusercontent.com https://*.framer.com https://framer.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://framerusercontent.com; img-src 'self' data: https: blob:; font-src 'self' data: https://fonts.gstatic.com https://framerusercontent.com; connect-src 'self' https://*.framer.com https://framer.com https://framerusercontent.com; frame-src 'self' https:; media-src 'self' https: blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests 4 default-src 'self' blob: about:; img-src 'self' 'unsafe-eval' data: blob: about: stats.g.doubleclick.net *.trbo.com *.gstatic.com *.google.de *.google.com *.youtube.com *.amazonaws.com *.bing.com *.clarity.ms photoservice.cloud *.google-analytics.com *.cdninstagram.com *.saal-digital.net *.saal-digital.com *.saal-digital.de *.photo-portal.shop *.googleusercontent.com *.paypal.com *.paypalobjects.com *.hotjar.com *.facebook.com *.ytimg.com *.cookiepro.com *.bing.net *.usercentrics.eu; script-src 'self' 'unsafe-eval' 'unsafe-inline' about: *.trbo.com *.saal-digital.net *.photo-portal.shop *.clarity.ms *.bing.com *.hotjar.com *.facebook.net blob: about: *.cookiepro.com *.amazonaws.com photoservice.cloud *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.google.com *.paypalobjects.com *.paypal.com *.sovendus.com *.googleapis.com *.usercentrics.eu; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.eu-central-1.amazonaws.com *.eu-central-1.amazonaws.com photoservice.cloud *.cookiepro.com fonts.googleapis.com *.hotjar.com *.saal-digital.net *.sovendus.com *.usercentrics.eu; font-src 'self' *.amazonaws.com photoservice.cloud oam-software.com *.ssw-software.com *.gstatic.com *.paypalobjects.com *.hotjar.com; connect-src 'self' data: blob: about: google.com *.dropboxapi.com *.eu-central-1.amazonaws.com photoservice.cloud *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cookiepro.com *.googleusercontent.com *.saal-digital.net *.photo-portal.shop *.saal-digital.net *.amazoncognito.com *.paypal.com *.clarity.ms *.bing.com *.bing.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sovendus.com *.usercentrics.eu; frame-src *; object-src 'none'; 4 connect-src 'self' *.fontawesome.com *.yimg.com *.google-analytics.com *.doubleclick.net rest-api.e-shot.net bat.bing.com terryberry.force.com *.omappapi.com z.omappapi.com a.omappapi.com api.omappapi.com *.nr-data.net *.terryberry.com secure.agile-company-365.com idx.liadm.com *.clickagy.com *.zoominfo.com *.hu-manity.co onesignal.com *.onesignal.com cdn.linkedin.oribi.io *.duosecurity.com terryberry.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com terryberry.my.site.com *.clickcease.com pagead2.googlesyndication.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.ads.linkedin.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.tag.unifyintent.com *.selectsoftwarereviews.com *.zi-scripts.com *.unifyintent.com unifyintent.com *.google.com google.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; default-src 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' data: *.fontawesome.com fonts.gstatic.com *.hu-manity.co *.duosecurity.com terryberry.com *.terryberry.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; frame-src 'self' bid.g.doubleclick.net service.force.com www.facebook.com go.pardot.com *.youtube.com storage.pardot.com terryberry.com *.terryberry.com player.vimeo.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com td.doubleclick.net *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.googletagmanager.com *.zi-scripts.com *.tag.unifyintent.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; img-src 'self' 'unsafe-inline' terryberry.com *.terryberry.com *.gravatar.com *.linkedin.com *.bing.com *.analytics.yahoo.com *.google.com *.google.co.uk *.google.de *.facebook.com *.google-analytics.com live-terryberry.pantheonsite.io p.adsymptotic.com go.pardot.com *.doubleclick.net i.ytimg.com *.omappapi.com *.googletagmanager.com *.clickagy.com *.rlcdn.com *.demdex.net *.crwdcntrl.net *.agkn.com *.bluekai.com pixel-sync.sitescout.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.my.site.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com *.clickcease.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com trustpulse.s3.amazonaws.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.tag.unifyintent.com *.googleadservices.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; media-src 'self' 'unsafe-inline' *.terryberry.com *.duosecurity.com terryberry.com data: *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.zi-scripts.com *.tag.unifyintent.com *.unifyintent.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.pantheonsite.io *.360recognition.com *.giveawow.com *.youtube.com *.google.com *.google-analytics.com *.googleapis.com use.fontawesome.com kit.fontawesome.com www.googletagmanager.com service.force.com terryberry.my.salesforce.com bat.bing.com *.googleadservices.com snap.licdn.com tracking.g2crowd.com s.yimg.com connect.facebook.net pi.pardot.com *.salesforceliveagent.com *.doubleclick.net signup.es-mail.co.uk ajax.googleapis.com static.lightning.force.com terryberry.force.com *.omappapi.com *.googleoptimize.com *.adservice.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.terryberry.com secure.agile-company-365.com player.vimeo.com *.zoominfo.com *.clickagy.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com *.clickcease.com *.trstplse.com *.trustpulse.com *.chilipiper.com cdnjs.cloudflare.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com unpkg.com/vue@3/dist/vue.global.js unpkg.com/vue@3/ *.tag.unifyintent.co *.tag.unifyintent.com *.selectsoftwarereviews.com *.zi-scripts.com *.terryberry.com *.unifyintent.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net *.hsforms.net; style-src 'self' 'unsafe-inline' *.pantheonsite.io *.fontawesome.com service.force.com terryberry.force.com fonts.googleapis.com *.omappapi.com *.terryberry.com secure.agile-company-365.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com *.tag.unifyintent.co *.selectsoftwarereviews.com *.unifyintent.com *.hubspot.com *.hsforms.com *.hsappstatic.net *..hscollectedforms.net *.hs-banner.com *.hs-sites.com *.hubapi.com *.hs-analytics.net *.hs-scripts.com *.hsadpixel.net *.hsforms.net; worker-src 'self' 'unsafe-inline' *.terryberry.com terryberry.com blob: data:; 4 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 4 base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://lht.mindbreeze.com https://code.etracker.com https://app.usercentrics.eu/ https://www.etracker.de/; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 4 default-src 'none'; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 4 frame-ancestors 'none'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests 4 frame-ancestors 'self' *.logo.pt *.force.com *.tranquilidade.cst *.tranquilidade.pt *.generalitranquilidade.pt *.t-vida.pt *.tranquilidade.co.ao *.tranquilidadeseguros.co.mz *.facebook.net *.facebook.com *.advancecare.pt *.vitorinos.pt 4 default-src 'self' 'unsafe-inline' 'unsafe-hashes' * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' * ; connect-src 'self' * ; img-src 'self' data: * ; style-src 'self' * 'unsafe-inline' ; 4 img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschaftermarket.com *.dxtservice.com *.bosch.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.nr-data.net *.youtube.com *.translate.google.com *.startengo.dev *.startengo.fr mapb.boschaftermarket.com mapb.boschaftermarket.fr; object-src 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.kaltura.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.googleapis.com https://maps.gstatic.com https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io https://alarmeringsapp.like.st; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.kaltura.com https://platform.twitter.com https://connect.facebook.net https://*.googleapis.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.googleapis.com https://hosting.img.dk; img-src 'self' 'unsafe-inline' data: https://*.kaltura.com https://*.twimg.com https://*.ggpht https://maps.gstatic.com https://maps.google.com https://hosting.img.dk https://*.siteimproveanalytics.io; frame-src 'self' 'unsafe-inline' https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://facebook.com https://*.facebook.com https://*.google.com https://www.dmi.dk https://surveys.enalyzer.com https://white-meadow-0e5747a03.3.azurestaticapps.net; font-src 'self' https://dhm5hy2vn8l0l.cloudfront.net https://cdnapisec.kaltura.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 4 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; worker-src 'self' blob:; connect-src 'self' https: wss: http://localhost:3000 http://127.0.0.1:3000; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: *; font-src 'self' *.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://web.telegram.org https://telegram.org; frame-src *; upgrade-insecure-requests; 4 object-src 'none'; frame-ancestors 'none' 4 frame-ancestors 'self' https://www.ringier-advertising.ch https://cms.ringiermedienschweiz.ch https://blumen.palantirfoundry.de https://*.ringpublishing.com ; 4 script-src https: 'unsafe-eval' 'unsafe-inline' *.ngsapps.net *.intngsapps.net; worker-src blob: https: 'unsafe-eval' 'unsafe-inline' *.ngsapps.net *.intngsapps.net; 4 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: blob: https://*; worker-src 'self' blob:; font-src 'self' data: https://*; 4 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com login.microsoftonline.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-JfJ82reKxtqugVbfRGw/O/1x1Lm1I09rHueXSwvbRws=' 'sha256-BbV1i75oYRtLtfDWs7tnA8QLF5EOO1dVHKL0prVd/fQ=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=d 4 frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com https://*.ampproject.org 4 frame-ancestors 'self' weleda.sabio.de 4 default-src 'self' *.aptaclub.de/ *.aptaclub.ch/ *.aptaclub.at/ *.activia.de/ *.danone-dany.de/ *.fruchtzwerge.at/ *.milupa.de/ *.milupa.at/ *.nutricia.de/ *.provamel.de/ *.badoit.ch/ *.volvic.de/ *.volvic.ch/ *.yopro.de/ *.typeform.com/ *.salesforce-scrt.com/ *.adsrvr.org/ *.danonino.ch/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.adobeaemcloud.com/ *.youtube.com/ https://app.chargebee.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.aptaclub.de/ *.bittesehr.net/ *.trustedshops.com/ *.danone-activia.ch/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.my.site.com/ *.comdirect.de/ *.force.com/ *.salesforce-sites.com/ https://vimeo.com/ *.blueconic.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; style-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.activia.de/ *.milupa.de/ *.milupa.at/ *.provamel.de/ *.salesforce-scrt.com/ *.danonino.ch/ *.badoit.ch/ *.nutricia.de/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.aptaclub.ch/ *.aptaclub.de/ *.aptaclub.de/ *.volvic.ch/ *.volvic.de/ *.yopro.de/ *.typeform.com/ *.my.salesforce-sites.com *.tiktok.com *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.youtube.com youtube.com https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.chargebee.com/ *.danone-dany.de/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.live2support.com/ *.lpsnmedia.net/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ *.focusgames.co.uk/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.pinimg.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.danone-activia.ch/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.salesforce-sites.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ https://start.video-stream-hosting.de/ *.nutriciaflocare.com/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline'; script-src 'self' *.typeform.com/ https://js.adsrvr.org/ https://www.redditstatic.com/ https://c.amazon-adsystem.com/aat/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.badoit.ch/ *.danonino.ch/ *.salesforce-scrt.com/ *.nutricia.de/ *.milupa.at/ *.activia.de/ *.yopro.de/ sgtm.volvic.de/ sgtm.volvic.ch/ sgtm.provamel.de/ sgtm.danone-dany.de/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ https://js-agent.newrelic.com/ *.my.salesforce-sites.com *.licdn.com *.usercentrics.eu *.tiktok.com *.monitor.azure.com/ https://s7g10.scene7.com/ *.teads.tv/ *.danone-activia.ch/ *.youtube.com/ *.channelsight.com/ *.typekit.net/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.salesforceliveagent.com/ *.force.com/ *.salesforce.com/ *.squarelovin.com/ https://squarelovin.com/ https://app.chargebee.com/ *.paypal.com/ *.nxtck.com/ *.googlesyndication.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.hotjar.com/ *.focusgames.co.uk/ *.outbrain.com/ *.google.com.ph/ *.google.co.in/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.aptaclub.at/ *.milupa.at/ *.aptaclub.ch/ *.milupa.ch/ *.aptaclub.com.vn/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ *.widgets.trustedshops.com/ www.youtube.com *.analytics.google.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.salesforce-sites.com/ *.linkedin.oribi.io/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.typeform.com/ *.reddit.com/ *.redditstatic.com/ *.alb.reddit.com/ *.activia.de/ sgtm.provamel.de/ https://sync.targeting.unrulymedia.com/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.badoit.ch/ *.actimel.fr/ *.salesforce-scrt.com/ *.adsrvr.org/ *.danone-activia.ch/ *.yopro.de/ https://sgtm.volvic.de/ https://sgtm.volvic.ch/ https://sgtm.danone-dany.de/ https://sync.1rx.io/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.sync.1rx.io/ *.usercentrics.eu https://www.aptaclub.de/ *.aptaclub.de/ https://www.aptaclub.at/ *.aptaclub.at/ https://www.aptaclub.ch/ *.aptaclub.ch/ https://www.nutricia.de/ *.nutricia.de/ https://www.danonino.ch/ *.danonino.ch/ https://www.fruchtzwerge.at/ *.fruchtzwerge.at/ https://www.fruchtzwerge.de/ *.fruchtzwerge.de/ https://www.milupa.at/ *.milupa.at/ https://www.milupa.de/ *.milupa.de/ https://s7g10.scene7.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.force.com/ *.salesforce.com/ *.visualforce.com/ *.nutricia.de/ *.digital4danone.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.assetsadobe.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.de/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.focusgames.co.uk/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ *.adotmob.com/ *.goldenbees.fr *.taboola.com/ *.mediavine.com/ *.ivitrack.com/ *.tremorhub.com/ *.spx.smartclip.com/ *.liadm.com/ *.smaato.net/ *.ads.yieldmo.com/ *.bing.com/ *.advertising.com/ *.criteo.com/ *.3lift.com/ *.smartadserver.com/ *.360yield.com/ *.pubmatic.com/ *.casalemedia.com/ *.yahoo.com/ *.teads.tv/ *.adform.net/ *.adscale.de/ *.media.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.yieldlab.net/ *.bidswitch.net/ *.sharethrough.com/ *.twiago.com/ *.stickyadstv.com/ *.omnitagjs.com/ *.ad.smaato.net/ *.rubiconproject.com/ *.google.com.ph/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.focusgames.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.blueconic.net/ *.salesforce-sites.com/ https://sgtm.nutricia.de/ *.google.com/ *.amazon-adsystem.com/ *.google.fr/ *.id5-sync.com/ *.trustedshop.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.google.es/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ id5-sync.com/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline'; frame-src 'self' *.aptaclub.de/ *.activia.de/ *.danone-activia.ch/ *.danonino.ch/ *.aptaclub.de/ *.aptaclub.at/ *.aptaclub.ch/ *.provamel.de/ *.danone-dany.de/ *.typeform.com/ https://danone-events.eu.typeform.com/ https://business.safety.google/ *.actimel.de/ *.milupa.de/ *.milupa.at/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.badoit.ch/ *.volvic.ch/ *.nutricia.de/ *.volvic.de/ *.salesforce-scrt.com/ *.adsrvr.org/ *.office.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.my.salesforce-sites.com *.akamaized.net *.teads.tv/ *.nutricia.de *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.yopro.de/ *.force.com/ *.salesforce.com/ *.paypal.com *.adyen.com/ https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/ *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.flockler.com/ *.google-analytics.com/ *.analytics.google.com/ *.adnxs.com/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.blueconic.net/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.salesforce-sites.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; connect-src 'self' *.typeform.com/ *.reddit.com/ *.redditstatic.com/ *.alb.reddit.com/ *.activia.de/ *.milupa.at/ *.yopro.de/ https://sgtm.volvic.de/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.nutricia.de/ *.salesforce-scrt.com/ *.danone-activia.ch/ *.algolianet.com/ *.algolia.net/ *.algolia.io/ https://api.trustbadge.etrusted.com/accounts/ https://trustbadge.api.etrusted.com/ https://sgtm.provamel.de/ https://ara.paa-reporting-advertising.amazon/ https://sgtm.volvic.ch/ https://sgtm.danone-dany.de/ https://id5-sync.com/ *.tiktok.com/ *.linkedin.com/ *.azure.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.s3.eu-west-1.amazonaws.com/ https://bam.eu01.nr-data.net/ *.badoit.ch/ *.my.salesforce-sites.com *.usercentrics.eu *.teads.tv/ https://s7g10.scene7.com/ https://dc.services.visualstudio.com/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.googlesyndication.com/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.danone-dtc.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.facebook.com/ *.omtrdc.net/ *.hotjar.com/ *.pinterest.com/ *.trustcommander.net/ *.sharethis.com/ *.doubleclick.net/ *.blueconic.net/ *.aptaclub.at/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.milupa.de/ *.milupa.at/ *.fruchtzwerge.at/ *.danonino.ch/ *.aptaclub.ch/ *.my.site.com/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.linkedin.oribi.io/ *.salesforce-sites.com/ *.amazon-adsystem.com/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.googlesyndication.com/ *.adnxs.com/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; font-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.adsrvr.org/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.danonino.ch/ *.badoit.ch/ *.salesforce-scrt.com/ *.activia.de/ *.danone-dany.de/ *.danone-activia.ch/ *.volvic.ch/ *.volvic.de/ *.aptaclub.ch/ *.aptaclub.at/ *.aptaclub.de/ *.danone-dtc.net *.typekit.net/ *.nutricia.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.salesforce.com/ *.yopro.de/ *.adyen.com/ *.squarelovin.com/ https://app.chargebee.com/ *.googlesyndication.com/ *.provamel.de/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ https://vjs.zencdn.net/ https://squarelovin.com/ *.comdirect.de/ https://bittesehr.net/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.my.site.com/ *.milupa.de/ *.milupa.at/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ https://app.chargebee.com/ *.force.com/ *.salesforce-sites.com/ *.amazon-adsystem.com/ *.google-analytics.com/ *.analytics.google.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; media-src 'self' *.lpsnmedia.net/ *.nutricia.de/ *.danone-activia.ch/*.danone-dany.de/ *.fruchtzwerge.at/ *.fruchtzwerge.de/ *.milupa.de/ *.milupa.at/ *.provamel.de/ *.volvic.ch/ *.badoit.ch/ *.danonino.ch/ *.volvic.de/ *.yopro.de/ *.activia.de/ *.actimel.de/ *.actimel.at/ *.actimel.ch/ *.actimel.fr/ *.aptaclub.ch/*.aptaclub.at/ *.aptaclub.de/ *.adsrvr.org/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.squarelovin.com/ *.digital4danone.com/; 4 frame-ancestors: 'self' 4 font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report 4 upgrade-insecure-requests ; 4 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://munchkin.marketo.net https://js.hs-scripts.com https://js.hs-analytics.net https://contents-calculator.swintonassets.uk/ https://accident-map.swintonassets.uk/ https://api.tiles.mapbox.com https://burglary-map.swintonassets.uk https://crime-map.swintonassets.uk https://complaintsform.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://quiz.tryinteract.com/ https://api.contents-calculator.swintonassets.uk https://infographic.swintonassets.uk https://flo.uri.sh/ https://www.youtube.com/ https://chat.atlantagroup.co.uk/ https://prod.respondselfserve.com https://www.google-analytics.com/ https://www.google.co.uk https://schema.org https://ict.infinity-tracking.net https://track.omguk.com https://googleleads.g.doubleclick.net https://9210165.fls.doubleclick.net https://secure.adnxs.com/px https://secure.quantserve.com/ https://rules.quantcount.com/ https://ppc.swintonassets.uk https://connect.facebook.net/ https://acsbap.com/apps/ https://acsbapp.com/apps/ https://secure.servicetick.com/ https://widget.trustpilot.com https://register.feefo.com/ https://bat.bing.com/ https://script.infinity-tracking.com https://googleads.g.doubleclick.net https://edge.quantserve.com https://cdn-launching.servicetick.com https://ad.doubleclick.net https://rules.quantcount.com https://pixel.quantserve.com https://pagead2.googlesyndication.com https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://code.jquery.com https://almanac.jaywing.com https://mazda.almanac.jaywing.com https://*.civiccomputing.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://www.clarity.ms https://static.hotjar.com https://script.hotjar.com https://compare.defaqto.com/ https://www.youtube-nocookie.com https://swintonchat.widget.custhelp.com https://dqm.crownpeak.com https://swintonchat.custhelp.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.rnengage.com https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.autonetinsurance.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://js.smct.co https://smct.io https://js.smct.io *.bmw-motorrad-insurance.com https://*.bmw-motorrad-insurance.ie/ https://stapecdn.com https://cdnjs.cloudflare.com https://webchat.helpshift.com https://*.webchat.helpshift.com *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net https://*.youtube.com https://static.zdassets.com https://api.eu-1.smooch.io *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.tiktok.com/embed.js https://www.opinionstage.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://iframely.net/files/tiktok-embed.js https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://assets.adobedtm.com https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://use.fontawesome.com https://fast.fonts.net https://cdn-launching.servicetick.com https://ppc-v3.swintonassets.uk https://optimize.google.com https://fonts.googleapis.com https://swintonchat.widget.custhelp.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.autonetinsurance.co.uk *.bmw-motorrad-insurance.com *.wisedriving.com *.igo4.com https://cdnjs.cloudflare.com *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.dec.sitefinity.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleads.g.doubleblick.net https://*.googleadservices.com https://*.googletagservices.com https://*.googlesyndication.com https://*.app-measurement.com *.eloqua.com https://track.hubspot.com https://bat.bing.com https://secure.adnxs.com https://ad.doubleclick.net https://pxl.qccerttest.com https://pixel.quantserve.com https://cm.g.doubleclick.net https://ib.adnxs.com https://us-u.openx.net https://stags.bluekai.com https://dpm.demdex.net https://idsync.rlcdn.com https://ups.analytics.yahoo.com https://dsum-sec.casalemedia.com https://ce.lijit.com https://x.bidswitch.net https://beacon.krxd.net https://rtb-csync.smartadserver.com https://sync.search.spotxchange.com https://aa.agkn.com https://e1.emxdgt.com https://sync.crwdcntrl.net https://eb2.3lift.com https://sync.1rx.io https://cs.lkqd.net https://sync.taboola.com https://quantcast.partners.tremorhub.com https://sync.teads.tv https://sync.outbrain.com https://router.infolinks.com https://cms.quantserve.com https://ad.yieldlab.net https://web1.acsbapp.com https://adservice.google.com *.entirecoverinsurance.co.uk https://script.hotjar.com https://www.hotjar.com https://www.google-analytics.com https://optimize.google.com https://track.omguk.com https://www.rnengage.com https://www.carolenash.com https://public.flourish.studio *.just-motorcycleinsurance.com *.autonetinsurance.co.uk *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://googletagmanager.com https://google.com https://google.co.uk https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://static.hotjar.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://cdn.smct.co https://smct.io https://cdn.smct.io https://px.smct.co https://px.smct.io https://ep.smct.co https://ep.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://atlantagroup.zendesk.com www.google.com *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.lpsnmedia.net https://cdn.prod.uk.five9.net/ https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://bisil.sc.omtrdc.net/ https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://acsbapp.com https://script.hotjar.com https://fast.fonts.net https://fonts.gstatic.com https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://fonts.smct.co https://fonts.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://www.opinionstage.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.prod.uk.five9.net/ https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com; frame-src https://widget.trustpilot.com https://prod.respondselfserve.com https://*.doubleclick.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://www.facebook.com https://compare.defaqto.com/ https://webchat.helpshift.com https://*.webchat.helpshift.com https://player.vimeo.com https://optimize.google.com https://datawrapper.dwcdn.net https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.lloydlatchford.co.uk *.atlantagroup.co.uk *.wisedriving.com *.igo4.com https://static.hotjar.com https://script.hotjar.com https://www.youtube-nocookie.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://smct.io https://ls.smct.co https://ls.smct.io https://d2d7do8qaecbru.cloudfront.net https://www.veed.io/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lo.shiftstatus.liveperson.net https://*.youtube.com https://t.maze.co/ https://www.opinionstage.com https://www.google.com https://cdn.prod.uk.five9.net/ https://bisil.demdex.net https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com 'self'; connect-src accounts.google.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' chat.atlantagroup.co.uk https://cdn.acsbapp.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://googleads4.g.doubleclick.net *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.insurance.harley-davidson.uk *.carolenash.com *.carolenash.ie *.atlantagroup.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.swinton.co.uk *.insurance4carhire.com *.comparemybikeinsurance.com *.kdbmedicals.co.uk *.lloydlatchford.co.uk *.igo4.com https://nas.lon.infinity-tracking.net https://*.civiccomputing.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleadservices.com https://*.googletagservices.com https://*.app-measurement.com https://*.googlesyndication.com https://a.clarity.ms https://vc.hotjar.io https://pixel.quantcount.com https://api.crownpeak.net *.entirecoverinsurance.co.uk https://surveystats.hotjar.io https://content.hotjar.io wss://wsp27.hotjar.com wss://ws.hotjar.com https://analytics.paymentshield.co.uk *.autonetinsurance.co.uk *.paymentshield.co.uk *.wearemarmalade.co.uk *.bewiser.co.uk *.wisedriving.com https://doubleclick.net https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://script.hotjar.com https://hotjar.io https://api.contents-calculator.swintonassets.uk https://smct.co https://js.smct.co https://smct.io https://js.smct.io https://ipb.smct.co https://ipb.smct.io https://cfg.smct.co https://cfg.smct.io https://ep.smct.co https://ep.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://acsbapp.com https://acsbap.com https://api.maze.co/ https://prompts.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk wss://lo.msg.liveperson.net https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://ekr.zdassets.com https://mml1.zendesk.com https://bat.bing.com wss://api.eu-1.smooch.io www.google.com *.googletagmanager.com www.googletagmanager.com https://region1.google-analytics.com https://www.opinionstage.com https://accdn.liveperson.net http://cfg.smct.io https://cdn.prod.uk.five9.net/ https://bisil.sc.omtrdc.net/ https://dpm.demdex.net/ https://bisil.tt.omtrdc.net https://app.five9.eu *.cginsurance.com https://*.clarity.ms https://c.bing.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://player.vimeo.com https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://cdn.prod.uk.five9.net/; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: https://www.google.com https://cdn.prod.uk.five9.net/ 'self' 4 frame-ancestors https://suite34.emarsys.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfef39b54e4afa416599740644771d1c2&dd-evp-origin=content-security-policy&ddsource=csp-report 4 base-uri 'self'; font-src 'self' https: data:; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://*.google.com www.google-analytics.com https://*.pricespider.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com cdn.rudderlabs.com https://*.rudderstack.com; upgrade-insecure-requests; worker-src 'self' blob:; 4 default-src * data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; 4 default-src https: http: wss: 'self' data: 'unsafe-inline' blob:; 4 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 4 policy-definition 4 frame-ancestors self; report-uri /cspvr 4 default-src 'none'; style-src-elem 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src-attr 'unsafe-inline'; font-src 'self' data: https:; frame-ancestors https://skoda-admin.porsche-holding.com; connect-src 'self' https: ws: wss: data:; manifest-src 'self' https:; media-src 'self' https: data:; frame-src 'self' https:; style-src 'self' 'unsafe-inline' https:; upgrade-insecure-requests 4 default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 4 frame-ancestors 'self' *.narvar.com narvar.com *.integrations-narvar.com; base-uri 'self'; 4 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com/ https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.azul.com.do https://authentication.cardinalcommerce.com/ https://songbird.cardinalcommerce.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.onesignal.com https://aliss.os.tc/ https://aliss-test.os.tc/ https://*.cardinalcommerce.com/ https://*.clarity.ms *.userway.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.gstatic.com magefan.com cm.magefan.com *.disqus.com https://www.magezon.com *.onesignal.com https://img.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://*.cardinalcommerce.com/ https://cdn.jsdelivr.net https://purecatamphetamine.github.io https://*.clarity.ms *.adobesc.com *.userway.org data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.disqus.com *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net accounts.google.com connect.facebook.net *.bolt.com *.commerce-quick-checkout.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com s7.addthis.com *.userway.org https://assets-cdn.woowup.com https://js.pusher.com www.clarity.ms https://www.clarity.ms https://*.clarity.ms *.adobe.net *.adobedc.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.clarity.ms *.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://cdn.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://*.cardinalcommerce.com/ https://*.amazonaws.com/ *.facebook.com www.clarity.ms https://*.clarity.ms *.adobe.net *.adobedc.net *.userway.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.onesignal.com https://cdn.onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ https://*.clarity.ms *.userway.org http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://fonts.gstatic.com/ https://fonts.googleapis.com https://*.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.integration2-hohc4oi-c2g6g5sgc4xo6.us-5.magentosite.cloud https://*.cardinalcommerce.com/ https://*.clarity.ms 'self' 'unsafe-inline'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://webmessaging.usw2.pure.cloud *.usw2.pure.cloud https://wepowerconnections.com https://lantern.roeyecdn.com https://lantern.roeye.com *.visualwebsiteoptimizer.com *.vwo.com dpm.demdex.net bat.bing.com *.tvpixel.com *.adsrvr.org *.go-mpulse.net *.akstat.io *.akamaihd.net chart.googleapis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.googleapis.com https://google.com/pay *.gstatic.com *.wpsandwatch.com *.wpsandwatch.net *.kasandwatch.net *.collect.igodigital.com whirlpool-cdn.thron.com digitalassets-cdn.thron.com *.paypal.com apps.bazaarvoice.com *.bazaarvoice.com *.facebook.com *.facebook.net *.pinimg.com *.pinterest.com *.algolianet.com *.algolia.net https://insights.algolia.io *.ctfassets.net *.vtexassets.com https://vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com https://flagcdn.com *.sentry.io *.newrelic.com *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.contentsquare.net *.contentsquare.com *.onetrust.com *.cookielaw.org *.doubleclick.net *.criteo.com *.dwin1.com *.awin1.com *.zenaps.com *.airpr.com https://the.sciencebehindecommerce.com https://*.qualtrics.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.min.css https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.umd.js https://unpkg.com/tailwindcss@%5E1.0/dist/tailwind.min.css https://cdn.tailwindcss.com/3.3.2 https://cdn.bc0a.com https://ixfd2-api.bc0a.com *.usablenet.com *.usablenet.dev https://assets.adobedtm.com *.mczbf.com *.emjcd.com *.sjwoe.com cj.dotomi.com cj.com s3-us-east-1.amazonaws.com s3-eu-west-1.amazonaws.com https://dct.kitchenaid.ie https://dct.kitchenaid.co.uk https://dct.kitchenaid.fr https://dct.kitchenaid.be https://dct.kitchenaid.nl https://dct.kitchenaid.de https://dct.kitchenaid.at https://dct.kitchenaid.it https://dct.kitchenaid.fi https://dct.kitchenaid.dk https://dct.kitchenaid.se https://dct.kitchenaid.es https://dct.kitchenaid.pt https://dct.kitchenaid.ch https://eu.klarnaevt.com https://api.sandbox.getalma.eu https://api.getalma.eu https://api.sandbox.getalma.eu/v2/payments/eligibility https://api.getalma.eu/v2/payments/eligibility *.klarna.com *.klarnacdn.net *.klarnaservices.com https://js.klarna.com/web-sdk/v1/klarna.js https://x.klarnacdn.net/ui/fonts/v1.3/fonts.css https://cdn.almapay.com *.adyen.com *.cdn.adyen.com *.execute-api.eu-west-1.amazonaws.com; img-src * data:; media-src *; frame-src *; frame-ancestors 'self' https://app.contentful.com *.kasandwatch.net https://www.google.com https://api.sandbox.getalma.eu https://api.getalma.eu; 4 media-src blob: 'self' 4 default-src 'self' https:; connect-src https:; font-src 'self'; frame-src 'self'; frame-ancestors 'self'; img-src 'self' data:; media-src 'self'; object-src 'self'; script-src https://www.pocketoption.app/jquery.min.js 'nonce-pocketoption1' 'nonce-pocketoption2' 'nonce-pocketoption3' 'nonce-pocketoption4' 'nonce-pocketoption5'; style-src 'self' 'unsafe-inline'; base-uri 'self'; child-src 'self'; form-action 'self' 4 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: wss: https: blob: 4 default-src ‘self’; script-src ‘self’ https://cdnjs.cloudflare.com; style-src ‘self’ https://fonts.googleapis.com; img-src ‘self’ data:; object-src ‘none’; upgrade-insecure-requests; block-all-mixed-content; 4 default-src 'self'; connect-src *; img-src 'self' data: 4 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 4 frame-ancestors 'none' ; 4 frame-ancestors 'self' ; script-src 'self' cdn.rudderlabs.com 4 frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.googletagmanager.com https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.google.com https://*.doubleclick.net https://*.gstatic.com https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.google.com https://*.paypal.com https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://logging.dropcatch.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com https://*.launchdarkly.com 4 default-src https: wss:;style-src https: data: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: blob: data: 'unsafe-inline';connect-src https: wss: feed: 4 object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com maps.googleapis.com player.vimeo.com us.ooka.com usa.ooka.com h64.online-metrix.net 3liglobal.github.io cdn.mida.so cdn.noibu.com *.hubspot.com *.hubspotfeedback.com *.payfabric.com cdn.userway.org alfakher2019.github.io unpkg.com livesearch-autocomplete.magento-ds.com livesearch-metrics.magento-ds.com vr-pay-ecommerce.de *.cookiefirst.com salesiq.zohopublic.eu; report-uri /.webscale/csp-report 4 default-src 'self'; connect-src *;font-src * data:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-src * 4 frame-ancestors 'self'; report-to csp-reports; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 4 object-src 'none'; base-uri 'none'; frame-ancestors 'none'; 4 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.solar.eu https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com https://solargroup.containers.piwik.pro https://cdn.richrelevance.com https://dev.visualwebsiteoptimizer.com https://maps.googleapis.com https://connect.facebook.net https://bpb.opendns.com https://integration.richrelevance.com https://staging.richrelevance.com https://recs.richrelevance.com https://www.recaptcha.net https://www.gstatic.com https://web-sdk-eu.aptrinsic.com; font-src 'self' cdn.solar.eu https://*.amazonaws.com https://*.cloudfront.net https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' cdn.solar.eu https://consentcdn.cookiebot.com https://go.pardot.com https://web-sdk-eu.aptrinsic.com 4 default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ=' 4 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 4 frame-ancestors 'self' https://app.socialscreen.com 4 frame-ancestors 'self' https://geocentric.com https://citylight.studio 4 frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 4 base-uri 'none'; font-src 'self' https: data:; form-action self https://cart.penguinrandomhouse.com https://www.facebook.com; frame-ancestors 'self'; img-src 'self' data: https://sites.prh.com https://www.penguinrandomhouse.com https://images.penguinrandomhouse.com https://images.randomhouse.com https://res.cloudinary.com https://i.ytimg.com https://i.vimeocdn.com https://s.amazon-adsystem.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://googleads.g.doubleclick.net https://pixel.sitescout.com https://c.lytics.io/ https://cm.everesttech.net https://dpm.demdex.net https://attribution.sitescout.com https://alb.reddit.com https://www.googletagmanager.com https://scode.randomhouse.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com https://c.lytics.io https://www.googleadservices.com https://www.googletagmanager.com https://s.pinimg.com https://snap.licdn.com/ https://analytics.tiktok.com https://sc-static.net https://connect.facebook.net https://b-code.liadm.com https://cdn01.basis.net https://visitor-service-us-east-1.tealiumiq.com https://googleads.g.doubleclick.net https://tr.snapchat.com https://ct.pinterest.com https://rum-static.pingdom.net https://www.redditstatic.com https://pixel.byspotify.com https://visitor-service.tealiumiq.com; upgrade-insecure-requests; 4 font-src *.gstatic.com *.fontawesome.com *.googleapis.com instantcredit.net test.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.google.com *.doofinder.com play.google.com *.stripe.com https://oct8necdneu.azureedge.net *.oct8ne.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.paycomet.com api.paycomet.com *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.redsys.es *.redsys.es:25443 assets.braintreegateway.com *.doofinder.com *.paycomet.com *.onesignal.com onesignal.com *.authorize.net *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk https://dinapaqweb.tipsa-dinapaq.com *.facebook.com https://inet.pisamonas.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.hipay-tpp.com *.hipay.com *.paypal.com *.googleapis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.googletagmanager.com *.doubleclick.net *.doofinder.com play.google.com *.stripe.com vimeo.com *.oct8ne.com *.mediadelivery.net bsqd.me *.facebook.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.hipay.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net instantcredit.net test.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.doofinder.com *.iconfinder.com http://cdn1.iconfinder.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.afterpay.com magecurious.com *.zendesk.com *.zdusercontent.com *.jwpltx.com *.jwplayer.com *.jwpsrv.com https://oct8necdneu.azureedge.net *.google.es *.clarity.ms blob: *.bing.com *.mediadelivery.net *.oct8ne.com *.requestmetrics.com *.bsqd.me *.facebook.com wss://*.kimeratechnologies.com *.cloudfront.net https://kimera-front.s3.eu-west-1.amazonaws.com *.ekomi.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.googleapis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.fontawesome.com www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.oct8ne.com *.doofinder.com play.google.com *.stripe.com *.bam.eu01.nr-data.net *.google-analytics.com *.paypalobjects.com *.onesignal.com onesignal.com *.paycomet.com *.paycomet.com/gateway/paycomet.jetiframe.js magecurious.com *.ampproject.org *.jwplayer.com *.jwpcdn.com *.hotjar.com *.clarity.ms *.facebook.net *.mediadelivery.net *.requestmetrics.com bsqd.me *.amazonaws.com *.kimeratechnologies.com *.cloudfront.net *.ekomi.de klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com downloads.mailchimp.com *.hipay.com *.googleapis.com *.googletagmanager.com *.fontawesome.com instantcredit.net test.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local assets.braintreegateway.com *.paycomet.com *.onesignal.com onesignal.com magecurious.com *.clarity.ms *.requestmetrics.com bsqd.me *.amazonaws.com *.kimeratechnologies.com *.cloudfront.net *.ekomi.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local *.jwpsrv.com *.jwplatform.com *.mediadelivery.net *.b-cdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.google-analytics.com *.google.com instantcredit.net *.instantcredit.net *.pisamonas.es *.pisamonas.pt *.pisamonas.it *.pisamonas.fr *.pisamonas.co.uk *.pisamonas.de *.pisamonas.com.py *.pisamonas.local play.google.com *.stripe.com *.bam.eu01.nr-data.net *.paycomet.com *.magecurious.com *.ampproject.org *.jwpcdn.com *.jwplayer.com *.virtualearth.net *.gls-group.net *.oct8ne.com *.google.es *.hotjar.com *.hotjar.io wss://*.hotjar.com *.doubleclick.net *.clarity.ms *.mediadelivery.net *.requestmetrics.com bsqd.me wss://bsqd.me *.stape.net wss://*.kimeratechnologies.com *.cloudfront.net https://pre.kimeratechnologies.com *.facebook.com *.microsoft.com https://inet.pisamonas.com *.googlesyndication.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4 frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 4 'self'; 4 frame-ancestors 'self' https://*.funeraltechonline.com https://*.tributecenteronline.com https://*.funeraltechweb.com https://*.funeraltechweb2.com https://*.ogdenfuneralhome.com https://hiddenvalleyfunerals.com https://www.archerandsons.com.au http://macarthurfh.com http://www.macarthurfh.com http://haugheymemorials.com http://www.haugheymemorials.com https://www.hslm.ca http://dev.fullmooncreative.com https://neshamajfs.com http://neshamajfs.com http://howelllussi.com https://howelllussi.com http://prod-site.arbormemorial.ca/en.html https://prod-site.arbormemorial.ca/en.html http://www.arbormemorial.ca/en/ https://www.arbormemorial.ca/en/ http://www.calgarycrematorium.com https://www.calgarycrematorium.com http://calgarycrematorium.com https://calgarycrematorium.com; object-src 'none'; 4 frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: http://c.statcounter.com https://www.google.com http://www.google.com http://csi.gstatic.com; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 4 default-src http: https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self' http://www.podcastics.com; img-src data: http: https: 'self' ; media-src blob: data: http: https: 'self'; 4 default-src 'self'; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com www.google.com az416426.vo.msecnd.net www.gstatic.com dc.services.visualstudio.com tagmanager.google.com https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org:* https://cdn.consentmanager.mgr.consensu.org/delivery/cmp.min.css; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://action.metaffiliation.com https://*.googleapis.com www.googletagmanager.com www.google.com az416426.vo.msecnd.net www.gstatic.com dc.services.visualstudio.com tagmanager.google.com www.googleadservices.com *.google-analytics.com *.analytics.google.com static.hotjar.com static.hotjar.io bat.bing.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com script.hotjar.io www.dwin1.com/8427.js www.zenaps.com https://the.sciencebehindecommerce.com/d9core adclick.g.doubleclick.net https://cdn.consentmanager.mgr.consensu.org:* https://consentmanager.mgr.consensu.org:* https://cdn.consentmanager.net:* https://c.delivery.consentmanager.net:* https://ibn.yuzzu.be:* https://static.cdn.prismic.io https://d.delivery.consentmanager.net; font-src 'self' fonts.gstatic.com script.hotjar.com script.hotjar.io data:; frame-src 'self' img.metaffiliation.com bid.g.doubleclick.net www.google.com dc.services.visualstudio.com vars.hotjar.com vars.hotjar.io 11105234.fls.doubleclick.net https://tbl.tradedoubler.com/ www.zenaps.com https://cdn.consentmanager.net https://cdn.consentmanager.mgr.consensu.org:* https://td.doubleclick.net https://*.prismic.io https://www.googletagmanager.com https://sst.yuzzu.be; connect-src 'self' https://www.facebook.com https://bat.bing.net http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://pagead2.googlesyndication.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com dc.services.visualstudio.com connect.facebook.net in.hotjar.com in.hotjar.io vc.hotjar.io inkstone-edge.haiku.ai api.mixpanel.com https://stats.g.doubleclick.net adclick.g.doubleclick.net https://surveystats.hotjar.io:* https://cdn.consentmanager.mgr.consensu.org:* https://consentmanager.mgr.consensu.org:* https://*.rockestate.be *.googleapis.com https://geoservices.wallonie.be https://action.metaffiliation.com:* https://ibn.yuzzu.be:* https://pagead2.googlesyndication.com:* https://www.google.com:* https://googleads.g.doubleclick.net https://bat.bing.com https://adservice.google.com https://www.googleadservices.com https://js.monitor.azure.com https://sst.yuzzu.be https://ad.doubleclick.net https://d.delivery.consentmanager.net; img-src 'self' https://bat.bing.net https://delivery.consentmanager.net:* https://d.delivery.consentmanager.net https://cdn.consentmanager.net:* https://cdn.consentmanager.mgr.consensu.org:* https://consentmanager.mgr.consensu.org:* http://*.google.com https://*.google.com http://*.google.be https://*.google.be http://*.google.co.za https://*.google.co.za www.zenaps.com www.awin1.com ssl.gstatic.com www.gstatic.com 11105234.fls.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net https://ad.doubleclick.net script.hotjar.io www.facebook.com www.google.be https://*.google-analytics.com https://*.analytics.google.com bat.bing.com https://*.googleapis.com maps.gstatic.com www.w3.org https://*.rockestate.be https://geoservices.wallonie.be https://ibn.yuzzu.be:* https://affdc.yuzzu.be:* https://images.prismic.io https://prismic-io.s3.amazonaws.com data: https://yuzzu.be https://www.googletagmanager.com https://www.yuzzu.be https://sst.yuzzu.be https://yuzzu-cms.cdn.prismic.io; child-src 'self' https://vars.hotjar.com https://vars.hotjar.io 4 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://localhost b2c.benuta.at b2c.benuta.ch b2c.benuta.co.uk b2c.benuta.cz b2c.benuta.de b2c.benuta.dk b2c.benuta.es b2c.benuta.eu b2c.benuta.fi b2c.benuta.fr b2c.benuta.it b2c.benuta.nl b2c.benuta.no b2c.benuta.pl b2c.benuta.pt b2c.benuta.se b2c.benuta.com connect.getflowbox.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com maps.googleapis.com https://maps.googleapis.com x.klarnacdn.net pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com load.sumo.com vercel.live bat.bing.com connect.facebook.net sumo.com cdn.vercel-insights.com *.sovendus.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://collector-37445.tvsquared.com *.tvsquared.com https://pixel.biano.it https://it.bianopixel.com dynamic.criteo.com sslwidget.criteo.com static.ads-twitter.com widget.reviews.io *.newrelic.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com *.vimeo.com vimeo.com static.hotjar.com trck.linkster.co *.chat.getzowie.com ct.pinterest.com applepay.cdn-apple.com google.com/pay; worker-src 'self' blob: app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu; connect-src 'self' data: blob: sockjs-us3.pusher.com eu.playground.klarnaevt.com eu.klarnaevt.com https://wchat.freshchat.com *.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com www.google-analytics.com stats.g.doubleclick.net graphql.contentful.com *.ksearchnet.com ksearchnet.com www.google.com *.googleapis.com *.gstatic.com sumo.com ct.pinterest.com googleads.g.doubleclick.net bat.bing.com vitals.vercel-insights.com vercel.live *.pusher.com *.adyen.com wss://ws-us3.pusher.com *.klarnacdn.net *.klarna.com *.appspot.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://p.biano.it https://it.bianopixel.com ads.x.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com tiktok.com public.app.priceshape.io measurement-api.criteo.com api.reviews.io *.nr-data.net *.googlesyndication.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.hyr.so *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.vimeo.com vimeo.com *.hotjar.io wss://*.hotjar.com trck.linkster.co *.chat.getzowie.com *.parcellab.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat google.com/pay; style-src 'self' 'unsafe-inline' data: tagmanager.google.com wchat.freshchat.com www.benuta.eu www.googletagmanager.com assets.reviews.io widget.reviews.io d1azc1qln24ryf.cloudfront.net d19ayerf5ehaab.cloudfront.net cdn.icomoon.io *.cnstrc.com cnstrc.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com; font-src 'self' data: assets.vercel.com assets.reviews.io d19ayerf5ehaab.cloudfront.net cdn.icomoon.io; img-src 'self' blob: data: ssl.gstatic.com www.gstatic.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com x.klarnacdn.net *.adyen.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com ct.pinterest.com bat.bing.com media.sumo.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com *.getflowbox.com https://collector-37445.tvsquared.com *.tvsquared.com checkoutshopper-live.adyen.com x.klarnacdn.net images.ctfassets.net downloads.ctfassets.net downloads.ctfassets.net www.paypalobjects.com www.checkoutshopper-live.adyen.com *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com *.b2b.benuta.com checkoutshopper-live.adyen.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co *.cnstrc.com cnstrc.com *.reviews.co.uk *.reviews.io *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com script.hotjar.com cdn.flbx.io benuta-sandbox.bynder.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; media-src 'self' videos.ctfassets.net *.vimeo.com vimeo.com; manifest-src 'self' 4 frame-ancestors 'self' https://*.traumgutscheine.com https://www.relax-guide.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 4 default-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: 4 default-src * 'self' 'unsafe-inline' 'unsafe-eval' cdn.kustomerapp.com ; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.azurewebsites.net:* https://connect.facebook.net:* https://cdn.userway.org:* https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://connect.facebook.net/en_US/fbevents.js https://script.hotjar.com:* https://cdn.gtranslate.net:* https://static.hotjar.com:* https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/jquery.inputmask.bundle.js https://wchat.freshchat.com/js/widget.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js https://code.jquery.com/ui/1.11.0/jquery-ui.js https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/inputmask/phone-codes/phone.js *.google.com *.gstatic.com https://code.jquery.com/jquery-1.8.3.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.0/jquery-ui.min.js https://www.google-analytics.com/analytics.js *.googletagmanager.com cdn.kustomerapp.com ; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fonts.googleapis.com *.bootstrapcdn.com:* *.fonts.googleapis.com:* https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://rawgit.com https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://www.gstatic.com/charts/51/css/core/tooltip.css https://www.gstatic.com/charts/51/css/util/util.css cdn.kustomerapp.com https://*.gstatic.com:* https://cdn.userway.org:*; object-src 'self' cdn.kustomerapp.com ; base-uri 'self' cdn.kustomerapp.com ; connect-src * 'self' data: cdn.kustomerapp.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com cdn.kustomerapp.com https://cdn.userway.org:*; frame-src * 'self' https://vars.hotjar.com https://maps.google.com/ https://app.powerbi.com/ https://www.youtube.com/ cdn.kustomerapp.com *.google.com; img-src 'self' https://cdn.userway.org:* cdn.kustomerhostedcontent.com https://www.google-analytics.com:* https://cdn.gtranslate.net:* https://www.facebook.com:* https://connect.facebook.net:* https://script.hotjar.com:* data: cdn.kustomerapp.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; manifest-src 'self' cdn.kustomerapp.com https://cdn.userway.org:*; media-src * 'self' 4 frame-ancestors 'self' web.fc2.com 4 default-src https: wss://*.hotjar.com wss://wc.dcbprotect.com:8080 'unsafe-inline' 4 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://facebook.com https://graph.facebook.com https://staticxx.facebook.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' data: blob: https://api.qrserver.com https://shippingsky.s3.amazonaws.com https://rifarito.s3.amazonaws.com https://www.facebook.com https://facebook.com https://staticxx.facebook.com https://connect.facebook.net https://graph.facebook.com; connect-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://facebook.com https://graph.facebook.com https://connect.facebook.net https://capig.datah04.com https://shippingsky.s3.amazonaws.com https://rifarito.s3.amazonaws.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com https://www.recaptcha.net https://recaptcha.google.com https://www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.google.com 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: filesystem: https://cdn.ampproject.org https://*.google-analytics.com https://www.googletagmanager.com https://*.disqus.com; style-src 'self' 'unsafe-inline' filesystem: https://fonts.googleapis.com; img-src 'self' https: data: blob: filesystem: secure.gravatar.com cdn.ampproject.org ampproject.net *.wordpress.org s.w.org *.githubusercontent.com; connect-src 'self' https: data: blob: filesystem: https://cdn.ampproject.org https://ampcid.google.com https://ampcid.google.com.mt https://ampcid.google.com.tr https://*.google-analytics.com https://*.hotjar.com https://*.facebook.com https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.disqus.com; font-src 'self' https: data: blob: filesystem: https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https: data: blob: filesystem: https://www.googletagmanager.com https://*.disqus.com https://*.google.com https://vars.hotjar.com https://www.facebook.com 4 frame-ancestors 'self' *.intuit.com 3 default-src 'self'; img-src data: blob: *; script-src-elem 'self' assets.ubuntu.com www.google-analytics.com www.googletagmanager.com dev.visualwebsiteoptimizer.com www.youtube.com asciinema.org player.vimeo.com script.crazyegg.com w.usabilla.com munchkin.marketo.net serve.nrich.ai ml314.com scout-cdn.salesloft.com snippet.maze.co www.googleadservices.com js.zi-scripts.com *.g.doubleclick.net www.google.com www.gstatic.com *.googlesyndication.com js.stripe.com d3js.org www.brighttalk.com cdnjs.cloudflare.com static.ads-twitter.com *.cdn.digitaloceanspaces.com www.redditstatic.com snap.licdn.com connect.facebook.net jspm.dev cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com www.tfaforms.com api.usabilla.com *.cloudfront.net cdn.jsdelivr.net *.g.doubleclick.net extend.vimeocdn.com tracking-api.g2.com 'unsafe-inline'; font-src 'self' assets.ubuntu.com cdn.livechatinc.com secure.livechatinc.com fonts.google.com; script-src 'self' blob: *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' *.googlesyndication.com www.google.com ubuntu.com analytics.google.com www.googletagmanager.com sentry.is.canonical.com www.google-analytics.com *.crazyegg.com scout.salesloft.com *.g.doubleclick.net js.zi-scripts.com *.mktoresp.com prompts.maze.co *.google-analytics.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com px.ads.linkedin.com ws.zoominfo.com youtube.com google.com fonts.google.com api.text.com raw.githubusercontent.com *.analytics.google.com *.g.doubleclick.net ad.doubleclick.net www.googleadservices.com www.facebook.com *.livechatinc.com *.text.com *.youtube.com *.google.com; frame-src 'self' *.doubleclick.net www.youtube.com/ asciinema.org player.vimeo.com js.stripe.com www.googletagmanager.com www.google.com www.brighttalk.com cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com *.cloudfront.net app3.trueability.com app.trueability.com pay.stripe.com; style-src *.cloudfront.net cdn.jsdelivr.net 'self' *.livechatinc.com *.youtube.com *.google.com 'unsafe-inline'; media-src 'self' res.cloudinary.com cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com images.zenhubusercontent.com assets.ubuntu.com *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com ubuntu.com; child-src api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com youtube.com google.com fonts.google.com 'self' *.livechatinc.com *.youtube.com *.google.com blob:; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; frame-ancestors https://edge-billing.stripe.com https://edge-connect.stripe.com https://edge-dashboard-admin.stripe.com https://edge-dashboard.stripe.com https://edge-docs.stripe.com https://edge-marketplace.stripe.com https://edge-support.stripe.com https://billing.stripe.com https://connect.stripe.com https://dashboard-admin.stripe.com https://dashboard.stripe.com https://docs.stripe.com https://edge-support-conversations.stripe.com https://edge.stripe.com https://marketplace.stripe.com https://stripe.com https://support-admin.corp.stripe.com https://support-conversations.stripe.com https://support.stripe.com; 3 frame-ancestors 'self' *.grammarly.com 3 frame-ancestors 'self' https://www.onetrust.com; default-src 'self' 'unsafe-inline' data: *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com *.qualified.com wss://ws7.qualified.com; script-src 'self' 'unsafe-inline' *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com *.qualified.com wss://ws7.qualified.com; connect-src 'self' blob: *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com *.qualified.com wss://ws7.qualified.com; img-src 'self' data: *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.goconsensus.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com *.youtube.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com *.cvent.com *.turtl.co *.mktoutil.com pactsafe.io *.pactsafe.io *.cloudfront.net *.adnxs.com *.qualified.com wss://ws7.qualified.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.onetrust.com; media-src * blob:; worker-src * blob:; base-uri 'self'; 3 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://www.youtube.com https://survey.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com;report-uri /us/_/BgcMiscSites/cspreport/allowlist;worker-src blob: 'self' 3 frame-ancestors https://pam.mcafee.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 3 frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com *.thesun.co.uk *.the-sun.com *.thescottishsun.co.uk *.thesun.ie *.staging-thesun.co.uk *.staging-the-sun.com *.staging-thescottishsun.co.uk *.staging-thesun.ie au-script.dotmetrics.net; form-action 'self' *.nypdev.com nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com *.thesun.co.uk *.the-sun.com *.thescottishsun.co.uk *.thesun.ie *.staging-thesun.co.uk *.staging-the-sun.com *.staging-thescottishsun.co.uk *.staging-thesun.ie au-script.dotmetrics.net 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com https://resources.trendmicro.com 3 frame-ancestors 'self' https://cms.apnews.com/ 3 frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io https://pheedloop.com https://gather.town https://datadog.docebosaas.com/ 3 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https: 3 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh *.unifyintent.com *.cloudfront.net pro.ip-api.com *.liadm.com *.usbrowserspeed.com alocdn.com va.vercel-scripts.com vercel.live jobs.ashbyhq.com connect.facebook.net ; connect-src 'self' marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh unifyintent.com *.cloudfront.net pro.ip-api.com *.liadm.com *.usbrowserspeed.com alocdn.com 9xgnrndqve.execute-api.us-west-2.amazonaws.com cdn.sanity.io api.ashbyhq.com jobs.ashbyhq.com *.facebook.com facebook.com ; worker-src 'self' blob: data: marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh ; style-src 'self' 'unsafe-inline' marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh ; img-src 'self' blob: data: marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh cdn.sanity.io *.facebook.com facebook.com ; media-src 'self' blob: data: marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh cdn.sanity.io ; font-src 'self' marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh ; object-src 'none' ; base-uri 'self' ; form-action 'self' marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh vercel.live ; frame-src 'self' marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh vercel.live jobs.ashbyhq.com ; frame-ancestors 'self' marketing.anyweb.dev 2hv88549.api.sanity.io cursor.com *.cursor.com cursor.sh *.cursor.sh ; upgrade-insecure-requests; 3 base-uri 'self'; connect-src https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ analytics.twitter.com 'self' https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.com https://graph.facebook.com https://analytics.synology.com https://px.adhigh.net/ https://*.clarity.ms https://api-fra.livechatinc.com https://api.mapbox.com https://events.mapbox.com https://fw-cdn.com https://src.fwusercontent.com https://synologyc2.myfreshworks.com https://lottie.host/ https://webec.synodev.com https://webec-cn.synodev.com https://webec.synology.com https://webec.synology.cn https://*.synodev.com https://*.synology.com https://api.store-test.synology.com https://api.store.synology.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com https://*.googleadservices.com https://*.google.com.tw https://www-ai.synology.com; default-src 'self'; font-src *.mouseflow.com 'self' data: https://synostatic.synology.com https://cdn.livechatinc.com https://themes.googleusercontent.com https://fonts.gstatic.com; frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com 'self' https://*.facebook.com; frame-src *.mouseflow.com https://vars.hotjar.com/ 'self' https://*.synology.com https://*.facebook.com https://staticxx.facebook.com https://px.adhigh.net/ https://player.youku.com/ https://synology.jobbase.io https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://*.personio.com https://synology.onlyfy.jobs https://youtube.com https://www.youtube.com https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://synoform.synology.com; img-src https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://wcs.naver.com analytics.twitter.com https://t.co/ 'self' data: blob: https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://*.linkedin.com https://p.adsymptotic.com/d/px https://www.facebook.com https://*.clarity.ms https://c.bing.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://api.mapbox.com https://i.ytimg.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://*.google.de https://*.google.com.tw https://*.gstatic.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com; media-src 'self' https://gallery.synology.com https://download.synology.com https://fileres.synology.com/ https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src https://demo.synology.com https://demo.synology.de https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://wcs.naver.net/wcslog.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct 'self' blob: 'unsafe-eval' https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js https://connect.facebook.net https://px.adhigh.net/ https://cdnjs.cloudflare.com https://synology.jobbase.io https://*.clarity.ms https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://api.mapbox.com https://www.youtube.com fw-cdn.com https://*.freshsales.io https://synologyc2.myfreshworks.com https://unpkg.com 'nonce-bf7db3a1fea244ba0c173404b5abb382def24d3bc547ca4f410bae2a311cdf85' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cse.google.com https://clients1.google.com https://tagmanager.google.com https://www.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://cdnjs.cloudflare.com https://cdn.livechat-files.com https://api.mapbox.com https://assets.freshsales.io https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com 3 default-src 'self' *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com *.googletagmanager.com www.google-analytics.com *.google.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com *.6sc.co ml314.com tags.srv.stackadapt.com *.convertexperiments.com *.infinigrow.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com; script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com *.googletagmanager.com www.google-analytics.com *.google.com cdn.omniconvert.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com ml314.com *.6sc.co bat.bing.com static.ads-twitter.com www.clarity.ms tags.srv.stackadapt.com app.omniconvert.com web.omniconvert.com *.convertexperiments.com *.infinigrow.com ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net cdnjs.cloudflare.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com *.adroll.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org *.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org; img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net *.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com script.mocky.com b.6sc.co bat.bing.com t.co analytics.twitter.com *.clarity.ms *.convertexperiments.com *.bing.com cdn.cookielaw.org dimensions-art.cloudinary.net n902wcigxi.execute-api.us-east-1.amazonaws.com *.adroll.com p28416.itm.cloud.com p118600.itm.cloud.com ml314.com x.bidswitch.net pixel.tapad.com dsum-sec.casalemedia.com sync.outbrain.com idsync.rlcdn.com pixel.rubiconproject.com image2.pubmatic.com us-u.openx.net sync.taboola.com eb2.3lift.com ib.adnxs.com *.reson8.com secure.adnxs.com dpm.demdex.net i.liadm.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net bat.bing.com t.co analytics.twitter.com *.wp.com cdn.cookielaw.org; connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com *.doubleclick.net api.lever.co *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com script.mocky.com mocky.com *.google.com secure.adnxs.com c.6sc.co ipv6.6sc.co *.clarity.ms bat.bing.com tags.srv.stackadapt.com app.omniconvert.com *.convertexperiments.com *.linkedin.com *.cookiebot.com *.infinigrow.com data.debugbear.com cdn.cookielaw.org epsilon.6sense.com *.6sc.co *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com tracking-api.g2.com n902wcigxi.execute-api.us-east-1.amazonaws.com *.algolia.net dss6ntp5q2r0o.cloudfront.net *.adroll.com cdn.jsdelivr.net; media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src stackblitz.com demo.arcade.software *.googletagmanager.com *.doubleclick.net *.productboard.com *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com *.wp.com p28416.itm.cloud.com p118600.itm.cloud.com; object-src 'none' 3 frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 3 connect-src 'self' *.maps.yandex.net api-maps.yandex.ru api.selectel.ru hog.selectel.ru https://chatwoot.selectel.ru wss://chatwoot.selectel.ru https://statuspal.io/api/v2/status_pages/selectel/summary https://*.mindbox.ru https://selectel.ru https://cdn.selectel.ru https://top-fwz1.mail.ru https://web.popmechanic.ru https://metrics.selectel.ru leads.selectel.ru mc.yandex.ru suggest-maps.yandex.ru wss://api.selectel.ru wss://ws.selectel.ru www.youtube.com https://yulixr.ru/ https://hooks.zapier.com/hooks/catch/11509819/ https://hooks.zapier.com/hooks/catch/12416931/ https://script.google.com/a/macros/selectel.com/s/AKfycbzM4er3RoKbPw3cQALGtakLQ7xfTtUk8PETDoXQyYh6kiCLnhu1oO4iCy2CuhT38cGrCA/exec https://files.selectel.ru https://telegram.org/pxl https://core.service.elfsight.com; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net; frame-ancestors 'self' my.selectel.ru promo.selectel.ru go.teachbase.ru learn.selectel.org webvisor.com metrika.yandex.ru; frame-src 'self' api-maps.yandex.ru calc.selectel.ru https://chatwoot.selectel.ru googleads.g.doubleclick.net https://forms.amocrm.ru/ https://player.vimeo.com/ https://vk.com/ www.google.com www.google.ru www.youtube.com https://rutube.ru/ https://kinescope.io/; img-src https: data: blob:; manifest-src 'self'; media-src 'self' https://chatwoot.selectel.ru https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://files.selectel.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru cdn.ampproject.org hog.selectel.ru https://chatwoot.selectel.ru https://cdn.selectel.ru https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://s.ytimg.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://www.google.com https://metrics.selectel.ru mc.yandex.ru https://*.mindbox.ru https://widgets.mango-office.ru https://dct.mango-office.ru selectel.ru suggest-maps.yandex.ru www.google.com www.googleadservices.com www.gstatic.com www.youtube.com yastatic.net https://telegram.org/js/pixel.js https://elfsightcdn.com https://universe-static.elfsightcdn.com; style-src 'self' 'unsafe-inline' https://cdn.selectel.ru/ https://6f3bf64a-14d1-4b68-9202-2a000ca072b9.selcdn.net https://chatwoot.selectel.ru https://fonts.googleapis.com https://static.popmechanic.ru https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://*.mindbox.ru; upgrade-insecure-requests; 3 default-src https: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; frame-src https:; style-src https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; 3 default-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net ; script-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net browser-update.org connect.facebook.net *.google.com *.gstatic.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com unpkg.com/web-vitals/ *.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com *.twitter.com *.youtube.com 'unsafe-inline' 'unsafe-eval' blob: ; style-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.google.com *.googleapis.com *.typekit.net code.iconify.design 'unsafe-inline' data: ; img-src * data: blob: ; font-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.typekit.net fonts.gstatic.com fonts.googleapis.com ff.static.1001fonts.net db.onlinewebfonts.com data: ; connect-src 'self' boardgamearena.com *.boardgamearena.com:* wss://*.boardgamearena.com:* *.boardgamearena.net wss://*.boardgamearena.net:* *.facebook.com *.google.com *.gstatic.com *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.paypal.com *.bga.li blob:; frame-src 'self' boardgamearena.com *.boardgamearena.com:* *.slideshare.net *.youtube.com *.youtube-nocookie.com *.dailymotion.com *.trictrac.tv *.trictrac.net melodice.org js.stripe.com *.paypal.com *.twitter.com *.facebook.com *.google.com td.doubleclick.net *.blueorangegames.eu; frame-ancestors 'self' boardgamearena.com ; base-uri 'none' ; 3 style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob:; frame-ancestors 'self' http://*.carwale.com https://*.carwale.com https://*.bikewale.com https://*.cartrade.com https://*.lead2retail.in https://*.autobiz.in https://lms.bgauss.com https://*.cleverwebserver.com; report-uri /api/exceptions/; 3 default-src 'self' akm-img-a-in.tosshub.com ads.pubmatic.com mab.chartbeat.com pagead2.googlesyndication.com recengine.aajtak.in https://embed.aajtak.in https://trc.taboola.com analytics.google.com feeds.aajtak.in adblock-tester.com securepubads.g.doubleclick.net c.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' https://stackpath.bootstrapcdn.com akm-img-a-in.tosshub.com fonts.gstatic.com 'unsafe-inline' data:; script-src * blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' * https://www.aajtak.in fonts.googleapis.com akm-img-a-in.tosshub.com instore-tosshub-com.s3.ap-south-1.amazonaws.com https://vidstat.taboola.com 'unsafe-inline'; frame-src *; media-src * blob: data:; connect-src * 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 3 default-src 'none'; frame-ancestors 'none'; connect-src 'self' www.ntppool.org st.ntppool.org status.ntppool.org 8ll7xvh0qt1p.statuspage.io send.webform.dev; font-src fonts.gstatic.com; form-action 'self' send.webform.dev checkout.stripe.com; img-src 'self' data: st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org js.stripe.com send.webform.dev; style-src 'self' fonts.googleapis.com fonts.gstatic.com send.webform.dev st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntppool.report-uri.com/r/t/csp/wizard 3 default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.awin1.com *.bskyb.com *.clicktale.net *.contentsquare.com *.contentsquare.net *.demdex.net *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.kampyle.com *.liveperson.net *.lpsnmedia.net *.lucidcx.com *.medallia.eu *.optimizely.com *.paa-reporting-advertising.amazon *.qualtrics.com *.redditstatic.com *.sky.com *.skyassets.com *.snapchat.com *.stripe.com *.taggstar.com *.tvsquared.com *.yext-pixel.com *.yimg.com *.zenaps.com aax-eu.amazon-adsystem.com acdn.adnxs.com analytics.tiktok.com analytics.twitter.com android-webview-video-poster: answers2-embed.sky.com.pagescdn.com api.branch.io api2.branch.io app.link assets.adobedtm.com assets.sitescdn.net bat.bing.com britishskybroadcasti.tt.omtrdc.net c.amazon-adsystem.com c5.adalyser.com cdn-assets-prod.s3.amazonaws.com cdn.branch.io cdn.co-buying.com cdn.privacy-mgmt.com cdn.spatialbuzz.com cdn.tt.omtrdc.net cdnjs.cloudflare.com connect.facebook.net content.zeotap.com edge.adobedc.net https://cdn.prod.uidapi.com https://js.adsrvr.org ib.adnxs.com js.smct.co js.smct.io lantern.roeyecdn.com maps.googleapis.com platform.twitter.com players.brightcove.net rules.quantcount.com s.pinimg.com s0.2mdn.net sc-static.net secure.adnxs.com secure.quantserve.com servedby.flashtalking.com sky.likewizesupport.com skycustomer.likewizesupport.com smct.co smct.io static.ads-twitter.com tagmanager.google.com the.sciencebehindecommerce.com unpkg.com vjs.zencdn.net www.dwin1.com www.facebook.com www.googleadservices.com www.gstatic.com yahoo.com; style-src 'self' 'unsafe-inline' *.clicktale.net *.contentsquare.net *.doubleclick.net *.googlesyndication.com *.kampyle.com *.liveperson.net *.lpsnmedia.net *.medallia.eu *.sky.com *.skyassets.com assets.adobedtm.com assets.sitescdn.net fonts.googleapis.com players.brightcove.net s0.2mdn.net sky.likewizesupport.com sky.lucidcx.com skycustomer.likewizesupport.com tagmanager.google.com www.facebook.com www.googletagmanager.com www.gstatic.com; font-src 'self' data: *.google.co.uk *.google.com *.google.ie *.intercomcdn.com *.kampyle.com *.medallia.eu *.sky.com *.skyassets.com *.snapchat.com fonts.gstatic.com fonts.smct.co fonts.smct.io players.brightcove.net sky.likewizesupport.com sky.lucidcx.com skycustomer.likewizesupport.com use.typekit.net www.pinterest.com; img-src 'self' android-webview-video-poster: data: *.akamaihd.net *.atdmt.com *.awin1.com *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clicktale.net *.cloudfront.net *.contentsquare.net *.contentstack.io *.demdex.net *.doubleclick.net *.g.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.googletagmanager.com *.gumgum.com *.intercom.io *.intercomassets.com *.intercomassets.eu *.intercomcdn.com *.intercomcdn.eu *.kampyle.com *.liveperson.net *.lpsnmedia.net *.lucidcx.com *.medallia.eu *.mktgcdn.com *.online-metrix.net *.optimizely.com *.qualtrics.com *.reddit.com *.sky *.sky.com *.skyassets.com *.snapchat.com *.tvsquared.com *.yahoo.com *.yext-pixel.com *.zenaps.com 8th.io aax-eu.amazon-adsystem.com acdn.adnxs.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com analytics.tiktok.com analytics.twitter.com api.branch.io api2.branch.io app.link assets.adobedtm.com bat.bing.com c.amazon-adsystem.com c5.adalyser.com cdn.branch.io cdn.privacy-mgmt.com cdn.smct.co cdn.smct.io cdn.spatialbuzz.com cms.quantserve.com connect.facebook.net ct.pinterest.com dmp.v.fwmrm.net ep.smct.co ep.smct.io events.smct.co ib.adnxs.com lantern.roeye.com live.staticflickr.com maps.googleapis.com maps.gstatic.com match.adsrvr.org mwzeom.zeotap.com pixel.quantserve.com players.brightcove.net pm.w55c.net px.smct.co px.smct.io s.pinimg.com s0.2mdn.net sc-static.net secure.adnxs.com servedby.flashtalking.com sky.likewizesupport.com skycustomer.likewizesupport.com smct.co smct.io ssl.gstatic.com t.co tags.w55c.net tracking.audio.thisisdax.com www.facebook.com www.googleadservices.com www.gstatic.com www.pinterest.com; connect-src 'self' android-webview-video-poster: blob: *.akamaihd.net *.akstat.io *.analytics.google.com *.assistant.watson.appdomain.cloud *.boltdns.net *.brightcovecdn.com *.bskyb.com *.clicktale.net *.contentsquare.net *.contentstack.io *.demdex.net *.doubleclick.net *.g.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.googletagmanager.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com *.kampyle.com *.liveperson.net *.lpsnmedia.net *.lucidcx.com *.medallia.eu *.optimizely.com *.paa-reporting-advertising.amazon *.qualtrics.com *.reddit.com *.redditstatic.com *.sky.com *.skyassets.com *.snapchat.com *.taggstar.com *.tvsquared.com *.wepowerconnections.com *.yext-pixel.com *.yext.com *.yextapis.com *.yimg.com aax-eu.amazon-adsystem.com acdn.adnxs.com ad.doubleclick.net analytics.tiktok.com api.amplitude.com api.amplitude.com api.branch.io api.iperceptions.com api.taggstar.com api2.branch.io app.link assets.adobedtm.com awk.epgsky.com bat.bing.com britishskybroadcasti.tt.omtrdc.net c.amazon-adsystem.com cdn-assets-prod.s3.amazonaws.com cdn.branch.io cdn.privacy-mgmt.com cdn.spatialbuzz.com cdn.taggstar.com cfg.smct.co cfg.smct.io cognito-identity.eu-west-1.amazonaws.com connect.facebook.net ct.pinterest.com dmp.v.fwmrm.net edge.adobedc.net edge.api.brightcove.com ep.smct.co ep.smct.io faro-collector-prod-eu-west-0.grafana.net firehose.eu-west-1.amazonaws.com https://*.google.com https://*.prod.uidapi.com https://prod.uidapi.com ib.adnxs.com insight.adsrvr.org ipb.smct.co ipb.smct.io ipl.smct.co ipl.smct.io js.smct.co js.smct.io maps.googleapis.com match.adsrvr.org mwzeom.zeotap.com paa-reporting-advertising.amazon pagead2.googlesyndication.com players.brightcove.net pm.w55c.net poc.idscan.cloud prod.idscan.cloud qa.taggstar.com s.pinimg.com s0.2mdn.net sc-static.net secure.adnxs.com sky.likewizesupport.com skycustomer.likewizesupport.com smct.co smct.io spl.zeotap.com the.sciencebehindecommerce.com vip.timezonedb.com wss://*.liveperson.net wss://*.sky.com www.facebook.com www.googleadservices.com www.gstatic.com www.pinterest.co.uk www.pinterest.com www.zenaps.com; frame-src 'self' blob: *.awin1.com *.bskyb.com *.clicktale.net *.contentsquare.net *.demdex.net *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.kampyle.com *.liveperson.net *.lpsnmedia.net *.medallia.eu *.online-metrix.net *.optimizely.com *.paa-reporting-advertising.amazon *.qualtrics.com *.sky.com *.skyassets.com *.snapchat.com *.stripe.com *.zenaps.com 12660277.fls.doubleclick.net 1580034.fls.doubleclick.net 3662759.fls.doubleclick.net 6993240.fls.doubleclick.net aax-eu.amazon-adsystem.com acdn.adnxs.com analytics.twitter.com answers2-embed.sky.com.pagescdn.com api.branch.io api2.branch.io app.link assets.adobedtm.com c.amazon-adsystem.com cdn.branch.io cdn.privacy-mgmt.com cdn.spatialbuzz.com connect.facebook.net ct.pinterest.com d2d7do8qaecbru.cloudfront.net dmp.v.fwmrm.net ib.adnxs.com insight.adsrvr.org lantern.roeye.com live.tvgenius.net ls.smct.co ls.smct.io match.adsrvr.org paa-reporting-advertising.amazon players.brightcove.net pm.w55c.net s.pinimg.com s0.2mdn.net sc-static.net secure.adnxs.com servedby.flashtalking.com sky.likewizesupport.com sky.lucidcx.com skycustomer.likewizesupport.com smct.co smct.io td.doubleclick.net universal.iperceptions.com w.etadirect.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.pinterest.co.uk www.pinterest.com; frame-ancestors 'self'; worker-src blob: 'self' *.liveperson.net *.sky.com *.skyassets.com assets.adobedtm.com; child-src 'self' blob: *.intercom-sheets.com; media-src 'self' blob: data: *.akamaihd.net *.boltdns.net *.brightcovecdn.com *.cf.brightcove.com *.clicktale.net *.contentsquare.net *.contentstack.io *.demdex.net *.doubleclick.net *.google-analytics.com *.google.co.uk *.google.com *.google.ie *.googlesyndication.com *.intercomcdn.com *.liveperson.net *.lpsnmedia.net *.media.brightcove.com *.sky.com *.skyassets.com assets.adobedtm.com bat.bing.com www.facebook.com; object-src 'self' *.sky.com; form-action *.intercom.help *.intercom.io; report-uri /csp-reports 3 frame-ancestors 'self' https://amd.pathfactory.com *.reachcm.com reachcm.com 3 default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.intercom.io wss://*.intercom.io https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: tel: *.usercentrics.com https://vars.hotjar.com https://js.intercomcdn.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://ganon.yahoo.com https://geo.yahoo.com https://api.cloudinary.com https://*.amazon-adsystem.com https://geo.yahoo.com https://pbs.yahoo.com https://*.pubmatic.com https://*.adsrvr.org https://*.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://*.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://ganon.yahoo.com/ https://geo.yahoo.com/ https://*.doubleclick.net https://*.googlesyndication.com https://*.everesttech.com https://prebid.a-mo.net https://*.adnxs.com https://*.emxdgt.com https://yahoo-match.dotomi.com https://*.gumgum.com https://*.kargo.com https://*.kueezrtb.com https://*.mediago.io https://*.creativecdn.com https://*.yellowblue.io https://*.sonobi.com https://taboola.com https://*.1rx.io https://*.cootlogix.com https://*.rfihub.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://cm.g.doubleclick.net https://googleadservices.com https://securepubads.g.doubleclick.net https://x.bidswitch.net/sync https://*.postrelease.com https://*.kargo.com https://*.everesttech.net; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net http://*.taboola.com; connect-src 'self' https://*.liadm.com https://console.googletagservices.com https://*.engadget.com http://*.taboola.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://cdn-ssl.vidible.tv/prod https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com https://*.media.net https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io https://s.yimg.com/oa/ https://api.privacy-center.org/v1/events https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/locations https://ec.yimg.com/didomi https://guce.engadget.com/ https://guce.oath.com/ https://consent.yahoo.com/ https://*.clean.gg https://*.yieldmo.com https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://snippet.affilimate.io/ https://snippet.affilimatejs.com https://pub.affilimateapis.com https://pub-eu.affilimateapis.com https://api.assertcom.de https://icu.newsroom.bi/ingest.php https://tlx.3lift.com https://ads.yieldmo.com https://*.google-analytics.com https://api.alyavista.com https://*.seedtag.com https://guce.oath.com/ https://guce.engadget.com/ https://api.privacy-center.org/v1/locations https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/events https://ep1.adtrafficquality.google/ https://*.kueezrtb.com https://*.pbs.yahoo.com https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://ads.pubmatic.com https://googleads.g.doubleclick.net https://*.amazon-adsystem.com https://*.sonobi.com; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; upgrade-insecure-requests; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; frame-src 'self' https://ad.doubleclick.net https://console.googletagservices.com https://*.googlesyndication.com https://*.everesttech.com https://prebid.a-mo.net https://*.adnxs.com https://*.emxdgt.com https://yahoo-match.dotomi.com https://*.criteo.com https://*.gumgum.com https://*.casalemedia.com https://*.kargo.com https://*.kueezrtb.com https://*.mediago.io https://*.media.net https://*.openx.net https://*.pubmatic.com https://*.creativecdn.com https://*.rubiconproject.com https://*.sharethrough.com https://*.yellowblue.io https://*.sonobi.com https://*.lijit.com https://taboola.com https://*.3lift.com https://*.adsrvr.org https://*.1rx.io https://*.cootlogix.com https://*.yieldmo.com https://*.rfihub.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://cm.g.doubleclick.net https://googleadservices.com https://securepubads.g.doubleclick.net https://ep2.adtrafficquality.google https://*.taboola.com https://www.google.com https://*.seedtag.com https://hb.trustedstack.com https://opus.analytics.yahoo.com/ https://*.indexww.com https://*.postrelease.com https://*.kargo.com https://*.amazon-adsystem.com https://*.everesttech.net https://chartbeat.com https://*.chartbeat.com; media-src 'self' https://*.taboola.com; 3 frame-ancestors 'self' https://console.dnspod.cn 3 form-action https:; frame-ancestors https://app.contentful.com https://verkada.teamaligned.com 3 default-src 'self' http: https: data: blob:;script-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' https: data: 'unsafe-inline';img-src 'self' https: data: blob:;media-src 'self' https: http: blob: data:;connect-src http: https: ws: wss: 3 frame-ancestors 'self' *.windy.com:* 3 frame-ancestors 'self' *.bazaarvoice.com 3 default-src 'self'; img-src data: blob: *; script-src-elem 'self' assets.ubuntu.com www.google-analytics.com www.googletagmanager.com www.youtube.com asciinema.org player.vimeo.com script.crazyegg.com www.googleadservices.com js.zi-scripts.com *.g.doubleclick.net www.google.com www.gstatic.com www.brighttalk.com snap.licdn.com connect.facebook.net maps.googleapis.com www.redditstatic.com munchkin.marketo.net w.usabilla.com api.usabilla.com *.googlesyndication.com cdn.jsdelivr.net https://esm.sh https://cdn.jsdelivr.net buttons.github.io cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com 'unsafe-inline'; font-src 'self' assets.ubuntu.com fonts.google.com cdn.livechatinc.com secure.livechatinc.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' www.google.com ubuntu.com analytics.google.com www.googletagmanager.com sentry.is.canonical.com www.google-analytics.com *.crazyegg.com *.g.doubleclick.net js.zi-scripts.com *.google-analytics.com px.ads.linkedin.com ws.zoominfo.com youtube.com google.com fonts.google.com maps.googleapis.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://esm.sh https://lottie.host https://cdn.jsdelivr.net *.analytics.google.com www.facebook.com *.googlesyndication.com *.mktoresp.com assets.ubuntu.com api.github.com api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com web.facebook.com; frame-src 'self' *.doubleclick.net www.youtube.com/ asciinema.org player.vimeo.com www.googletagmanager.com www.google.com www.brighttalk.com cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com; style-src 'self' cdn.jsdelivr.net 'unsafe-inline'; media-src 'self' res.cloudinary.com assets.ubuntu.com; child-src 'self' blob: youtube.com google.com fonts.google.com api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com; 3 frame-ancestors 'self' https://afiliados.locaweb.com.br 3 child-src *.googletagmanager.com *.greenhouse.io *.vimeo.com app.qualified.com; connect-src *.clarity.ms *.6sc.co *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com *.cookiefirst.com *.google-analytics.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.vimeocdn.com *.forethought.ai *.linkedin.com *.vidyard.com *.vimeo.com *.6sense.co *.6sense.com *.d2l.com wss://*.qualified.com lottie.host e.calibermind.com app.navattic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com dl102401s.searchunify.com dl182403p.searchunify.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net *.g2.com www.redditstatic.com bam.nr-data.net pagead2.googlesyndication.com secure.adnxs.com www.google.co.in www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.br www.google.com.co www.google.com.mx www.google.ie 'self' 482-pda-858.mktoresp.com 482-pda-858.mktoutil.com app.qualified.com conversions-config.reddit.com data: eps.6sc.co my.yoast.com pixel-config.reddit.com prod.customershome.com region1.analytics.google.com tracking.g2crowd.com translate.googleapis.com www.facebook.com www.google.ca www.googleadservices.com yoast.com vimeo.com; default-src *.clarity.ms *.6sc.co *.acuityplatform.com *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com *.linkedin.com 'self' 'unsafe-inline' *.d2l.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com c.bing.com secure.adnxs.com 482-pda-858.mktoresp.com alb.reddit.com analytics.google.com connect.facebook.net data: googleads.g.doubleclick.net ipv6.6sc.co js.qualified.com munchkin.marketo.net origin.acuityplatform.com pixel-config.reddit.com 'self' tracking.g2crowd.com www.facebook.com www.google.com www.googletagmanager.com www.redditstatic.com www.youtube.com; font-src 'self' data: www.d2l.com dl102401s.searchunify.com dl182403p.searchunify.com fonts.gstatic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; form-action 'self' www.d2l.com www.facebook.com applications.zoom.us; frame-src *.googletagmanager.com *.greenhouse.io *.vidyard.com *.vimeo.com *.forethought.ai *.d2l.com 'self' blob: capture.navattic.com applications.zoom.us app.qualified.com td.doubleclick.net www.facebook.com www.google.com www.youtube.com www.buzzsprout.com; img-src *.clarity.ms *.6sc.co *.mutinycdn.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.vimeocdn.com *.linkedin.com *.vidyard.com *.d2l.com img.youtube.com cdn.shortpixel.ai c.navattic.com i.ytimg.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net dl102401s.searchunify.com dl182403p.searchunify.com static.pheedloop.com assets.swoogo.com google.com pagead2.googlesyndication.com consent.cookiefirst.com secure.adnxs.com www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.ma www.google.co.nz www.google.co.uk www.google.co.vi www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.bz www.google.com.co www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.ly www.google.com.mx www.google.com.np www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.tr www.google.de www.google.dz www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.ht www.google.hu www.google.ie www.google.it www.google.nl www.google.pt www.google.rs 'self' app.navattic.com c.bing.com alb.reddit.com data: fonts.gstatic.com secure.gravatar.com translate.google.com www.facebook.com www.google.ca blob:; media-src *.vimeo.com *.vimeocdn.com 'self' h5p.com app.qualified.com; object-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem *.clarity.ms *.6sc.co *.acuityplatform.com *.mutinycdn.com *.cookiefirst.com *.greenhouse.io *.forethought.ai *.vidyard.com *.vimeo.com *.d2l.com 'self' 'unsafe-inline' js.navattic.com cdn.shortpixel.ai js.navattic.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net pagead2.googlesyndication.com snap.licdn.com bam.nr-data.net apis.google.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.qualified.com js.storylane.io munchkin.marketo.net origin.acuityplatform.com cdn.calibermind.com tracking.g2crowd.com unpkg.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com yoast.com js.live.net www.dropbox.com www.buzzsprout.com; script-src *.6sc.co *.acuityplatform.com *.mutinycdn.com *.googletagmanager.com *.googleadservices.com *.google.com *.vimeocdn.com *.vimeo.com *.greenhouse.io *.forethought.ai *.d2l.com 'self' 'unsafe-eval' 'unsafe-inline' js.navattic.com pagead2.googlesyndication.com snap.licdn.com bam.nr-data.net consent.cookiefirst.com client-registry.cdn.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com js.qualified.com munchkin.marketo.net tracking.g2crowd.com unpkg.com www.clarity.ms www.redditstatic.com; style-src-attr 'unsafe-inline' dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; style-src-elem *.cookiefirst.com *.greenhouse.io *.d2l.com d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net 'self' 'unsafe-inline' data: fonts.googleapis.com www.gstatic.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com; style-src 'self' 'unsafe-inline' d2y8arselzu8n4.cloudfront.net d14drb1667mvq0.cloudfront.net consent.cookiefirst.com dev.mytype.d2l.com.s3-website-us-west-2.amazonaws.com mytype.d2l.com pages.d2l.com; worker-src 'self' blob:; frame-ancestors 'self' *.d2l.com app.mutinyhq.com applications.zoom.us; 3 frame-ancestors 'self' appsec.aarp.org secure.aarp.org cms.aarp.org arenax-testing2-games.aarp.org test.giveback.aarp.org giveback.aarp.org aarpvolunteer.my.site.com aarp.staging.jibeapply.com aarp.devserver.cloud navigator.aarp.org earnpoints.aarp.org events.xg4ken.com ayuda-sp.aarp.org ayuda-s.aarp.org ayuda.aarp.org app.devserver.cloud nutrition.aarp.org aarp.jibeapply.com arenax-testing3-games.aarp.org aarp.theworkademy.com stage.jobskills.aarp.org jobskills.aarp.org feeds.aarp.org memberoffers.aarp.org aarp.org cdn.aarp.net appsec.aarp.org secure-pi.aarp.org test.elearn.aarp.org dev.livablemap.aarp.byf1.dev livablemap.aarp.org nextgen.jobs.aarp.org jobs.aarp.org arenax-testing-games.aarp.org games.aarp.org futureofhousing.aarp.org aarpfutureodev.wpengine.com aarpfohstage.wpengine.com help-s.aarp.org test.elearn.aarp.org elearn.aarp.org local.aarp.org staging.local.aarp.org longtermscorecard.org careers.aarp.org www.aarp.org yqa.livetech.dev yqa.test caretotalk.aarp.org policybook.aarp.org policybookdb8jfimehk.devcloud.acquia-sites.com livindexhub.aarp.org livabilityindex.aarp.org livablemap.aarp.org press.aarp.org stage.mediaroom.com policybookwmcd4qm5qv.devcloud.acquia-sites.com dev.livindex-21.aarp.byf1.dev stage.livindex-21.aarp.byf1.dev veterans.aarp.org learn.aarp.org help.aarp.org community.aarp.org services.share.aarp.org secure.aarp.org virtualevents.aarp.org cdn.kitewheel.com aarp.brand.live aarpsandbox.brand.live test.virtualevents.aarp.org elearn.aarp.org blog.aarp.org taxappointment.aarp.org banksafetraining.aarp.org virtualevents.aarp.org; 3 frame-ancestors 'self' resources.duo.com learn-cloudsecurity.cisco.com; 3 frame-ancestors *.oray.com scrm-wx.weiling.cn 3 frame-ancestors 'self' https://app.contentful.com/spaces/* https://zoominfo.pathfactory.com/* https://pipeline.zoominfo.com/* http://pipeline.zoominfo.com/* 3 default-src 'self' *.starbucks.com *.starbucks.ca; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; connect-src 'self' *.starbucks.com *.starbucks.ca https://fonts.gstatic.com *.akamaihd.net *.akstat.io *.doubleclick.net *.go-mpulse.net *.google-analytics.com *.googlevideo.com *.mparticle.com *.nr-data.net *.optimizely.com *.pinterest.com *.trustarc.com; font-src 'self' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com https://fonts.gstatic.com *.trustarc.com; img-src 'self' data: *.starbucks.com *.starbucks.ca https://*.gstatic.com *.adsrvr.org *.agkn.com *.akamaihd.net *.appcast.io *.bing.com *.doubleclick.net *.facebook.com *.ggpht.com *.google.com *.google-analytics.com *.googletagmanager.com *.mparticle.com *.nr-data.net *.pinterest.com *.snapchat.com *.trustarc.com *.truste.com *.videoamp.com *.xg4ken.com *.ytimg.com; manifest-src 'self' *.starbucks.com *.starbucks.ca; media-src 'self' blob: *.starbucks.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.starbucks.com *.starbucks.ca cdnjs.com *.appcast.io *.bing.com *.doubleclick.net *.facebook.net *.go-mpulse.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.mparticle.com *.newrelic.com *.nr-data.net *.optimizely.com *.pinimg.com *.sc-static.net *.snapchat.com *.trustarc.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com; 3 default-src 'self' http: https: 3 frame-ancestors 'self' pmt.honeywell.com sps.honeywell.com ppe.sps.honeywell.com; 3 default-src 'self' *.googletagmanager.com https://payment.demo.sparklight.com https://payment.dev.sparklight.com https://payment.sparklight.com https://use.typekit.net *.adsrvr.org *.demdex.net *.dpm.demdex.net https://*.sitecorecloud.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.invoca.net https://*.adsrvr.org https://*.hotjar.com https://static.hotjar.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com *.crazyegg.com https://connect.facebook.net https://www.googleadservices.com https://ad.doubleclick.net *.googletagmanager.com https://payment.demo.sparklight.com https://payment.dev.sparklight.com https://payment.sparklight.com *.sparklight.com *.doubleclick.net *.bing.com *.c.bing.com *.c.clarity.ms *.clarity.ms *.bat.bing.com *.nextdoor.com https://*.invocacdn.com https://*.sitecorecloud.io https://*.aptrinsic.com https://*.blob.core.windows.net https://*.jsdelivr.net https://*.smartmove.us https://cableone-dev-beryl.vercel.app https://cableone-demo-beryl.vercel.app https://sparklight-dev.vercel.app https://sparklight-demo.vercel.app https://sparklight-prod.vercel.app https://cableone-prod-beryl.vercel.app https://*.zdassets.com https://*.smooch.io https://api.smooch.io https://unpkg.com *.statistinamics.com https://www.ssa.gov; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.googletagmanager.com https://payment.demo.sparklight.com https://use.typekit.net https://p.typekit.net https://*.sitecorecloud.io https://*.aptrinsic.com https://cableone-dev-beryl.vercel.app https://cableone-demo-beryl.vercel.app https://sparklight-dev.vercel.app https://sparklight-demo.vercel.app https://sparklight-prod.vercel.app https://cableone-prod-beryl.vercel.app https://*.smartmove.us https://*.zdassets.com; img-src 'self' data: https://*.clarity.ms https://*.nextdoor.com analytics.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com https://www.facebook.com https://www.google.com *.bing.com *.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://connect.facebook.net https://fonts.gstatic.com *.googletagmanager.com *.cableone.net *.sparklight.com https://*.cableone.net https://*.sparklight.com *.adnxs.com https://bat.bing.com https://www.tiktok.com https://*.sitecorecloud.io https://*.blob.core.windows.net https://cableone-dev-beryl.vercel.app https://cableone-demo-beryl.vercel.app https://sparklight-dev.vercel.app https://sparklight-demo.vercel.app https://sparklight-prod.vercel.app https://cableone-prod-beryl.vercel.app https://cableone.zendesk.com https://www.gravatar.com https://ctam.demdex.net https://*.demdex.net https://*.dpm.demdex.net https://*.smartmove.us https://*.zdassets.com; connect-src 'self' https://insight.adsrvr.org https://*.crazyegg.com https://*.invoca.net analytics.tiktok.com https://www.tiktok.com analytics-ipv6.tiktokw.us ads.tiktok.com https://www.facebook.com https://us-central1-sparklight-433014.cloudfunctions.net https://www.googleadservices.com https://*.googletagmanager.com https://ad.doubleclick.net https://connect.facebook.net https://pagead2.googlesyndication.com *.google.com *.google-analytics.com *.sparklight.com *.tapad.com *.casalemedia.com *.clarity.ms https://bat.bing.com https://stats.g.doubleclick.net https://*.sitecorecloud.io https://*.aptrinsic.com https://*.smartmove.us https://unpkg.com https://*.zdassets.com https://cableone.zendesk.com https://*.smooch.io https://api.smooch.io wss://api.smooch.io https://zendesk-eu.my.sentry.io https://cableone.speedtestcustom.com *.nextdoor.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://cableone-dev-beryl.vercel.app https://cableone-demo-beryl.vercel.app https://sparklight-dev.vercel.app https://sparklight-demo.vercel.app https://sparklight-prod.vercel.app https://cableone-prod-beryl.vercel.app https://*.sitecorecloud.io; media-src 'self' data: *.cableone.net *.sparklight.com https://*.cableone.net https://*.sparklight.com https://*.sitecorecloud.io; object-src 'none'; worker-src 'self' blob:; frame-ancestors 'self' https://payment.demo.sparklight.com https://cart.dev.sparklight.com https://cart.demo.sparklight.com https://*.sitecorecloud.io; frame-src 'self' 'unsafe-inline' https://www.tiktok.com https://*.adsrvr.org https://*.fls.doubleclick.net https://*.doubleclick.net https://www.facebook.com https://ad.doubleclick.net https://www.google.com *.googletagmanager.com https://payment.demo.sparklight.com https://payment.dev.sparklight.com https://payment.sparklight.com bytedance: sslocal: https://*.sitecorecloud.io https://*.smartmove.us https://forms.office.com https://cableone.speedtestcustom.com https://cableone.wufoo.com woobox.com 3 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.weborama.com *.adways.com *.adpaths.com; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com *.mktoutil.com mktoutil.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wistia.net wistia.net *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com *.smartrecruiters.com smartrecruiters.com js.storylane.io/js/v2/storylane.js app.storylane.io demandbase.com *.demandbase.com company-target.com *.company-target.com venafi.cloud *.venafi.cloud venafi.eu *.venafi.eu vimeo.com *.vimeo.com data: blob:; upgrade-insecure-requests; 3 frame-ancestors 'self' https://webvisor.com 3 connect-src 'self' *.adentifi.com *.adnxs.com *.adobeaemcloud.com *.agkn.com *.analytics.google.com *.awswaf.com *.azurefd.net *.bing.com *.buyatoyota.com *.clarity.ms *.cloudfunctions.net *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.ipredictive.com *.lexus.com *.linkedin.com *.omtrdc.net *.rlcdn.com *.scene7.com *.teads.tv *.tomtom.com *.toyota.com *.toyotafinancial.com *.turn.com *.undertone.com *.yimg.com ads.scorecardresearch.com adserv.mobi alb.reddit.com api.iperceptions.com api.retargetly.com ara.paa-reporting-advertising.amazon at.alicdn.com bat.bing-int.com bat.bing.net browser-intake-datadoghq.com c.amazon-adsystem.com cdn.appdynamics.com cm.everesttech.net col.eum-appdynamics.com collection.decibelinsight.net conv-pix.adstk.io conversions-config.reddit.com ct.pinterest.com data: doh.cq0.co dpm.demdex.net dsp.tk0x1.com dsum-sec.casalemedia.com engagement-provider-preprod.iperceptions.com evnt.byspotify.com fonts.gstatic.com gdpr.loopme.com google.com i18n.contentsquare.com insight.adsrvr.org invite-preprod.iperceptions.com ips-invite.iperceptions.com jnn-pa.googleapis.com kcc0.com lciapi.ninthdecimal.com ldti.syndication.kbb.com lm.serving-sys.com manage-api.ensighten.com maps.googleapis.com maps.gstatic.com match.adsrvr.org nexus-test.ensighten.com nexus.ensighten.com noembed.com pagead2.googlesyndication.com peornia-comargers.icu pixall.esm1.net pixel-config.reddit.com pixel.admedia.com pixel.logtrackback.com pixel.quantserve.com pixel.sitescout.com pixels.spotify.com post.iperceptions.com privacy.ensighten.com pt.ispot.tv px.gumgum.com rum.hlx.page s-a.innovid.com s.amazon-adsystem.com s.pinimg.com sd.iperceptions.com secure-ds.serving-sys.com secure.insightexpressai.com simage2.pubmatic.com snap.licdn.com snapshot.carfax.com sp.analytics.yahoo.com sync-eu.connectad.io tagging-staging.shiftdigitalapps.io tagging.shiftdigitalapps.io tags.srv.stackadapt.com tags.w55c.net tapestry.tapad.com tcrp-stg.mmq.telematicsct.com tcrp.mmq.telematicsct.com tk0x1.com toyota.demdex.net toystortemplatingengprod.blob.core.windows.net toystortemplatingengqa.blob.core.windows.net tr.snapchat.com tr6.snapchat.com universal.iperceptions.com wss://*.toyota.com www.googleadservices.com www.googletagmanager.com www.pinterest.com www.redditstatic.com www.youtube.com x.bidswitch.net zen-dco.innovid.com zz.connextra.com; default-src 'self' *.toyota.com login.microsoftonline.com; font-src 'self' *.lexus.com *.linkedin.com *.toyota.com assets.alicdn.com at.alicdn.com data: fonts.googleapis.com fonts.gstatic.com login.microsoftonline.com manage.ensighten.com snap.licdn.com; frame-src 'self' *.adnxs.com *.bing.com *.contentsquare.net *.doubleclick.net *.ep-mimecast.snapchat.com *.facebook.com *.flashtalking.com *.google.com *.lexus.com *.teads.tv *.toyota.com bs.serving-sys.com col.eum-appdynamics.com collection-api.preprod.astutevoc.com ct.pinterest.com feedback.emplifi.io insight.adsrvr.org lciapi.ninthdecimal.com ldti.syndication.kbb.com m.youtube.com match.adsrvr.org pixall.esm1.net pixel.admedia.com pixel.rubiconproject.com rtb.adgrx.com rtr.innovid.com s.amazon-adsystem.com toyota-shopper-widget.zappy-ride.com toyota.demdex.net toyota.evlife.co tr.snapchat.com universal-preprod.iperceptions.com universal.iperceptions.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com; img-src 'self' *.adentifi.com *.adnxs.com *.adobeaemcloud.com *.agkn.com *.azurefd.net *.bing.com *.buyatoyota.com *.clarity.ms *.cloudfront.net *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.flashtalking.com *.google.co.in *.google.com *.inventoryrsc.com *.ipredictive.com *.lexus.com *.linkedin.com *.rlcdn.com *.scene7.com *.setproductsetup.com *.taboola.com *.taboolasyndication.com *.teads.tv *.toyota.com *.tribalfusion.com *.turn.com *.tvsquared.com *.undertone.com *.vindicosuite.co *.yimg.com 1f2e7.v.fwmrm.net abs.twimg.com acuityplatform.com ade.googlesyndication.com ads.scorecardresearch.com ads.stickyadstv.com adserv.mobi adservice.google.co.uk adswizz.com ag.innovid.com alb.reddit.com analytics.twitter.com api.retargetly.com arttrk.com bat.bing.net bs.serving-sys.com campaignmanager.com cm.everesttech.net cognitivlabs.com col.eum-appdynamics.com conv-pix.adstk.io ct.pinterest.com data.privacy.ensighten.com data: dealer-content-management-dev.azurewebsites.net dealer-content-management.azurewebsites.net dev.day.com dpm.demdex.net dsp.tk0x1.com dsum-sec.casalemedia.com eb2.3lift.com engagetosell.com fonts.gstatic.com hb.yahoo.net hitcount-preprod.iperceptions.com i.ytimg.com img.alicdn.com insight.adsrvr.org ips-img.iperceptions.com ips-invite.iperceptions.com jadserve.postrelease.com kargo.com kcc0.com lciapi.ninthdecimal.com ldti.syndication.kbb.com log.pinterest.com login.microsoftonline.com maps.googleapis.com maps.gstatic.com match.adsrvr.org match.prod.bidr.io media.sabio.us mpp.vindicosuite.com nexus-test.ensighten.com nodetracker.datawrkz.com odr.mookie1.com pagead2.googlesyndication.com pbs.twimg.com peornia-comargers.icu photosite.setoyota.com pippio.com pixall.esm1.net pixel-ssn.quantserve.com pixel-sync.sitescout.com pixel.logtrackback.com pixel.quantserve.com pixel.rubiconproject.com pixel.sitescout.com pixel.tapad.com portphotos.setoyota.com pr-bh.ybp.yahoo.com pt.ispot.tv px.gumgum.com rtb.adgrx.com rtr.innovid.com s-a.innovid.com s.amazon-adsystem.com sd.iperceptions.com secure-ds.serving-sys.com secure.insightexpressai.com simage2.pubmatic.com snap.licdn.com snapshot.carfax.com sp.analytics.yahoo.com static.carfax.com static.reportdelivery.production.aws.carfax.io stats.wordpress.com sync.crwdcntrl.net sync.search.spotxchange.com t.co t.mookie1.com tag.tapad.com tagging-staging.shiftdigitalapps.io tagging.shiftdigitalapps.io tags.bluekai.com tags.srv.stackadapt.com tags.w55c.net tapestry.tapad.com tk0x1.com tmsappqstorage01.blob.core.windows.net toyota.com toystortemplatingengprod.blob.core.windows.net toystortemplatingengqa.blob.core.windows.net trkn.us tubemogul.com twittercounter.com unrulymedia.com ups.analytics.yahoo.com us-u.openx.net www.google-analytics.com www.google.co.uk www.googleadservices.com www.googletagmanager.com www.gstatic.com www.pinterest.com www.youtube.com x.bidswitch.net yt3.ggpht.com zen-dco.innovid.com zz.connextra.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adnxs.com *.agkn.com *.awswaf.com *.azureedge.net *.azurefd.net *.bing.com *.buyatoyota.com *.clarity.ms *.cobrowse.oraclecloud.com *.contentsquare.com *.contentsquare.net *.doubleclick.net *.facebook.net *.force.com *.google.com *.lexus.com *.linkedin.com *.liveagentforsalesforce.com *.phenompeople.com *.rfihub.net *.rlcdn.com *.salesforceliveagent.com *.teads.tv *.tomtom.com *.toyota.com *.tribalfusion.com *.turn.com *.tvsquared.com *.yimg.com adserv.mobi api.retargetly.com assets.adobedtm.com assets.sitescdn.net bat.bing-int.com bs.serving-sys.com c.amazon-adsystem.com cdn.appdynamics.com cdn.decibelinsight.net cdn.pdst.fm cnv.event.prod.bidr.io consent.cookiebot.com cstatic.weborama.fr ct.pinterest.com ctcp.cybage.com dts.innovid.com ethn.io g.alicdn.com global.toyota gnrcp.cybage.com i.loopme.me imgs.signifyd.com ips-invite.iperceptions.com js.adsrvr.org js.adstk.io ldti.syndication.kbb.com live.rezync.com maps.googleapis.com media.fraud.net nexus-test.ensighten.com nexus.ensighten.com onetag.tws.toyota.jp pagead2.googlesyndication.com peornia-comargers.icu pixel.admedia.com pixel.byspotify.com pixel.mathtag.com privacy.ensighten.com resources.digital-cloud.medallia.com rules.quantcount.com rum.hlx.page s-static.innovid.com s.pinimg.com s2.go-mpulse.net s7.addthis.com sc-static.net script.hotjar.com scripts.inmarkethub.com sd.iperceptions.com secure-ds.serving-sys.com secure.ethicspoint.com secure.quantserve.com snap.licdn.com snapshot.carfax.com static.ads-twitter.com static.hotjar.com tagging-staging.shiftdigitalapps.io tagging.shiftdigitalapps.io tags.bluekai.com tags.srv.stackadapt.com toyota.com toyotaeffect.com tr.snapchat.com universal-preprod.iperceptions.com universal.iperceptions.com universaldefinitionsdev.blob.core.windows.net us.connextra.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.toyota.ca www.toyota.mx www.toyotafinancial.com www.toyotaipsolutions.com www.toyotamobility.com www.youtube-nocookie.com www.youtube.com www1.toyotaoutfitters.com; style-src 'self' 'unsafe-inline' *.lexus.com *.tomtom.com *.toyota.com fonts.googleapis.com manage-api.ensighten.com nexus-test.ensighten.com nexus.ensighten.com privacy.ensighten.com snapshot.carfax.com tags.srv.stackadapt.com www.gstatic.com www.youtube.com; child-src 'self' blob:; media-src 'self' *.doubleclick.net *.toyota.com dts.innovid.com m.youtube.com pdst.fm s-static.innovid.com www.googleadservices.com www.youtube-nocookie.com www.youtube.com; worker-src 'self' 'unsafe-inline' *.toyota.com blob: data:;upgrade-insecure-requests; report-uri https://prod.webservices.toyota.com/csp-report 3 base-uri 'self'; style-src 'self' 'unsafe-inline' https://static.popmechanic.ru https://*.mindbox.ru https://events.nethouse.ru https://fonts.googleapis.com *.jivo.ru *.jivosite.com; img-src 'self' https://res.cloudinary.com https://vk.com https://*.vk.com https://*.mindbox.ru https://www.google-analytics.com https://top-fwz1.mail.ru https://*.googlesyndication.com https://tr.lfeeder.com https://www.google.ru https://*.adtrafficquality.google https://tr-rc.lfeeder.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google.com https://fonts.googleapis.com https://*.mindbox.ru https://media2.giphy.com *.jivo.ru *.jivosite.com data: blob:; connect-src 'self' https://*.doubleclick.net https://res.cloudinary.com https://www.google-analytics.com https://top-fwz1.mail.ru https://privacy-cs.mail.ru https://analytics.google.com https://*.analytics.google.com https://fundingchoicesmessages.google.com https://*.googlesyndication.com https://*.adtrafficquality.google https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://yandex.com https://uaas.yandex.ru https://*.mindbox.ru https://jivo-userdata.obs.ru-moscow-1.hc.sbercloud.ru https://*.ahrefs.com/ https://www.google.com https://www.gstatic.com https://recaptcha.google.com https://*.recaptcha.google.com wss://*.jivosite.com wss://*.jivo.ru wss://mc.yandex.ru/solid.ws *.jivo.ru *.jivosite.com; form-action 'self'; frame-ancestors 'self' *.jivo.ru *.jivosite.com https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://cloudinary.com https://*.cloudinary.com; child-src https://mc.yandex.ru https://mc.yandex.com; frame-src 'self' https: *.jivo.ru *.jivosite.com https://*.youtube.com https://rutube.ru/ https://vk.com https://vkvideo.ru/ https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://*.facebook.com https://top-fwz1.mail.ru https://*.adtrafficquality.google https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://events.nethouse.ru https://cloudinary.com https://*.cloudinary.com https://go.vooozer.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; block-all-mixed-content; 3 upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: data: blob: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline' android-webview-video-poster: ; report-uri https://csp.ansa.it/report/ 3 frame-ancestors https://*.phoenix.razer.com https://www.razer.com; 3 default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-eval' *.nmrodam.com *.imrworldwide.com *.sensic.net *.gstatic.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com;media-src * mediastream: blob:;frame-src 'self' *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net mailto: tg: threema: fb-messenger:;frame-ancestors *;worker-src 'self' blob: 3 frame-ancestors 'self' http://sproutsocial.lookbookhq.com https://sproutsocial.lookbookhq.com http://sproutsocial.pathfactory.com https://sproutsocial.pathfactory.com https://*.sproutsocial.test https://*.sproutsocial.com https://sproutsocial.com; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; report-uri /report-csp-violation; upgrade-insecure-requests 3 frame-ancestors 'self' https://*.adobe.com; 3 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' documentservices.adobe.com *.dickssportinggoods.com *.cardinalcommerce.com api.cash.app cash.app *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.radar.com *.googleapis.com *.certona.net *.certona.com res-x.com *.res-x.com maxcdn.bootstrapcdn.com c.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net *.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com *.nextdoor.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net www.paypal.com *.paypalobjects.com *.braintreegateway.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com checkoutshopper-live-us.adyen.com acs.entersektehs.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.rokt.com *.tvpixel.com *.monetate.net *.reddit.com *.redditstatic.com *.granify.com *.tnapplications.com *.minionplatform.com blob: apps.byondxr.com acrobatservices.adobe.com ep2.adtrafficquality.google fundingchoicesmessages.google.com mczbf.com sjwoe.com cj.dotomi.com emjcd.com idsync.rlcdn.com *.mczbf.com *.cj.com *.adobemc.com *.techlab-cdn.com *.obsess-vr.com *.obsessvr.com s3.amazonaws.com/idme/; worker-src blob:; frame-ancestors *.dickssportinggoods.com *.adobe.com *.experiencecloud.adobe.com *.adobemc.com; child-src *.cj.com *.monetate.net acrobatservices.adobe.com documentservices.adobe.com *.attn.tv dcsg.jotform.com *.dickssportinggoods.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.cardinalcommerce.com api.cash.app cash.app *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net *.minionplatform.com maps.google.com accounts.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com checkoutshopper-live.adyen.com checkoutshopper-live-us.adyen.com acs.entersektehs.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.curalate.com *.bambuser.com *.radar.com *.recaptcha.net *.rokt.com sketchfab.com blob: www.googletagmanager.com ep2.adtrafficquality.google *.adobemc.com *.techlab-cdn.com *.granify.com *.eprize.net; 3 default-src 'self';base-uri 'self';child-src blob:;connect-src 'self' wss: https: https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://func.bitwarden.com https://status.bitwarden.com https://us-central1-adaptive-growth.cloudfunctions.net https://pdf-convert.bitwarden.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://bitwarden.freshsales.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://bat.bing.com https://cdn.linkedin.oribi.io https://i.clarity.ms https://scout.salesloft.com https://script.crazyegg.com https://global.ketchcdn.com/ https://cdn.ketchjs.com/;img-src 'self' data: https: https://*.algolia.net https://images.ctfassets.net https://res.cloudinary.com https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://*.hsforms.com https://track.hubspot.com https://analytics.twitter.com https://t.co https://alb.reddit.com https://aorta.clickagy.com https://bat.bing.com https://i.vimeocdn.com https://id.rlcdn.com https://idsync.rlcdn.com https://insight.adsrvr.org https://px.ads.linkedin.com https://p.adsymptotic.com https://stags.bluekai.com https://ct.capterra.com;font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.typekit.net;form-action https://forms.hsforms.com https://www.facebook.com;frame-ancestors https://app.contentful.com;frame-src https://app.hubspot.com https://start.bitwarden.com https://*.doubleclick.net https://boards.greenhouse.io https://s.company-target.com https://docs.google.com https://forms.hsforms.com https://player.vimeo.com https://preview.widgets.ninetailed.io/ https://us02web.zoom.us https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://*.hs-sites.com https://global.ketchcdn.com https://cdn.ketchjs.com/ https://app.contentful.com https://job-boards.greenhouse.io https://hemsync.clickagy.com https://insight.adsrvr.org;manifest-src 'self';object-src 'none';report-uri https://csp-report.browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pub41b0937554d4ab91e35c9ae62433371b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdn.jsdelivr.net/ https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hubspot.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://j.6sc.co https://tag.demandbase.com https://a.quora.com https://assets.freshsales.io https://bat.bing.com https://boards.greenhouse.io https://cdn.jsdelivr.net/npm/search-insights@2.0.4 https://cdn.pdst.fm https://global.ketchcdn.com https://cdn.ketchjs.com/ https://connect.facebook.net https://mountain.com https://*.mountain.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://libraries.hund.io https://ml314.com https://*.ml314.com https://player.vimeo.com https://plausible.io https://script.crazyegg.com https://scout-cdn.salesloft.com https://snap.licdn.com https://static.ads-twitter.com https://static.xingcdn.com/xingtrk/index.js https://tag.clearbitscripts.com https://cdn.hubilo.com https://tags.clickagy.com https://js.usemessages.com https://ws.zoominfo.com https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.redditstatic.com https://x.clearbitjs.com https://app.contentful.com https://tags.clickagy.com/ https://js.zi-scripts.com https://js.adsrvr.org/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://libraries.hund.io https://global.ketchcdn.com https://cdn.ketchjs.com/ https://*.typekit.net;worker-src 'self' blob: https://global.ketchcdn.com https://cdn.ketchjs.com/ 3 frame-ancestors https://playersupport.my.salesforce.com 3 default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com https://buttons.github.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://static.scarf.sh 3 child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.livechat.s3.amazonaws.com *.livechat-files.com *.paypal.com *.google.com *.youtube.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com; frame-ancestors 'self' directnic.net; 3 default-src 'self'; style-src 'self' https://static.threema.ch 'unsafe-inline'; font-src 'self' https://static.threema.ch data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://hcaptcha-ws.threema.ch; script-src-elem 'self' https://hcaptcha-ws.threema.ch 'unsafe-inline' data:; frame-src 'self' https://hcaptcha-assets.threema.ch; img-src 'self' data: https://static.threema.ch blob: ; media-src 'self' data: blob:; connect-src 'self' wss://threema.com https://hcaptcha-assets.threema.ch https://static.threema.ch https://bugs.threema.ch ; object-src 'none'; worker-src 'self' blob:; child-src blob: https://hcaptcha-assets.threema.ch; frame-ancestors 'self'; form-action 'self' https://threema.com ; base-uri https://threema.com; report-uri https://bugs.threema.ch/api/30/security/?sentry_key=33a83d833904ad024494585d9479b3c4; report-to default 3 default-src 'self' *.brightcove.com *.browser-intake-datadoghq.com *.coveo.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.teads.tv *.pinterest.com *.hotjar.com *.iesnare.com *.infogram.com *.liadm.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.reddit.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net *.yobi.ai adobetag.com analytics-ipv6.tiktokw.us api-js.mixpanel.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.measureone.com api.omniture.com app.optinmonster.com apps.rokt.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.lr-ingest.com cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com ik.imagekit.io img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com libraweb.tiktokw.us loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com https://sc-static.net *.snapchat.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com https://cdn.allitrk.com https://apps.rokt-api.com https://www.redditstatic.com https://collector.allitrk.com ws://*.hotjar.com wss://*.hotjar.com *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com *.mczbf.com *.sjwoe.com analytics.tiktok.com cdn.pdst.fm *.trustpilot.com trkn.us us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm *.qualtrics.com analytics.google.com *.nextdoor.com *.google.com *.yoast.com yoast.com *.datadoghq-browser-agent.com *.datadoghq.com *.yieldmo.com pix.pub *.biocatch.com *.we-stats.com activitymap.adobe.com *.branch.io app.link *.app.link s.pinimg.com unpkg.com *.inmobicdn.net analytics-sm.com browser-intake-datadoghq.com google.com tags.srv.stackadapt.com nextinsure.com *.nextinsure.com *.save.auto *.supermoney.com *.ownup.com pixels.spotify.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; frame-ancestors 'self' 3 report-uri https://impactother.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: *; base-uri 'self'; 3 default-src 'self' *.6sc.co *.acquia.com *.youtube.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.vimeo.com *.vwo.com *.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.anthology.com img.en25.com *.github.com *.recaptcha.net *.g2crowd.com *.clarity.ms *.doubleclick.net *.6sc.co *.siteimprove.net *.fontawesome.com *.vimeo.com *.vimeocdn.com *.licdn.com *.linkedin.com *.newrelic.com *.nr-data.net *.typekit.net *.getsitecontrol.com *.acquia.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com s3.amazonaws.com siteimproveanalytics.com prod.ally.ac bugcrowd.com assets.bugcrowdusercontent.com cdnjs.cloudflare.com cdn.jsdelivr.net *.cookielaw.org *.onetrust.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.twitter.com *.cloudflareinsights.com *.cloudflare.com *.visualwebsiteoptimizer.com *.vwo.com *.googlesyndication.com *.redditstatic.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hsforms.net *.hubspot.com *.hsappstatic.net *.hubspotusercontent-na1.net; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.gstatic.com prod.ally.ac cdnjs.cloudflare.com; img-src 'self' * data: blob: *.siteimproveanalytics.io; media-src * data:; frame-ancestors 'self' *.blackboard.com *.ally.ac *.anthology.com *.ddev.site; child-src 'self' * blob:; font-src 'self' *.fontawesome.com *.gstatic.com *.googleusercontent.com *.typekit.net data:; connect-src 'self' *.anthology.com *.adnxs.com *.vimeocdn.com *.6sense.com *.siteimprove.com *.siteimprove.net *.g2crowd.com *.clarity.ms *.doubleclick.net *.6sc.co *.fontawesome.com t.co *.facebook.com *.bizographics.com *.licdn.com *.linkedin.com *.newrelic.com *.nr-data.net *.typekit.net *.getsitecontrol.com *.acquia.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com prod.ally.ac *.cookielaw.org *.onetrust.com *.twitter.com *.visualwebsiteoptimizer.com *.vwo.com *.g2.com *.ddev.site *.eloqua.com *.redditstatic.com *.reddit.com *.hubapi.com *.hscollectedforms.net *.googleadservices.com *.hsforms.com ipinfo.io *.hsappstatic.net *.hubspot.com; 3 default-src 'self' blob: www.facebook.com facebook.com https://www.googletagmanager.com content.dionglobal.in icicibank.paymetry.com www.twitter.com twitter.com soundhelix.com *.go-mpulse.net www.iciciprulife.com cdn.jsdelivr.net code.jquery.com iciciauto.com icici.skryptech.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com googletagmanager.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com https://hbchat.senseforth.com senseforth.com cdn.ampproject.org cdnjs.cloudflare.com connect.facebook.net facebook.net marketingplatform.google.com google.com www.google.com www.google-analytics.com google-analytics.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com fonts.googleapis.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com cugd2qa.crm8.dynamics.com cugd1uat.crm8.dynamics.com cugd2uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com analytics.google.com snap.licdn.com leads.icicibank.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com ribstgnew.icicibank.com www.icicibank.com icici.nanorep.co nanorep.co nanorep.com;object-src 'none';child-src 'self' data: blob: india-stage.icicibank.adobecqms.net india-preprod.icici.bank.in icicibank-preprod.adobecqms.net country1.icicibank.adobecqms.net www.icicibank.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' rum.hlx.page https://leads.icicibank.com smart-search.senseforth.com players.brightcove.net firebasestorage.googleapis.com fcm.googleapis.com test-securetoken.sandbox.googleapis.com staging-www.sandbox.googleapis.com securetoken.googleapis.com apis.google.com www.googleapis.com securetoken.googleapis.com www.gstatic.com ibot.icicibank.com assets.adobedtm.com *.demdex.net cm.everesttech.net assets.adobedtm.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com ibotuat.icicibank.com platform.twitter.com platform.linkedin.com static.addtoany.com www.linkedin.com *.go-mpulse.net d1ls4i8l5ki52s.cloudfront.net cugd1uat.crm8.dynamics.com *.fls.doubleclick.net cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com go-mpulse.net www.iciciprulife.com addtoany.com tagmanager.google.com www.tagmanager.google.com linkedin.com content.dionglobal.in analytics.google.com www.googleadservices.com fonts.googleapis.com icicibank.paymetry.com beta-icicibank.paymetry.com cugd1qa.crm8.dynamics.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com googleadservices.com googleads.g.doubleclick.net twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com adobe.com doubleclick.net marketingplatform.google.com www.google.com google.com www.google-analytics.com ssl.google-analytics.com ssl.google-analytics.com visitor-services.nanorep.com nanorep.com icici.nanorep.co leads.icicibank.com cdnjs.cloudflare.com cloudfunctions.net senseforth.com amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com assets.adobedtm.com google-analytics.com adobecqms.net googletagmanager.com www.indiatimes.com economictimes.indiatimes.com ribstgnew.icicibank.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net www.youtube.com demdex.net omtrdc.net data:;connect-src 'self' bcbolte44808b7-a.akamaihd.net https://analytics.google.com trial-eum-clienttons-s.akamaihd.net edge.api.brightcove.com manifest.prod.boltdns.net smetric.money2india.icicibank.co.uk smetrics.icici.bank.in https://region1.analytics.google.com https://region1.google-analytics.com smart-search.senseforth.com www.gstatic.com https://www.gstatic.com/firebasejs/10.13.2/firebase-app.js.map firebaseinstallations.googleapis.com fcmregistrations.googleapis.com https://icicibank-mkt-stage1.campaign.adobe.com/acxwp/webregisterAndroid.jssp googleads.g.doubleclick.net https://icicibank-mkt-prod4.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mkt-prod4-lb.campaign.adobe.com/ici/webregisterAndroid.jssp icicibank-mid-prod4-all-t.adobe-campaign.com smetrics.icicibank.com edge.adobedc.net https://fcm.googleapis.com/fcm/connect/subscribe https://fcm.googleapis.com/fcm/connect/unsubscribe https://icicibank-mkt-stage1.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mid-stage1-all-t.adobe-campaign.com www.google.co.in *.akstat.io *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobedc.net wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com wss://ccaiuatws.icicibank.com ccaiuatws.icicibank.com apibankingonesandbox.icicibank.com ibotuat.icicibank.com *.go-mpulse.net go-mpulse.net snap.licdn.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com fonts.googleapis.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com analytics.google.com www.analytics.google.com www.iciciprulife.com addtoany.com icicibank.paymetry.com beta-icicibank.paymetry.com marketingplatform.google.com www.google.com google.com www.google-analytics.com google-analytics.com adobecqms.net cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com linkedin.com twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com g.doubleclick.net doubleclick.net cdnjs.cloudflare.com googleadservices.com visitor-services.nanorep.com nanorep.com connect.facebook.net cloudfunctions.net senseforth.com icici.nanorep.co amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com leads.icicibank.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com googletagmanager.com www.facebook.com facebook.com bing.com asia-south1-quantum-flood-755.cloudfunctions.net ribstgnew.icicibank.com stats.g.doubleclick.net assets.adobedtm.com www.youtube.com demdex.net omtrdc.net money2india.icicibank.co.in wss://smart-search.senseforth.com/STT/transcribe;img-src 'self' https://dev.visualwebsiteoptimizer.com edge.api.brightcove.com metrics.brightcove.com bcbolte44808b7-a.akamaihd.net https://smart-search.senseforth.com https://www.google.co.uk ad.doubleclick.net ibot.icicibank.com *.demdex.net cm.everesttech.net wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com assets.adobedtm.com storage.googleapis.com ibotuat.icicibank.com www.google-analytics.com syndication.twitter.com fonts.googleapis.com ssl.gstatic.com g.doubleclick.net cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com analytics.google.com www.analytics.google.com google-analytics.com *.go-mpulse.net go-mpulse.net icicibank.paymetry.com beta-icicibank.paymetry.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com beta-icicibank.paymetry.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com cdnjs.cloudflare.com rukminim1.flixcart.com m.media-amazon.com icicicashback.com maps.gstatic.com www.gstatic.com gstatic.com www.icicibank.com icicibank.com www.iciciprulife.com linkedin.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com www.google.co.in icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com amazonaws.com google.co.in *.visualwebsiteoptimizer.com marketingplatform.google.com www.google.com ribstgnew.icicibank.com google.com googleads.g.doubleclick.net adobecqms.net www.indiatimes.com economictimes.indiatimes.com googleadservices.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net assets.adobedtm.com www.youtube.com everesttech.net demdex.net omtrdc.net data:;style-src 'self' 'unsafe-inline' https://www.icici.bank.in player.interactivity.brightcove.com https://smart-search.senseforth.com fonts.googleapis.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com *.go-mpulse.net analytics.google.com cugd2uat.crm8.dynamics.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com icicibank.paymetry.com beta-icicibank.paymetry.com go-mpulse.net addtoany.com cdn.jsdelivr.net code.jquery.com cugd2qa.crm8.dynamics.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com linkedin.com googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com www.icicibank.com icicibank.com www.iciciprulife.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com v icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com marketingplatform.google.com www.google.com google.com adobecqms.net www.indiatimes.com economictimes.indiatimes.com icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com amazonaws.com tagmanager.google.com www.tagmanager.google.com *.visualwebsiteoptimizer.com googleadservices.com bootstrapcdn.com ribstgnew.icicibank.com;font-src 'self' data: maps.gstatic.com gstatic.com fonts.gstatic.com;frame-src 'self' td.doubleclick.net *.demdex.net players.brightcove.net ibotuat.icicibank.com www.iciciprulife.com web.facebook.com platform.twitter.com www.linkedin.com infinity.icicibank.com infinity.icicibank.co.in iciciprulife.com au.personalcard.net *.fls.doubleclick.net nli.icicibank.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com analytics.google.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com fonts.googleapis.com ribstgnew.icicibank.com icicibank.paymetry.com cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com icicibank.paymetry.com beta-icicibank.paymetry.com ajax.googleapis.com maps.googleapis.com googleapis.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com bid.g.doubleclick.net cdnjs.cloudflare.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicicashback.com maps.gstatic.com gstatic.com icicibank.com linkedin.com twitter.com cdn.ampproject.org www.indiatimes.com economictimes.indiatimes.com ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com visitor-services.nanorep.com nanorep.com marketingplatform.google.com www.google.com google.com adobecqms.net www.youtube.com www.icicibank.com leads.icicibank.com icicibank.adobecqms.net smart-search.senseforth.com;frame-ancestors 'self' www.india-uat.icici.bank.in india-stage.icicibank.adobecqms.net www.india-preprod.icici.bank.in www.icici.bank.in retailnetbanking.icici.bank.in retailnetbankinguat.icici.bank.in; 3 font-src 'self' https://tls.freenet.de https://use.typekit.net https://fonts.gstatic.com; img-src *; frame-ancestors 'self' https://*.freenet.de; object-src 'self'; base-uri 'none'; 3 frame-ancestors 'self'; // Add other policies on a new line here // And another one here 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.uk.exponea.com https://static.cloudflareinsights.com https://ep2.adtrafficquality.google https://longform.atptour.com/ https://snippet.minute.ly/publishers/90700/mi-1.17.1.220.js https://apv-launcher.minute.ly/api/launcher/MIN-90700.js https://www.googletagservices.com https://cdn.cookielaw.org https://fonts.gstatic.com http://sb.scorecardresearch.com http://static.ads-twitter.com http://news.atptour.com https://news.atptour.com https://tunein.com https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://vjs.zencdn.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://e.infogram.com https://www.googletagmanager.com/ https://imasdk.googleapis.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://securepubads.g.doubleclick.net/ https://connect.facebook.net/ https://sb.scorecardresearch.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://www.google-analytics.com/ https://livestream.com https://mail.tennisunited.co https://s0.2mdn.net/instream/video/client.js https://adservice.google.com.mx/adsid/integrator.js https://imasdk.googleapis.com/js/sdkloader/ima3.js https://proxy.beyondwords.io/npm/@beyondwords/player@latest/dist/umd.js https://proxy.beyondwords.io/npm/@beyondwords/player@0.3.18/dist/style.js https://proxy.beyondwords.io/npm/@beyondwords/player@0.3.18/dist/hls.light.min.js https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://bs.serving-sys.com/ https://adservice.google.com/ https://players.brightcove.net/ https://secure-ds.serving-sys.com/ https://tpc.googlesyndication.com/ https://c1.rfihub.net/ https://analytics.twitter.com/ https://www.instagram.com/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/ https://r1.marketing-pages.com https://www.gstatic.com/ https://static.smartframe.io https://*.brightcove.com https://*.brightcove.net https://*.sportradar.com https://*.livestream.com https://*.shorthandstories.com https://*.shorthand.com https://*.sf-ads.io https://*.sf-insights.io https://*.sf-logs.io http://*.minute.ly https://*.minute.ly https://*.snackly.co https://*.tldw.me http://*.snackly.co http://*.tldw.me http://*.spoteam.com https://*.spoteam.com;style-src 'self' 'unsafe-inline' https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com https://avplayer-cdn.sportradar.com/ https://*.typekit.net https://*.shorthandstories.com https://*.shorthand.com http://*.minute.ly https://*.minute.ly https://*.snackly.co https://*.tldw.me http://*.snackly.co http://*.tldw.me http://*.spoteam.com https://*.spoteam.com;worker-src blob: 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net *.linkedin.com *.facebook.com munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app cdn.amplitude.com *.adsrvr.org *.pinimg.com *.snapchat.com j.6sc.co tag.demandbase.com www.workwithsquare.com player.vimeo.com widget.trustpilot.com embed.typeform.com websdk.appsflyer.com; img-src * data:; object-src 'none'; base-uri 'none'; 3 frame-ancestors bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.virginplus.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca *.quantummetric.com; script-src https://*.go-mpulse.net https://*.luckymobile.ca https://*.ujet.co https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://cdnjs.cloudflare.com https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.youtube.com https://bat.bing.com https://tr.snapchat.com https://s.ytimg.com https://*.micpn.com https://*.clarity.ms https://*.telebec.com https://*.northerntel.ca https://*.analytics-egain.com https://*.branch.io https://app.link https://*.gbqofs.com https://*.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://*.cookielaw.org https://*.quantummetric.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; object-src https://refer.bell.ca; 3 frame-ancestors 'self' https://*.group.gca https://*.credit-agricole.fr https://*.banque-chalus.fr 3 default-src 'self'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com *.ads.linkedin.com cdn.dreamdata.cloud tracking.g2crowd.com tracking-api.g2.com bat.bing.net *.clarity.ms www.redditstatic.com *.reddit.com *.pingdom.net x.clearbitjs.com browser.sentry-cdn.com; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com *.wistia.net; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.clearbitjs.com *.marketimpacttools.com *.doubleclick.net open.spotify.com *.adobe.com www.youtube.com view.ceros.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.clearbitjs.com *.visualwebsiteoptimizer.com cdn.filestackcontent.com bat.bing.net *.bing.com *.clarity.ms *.medium.com *.reddit.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.googleadservices.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clearbitjs.com tag.clearbitscripts.com *.visualwebsiteoptimizer.com marketo.clearbit.com cdn.dreamdata.cloud reveal.clearbit.com *.adobe.com js.sentry-cdn.com browser.sentry-cdn.com bat.bing.com *.clarity.ms www.redditstatic.com *.reddit.com view.ceros.com *.pingdom.net; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net *.adobe.com; worker-src 'self' blob:; 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.parismatch.com https://*.lejdd.fr 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 3 frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; 3 frame-ancestors 'self' *.appfolio.com *.appfolioinc.com *.appfolioinvestmentmanagement.com *.folio-guard.com *.storyblok.com 3 base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'sha256-tMuJ8c00j54yuxogrdIJeGhNVB350dc56i969XRz/Mc=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests; report-uri https://q.stripe.com/csp-violation?q=qwguU0DsXXSRH0G3cnbFqb3QMHjWXR-UnYDLc4hUhpXluenhW17MBJcLRwz3xQE%3D 3 default-src 'self' https://*.queue-it.net/ https://*.costco.ca/ https://*.costco.com/ https://*.costcobusinessdelivery.com/ https://*.costcobusinesscentre.ca/ https://*.costcobusinesscenter.ca/ https://*.costco-static.com/ https://display.ugc.bazaarvoice.com/ https://api.bazaarvoice.com/; script-src 'self' https://dev.virtualearth.net/ https://sdk.virtualearth.net/ https://*.queue-it.net/ https://*.costcobusinessdelivery.com https://*.costcobusinesscenter.ca/ https://cdn.intake-lr.com/ https://cdn.cookielaw.org/ https://*.criteo.com/ http://*.criteo.com/ https://assets.adobedtm.com/ https://s.go-mpulse.net/ https://transcend-cdn.com/ https://apps.bazaarvoice.com/ https://display.ugc.bazaarvoice.com/ https://mobilecontent.costco.com/ https://mobilecontent-qa.costco.com/ https://*.pxlecdn.com https://*.pixlee.com https://*.pixlee.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://dev.virtualearth.net/ https://sdk.virtualearth.net/ https://cdn.fonts.net/ 'unsafe-inline' https://transcend-cdn.com/ https://consent.costco.com/ https://consent.costco.ca/ https://consent.costco.com https://display.ugc.bazaarvoice.com/; img-src 'self' https://*.costcobusinessdelivery.com https://*.tiles.virtualearth.net/ https://dev.virtualearth.net/ https://sdk.virtualearth.net/ https://*.costco.ca/ https://*.costco.com/ https://*.costcotravel.com/ https://*.costcotravel.ca/ https://cdn.bfldr.com/ https://*.contentstack.com/ https://*.costco-static.com/ https://cdn.cookielaw.org/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://display.ugc.bazaarvoice.com https://retailmedia-static.azureedge.net https://retailmedia-static.azureedge.net/ https://network-a.bazaarvoice.com https://network-stg-a.bazaarvoice.com https://retailmedia-static.criteo.com/ blob: data:; media-src 'self' https://*.costcobusinessdelivery.com https://*.costco.ca/ https://*.costco.com/ https://cdn.bfldr.com/ https://*.contentstack.com/ https://*.costco-static.com/ https://*.criteo.net/ https://retailmedia-static.criteo.com/ https://*.criteo.net; font-src 'self' https://cdn.bfldr.com/ https://*.costco-static.com/ https://fonts.gstatic.com data:; object-src 'none'; base-uri 'self' about:; form-action 'self' https://*.costcobusinessdelivery.com https://*.costco.ca/ https://*.costco.com/ https://r.intake-lr.com/ https://*.akstat.io https://*.opinionlab.com; frame-src https://*.costcobusinessdelivery.com https://*.costcobusinesscentre.ca/ https://*.ct-costco.com https://costco.demdex.net/ https://costco.centah.com/ https://consent-sync.costco.com/ https://consent-sync.costco.ca/ https://*.criteo.com/ http://*.criteo.com https://*.pixlee.com https://*.pixlee.co https://*.costco.com/ https://*.costco.ca/ https://*.costco-test.ca/; connect-src 'self' https://cdn.bfldr.com/ https://gdx-api.costco.com https://gdx-npd.np.api.cc-costco.com https://api-tst.np.gdx.cc-costco.com https://dev.virtualearth.net/ https://sdk.virtualearth.net/ https://spatial.virtualearth.net/ https://*.queue-it.net/ https://*.costcobusinessdelivery.com/ https://*.costcobusinesscenter.ca/ https://*.costcobusinesscentre.ca/ https://*.costco.ca/ https://*.costco.com/ https://*.costco-static.com/ https://*.ct-costco.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://costco.demdex.net/ https://dpm.demdex.net/ https://costco.tt.omtrdc.net/ https://*.criteo.com/ http://*.criteo.com/ https://*.criteo.net/ https://cm.everesttech.net/ https://r.intake-lr.com/ https://*.contentstack.com/ https://assets.adobedtm.com/ https://dcs.adobedc.net/ https://*.akstat.io https://*.go-mpulse.net/ https://*.akamaihd.net https://adobedc.demdex.net/ https://sync-transcend-cdn.com https://transcend-cdn.com/ https://telemetry.transcend.io/ https://telemetry.us.transcend.io/ https://privacyportal.onetrust.com/ https://api.bazaarvoice.com/ https://stg.api.bazaarvoice.com/; child-src 'self' blob: data:; upgrade-insecure-requests; 3 frame-ancestors 'self' https://*.tiscali.it 3 default-src 'self' *.usbank.com 'unsafe-inline' 'unsafe-eval' blob: data: cdn.appsflyer.com cdn.pdst.fm connect.facebook.net conv-tm.everesttech.net ct.pinterest.com d.agkn.com display.powerreviews.com dsum-sec.casalemedia.com eb2.3lift.com edge.adobedc.net assetts.adobedtm.com fast.fonts.net fonts.gstatic.com google.com hb.yahoo.net ib.adnxs.com idpix.media6degrees.com jadserve.postrelease.com match.sharethrough.com mid.rkdms.com mpsnare.iesnare.com opreq.observepoint.com partners.tremorhub.com pippio.com pixel.rubiconproject.com pixel.tapad.com players.brightcove.net *.invoca.net s.pinimg.com schema.milestoneinternet.com sc-static.net simage2.pubmatic.com siteimproveanalytics.com snap.licdn.com solutions.invocacdn.com ssa.gov static.3playmedia.com sync.bfmio.com sync.taboola.com sync.teads.tv sync-stgz.ads.yieldmo.com t.co tags.tiqcdn.com usbankinteractive.postclickmarketing.com utt.impactcdn.com vjs.zencdn.net websdk.appsflyer.com www.emjcd.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.mczbf.com www.usbankedge.com x.bidswitch.net *.adoberesources.net *.adsrvr.org *.ads-twitter.com *.akamaihd.net *.amazonaws.com *.appdynamics.com *.bing.com *.boltdns.net *.brightcove.com *.brightcovecdn.com *.c3tag.com *.casalemedia.com *.company-target.com *.demandbase.com *.demdex.net *.doubleclick.net *.eum-appdynamics.com *.force.com *.glance.net *.glancecdn.net *.google.co.in *.google.com *.googleapis.com *.gstatic.com *.impactradius-event.com *.jsdelivr.net *.kitewheel.com *.knotch.com *.knotch-cdn.com *.krxd.net *.leadfusion.com *.linkedin.com *.loggly.com *.marketo.net *.miaprova.com *.mktoresp.com *.mktoutil.com *.mrpdata.net *.mykukun.com *.nextdoor.com *.ojrq.net *.omtrdc.net *.onetrust.com *.powerreviews.com *.pxf.io *.qualtrics.com *.quantummetric.com *.rlcdn.com *.ru4.com *.salesforceliveagent.com *.sandbox.file.force.com *.siteimproveanalytics.io *.sjv.io *.snapchat.com *.storygize.net *.tealiumiq.com *.turn.com *.typekit.net *.us.bank-dns.com *.videoamp.com *.yahoo.com *.youtube.com *.byspotify.com *.spotify.com *.ispot.tv wss://*.amazonaws.com wss://*.glance.net wss://mpsnare.iesnare.com; report-uri /svt/ecm/csp-violation-report 3 frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 3 frame-ancestors 'self'; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' go.zetaglobal.com https://code.jquery.com https://www.googletagmanager.com https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' blob: *.netmng.com https://d34r8q7sht0t9k.cloudfront.net/tag.js *.liadm.com https://browser.sentry-cdn.com/9.6.1/bundle.min.js https://code.jquery.com https://cdn.cookielaw.org https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://munchkin.marketo.net https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com wistia.com *.wistia.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com google-analytics.com *.google-analytics.com boomtrain.com *.boomtrain.com https://www.youtube.com https://www.googleoptimize.com https://s7.addthis.com/ https://unpkg.com/ https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://js.driftt.com https://cdn.calibermind.com/ go.zetaglobal.com 3 default-src 'self' 'unsafe-inline'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self' data:; script-src 'self' 'unsafe-inline'; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://scripts.clarity.ms https://ssl.pstatic.net https://bat.bing.com https://bat.bing.net https://cta-service-cms2.hubspot.com https://a.quora.com https://api.fraud0.com https://wcs.naver.net https://cdn.segment.com https://js.hubspot.com https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://monitor.tapper.ai https://link.edgepilot.com https://www.onelink-edge.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://region1.analytics.google.com https://*.mktoutil.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.criteo.com https://public.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com/launcher.js https://bat.bing.com https://www.youtube.com https://www.clarity.ms https://cdnjs.cloudflare.com https://test.salesforce.com https://webto.salesforce.com https://tracker.adreadyclick.com https://code.jquery.com https://kit.fontawesome.com https://survey.alchemer.com https://www.surveygizmo.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://*.go-mpulse.net https://*.rfihub.net https://cdn.boomtrain.com https://secure.adnxs.com https://acdn.adnxs.com https://*.kaltura.com https://live.rezync.com https://www.googleadservices.com https://analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://sc-static.net https://snap.licdn.com https://*.optimix.cn https://munchkin.marketo.net https://cdn.resonate.com https://libjs.s4mdsp.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://google.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://www.googletagmanager.com https://*.ets.org https://assets.adobedtm.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://888-oul-143.mktoweb.com https://js.hsforms.net https://js-eu1.hsforms.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://www.surveygizmo.com https://fonts.googleapis.com https://*.ets.org https://maxcdn.bootstrapcdn.com https://assets.adobedtm.com https://ka-f.fontawesome.com https://888-oul-143.mktoweb.com; font-src 'self' data: https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://ka-p.fontawesome.com https://google.com https://googleads.g.doubleclick.net https://www.surveygizmo.com https://*.kaltura.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-f.fontawesome.com https://*.kaltura.com; connect-src 'self' https://faro-collector-prod-us-east-2.grafana.net https://cdn.jsdelivr.net https://wcs.naver.com https://cdn.segment.com https://api.segment.io https://protect.tapper.ai https://cta-service-cms2.hubspot.com https://forms-eu1.hsforms.com https://www.onelink-edge.com https://www.googleadservices.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics-ipv6.tiktokw.us https://api.fraud0.com https://bat.bing.com https://*.tt.omtrdc.net https://www.gstatic.com https://www.google.com https://www.google.co.in https://pagead2.googlesyndication.com https://*.google-analytics.com https://analytics.pangle-ads.com https://*.mktoutil.com https://ib.adnxs.com https://google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://tr.snapchat.com https://kit.fontawesome.com https://test.salesforce.com https://webto.salesforce.com https://www.livelook.com/cobrowse/auth https://www.livelook.com https://*.clarity.ms/ https://ka-p.fontawesome.com https://pixelconnector.adready.com https://*.kaltura.com https://*.akamaihd.net https://*.rfihub.net https://*.akstat.io https://*.go-mpulse.net https://people.api.boomtrain.com https://events.api.boomtrain.com https://www.facebook.com https://analytics.tiktok.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://tr-shadow.snapchat.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://709-zco-379.mktoresp.com https://www.google-analytics.com https://ssl.google-analytics.com https://ds.reson8.com https://forms.hscollectedforms.net https://*.ets.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://ka-f.fontawesome.com https://cdn.cookielaw.org https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms-na1.hubspot.com wss://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; frame-ancestors https://toeflibt-cn-dev.ets.org https://toeflibt-cn-test.ets.org https://toeflibt-cn-stg.ets.org https://toeflibt-cn.ets.org https://toeflibt.ets.org https://toeflibt-dev.ets.org https://toeflibt-test.ets.org https://toeflibt-stg.ets.org https://v2-dev.ereg.ets.org https://v2-tst.ereg.ets.org https://v2-uat.ereg.ets.org https://v2.ereg.ets.org; frame-src 'self' https://js-eu1.hsforms.net https://forms-eu1.hsforms.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.livelook.com/ https://td.doubleclick.net/ https://static.criteo.net https://*.criteo.com https://www.googletagmanager.com https://public.cobrowse.oraclecloud.com https://s.amazon-adsystem.com https://*.kaltura.com https://*.fls.doubleclick.net https://*.rfihub.com https://www.facebook.com https://*.snapchat.com https://e03.optimix.cn https://www.google-analytics.com https://ssl.google-analytics.com https://888-oul-143.mktoweb.com https://www.youtube.com https://*.ets.org https://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com https://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com https://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com https://forms.hsforms.com; media-src 'self' blob: data: https://*.ets.org https://*.kaltura.com https://public.cobrowse.oraclecloud.com https://google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com ; img-src 'self' data: https: https://www.surveygizmo.com https://i.ytimg.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://aax-eu.amazon-adsystem.com https://bx01.optimix.cn https://cm.g.doubleclick.net https://e03.optimix.cn https://forms.hsforms.com https://track.hubspot.com https://google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px.ads.linkedin.com https://cfvod.kaltura.com https://maps.gstatic.com https://cdn.cookielaw.org https://objectstorage.us-ashburn-1.oraclecloud.com https://*.akstat.io; worker-src blob: https:; 3 frame-ancestors 'self' *.drillisch-online.de *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-freenet.de *.1und1-freenet.de yourfone-partner.de *.yourfone-partner.de *.mouseflow.com *.1und1.cloud; 3 default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com *.google.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflareinsights.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com cloudflareinsights.com checkout.stripe.com; block-all-mixed-content; 3 frame-ancestors 'self' https://*.keene.edu https://*.plymouth.edu https://*.usnh.edu https://*.unh.edu; 3 default-src 'self' data: blob: 'unsafe-eval' 'report-sample' 'unsafe-inline' *.adyen.com adyen.com *.afterpay-beta.com afterpay-beta.com *.afterpay.com afterpay.com *.algolia.io algolia.io *.bazaarvoice.com bazaarvoice.com *.cloudflare.com cloudflare.com *.contentful.com contentful.com *.cookielaw.org cookielaw.org *.cquotient.com cquotient.com *.ctfassets.net ctfassets.net *.edq.com edq.com *.flipp.com flipp.com *.flippback.com flippback.com *.flippenterprise.net flippenterprise.net *.google.com google.com *.googletagmanager.com googletagmanager.com *.granify.com granify.com *.googlevideo.com googlevideo.com *.gstatic.com gstatic.com *.janrain.com janrain.com *.kampyle.com kampyle.com *.kaptcha.com kaptcha.com *.legitscript.com legitscript.com *.medallia.com medallia.com *.onetrust.com onetrust.com *.optimizely.com optimizely.com *.ordergroove.com ordergroove.com *.paypal.com paypal.com *.paypalobjects.com paypalobjects.com *.petsmart-dev.com petsmart-dev.com *.petsmart-qa.com petsmart-qa.com *.petsmart.ca petsmart.ca *.petsmart.com petsmart.com *.petsmartassets.com petsmartassets.com *.petsmartusermedia.com petsmartusermedia.com *.petsmartusermedia-qa.com petsmartusermedia-qa.com *.qas.com qas.com *.salsify.com salsify.com *.salsify-ecdn.com salsify-ecdn.com *.scene7.com scene7.com *.sentry.io sentry.io *.squarecdn.com squarecdn.com *.syndigo.cloud syndigo.cloud *.syndigo.com syndigo.com *.usablenet.com usablenet.com *.usablenet.dev usablenet.dev *.udev1a.net udev1a.net *.vercel.app vercel.app *.webcollage.net webcollage.net *.windows.net windows.net *.wishabi.com wishabi.com *.youtube.com youtube.com *.ytimg.com ytimg.com *.embed.squadup.com embed.squadup.com www.squadup.com js.stripe.com m.stripe.network m.stripe.com *.33across.com 33across.com *.3lift.com 3lift.com *.ada.support ada.support *.adnxs.com adnxs.com *.adroll.com adroll.com *.adsrvr.org adsrvr.org *.adsymptotic.com adsymptotic.com *.advertising.com advertising.com *.agkn.com agkn.com app.link *.app.link *.barracuda.com barracuda.com *.bidswitch.net bidswitch.net *.bing.com bing.com bytedance: *.bluekai.com bluekai.com *.branch.io branch.io *.casalemedia.com casalemedia.com *.cloudfunctions.net cloudfunctions.net *.consensu.org consensu.org *.contentsquare.net contentsquare.net *.demdex.net demdex.net *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.facebook.net facebook.net *.firebaseapp.com firebaseapp.com *.firebaseio.com firebaseio.com *.freespee.com freespee.com *.google-analytics.com google-analytics.com *.google.ca google.ca *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googlesyndication.com googlesyndication.com *.haujjd.net haujjd.net *.honey.io honey.io *.igodigital.com igodigital.com *.impactcdn.com impactcdn.com *.impactradius-event.com impactradius-event.com *.impct.site impct.site *.inmarkethub.com inmarkethub.com *.jsdelivr.net jsdelivr.net *.krxd.net krxd.net *.licdn.com licdn.com *.linkedin.com linkedin.com logs-01.loggly.com *.ojrq.net ojrq.net *.micpn.com micpn.com *.microad.jp microad.jp *.ml314.com ml314.com *.mountain.com mountain.com *.narrative.io narrative.io *.nextdoor.com nextdoor.com *.openx.net openx.net *.outbrain.com outbrain.com *.pinimg.com pinimg.com *.pinterdev.com pinterdev.com *.pinterest-anaheim.com pinterest-anaheim.com *.pinterest.com pinterest.com *.pinterest.okta.com pinterest.okta.com *.pubmatic.com pubmatic.com *.pusher.com pusher.com *.pxf.io pxf.io *.rakuten.com rakuten.com *.rlcdn.com rlcdn.com *.rubiconproject.com rubiconproject.com *.sc-static.net sc-static.net *.snap.com snap.com *.snapchat.com snapchat.com sslocal: *.taboola.com taboola.com *.tagmanager.google.com tagmanager.google.com *.tapad.com tapad.com *.tiktok.com tiktok.com *.tiktokw.us tiktokw.us *.treasuredata.com treasuredata.com *.uidapi.com uidapi.com *.upsellit.com upsellit.com *.web.app web.app *.xad.com xad.com *.yahoo.com yahoo.com; frame-ancestors 'none'; 3 frame-ancestors 'self' https://*.fdj.fr; 3 script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' blob: 'unsafe-inline' https:; report-uri /reports/csp/uri; report-to csp-reports; 3 frame-ancestors check24.de *.check24.de 3 frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 3 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com; upgrade-insecure-requests 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; object-src 'none'; img-src data: *; worker-src 'self' blob:; 3 default-src https: wss: blob: 'self' 'unsafe-inline' *.demandbase.com *.foxitesign.foxit.com salesforce.foxitesign.foxit.com *.evergage.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: www.google.com *.google.com www.google-analytics.com *.google-analytics.com optimize.google.com www.googletagmanager.com *.googletagmanager.com *.stripe.com *.clarity.ms tribl.io px.ads.linkedin.com www.linkedin.com cc.swiftype.com *.bing.com images.g2crowd.com *.g2.com *.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net *.doubleclick.net www.facebook.com sealserver.trustwave.com i.imgur.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com accounts.zendesk.com hero.kingpinkton.com ct.capterra.com tracking.g2crowd.com aorta.clickagy.com googleads.g.doubleclick.net srv.stackadapt.com pixel-sync.sitescout.com id.rlcdn.com js.chilipiper.com *.gravatar.com secure.gravatar.com *.hotjar.com *.paypal.com www.google.com.hk www.google.com.tw segments.company-target.com tags.srv.stackadapt.com cdn-cookieyes.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com useruploads.vwo.io www.paypalobjects.com fonts.gstatic.com www.google.com.sg www.googleadservices.com pixel-config.reddit.com conversions-config.reddit.com *.6sc.co *.foxit.com *.g.doubleclick.net google.com *.foxitsoftware.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com *.google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com *.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net c.sf-syn.com scout-cdn.salesloft.com static.zdassets.com api.smooch.io widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com *.zoominfo.com *.chilipiper.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com snap.licdn.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com *.clarity.ms tribl.io *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.foxitesign.foxit.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com *.youtube.com villain.kingpinkton.com hero.kingpinkton.com unpkg.com *.cloudfront.net tags.clickagy.com js.na.chilipiper.com public.profitwell.com st.foxitsoftware.cn *.demandbase.com apis.google.com www.google.com.hk js.driftt.com t.usermaven.com *.doubleclick.net google.com.tw paapi8916.d41.co cdn-0.d41.co a.quora.com *.rlcdn.com *.d41.co *.recaptcha.net *.gstatic.com cdn.evgnet.com *.company-target.com foxit.us-6.evergage.com *.evergage.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com *.gstatic.cn *.foxit.com *.amazon-adsystem.com www.foxit.com ipinfo.io eu1-qa.foxitesign.foxit.com pagead2.googlesyndication.com *.6sc.co 6sc.co *.terminusapp.com player.vwo.me *.cookieyes.com *.foxitsoftware.com cloudflareinsights.com *.microsoft.com; style-src 'self' 'unsafe-inline' https: www.google-analytics.com www.googletagmanager.com *.googletagmanager.com optimize.google.com *.google.com s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com *.hotjar.com *.demandbase.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com www.foxit.com app.vwo.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com script.hotjar.com *.hotjar.com *.evergage.com at.alicdn.com; object-src 'self' *.foxitsoftware.com; worker-src 'unsafe-inline' 'self' blob:; connect-src *.visualwebsiteoptimizer.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.hotjar.com *.hotjar.io *.zoominfo.com wss://ws.hotjar.com *.company-target.com www.google.com.sg *.foxitcloud.com bat.bing.com player.vwo.me *.reddit.com www.redditstatic.com *.linkedin.com *.6sc.co *.evergage.com *.foxitsoftware.com *.paypal.com *.google.com *.connectedpdf.com *.stripe.com www.g2.com *.foxit.com www.facebook.com *.clarity.ms *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com google.com *.googleapis.com; frame-src app.vwo.com *.visualwebsiteoptimizer.com *.foxitsoftware.com td.doubleclick.net js.driftt.com s.company-target.com js.stripe.com www.sandbox.paypal.com www.recaptcha.net *.youtube.com www.foxit.com www.paypal.com na1.foxitesign.foxit.com www.google.com www.googletagmanager.com eu1-qa.foxitesign.foxit.com *.amazon-adsystem.com player.vwo.me *.stripe.com www.facebook.com *.paypal.com *.foxitcloud.com *.foxit.com *.g2.com; frame-ancestors *.foxit.com; 3 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: * blob: *; frame-src 'self' blob: *; frame-ancestors 'self' https://*.peta.org https://*.peta2.com https://*.petalatino.com https://*.animalrahat.com; media-src 'self' blob: *;worker-src 'self' blob: *; 3 default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data:; frame-ancestors 'self' https://www.govloanoptions.com https://staging.govloanoptions.com https://govratealerts.com https://staging--govratealerts.netlify.app https://bestrateguide.com https://*.govloanoptions.com https://*.govratealerts.com https://*.bestrateguide.com https://staging.bestrateguide.com; 3 frame-ancestors 'self' *.springernature.com; 3 base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.cmh-1.pipedriveassets.com cdn.segment.com cdn-segment.pipedrive.com *.pipedrive.com *.pipedriveassets.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.gstatic.cn connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com c.amazon-adsystem.com www.recaptcha.net recaptcha.net js.adsrvr.org secure.adnxs.com acdn.adnxs.com vitals.vercel-insights.com *.contentsquare.net app.contentsquare.com https://rs.eu1.fullstory.com https://static.xingcdn.com s.dpmsrv.com ib.adnxs.com a.dpmsrv.com d34r8q7sht0t9k.cloudfront.net scripts.rubiconredirect.com launcher.1mind.com pixel.rubiconredirect.com *.amplitude.com a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com; style-src 'self' 'unsafe-inline' cdn.cmh-1.pipedriveassets.com *.amplitude.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.cmh-1.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com www.googletagmanager.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com webforms.pipedrive.com s.amazon-adsystem.com www.recaptcha.net recaptcha.net *.adsrvr.org pipedrive.1mind.com pipedrive-sandbox.1mind.com *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src 'self' blob:;; report-uri https://www.pipedrive.com/api/csp-reports 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.nz131.com:8443 https://www.youtube.com https://youtube.com https://youtu.be https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://nz131.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://youtu.be https://i.ytimg.com https://img.youtube.com; connect-src 'self' https://www.nz131.com:8443 wss://www.nz131.com:8443 http://localhost:8443 https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.jsdelivr.net; media-src 'self' https://www.nz131.com blob:; object-src 'none'; frame-src 'self' https://www.youtube.com https://youtube.com https://youtu.be; frame-ancestors 'self'; 3 frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com singtel.sharepoint.com; 3 default-src 'self' 'unsafe-inline' data: keyweb.de *.keyweb.de keyweb.3cx.eu:5001; script-src 'self' 'unsafe-inline' 'unsafe-eval' keyweb.de *.keyweb.de downloads-global.3cx.com *.youtube.com *.google.com *.gstatic.com; img-src 'self' 'unsafe-inline' data:; frame-src 'self' keyweb.3cx.eu:5001 *.youtube.com chat.keyweb.de; 3 report-uri https://gcp.api.snapchat.com/web-reporting/report;report-to main-endpoint 3 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none' 3 frame-ancestors 'self' https://login.mtb.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.twitter.com assets.juicer.io cdns.eu1.gigya.com cdn.cookielaw.org cdn.knightlab.com code.jquery.com connect.facebook.net geolocation.onetrust.com munchkin.marketo.net optanon.blob.core.windows.net snap.licdn.com static.ads-twitter.com www.buzzsprout.com *.googletagmanager.com www.google.com www.googleadservices.com www.gstatic.com www.youtube.com *.analytics.google.com *.google-analytics.com *.googleapis.com 505-xng-882.mktoweb.com 636-tke-312.mktoweb.com webapp-qa.np.six-group.com webapp-nonprod.np.six-group.com *.googlesyndication.com *.linkedin.com fonts.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch accounts.eu1.gigya.com adservice.google.com ad.doubleclick.net cookies-data.onetrust.io graph.facebook.com info-sandbox.six-group.com privacyportal-ch.onetrust.com *.g.doubleclick.net www.juicer.io 505-xng-882.mktoresp.com 636-tke-312.mktoresp.com 505-xng-882.mktoutil.com 636-tke-312.mktoutil.com www.six-structured-products.com *.google.com *.google.ad *.google.at *.google.com.au *.google.be *.google.ca *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.ie *.google.im *.google.is *.google.it *.google.co.jp *.google.li *.google.lu *.google.nl *.google.no *.google.pt *.google.se *.google.com.sg *.google.sm *.google.co.uk www.schweizeraktien.net webapp-preprod.np.six-group.com webapp.api.six-group.com fonts.gstatic.com data: cdnapisec.kaltura.com googleads.g.doubleclick.net player.vimeo.com *.transistor.fm www.facebook.com www.federli.ch www.youtube-nocookie.com *.fls.doubleclick.net anchor.fm podcasters.spotify.com; img-src https: data:; 3 frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce 3 frame-ancestors 'self' *.wd.com centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.sandbox.affirm.com cdn1-sandbox.affirm.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com j.6sc.co s.yjtag.jp yjtag.yahoo.co.jp s.yimg.jp tag.demandbase.com paapi8935.d41.co cdn-0.d41.co id.rlcdn.com ecf.d41.co *.googlesyndication.com *.zinrelo.com wd-en.widget.custhelp.com script.mfilterit.net wafs.mfilterit.net 'unsafe-eval' apps.usw2.pure.cloud 'unsafe-inline'; 3 default-src 'self' https://brightdata.com media.brightdata.com media.brightdata.com wss://nexus-websocket-a.intercom.io api.openai.com wss://widget-mediator.zopim.com 'unsafe-inline' 'unsafe-eval' www.comeet.co data: *.googleapis.com *.googletagmanager.com *.google-analytics.com www.googleadservices.com *.googlesyndication.com hola.org www.pagespeed-mod.com assets.calendly.com calendly.com *.doubleclick.net http://ad.doubleclick.net *.youtube.com i.ytimg.com *.vwo.com *.visualwebsiteoptimizer.com widget.trustpilot.com *.zdassets.com brightdata.zendesk.com assets.brightdata.com *.userway.org cdn.mxpnl.com *.mxpnl.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com *.thesmilingelbows.com *.bing.com bat.bing.net *.clarity.ms widget.intercom.io *.linkedin.com px.ads.linkedin.com js.intercomcdn.com api-iam.intercom.io *.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com api-js.mixpanel.com *.hsforms.net *.hsforms.com *.oribi.io *.gravatar.com cdn.jsdelivr.net code.jquery.com unpkg.com snap.licdn.com *.yandex.ru *.yandex.net *.yandex.com *.yandex.md *.yandex.by *.netstar-inc.com *.gstatic.com yastatic.net cdn.datatables.net *.redditstatic.com *.6sc.co *.6sense.com *.entail-insights.com widgets.entail.ai *.quora.com widget-mediator.zopim.com google.com *.google.com *.google.ad *.google.ae *.google.com.tr *.google.co.il *.google.co.cr *.google.ca *.google.com.ua *.google.es *.google.co.in *.google.com.sg *.google.com.np *.google.com.mt *.google.de *.google.com.bd *.google.co.id *.google.it *.google.co.uk *.google.co.th *.google.co.kr *.google.fr *.google.co.za *.google.com.my *.google.com.co *.google.co.ve *.google.com.sa *.google.pt *.google.be *.google.cz *.google.co.ma *.google.com.br *.google.com.cy *.google.co.jp *.google.com.vn *.google.com.tw *.google.ro *.google.co.ke *.google.com.ng *.google.hu *.google.pl *.google.ie *.google.nl *.google.se *.google.com.do *.google.com.mx *.google.co.mz *.google.at *.google.com.ph *.google.ge *.google.com.au *.google.dz *.google.ch *.google.rs *.google.cn *.google.la *.google.by *.google.com.gt *.google.tn *.google.cl *.google.com.py *.google.ge *.google.com.ar *.google.lk *.google.com.kh *.google.ru *.google.com.mm *.google.az *.google.com.hk *.google.kz *.google.com.gh *.google.am *.google.me *.google.com.et *.google.no *.google.md *.google.com.pk *.google.bj *.google.com.af *.google.hr *.google.co.uz *.google.com.pa *.google.com.sv *.google.cm *.google.bg *.google.sk *.google.com.pr *.google.com.eg *.google.lu *.google.al *.google.si *.google.com.jm *.google.iq *.google.lu *.google.com.pe *.google.com.ec *.google.com.bo *.google.kg *.google.mu *.google.sn *.google.rw *.google.co.ug *.google.gr *.google.fi *.google.mk *.google.com.lb *.google.ee *.google.jo *.google.ba *.google.com.sv *.google.ps *.google.com.fj *.google.co.ao *.google.com.gi *.google.com.qa *.google.tt *.google.gy *.google.lt *.google.com.sv *.google.mg *.google.tm *.google.gm *.google.so *.google.cz *.google.co.tz *.google.com.uy *.google.bf *.google.vg *.google.com.cu *.google.sm *.google.com.bn *.google.hn *.google.ci *.google.com.na *.google.co.ls *.google.dk *.google.co.nz *.google.ht *.google.cv *.google.ne *.google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj *.comeet.com *.reddit.com *.ipqualityscore.com *.debugbear.com js.usemessages.com *.cloudflare.com js.hsadspixel.net *.hsappstatic.net api.hubapi.com *.taboola.com *.geetest.com; frame-ancestors 'self'; worker-src blob: 'self'; report-uri https://brightdata.com/web_api/report_csp 3 upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com https://courses.mist.com 3 frame-ancestors 'self' https://*.cibc.com https://*.cibc.mobi https://*.simplii.com; 3 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https://dev.pcgcustomer.nprd.aig.com https://dev2.pcgcustomer.nprd.aig.com https://qa.pcgcustomer.nprd.aig.com https://qa2.pcgcustomer.nprd.aig.com https://uat.pcgcustomer.nprd.aig.com https://perf.pcgcustomer.nprd.aig.com https://perf2.pcgcustomer.nprd.aig.com https://pcgcustomer.aig.com/; upgrade-insecure-requests; 3 frame-ancestors 'self' https://* 3 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; base-uri 'none'; worker-src blob: www.cathaypacific.com flights.cathaypacific.com api.cathaypacific.com book.cathaypacific.com 3 frame-ancestors https://trustseal.enamad.ir 3 object-src 'none'; frame-ancestors 'self' https://www.qlik.com https://webapps.qlik.com https://www.facebook.com 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: cdnjs.cloudflare.com *.gatedcontent.com unpkg.com cdn.jsdelivr.net *.personio.de *.personio.ch *.personio.nl *.personio.fr *.personio.it *.personio.es *.personio.com *.albacross.com *.capterra.com *.dreamdata.io cdn.dreamdata.cloud *.qualified.com tags.srv.stackadapt.com region1.google-analytics.com www.googleadservices.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com connect.facebook.net www.facebook.com pixel.facebook.com *.hubspot.com js.hs-scripts.com js.hsleadflows.net *.linkedin.com snap.licdn.com bat.bing.com bat.bing.net https://unpkg.com/@rive-app/webgl2@2.31.5/rive.wasm *.typeform.com fonts.gstatic.com *.hockeystack.com app.vwo.com vercel.live va.vercel-scripts.com cdnjs.cloudflare.com browser.sentry-cdn.com cdn.jsdelivr.net ajax.googleapis.com api.personio.de js.hsforms.net js.hs-banner.com js.hs-analytics.net www.gstatic.com *.ctfassets.net d21y75miwcfqoq.cloudfront.net *.o3n.io i.ytimg.com stats.g.doubleclick.net ppb.martinkeck.com wss://*.qualified.com px.ads.linkedin.com new-collect.albacross.com *.usercentrics.eu browser-intake-datadoghq.eu www.datadoghq-browser-agent.com *.hsforms.com *.ewebinar.com hubspot-forms-static-embed.s3.amazonaws.com *.ninetailed.co *.ninetailed.io challenges.cloudflare.com app.storylane.io ppb.martinkeck.com *.wistia.com *.youtube.com *.visualwebsiteoptimizer.com *.eu1.trayapp.io *.online-adventskalender.de *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; style-src 'self' 'unsafe-inline' ppb.martinkeck.com *.gatedcontent.com; font-src 'self' data: ppb.martinkeck.com *.personio.com *.wistia.com fonts.gstatic.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' personio.trumpet.app app.contentful.com; upgrade-insecure-requests; 3 connect-src: *.mutinyhq.com, *.mutinyhq.io, *.mutinycdn.com; img-src: *.mutinycdn.com; script-src: *.mutinycdn.com; frame-ancestors: https://app.mutinyhq.com 3 default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com js.zi-scripts.com ws-assets.zoominfo.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ https://app.contentful.com 3 base-uri none; font-src self https: data:; form-action self; frame-ancestors self; object-src none; upgrade-insecure-requests; frame-src self https://www.googletagmanager.com/ https://gum.criteo.com/ https://dynamic.criteo.com/ https://fledge.criteo.com/ https://fledge.us.criteo.com/ https://api.mapbox.com/ https://www.youtube.com/ https://consent.trustarc.com https://consent-pref.trustarc.com https://cdn.segment.com/ https://web.btncdn.com/ https://analytics.ahrefs.com/; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.google.com *.google.de *.mdex.de *.gstatic.com *.yoast.com *.googlesyndication.com *.googleadservice.com data: https:; frame-ancestors 'self' 3 frame-ancestors 'self' https://webvisor.com https://awards.ratingruneta.ru 3 frame-ancestors https://*.ooma.com http://*.ooma.com https://buyooma.com https://www.buyooma.com 3 default-src *; object-src *; style-src cdn.jsdelivr.net https://www.youtube.com www2-dev.thnic.in.th www2-test.thnic.in.th thnic.in.th chat.thnic.co.th chat.thnic.in.th fonts.googleapis.com 'unsafe-inline' https://www-gcp.thnic.co.th https://www-cat.thnic.co.th https://www.thnic.co.th https://thnic.co.th; img-src * data: ; script-src www2-dev.thnic.in.th www2-test.thnic.in.th thnic.in.th chat.thnic.co.th chat.thnic.in.th www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' https://www.trustmarkthai.com https://connect.facebook.net https://www-gcp.thnic.co.th https://www-cat.thnic.co.th https://www.thnic.co.th https://thnic.co.th; child-src assets.braintreegateway.com *.paypal.com; frame-src 'self' data: www2-dev.thnic.in.th www2-test.thnic.in.th thnic.in.th chat.thnic.co.th chat.thnic.in.th https://thnic.or.th/doc/ https://thnic.or.th/doc/ https://www.youtube.com www.google.com https://www-gcp.thnic.co.th https://www-cat.thnic.co.th https://www.thnic.co.th https://thnic.co.th; connect-src chat.thnic.co.th chat.thnic.in.th www.google-analytics.com https://www.youtube.com https://www2-dev.thnic.in.th https://www2-test.thnic.in.th https://www.thnic.co.th https://thnic.co.th www2-dev.thnic.in.th/check-dns www2-test.thnic.in.th/check-dns www.thnic.co.th/check-dns https://www.trustmarkthai.com https://connect.facebook.net http://rdap.thnic.in.th https://www-gcp.thnic.co.th https://www-cat.thnic.co.th https://www.thnic.co.th https://thnic.co.th; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' penguin.co.uk *.penguin.co.uk cdnjs.cloudflare.com cdn-ukwest.onetrust.com *.trendmicro.com *.byspotify.com *.shorthand.com penguinrandomhouseuk.shorthandstories.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net *.tiktok.com www.dwin2.com *.riddle.com *.hotjar.com *.hotjar.io *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net *.youtube.com *.soundcloud.com *.tiktok.com *.tiktokcdn-us.com *.ttwstatic.com *.srv.stackadapt.com https://www.everestjs.net; object-src 'self'; worker-src blob 'self'; frame-ancestors 'self'; 3 frame-ancestors https://*.upwave.com 3 default-src 'self' pttp: https://www.netacad.com data: blob: https://www.netacad.com https://prod.socialgoodplatform.com 'unsafe-inline' 'unsafe-eval' https://code.s4d.io code.s4d.io; img-src 'self' https://caprod.my.salesforce.com https://solutions.brightcove.com https://netacad.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://www.netacad.com data: blob: https://prod.socialgoodplatform.com https://www.netacad.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.facebook.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://cisco-tags-stg.cisco.com https://bcbolt446c5271-a.akamaihd.net https://www.cisco.com code.s4d.io cdn.cookielaw.org https://code.s4d.io https://cdn.cookielaw.org *.webexcontent.com *.eum-appdynamics.com *.appdynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.salesforceliveagent.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.netacad.com 'unsafe-inline' 'unsafe-eval' blob: https://prod.socialgoodplatform.com https://www.netacad.com https://munchkin.marketo.net https://manifest.prod.boltdns.net https://maps.googleapis.com https://tags.tiqcdn.com https://www.googletagmanager.com https://cdn.appdynamics.com https://www.google-analytics.com https://connect.facebook.net https://cdn.appdynamics.com https://www.cisco.com https://players.brightcove.net https://map.brightcove.com https://vjs.zencdn.net https://assets.map.brightcove.com https://cdn.cookielaw.org https://edge.api.brightcove.com https://api.netacad.com https://geolocation.onetrust.com https://dj5ag5n6bpdxo.cloudfront.net https://code.s4d.io cdn.ckeditor.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.netacad.com 'unsafe-inline' https://cdnjs.cloudflare.com https://prod.socialgoodplatform.com https://players.brightcove.net https://cdnjs.cloudflare.com https://code.s4d.io; frame-src 'self' pttp: *.google.com https://fast.wistia.net https://www.netacad.com https://portal.netdevgroup.com https://contenthub.netacad.com https://ole03.yourlearning.ibm.com https://www6.nohold.net https://ssac-backend.netacad.com https://adapt-backend.netacad.com mailto: data: blob: https://3569326.fls.doubleclick.net https://assessment.netacad.com https://www.googletagmanager.com https://auth.netacad.com https://www.facebook.com; connect-src 'self' https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://fastly-signed-us-east-1-prod.brightcovecdn.com https://interactivity.viewer.api.brightcove.com https://*.googleapis.com *.google.com https://*.gstatic.com *.salesforceliveagent.com data: blob: https://www.netacad.com https://analytics.google.com https://geolocation.onetrust.com https://auth.netacad.com https://059-vfz-834.mktoresp.com https://www.facebook.com https://privacyportal.cisco.com https://pdx-col.eum-appdynamics.com https://edge.api.brightcove.com https://api.netacad.com https://www.google-analytics.com https://cdn.cookielaw.org https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net 'unsafe-inline' *.wbx2.com *.ciscospark.com *.webex.com *.cisco.com code.s4d.io cdn.cookielaw.org wss://*.wbx2.com https://code.s4d.io https://cdn.cookielaw.org *.webexcontent.com *.eum-appdynamics.com *.appdynamics.com webexapis.com; font-src 'self' https://fonts.gstatic.com https://www.netacad.com code.s4d.io https://code.s4d.io data: blob: https://prod.socialgoodplatform.com https://cdnjs.cloudflare.com code.s4d.io https://code.s4d.io wss://*.wbx2.com; media-src 'self' https://www.netacad.com data: blob: https://prod.socialgoodplatform.com https://www.netacad.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net code.s4d.io https://code.s4d.io https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://fastly-signed-us-east-1-prod.brightcovecdn.com https://interactivity.viewer.api.brightcove.com; worker-src https://www.netacad.com blob:; frame-ancestors 'none'; 3 object-src 'none'; frame-ancestors https://*.ncrvoyix.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'; 3 frame-ancestors 'self' ssense.com *.ssense.com 3 frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com pretix.eu oc-cdn-public-eur.azureedge.net global.frcapi.com eu.frcapi.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com *.googletagmanager.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net pretix.eu oc-cdn-public-eur.azureedge.net *.facebook.com *.facebook.net global.frcapi.com eu.frcapi.com; report-uri https://www.gdatasoftware.com/__cspreporting__ 3 default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://*.abtasty.com https://attachuk.imi.chat https://cdn-widget.eu.webexengage.com https://api.pdok.nl https://statistiek.rijksoverheid.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://secure.opinionlab.com https://*.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://survey.alchemer.eu https://douane.livepresence.net https://attachuk.imi.chat; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://*.readspeaker.com https://statistiek.rijksoverheid.nl https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://attachuk.imi.chat https://statistiek.rijksoverheid.nl 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://attachuk.imi.chat *.abtasty.com 'unsafe-inline' 3 object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-to csp-violation; report-uri https://cspreports.realpage.com/api/reports/save/violation; 3 frame-ancestors 'self' *.trendemon.com *.rithum.com 3 default-src *.pendo.saashr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; img-src * data: blob: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; media-src *; frame-ancestors file: cdvfile: 'self'; frame-src * gap://ready data: app.eu.pendo.io; font-src 'self' fonts.gstatic.com; connect-src 'self' data: *.google.com *.googleapis.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com 3 default-src 'self' 'unsafe-inline' *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 3 frame-ancestors 'self' *.groupe-sncf.com *.cdn.vsct.fr *.aws.vsct.fr *.smartvigie.fr; upgrade-insecure-requests 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sixflags.com *.googletagmanager.com *.googlesyndication.com storage.googleapis.com *.youtube.com *.ujet.co *.sentry-cdn.com *.algolia.net *.algolianet.com *.sixflags.net *.abtasty.com *.osano.com *.api.osano.com *.datasubject.com *.quantummetric.com *.clarity.ms core.sanity-cdn.com acsbapp.com authjs.dev unpkg.com *.ondigitalocean.app *.attractions.io *.pinterest.com connect.facebook.net *.buy.sixflags.com *.store.sixflags.com s.pinimg.com *.g.doubleclick.net https://bat.bing.com/bat.js https://live.rezync.com https://cdn.boomtrain.com https://bat.bing.com https://bat.bing.com/p/action https://bat.bing.com/p/action/247012320.js https://connect.facebook.net/en_US/fbevents.js https://try.abtasty.com https://www.google.com https://analytics.google.com https://www.gstatic.com *.taboola.com https://cloudpresskit.com; style-src 'self' 'unsafe-inline' *.abtasty.com; img-src 'self' data: blob: *.store.sixflags.com *.buy.sixflags.com https://www.google.com https://i.liadm.com https://ad.doubleclick.net https://analytics.google.com https://www.facebook.com *.g.doubleclick.net https://live.rezync.com https://bat.bing.com https://trc.taboola.com *.wistia.com *.youtube.com *.googlesyndication.com *.moengage.com *.googletagmanager.com *.ytimg.com *.abtasty.com authjs.dev https://cloudpresskit.com https://static.cloudpresskit.com https://bat.bing.com/action cdn.sanity.io cdn.sanity.io static.sixflags.com six-flags.s3.amazonaws.com assets.sixflags.com; font-src 'self' data: https://cloudpresskit.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src * www.google.com recaptcha.google.com *.google.com *.buy.sixflags.com *.store.sixflags.com; worker-src blob:; child-src blob:; connect-src 'self' ws: *.doubleclick.net https://www.facebook.com https://analytics.google.com https://bat.bing.com https://bat.bing.com/p/action https://bat.bing.com/p/action/247012320.js *.wistia.com *.acsbapp.com *.moengage.com *.sixflags2024.dev *.quantummetric.com *.sfdev.co api.sixflags.net *.store.sixflags.com *.buy.sixflags.com *.youtube.com *.api.osano.com *.osano.com *.algolia.net *.algolianet.com *.sixflags.net *.abtasty.com *.pinterest.com *.taboola.com *.ondigitalocean.app *.attractions.io *.googletagmanager.com *.intentia.com fg8vvsvnieiv3ej16jby.litix.io *.googleadservices.com https://production-search-api.sfdev.co/search-api/public https://qaapi.sixflags.net https://salesforce-form-proxy-production-2bqljsoi2a-uc.a.run.app https://d18car1k0ff81h.cloudfront.net https://dev.cf-mobile.com https://live.rezync.com https://www.google.com https://static.cloudpresskit.com https://www.google-analytics.com https://us-central1-missi-six-prod.cloudfunctions.net https://cloudpresskit.com; manifest-src 'self' accounts.google.com *.abtasty.com web-sf-user-pool-domain-uat.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain-dev.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain-qa.auth.us-east-2.amazoncognito.com; media-src 'self' blob: *.youtube.com; upgrade-insecure-requests; 3 frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 3 default-src *; script-src 'unsafe-inline' 'unsafe-eval' * https://*.tuurbo.ai https://*.cloudflareinsights.com; worker-src 'self' 'unsafe-eval' blob: http: https: ; style-src 'unsafe-inline' * https://*.tuurbo.ai; img-src http: https: data: https://*.tuurbo.ai; font-src http: https: data: blob: ; media-src * blob: 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 default-src 'none';connect-src 'self' https://cdn77.com https://*.cdn77.com https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.doubleclick.net https://*.cdn77.eu https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.pingdom.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://bat.bing.net https://*.ads.linkedin.com https://www.facebook.com;script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.intercom.io https://*.intercomcdn.com https://*.pingdom.net https://static.hotjar.com https://*.hotjar.com https://bat.bing.com https://*.ads-twitter.com https://*.licdn.com https://*.facebook.net https://*.hcaptcha.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.typekit.net;font-src 'self' https://*.gstatic.com https://*.typekit.net https://*.intercomcdn.com;img-src * data:;frame-src 'self' https://www.facebook.com https://*.hcaptcha.com;media-src 'self' https://*.intercomcdn.com;form-action 'self';manifest-src 'self';worker-src 'self' blob:;child-src 'self' blob:;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://solicitudes.tarjetaabc.cl https://tarjetaabc.cl https://515014059.collect.igodigital.com https://cdn.jsdelivr.net https://cdn.cquotient.com https://www.clarity.ms https://static.hotjar.com https://connect.facebook.net https://googleads.g.doubleclick.net https://script.hotjar.com https://p.cquotient.com https://ui.powerreviews.com https://e.cquotient.com https://media.flixfacts.com https://maps.googleapis.com https://media.flixcar.com https://www.entel.cl https://www.google.com/recaptcha/api.js https://www.gstatic.com https://static.powerreviews.com https://h.online-metrix.net https://scripts.clarity.ms https://abc.cl https://h64.online-metrix.net https://analytics.tiktok.com https://storage.googleapis.com https://oc-cache.production.alquimio.cloud https://front-notrack.indexado.production.pmbox.cloud https://front.indexado.production.alquimio.cloud https://*.alquimio.cloud https://*.omnitok.com https://lapolartarjeta.my.site.com https://lapolartarjeta.my.salesforce-scrt.com;frame-ancestors 'self';object-src 'none'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com login.kfw.de *.linkedin.com *.licdn.com bat.bing.com app.slidepresenter.com data.kfw.de data.deginvest.de data.kfw-ipex-bank.de *.kfw.de *.kfw-capital.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de foerderservices.kfw.de *.deginvest.de *.youborafds01.com *.edge-cdn.net *.akamaized.net *.youboranqs01.com android-webview-video-poster *.mapbox.com *.bitmovin.com *.wt-safetag.com *.analytics.edgekey.net a-fds.youborafds01.com kfw-chatapp-live.x21wxzihtdv.eu-de.codeengine.appdomain.cloud fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net ajax.googleapis.com *.googleadservices.com *.googletagmanager.com *.google.com *.google.de connect.facebook.net www.facebook.com *.analytics.yahoo.com *.doubleclick.net *.yimg.com *.adform.net tel: mailto: data: blob:; 3 frame-ancestors 'self' https://sketch.com https://*.sketch.com https://*.netlify.app 3 default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com; frame-ancestors 'self' 3 frame-ancestors 'self' https://*.postimees.ee https://*.pmo.ee https://*.tvnet.lv https://*.apollo.lv https://*.tvn.lv http://localhost:* 3 default-src 'self' play.vidyard.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com/zi-tag.js; script-src 'self' go.forsta.com ws-assets.zoominfo.com cdn.bizible.com cdn.linkedin.oribi.io cdn.b0e8.com google-analytics.com googleads.g.doubleclick.net play.vidyard.com assets.vidyard.com unpkg.com js-agent.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com forsta.bamboohr.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co cdn.cookielaw.org bam.nr-data.net geolocation.onetrust.com www.google.com www.google-analytics.com www.googletagmanager.com tpc.googlesyndication.com maps.googleapis.com digitalfeedback.us.confirmit.com www.gstatic.com *.smartrecruiters.com *.bc0a.com g10102301085.co *.castos.com optimize.google.com jobpal-sm.s3.amazonaws.com api.smooch.io forsta1--forstaful.sandbox.my.salesforce-sites.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com ws.zoominfo.com tags.clickagy.com js.zi-scripts.com/zi-tag.js fast.wistia.com cdn-app.pathfactory.com blob: translate.googleapis.com www.clarity.ms scripts.clarity.ms 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.googletagmanager.com go.forsta.com 972-oec-621.mktoweb.com fonts.googleapis.com legal.forsta.com static.smartrecruiters.com *.bc0a.com optimize.google.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js cdn-app.pathfactory.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' http://library.forsta.com https://library.forsta.com https://resources.rioseo.com http://resources.rioseo.com https://www.rioseo.com http://www.rioseo.com js.zi-scripts.com/zi-tag.js www.googletagmanager.com ; frame-src www.googletagmanager.com go.forsta.com play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com survey.us.confirmit.com subscriptions.smartrecruiters.com *.bc0a.com 6352b8cc15f5f7-88529694.castos.com optimize.google.com *.forsta.com *.rioseo.com t.co td.doubleclick.net hemsync.clickagy.com js.zi-scripts.com/zi-tag.js fast.wistia.com pressganey.wd1.myworkdayjobs.com; object-src 'none'; base-uri 'self'; form-action 'self' www.googletagmanager.com webto.salesforce.com *.forsta.com *.rioseo.com js.zi-scripts.com/zi-tag.js ; connect-src 'self' jobpal-sm.s3.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com go.forsta.com play.vidyard.com google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com forsta.bamboohr.com *.6sense.com *.google.com google.com adservice.google.com maps.googleapis.com translate.googleapis.com www.googleapis.com googleapis.com maps.googleapis.com *.analytics.google.com *.google-analytics.com analytics.google.com www.google-analytics.com www.googletagmanager.com *.g.doubleclick.net pagead2.googlesyndication.com *.6sc.co digitalfeedback.us.confirmit.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ws.zoominfo.com *.bc0a.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io api.smooch.io wss://api.smooch.io *.pathfactory.com *.forsta.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn ww.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.g2crowd.com t.co js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com/zi-tag.js pipedream.wistia.com www.googleadservices.com tracking-api.production.g2.com tracking-api.g2.com *.clarity.ms; font-src 'self' data: fonts.gstatic.com www.googletagmanager.com legal.forsta.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co js.zi-scripts.com/zi-tag.js *.pathfactory.com; media-src *.bc0a.com *.forsta.com *.rioseo.com *.castos.com *.b0e8.com t.co jobpal-sm.s3.amazonaws.com js.zi-scripts.com/zi-tag.js www.googletagmanager.com; img-src https: data:; report-uri https://forsta.report-uri.com/r/t/csp/enforce 3 frame-src 'self' https://*.zf.com https://zf-chatbot-ithelpbot-fe.azurewebsites.net/ https://*.dynamics.com/ https://embed.neospace.io/ https://app.powerbi.com https://684e6358a25146d7b2463db408d33a1e.svc.dynamics.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com ; worker-src blob: https://*.zf.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net https://cdnapi.kaltura.com https://api.de.kaltura.com https://cdnapisec.kaltura.com https://*.zf.com https://skk.erecruiter.pl https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://vjs.zencdn.net https://cdn.syndication.twimg.com https://cdn.cookielaw.org https://*.twitter.com https://*.facebook.net https://*.piwik.pro https://maps.googleapis.com https://dqm.crownpeak.com; frame-ancestors 'self' https://*.zf.com https://*.zf-world.com https://araiv.com https://www.zffcn.com https://zf-lifetec.com https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net https://*.crownpeak.com; 3 default-src blob: 'unsafe-eval' 'unsafe-inline' https: wss://lo2.msg.liveperson.net; img-src data: https:; font-src data: https:;https://*.liveperson.net;https://cdn.lpsnmedia.net 3 default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: ; connect-src * ; worker-src blob: ; frame-ancestors https://secure.quia.com https://secure.quia.backboneintegration.ixl.dev:9301 https://secure.quia.alpha.ixl.dev:9301 https://secure.quia.rsmarketingbuypage.ixl.dev:9301 https://www.quia.cap:12301 https://www.quia.cap:65201 https://www.quia.n:22401 https://secure.quia.s:19501 https://www.quia.t:12001 ; 3 default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io https://*.hs-banner.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php https://*.hsforms.com https://*.hubspot.com https://px.ads.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com https://js-eu1.hubspot.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hscollectedforms.net/collectedforms.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js; child-src 'self' https://*.hsforms.com; frame-src youtube.com www.youtube-nocookie.com https://*.hsforms.com https://js-eu1.hsforms.net; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.segment.com https://cdn.acsbapp.com https://www.gstatic.com https://platform.twitter.com https://js.hsforms.net https://js.hs-scripts.com https://js.hubspot.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-analytics.net https://www.google.com https://*.osano.com https://cmp.osano.com https://*.google-analytics.com https://*.hs-banner.com https://www.googletagmanager.com https://consensys.io https://prod.spline.design https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://cdn.skypack.dev https://unpkg.com https://*.consensys.io https://www.youtube.com https://snap.licdn.com https://static.ads-twitter.com https://www.redditstatic.com https://static.hotjar.com https://connect.facebook.net https://vercel.live https://vercel.com; style-src 'self' 'unsafe-inline' https://*.osano.com https://www.googletagmanager.com https://fonts.googleapis.com https://consensys.io https://vercel.live; img-src 'self' blob: data: https://www.googletagmanager.com https://images.ctfassets.net https://downloads.ctfassets.net https://i.ytimg.com https://images.lumacdn.com https://forms-na1.hsforms.com https://px.ads.linkedin.com https://*.ads.linkedin.com https://pbs.twimg.com https://*.reddit.com https://t.co https://*.twitter.com https://analytics.twitter.com https://perf-na1.hsforms.com https://track.hubspot.com https://fonts.gstatic.com https://consensys.io https://app.spline.design https://googleads.g.doubleclick.net https://www.google.com https://www.google.fr https://snap.licdn.com https://*.ads-twitter.com https://static.ads-twitter.com https://*.hotjar.com https://static.hotjar.com https://*.facebook.com https://www.facebook.com https://vercel.live https://vercel.com https://*.pusher.com; font-src 'self' https://consensys.io https://fonts.gstatic.com https://vercel.live https://assets.vercel.com; connect-src 'self' blob: https://www.gstatic.com https://acsbapp.com https://*.acsbapp.com https://forms.hsforms.com https://forms-na1.hubspot.com https://forms.hubspot.com https://api.lu.ma https://tagassistant.google.com https://*.googletagmanager.com wss://*.googletagmanager.com https://api.segment.io https://cdn.segment.com https://price.api.cx.metamask.io https://account.api.cx.metamask.io https://px.ads.linkedin.com https://*.osano.com https://cmp.osano.com https://*.google-analytics.com https://www.google.com https://*.googleadservices.com https://*.google.fr https://js.hs-banner.com https://cta-service-cms2.hubspot.com https://*.reddit.com https://*.redditstatic.com https://api.hubspot.com https://api.hubapi.com https://prod.spline.design https://cdn.jsdelivr.net https://unpkg.com https://api.web3modal.org https://pulse.walletconnect.org https://vimeo.com https://snap.licdn.com https://*.ads-twitter.com https://static.ads-twitter.com https://*.hotjar.com https://static.hotjar.com https://*.facebook.com https://connect.facebook.net https://www.facebook.com https://vercel.live https://vercel.com https://*.pusher.com wss://*.pusher.com; frame-src 'self' https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.google.com https://forms.hsforms.com https://*.osano.com https://www.googletagmanager.com https://boards.greenhouse.io https://vercel.live https://vercel.com; worker-src 'self' blob: https://www.gstatic.com https://*.osano.com https://cmp.osano.com https://cdn.jsdelivr.net https://prod.spline.design; media-src 'self' https://video.twimg.com https://videos.ctfassets.net https://firebasestorage.googleapis.com https://assets.unicorn.studio; object-src 'none'; base-uri 'self'; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://app.contentful.com https://www.google.com; upgrade-insecure-requests 3 frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/ 3 default-src 'self' https://geolocation.onetrust.com/ https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com; connect-src 'self' https://mapsresources-pa.googleapis.com/ https://cdn-ukwest.onetrust.com https://tag-logger.demandbase.com/ https://pagead2.googlesyndication.com/pagead/ https://www.gstatic.com/maps/ https://privacyportal-uk.onetrust.com/request/ https://privacyportaluatde.onetrust.com/request/ https://segments.company-target.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://api.company-target.com/api/ https://maps.googleapis.com/ https://dpm.demdex.net/id https://barclaysinternational.sc.omtrdc.net/b/ss/ https://barclaysbankplc.tt.omtrdc.net/m2/barclaysbankplc/mbox/ https://cdn.linkedin.oribi.io/partner/ https://www.media.barclays.co.uk/ https://segments.company-target.com/ https://px.ads.linkedin.com/ https://uat-de.onetrust.com/api/ https://app-uk.onetrust.com/api/; img-src 'self' data: https://www.googletagmanager.com https://adservice.google.co.uk/ https://adservice.google.com/ https://adservice.google.co.in/ https://maps.googleapis.com/ https://adservice.google.com/ https://ad.doubleclick.net/ https://id.rlcdn.com/ https://cdn.cookielaw.org/ https://dev.day.com/ https://www.media.barclays.co.uk/assets/ https://px.ads.linkedin.com/ https://cm.everesttech.net/cm/ https://barclaysinternational.sc.omtrdc.net/b/ss/ https://maps.gstatic.com/ https://www.linkedin.com/ https://www.google.com.au https://www.google.co.bw https://www.google.com.br https://www.google.be https://www.google.ca https://www.google.cn https://www.google.com.cy https://www.google.dk https://www.google.com.eg https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gg https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.ie https://www.google.im https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.je https://www.google.co.ke https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.mu https://www.google.com.mx https://www.google.co.mz https://www.google.nl https://www.google.com.ng https://www.google.no https://www.google.com.pk https://www.google.com.ph https://www.google.pt https://www.google.com.pr https://www.google.com.qa https://www.google.ru https://www.google.com.sa https://www.google.sc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.tz https://www.google.com.tr https://www.google.co.th https://www.google.ae https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.co.zm https://www.google.co.zw https://t.co/ https://analytics.twitter.com/ https://cdn-ukwest.onetrust.com https://ad.doubleclick.net/ https://www.ib.barclays/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-ukwest.onetrust.com https://snap.licdn.com/li.lms-analytics/ https://code.highcharts.com/ https://www.highcharts.com https://platform.twitter.com/widgets.js https://assets.adobedtm.com/ https://www.googletagmanager.com/gtag/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://static.ads-twitter.com/ https://tag.demandbase.com/ https://www.media.barclays.co.uk/ https://googleads.g.doubleclick.net/ blob:; frame-src 'self' https://platform.twitter.com/ https://www.investmentbank.barclays.com https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://s.company-target.com/ https://barclaysbankplc.demdex.net/ https://td.doubleclick.net/; style-src 'self' https://geolocation.onetrust.com/ https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com 'unsafe-inline' 3 frame-ancestors 'self' https://cx360.corp.ackodev.com https://cx360.corp.acko.com https://app.ola.riskcovry.com https://lead360.corp.ackodev.com https://lead360.corp.acko.com https://cmp.mygate.com https://uapp.kappa.mgmaglev.xyz https://cmp.env.mgmaglev.xyz https://app.mygate.com https://appnew.mygate.com https://apptest.mygate.com https://cx360v2.corp.ackodev.com https://cx360v2.corp.acko.com https://auto-policy-frontend-ui-master.internal.ackodev.com https://auto-policy-frontend.internal.live.acko.com https://*.ackodrive.com https://ackodrive.com https://lead-pre-sales-panel.corp.acko.com 3 default-src blob: 'self' https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.iovox.com/ http://vimeo.com https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net; worker-src * blob:; img-src * blob: data:; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-eu1.hubspot.com/ cdn.jsdelivr.net *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.usemessages.com cdn.cookielaw.org t.contentsquare.net track.gaconnector.com tracker.gaconnector.com app.contentsquare.com ma.zoho.eu maillist-manage.eu pagesense-proxy.eu js.stripe.com scout-cdn.salesloft.com secure.seat6worn.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net player.vimeo.com chat.puzzel.com *.google.com t.gatorleads.co.uk www.gstatic.com snap.licdn.com js.driftt.com js.driftqa.com www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com www.googleadservices.com connect.facebook.net pi.pardot.com; default-src 'self' 'unsafe-inline' ma.zoho.eu maillist-manage.eu idx.liadm.com cdn.linkedin.oribi.io ws://127.0.0.1:35729 *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com bat.bing.com scout.salesloft.com js.driftqa.com js.driftt.com chat.puzzel.com www.google-analytics.com script.hotjar.com stats.g.doubleclick.net in.hotjar.com; frame-src 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com *.hubspot.com td.doubleclick.net https://www.googletagmanager.com https://td.doubleclick.net js.stripe.com https://player.vimeo.com https://youtu.be https://www.youtube.com/ *.google.com www.googletagmanager.com js.driftt.com vars.hotjar.com www.facebook.com; style-src-elem 'self' 'unsafe-inline' blob: *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com fonts.googleapis.com; img-src 'self' blob: data: https://bat.bing.net/ do.oncdn.uk *.hsforms.com *.hubspot.com cdn.cookielaw.org *.contentsquare.net i.vimeocdn.com *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com scout.eu1.salesloft.com bat.bing.com chat.puzzel.com *.linkedin.com p.adsymptotic.com popup.communigator.co.uk www.facebook.com www.google-analytics.com www.google.com www.google.co.uk googleads.g.doubleclick.net script.hotjar.com; font-src data: 'self' *.thghosting.local *.gb1-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local *.ingenuitycloudservices.com script.hotjar.com fonts.gstatic.com; child-src blob:; worker-src blob:; connect-src thghosting.local *.thghosting.local gb1-li-thghostinguat-001.io.thehut.local *.gb1-li-thghostinguat-001.io.thehut.local gb4-li-thghostinguat-001.io.thehut.local *.gb4-li-thghostinguat-001.io.thehut.local ingenuitycloudservices.com *.ingenuitycloudservices.com *.hubspot.com *.hscollectedforms.net cdn.cookielaw.org track.gaconnector.com www.google.com *.contentsquare.net ma.zoho.eu cdn.linkedin.oribi.io idx.liadm.com *.google-analytics.com ma.zoho.eu maillist-manage.eu scout.salesloft.com js.stripe.com px.ads.linkedin.com idx.liadm.com; 3 frame-ancestors 'self'; report-uri /__csp-report 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://mc.yandex.ru https://www.googletagmanager.com https://talkdriver.ru https://support.smsc.ru https://support.smsc.kz https://sup.smsc.ua https://plugins.stripo.email blob: 3 connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' *.dev.wdr.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 3 default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 3 frame-ancestors 'self' https://dealerexperience.cadillac.com 3 default-src 'self'; frame-src http: data:; connect-src http: data:; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data: 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://live.flyp.tv https://dashboard.stage.bio; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.flockler.com https://*.twimg.com https://cdn.stage.bio https://about.stage.bio; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.3qsdn.com https://api.stage.bio; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.flockler.com https://*.twimg.com https://*.3qsdn.com blob: https://cdn.stage.bio; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital https://preview-kaenef.bmwk.de https://live.flyp.tv https://www.youtube.com; frame-ancestors 'self' http://*.bundeswirtschaftsministerium.de https://*.bundeswirtschaftsministerium.de https://*.init-ag.de; 3 default-src 'self' atos.net *.atos.net eviden.com *.atos-consulting.net cdn.jsdelivr.net *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' blob: code.jquery.com *.gravatar.com ps.w.org ams.wpml.org *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com *.linkedin.com *.google.com *.accountinsight.cloud *.licdn.com w.soundcloud.com *.aio-events.com *.appspot.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-c.tools updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com smartslider3.com *.googleusercontent.com yt3.ggpht.com *.cdninstagram.com *.matomo.cloud cdn.linkedin.oribi.io; frame-ancestors 'self' atos.net *.atos.net atos365.sharepoint.com; 3 frame-ancestors 'self' https://flock.com/; upgrade-insecure-requests 3 frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; object-src 'self' https:; connect-src 'self' https: wss: wss://*.docsbot.ai; img-src 'self' data: https: blob:; font-src 'self' data: https:; 3 default-src 'self' blob: https: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *;font-src 'self' blob: data: https: *;style-src 'self' 'unsafe-inline' https://secure.bngpaymentgateway.com/token/ https://cdn.walkme.com/ ;img-src 'self' blob: https://walkme.datto.com/images/ https://walkme.psa.datto.com/Images/ https://walkme.psa.datto.com/prod/player/ https://walkme.psa.datto.com/prod/qaPrevious/player/ https://s3.walkmeusercontent.com https://*.walkme.com https://k1-west-us-storage-prod.azureedge.net/launcher/ https://k1-storage-csi.azureedge.net/ https://k1-storage-csi-qa.azureedge.net/ https://k1-storage-dev.azureedge.net/launcher/ data: https://www.datto.com/img/ 3 default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googlesyndication.com www.googletagmanager.com https://connect.facebook.net https://www.facebook.com http://www.instagram.com/embed.js https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://tagmanager.google.com https://www.linkedin.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://vimeo.com https://prismic.io https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://static.cdn.prismic.io https://geolocation.onetrust.com https://vitals.vercel-insights.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://va.vercel-scripts.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://vercel.live https://us-central1-relyance-ext.cloudfunctions.net https://consent.app.relyance.ai https://cdn-consent.relyanceconsent.ai https://analytics.ahrefs.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://www.googletagmanager.com *.tiktok.com *.ttwstatic.com *.onetrust.com 'unsafe-inline'; connect-src 'self' https://*.googlesyndication.com www.googletagmanager.com https://www.facebook.com https://www.google.com/ https://connect.facebook.net https://app-backend.toolsforhumanity.com https://www.googleadservices.com https://tagmanager.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.linkedin.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://api.operator.worldcoin.org https://vitals.vercel-insights.com https://vault.pactsafe.io https://secure.ethicspoint.com https://geolocation.onetrust.com https://metrics.worldcoin.org https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://player.vimeo.com https://vimeo.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://us-central1-relyance-ext.cloudfunctions.net https://fleet.orb.worldcoin.org https://consent.app.relyance.ai https://cdn-consent.relyanceconsent.ai https://analytics.ahrefs.com world.org *.vimeocdn.com *.gstatic.com *.tiktokw.us *.tiktok.com *.ttwstatic.com *.onetrust.com; img-src 'self' blob: data: www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://worldcoin-company-website.cdn.prismic.io https://www.linkedin.com https://media.licdn.com https://i.ytimg.com https://images.prismic.io https://world-id-assets.com https://prismic-io.s3.amazonaws.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com world.org *.gstatic.com *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; media-src 'self' blob: data: https://platform.twitter.com/ https://www.linkedin.com https://media.licdn.com https://worldcoin-company-website.cdn.prismic.io https://images.prismic.io https://prismic-io.s3.amazonaws.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://googleads.g.doubleclick.net https://xapis.onelink-edge.com https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com world.org *.vimeocdn.com *.tiktok.com *.ttwstatic.com *.onetrust.com; frame-src 'self' https://www.googletagmanager.com/ https://connect.facebook.net https://www.facebook.com https://platform.twitter.com/ https://www.youtube.com https://player.vimeo.com https://www.instagram.com https://vimeo.com https://maps.googleapis.com https://worldcoin-company-website.prismic.io https://data.worldcoin.org https://td.doubleclick.net https://verifi.podscribe.com https://d34r8q7sht0t9k.cloudfront.net https://ipv4.podscribe.com https://vercel.live world.org *.vimeocdn.com *.google.com 3 frame-ancestors https://events.martech.org https://martech.org 3 default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 3 frame-ancestors *.jjwxc.net *.jjwxc.com 3 frame-ancestors 'self' https://adventhealth.com https://*.adventhealth.com; object-src 'none'; base-uri 'none' 3 frame-ancestors 'self' *.orange.ro 3 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 3 frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 3 connect-src 'self' https://api2.amplitude.com sr-client-cfg.amplitude.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ *.visualwebsiteoptimizer.com app.vwo.com https://cdn.schemaapp.com https://data.schemaapp.com https://api.schemaapp.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com *.google-analytics.com analytics.google.com gtm.prd.healthcare.ascension.org *.ascension.org *.ascension.org;default-src 'self' blob: *.ascension.org;font-src 'self' fonts.gstatic.com https://fonts.googleapis.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://stackpath.bootstrapcdn.com data: *.ascension.org;frame-src 'self' *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ *.youtube.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js app.vwo.com *.visualwebsiteoptimizer.com https://www.google.com/ *.ascension.org;img-src 'self' https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com *.doubleclick.net *.google-analytics.com analytics.google.com gtm.prd.healthcare.ascension.org *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com data: *.ascension.org;object-src 'none' ;script-src 'self' 'unsafe-eval' https://cdn.amplitude.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://ascensioncrm.my.site.com/ https://ascensioncrm.my.salesforce-scrt.com/ https://tfaforms.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/ https://cdnjs.cloudflare.com/ajax/libs/react-dom/18.2.0/ https://cdnjs.cloudflare.com/ajax/libs/es6-shim/ https://cdnjs.cloudflare.com/ajax/libs/es5-shim/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js https://www.google.com/recaptcha/enterprise.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.brightcovecdn.com blob: *.visualwebsiteoptimizer.com app.vwo.com https://cdn.schemaapp.com https://data.schemaapp.com https://api.schemaapp.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://www.gstatic.com/recaptcha/ https://zn0ng4rqajq6fnr3w-ascensionexperience.siteintercept.qualtrics.com *.qualtrics.com *.ascension.org;style-src 'self' 'unsafe-eval' 'unsafe-inline' https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://ascensioncrm.my.site.com/ fonts.gstatic.com https://fonts.googleapis.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com reputation-com-enterprise-prod.s3.us-east-1.amazonaws.com https://s3.amazonaws.com/r4e-cstatic.reputation.com r4e-assets-prod-us.s3.amazonaws.com https://s3.amazonaws.com/ *.visualwebsiteoptimizer.com app.vwo.com *.launchdarkly.com *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ https://stackpath.bootstrapcdn.com *.ascension.org; 3 base-uri 'self'; default-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com www.googletagmanager.com nordlayer.com *.nordlayer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googleadservices.com www.google.com www.gstatic.com *.google-analytics.com www.googletagmanager.com https://www.googleanalytics.com https://pagead2.googlesyndication.com nordlayer.com *.nordlayer.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.typeform.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://a.quora.com/qevents.js *.redditstatic.com *.alb.reddit.com px.ads.linkedin.com *.oribi.io snap.licdn.com analytics.twitter.com static.ads-twitter.com connect.facebook.net bat.bing.com p.adsymptotic.com sentry.netaltr.com cdn.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net loader.wisepops.com *.salesloft.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.veritonic.com https://s1.nordcdn.com; connect-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com *.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com https://pagead2.googlesyndication.com www.googleadservices.com cdn.growthbook.io nordlayer.com *.nordlayer.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.typeform.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.redditstatic.com *.alb.reddit.com pixel-config.reddit.com conversions-config.reddit.com www.linkedin.com px.ads.linkedin.com snap.licdn.com connect.facebook.net www.facebook.com p.adsymptotic.com sentry.netaltr.com activity.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net loader.wisepops.com bat.bing.com *.salesloft.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://*.veritonicmetrics.com https://sb.nordcdn.com; form-action 'self' webto.salesforce.com https://www.facebook.com/tr *.hsforms.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; frame-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.google.com www.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io www.youtube.com https://www.youtube.com/ www.youtube-nocookie.com https://www.youtube-nocookie.com/ *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.typeform.com notifications.wisepops.com wisepops.net loader.wisepops.com; img-src * data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ct.capterra.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://q.quora.com *.alb.reddit.com px.ads.linkedin.com t.co analytics.twitter.com static.ads-twitter.com *.google-analytics.com stats.g.doubleclick.net www.gstatic.com https://www.googletagmanager.com https://pagead2.googlesyndication.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net loader.wisepops.com www.facebook.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.veritonicmetrics.com; style-src 'self' 'unsafe-inline' *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.typeform.com https://fonts.googleapis.com https://s1.nordcdn.com https://sb.nordcdn.com; media-src 'self' 'unsafe-inline' nordlayer.com *.nordlayer.com false https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; font-src 'self' data: www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com https://fonts.intercomcdn.com; child-src 'self' *.hsforms.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://fast.wistia.net; 3 upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://cdn.euc-freshbots.ai https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' *.puzzel.com yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl *.hsforms.com yourhosting.freshchat.com https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net https://*.googletagmanager.com; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.analytics.google.com *.linkedin.com *.puzzel.com *.argeweb.nl argeweb.netwerkstatus.nl *.google-analytics.com https://rts-euc.freshworksapi.com wss://rts-euc.freshworksapi.com https://www.euc-freshbots.ai https://cdn.euc-freshbots.ai https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://analytics.google.com; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 3 frame-ancestors https://*.gsmaevents.com https://gsma.force.com https://gsma.my.site.com 3 frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net *.comcarde.com *.paypal.com; style-src 'unsafe-inline' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net *.comcarde.com *.paypal.com; img-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net api.qrserver.com *.comcarde.com *.paypal.com; connect-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net *.comcarde.com *.paypal.com 3 frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com 3 frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3 report-uri https://o4505075539902464.ingest.us.sentry.io/api/4505075559825408/security/?sentry_key=e137a5ec37cf03e1ed168b772c98c0bc; report-to csp; default-src 'self' *.youtube.com player.simplecast.com *.lemonsqueezy.com challenges.cloudflare.com https://lemonsqueezy.nolt.io/ tally.so cdn.prod.website-files.com lemonsqueezy-assets.s3.us-east-2.amazonaws.com; connect-src *.lemonsqueezy.com cdn.prod.website-files.com wss://api.inkeep.com *.inkeep.com helpscout-ticket-creation.vercel.app lemonsqueezy-assets.s3.us-east-2.amazonaws.com; media-src 'self' *.lemonsqueezy.com cdn.prod.website-files.com; worker-src 'self'; img-src * blob: data:; font-src * data:; style-src 'self' *.lemonsqueezy.com cdn.prod.website-files.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' challenges.cloudflare.com tally.so cdn.jsdelivr.net cdn.prod.website-files.com code.jquery.com unpkg.com d3e54v103j8qbb.cloudfront.net app.lemonsqueezy.com cdn.usefathom.com assets.lemonsqueezy.com 'sha256-I1oqzdG8ABwwJE/CwI40sJxhtAhpql7j/rpDkIXUK1Y=' 'sha256-bdA0cvgVXH8LBxO68C3ExwzyXLRynEkqpwkKp7av3Tk=' 'sha256-YMDz5wGrDesGpPQvZFf+o+To+21PWXozOWgUUKXgPNQ=' 'sha256-KZ7C6zm33y6W2F1lcdoNyLyQoU6ieDA6nnaAoMUIG6o=' 'sha256-olvdWzV5MceIt4AqqXiVXHwHOoytDlQutQSLai2rr3s=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-P6cgBPruhraHLxxJAx7CYIaV6SC4iuvDldsKrdcDCs0=' 'sha256-muoEFIeLVS1tXqNKabm2XW0y+t0Morn0eiyH/4gWSFM=' 'sha256-IWcRBb6qdMcphojQQMlDaQsYG4F8+OUe0cC62k92Fqs=' 'sha256-DJoD3TxxO/wUfm77B3Xg8CeZ9zXmQFghzlrJFbjgsVo=' 'sha256-st/0/OS6vlRZrDF/EgOB9O90ZfXBJEMve3p4NzDKmWw=' 'sha256-rqIrJsr1KxE4sZIs0595EDTZHIse/pQFOveGXTSpgh8=' 'sha256-2+xeZ9uvzc1cztE9neSkGAsRIcQxev8HH3lZeT3IHgc=' 'sha256-ChC+cACPifjKQsvV1eZgCx7ANEc0Q3xy+MqDBFnpyRE=' 'sha256-7/HveZxd4yPf42YIfhxiZDFU/a6RtLtShZj0y0bc0xM=' 'sha256-YAhqsGAb4rs+S5kO4XH1/9mGQq/8NQVJLKJrhNpdFo8=' 'sha256-wEjQdcjT9ia3+uKiDHquc85jb4JdZAOOm9hFbAvVW0Y=' 'sha256-FF3JplMsTlEoGExFy9jNa//bI9hXN1P1Wk7TmC/697w=' 'sha256-FABljtGlF/3YMkSGHKKqY1YQmM6YGrcxBpr97RqRS9s=' 'sha256-fd/AWhZEJywiUTWydT7SaKdliz8IBLf395MJFxoGDOY=' 'sha256-6EsWsKwWbGaxnjI9bo3G4ZW6jUhVwdKYJvwQHKwlL/c=' 'sha256-Z7WzqowjPAR+oYchmMod4lGNr7Qyiu6JCcN+iYRXHCk='; 3 frame-ancestors 'self' *.thalesgroup.com *.imperva.com 3 frame-ancestors 'self' https://commerceinsights.ibmcloud.com 3 child-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://apps.rokt.com https://sgtm.dermstore.com https://us.creativecdn.com https://dermstore.attn.tv https://creatives.attn.tv https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://tpc.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://api.bam-x.com https://*.attn.tv https://ln-rules.rewardstyle.com https://cdn.pbbl.co https://www.pinterest.com https://app.qubit.com blob: https://*.awin1.com https://*.zenaps.com https://gum.criteo.com https://*.abtasty.com https://events.release.narrativ.com https://*.powerreviews.com https://ct.pinterest.com https://fledge.eu.criteo.com https://static.criteo.net https://ams.creativecdn.com https://www.provenance.org https://*.bazaarvoice.com https://www.youtube.com/ https://uk.cdn-net.com/;connect-src 'self' https://api.stripe.com https://api-dev.pogodonate.com https://api.pogodonate.com https://app-dev.pogodonate.com https://app.pogodonate.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://obseu.seroundprince.com https://us.creativecdn.com https://dermstore.attn.tv https://ilarh.dermstore.com https://events.attentivemobile.com wss://*.ringcentral.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://api.bam-x.com https://www.emjcd.com https://www.mczbf.com https://www.sjwoe.com https://*.attn.tv https://events.attentivemobile.com https://events.release.narrativ.com https://tr.snapchat.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.dermstore.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://cdn.cookielaw.org https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://*.abtasty.com data: https://storyboard.storystream.ai https://content.storystream.ai https://*.powerreviews.com https://sgtm.dermstore.com https://w0a7cq3k2e.execute-api.us-west-1.amazonaws.com https://vhw8mjja9e.execute-api.us-west-1.amazonaws.com https://sd7sf8u3fj.execute-api.us-west-1.amazonaws.com https://*.gethumankind.com https://cognito-identity.us-west-1.amazonaws.com https://*.criteo.net https://*.ringcentral.com https://ams.creativecdn.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://api.provenance.org https://www.provenance.org https://api.segment.io https://appsignal-endpoint.net https://*.bazaarvoice.com https://mpsnare.iesnare.com; default-src 'self' https://*.lpsnmedia.net https://*.bazaarvoice.com; font-src 'self' https://app-dev.pogodonate.com https://app.pogodonate.com data: https://*.dynamicyield.com/ https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://*.ringcentral.com https://*.bazaarvoice.com;form-action 'self' https://www.facebook.com https://checkout.dermstore.com https://connect.facebook.net https://tr.snapchat.com;frame-ancestors 'self';img-src 'self' https://pogodonate.s3.eu-west-2.amazonaws.com https://app-dev.pogodonate.com https://app.pogodonate.com data: https://*.dynamicyield.com/ https://events.attentivemobile.com https://dermstore-us.attn.tv https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://res.cloudinary.com https://www.provenance.org https://*.bazaarvoice.com https: blob:;media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://*.bazaarvoice.com https://mpsnare.iesnare.com blob: https://media.gethumankind.com;object-src 'self' https://*.thcdn.com https://www.youtube.com https://*.bazaarvoice.com;report-uri https://csp.thehut.net/cspReport.txt;script-src 'self' https://*.js.stripe.com https://js.stripe.com 'unsafe-eval' 'unsafe-inline' data: https://cdn.attn.tv https://ilarh.dermstore.com https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://*.dynamicyield.com/ https://us.creativecdn.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://static.narrativ.com https://cdn.attn.tv https://ln-rules.rewardstyle.com https://collector-8550.tvsquared.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://app.contentsquare.com https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://static.criteo.net https://*.criteo.com https://analytics.tiktok.com https://*.ibytedtos.com https://cdn.cookielaw.org blob: https://*.abtasty.com https://app-dev.pogodonate.com https://app.pogodonate.com https://tr.snapchat.com https://*.powerreviews.com https://mpsnare.iesnare.com https://sgtm.dermstore.com https://*.gethumankind.com https://prod-ui-entry-widget-sta-createproduientrywidgetb-mi53q2gqfpif.s3.us-west-1.amazonaws.com https://prod-ui-customer-survey-createproduicustomersurv-1nj0gmnhljhot.s3.us-west-1.amazonaws.com https://*.ringcentral.com https://tags.creativecdn.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://consent.cookiebot.com https://www.provenance.org https://*.bazaarvoice.com;style-src 'self' https://*.js.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com https://*.powerreviews.com https://assets.gethumankind.com https://prod-ui-entry-widget-sta-createproduientrywidgetb-mi53q2gqfpif.s3.us-west-1.amazonaws.com https://prod-ui-customer-survey-createproduicustomersurv-1nj0gmnhljhot.s3.us-west-1.amazonaws.com https://*.ringcentral.com https://*.bazaarvoice.com;upgrade-insecure-requests;report-to csp-endpoint 3 frame-ancestors 'self' https://attivazioni.windtre.it attivazioni.windtre.it https://ac.windtre.it ac.windtre.it https://www.windtrebusiness.it www.windtrebusiness.it https://shop.windtre.it shop.windtre.it https://buy.shop.windtre.it buy.shop.windtre.it https://selfcare-pwa-bs.gcp.windtre.it https://www.segnoverde.it https://www.windtrelucegas.it ; 3 frame-ancestors https://app.contentstack.com/; 3 frame-ancestors 'self' https://*.stackoverflow.com http://*.stackoverflow.co; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' s.exist.ru yandex.ru yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru otclick-adv.ru cdn.otclick-adv.ru *.exist.ru *.exist.parts telegram.org storage.yandexcloud.net www.sravni.ru cdn.jsdelivr.net *.cdn.ngenix.net; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru tc.exist.ru yastatic.net yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru www.youtube.com oauth.telegram.org otclick-adv.ru cdn.otclick-adv.ru www.sravni.ru storage.yandexcloud.net; media-src 'self' data: *.yandex.net *.yandex.ru; 3 default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://verizonconnect.getambassador.com/; 3 default-src 'self' easy.gr *.easy.gr *.cookiebot.com *.tawk.to *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com *.youtube.com;script-src 'self' *.paypal.com *.paypalobjects.com *.braintreegateway.com easy.gr *.easy.gr *.youtube.com 'unsafe-inline' https://pagead2.googlesyndication.com 'unsafe-eval' *.googleusercontent.com *.gstatic.com tippedjs.com fancyapps.com ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to cdn.jsdelivr.net *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com *.google.gr *.youtube.com *.unpkg.com ;style-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net;img-src 'self' blob: data: easy.gr *.easy.gr 'unsafe-inline' https://quickchart.io ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to cdn.jsdelivr.net tawk.link s3.amazonaws.com *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com cdn.jsdelivr.net *.google.gr *.google.nl *.paypalobjects.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com ;font-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to fonts.gstatic.com *.facebook.com *.facebook.net *.cookiebot.com *.paypalobjects.com stats.g.doubleclick.net ;connect-src 'self' easy.gr *.easy.gr 'unsafe-inline' *.tawk.to wss://*.tawk.to *.lottiefiles.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net google.com *.youtube.com *.googlesyndication.com ; frame-src 'self' easy.gr *.easy.gr 'unsafe-inline' *.paypal.com *.paypalobjects.com *.googletagmanager.com *.doubleclick.net *.cookiebot.com *.tawk.to ; 3 connect-src 'self' *.zohopublic.eu *.googleadservices.com google.com *.google.com *.analytics.google.com *.google-analytics.com *.cookiebot.com *.doubleclick.net *.omappapi.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com https://*.googletagmanager.com *.limesurvey.org wss://vts.zohopublic.eu; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' *.zohocdn.com *.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' *.zohocdn.com *.zohopublic.eu heapanalytics.com https://tagmanager.google.com fonts.googleapis.com https://www.googletagmanager.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org account.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' https://*.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com data: *; manifest-src 'self'; media-src 'self' *.zohocdn.com; script-src 'self' *.zohopublic.eu https://privacy.cortina-consult.com https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org googleads.g.doubleclick.net https://googleads.g.doubleclick.net data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src www.googletagmanager.com *.zohopublic.eu https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com https://td.doubleclick.net 'self' *.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://www.limesurvey.org/violation.php; 3 default-src 'self' *.myidx.cloud *.analytics.google.com *.google.com *.google-analytics.com; img-src 'self' 'unsafe-inline' *.myidx.cloud * data: www.w3.org; frame-src 'self' *.myidx.cloud s.company-target.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticcontents.investis.com 77d8e64489354683a242e226ad9ed96b.svc.dynamics.com www.googletagmanager.com confirmsubscription.com vars.hotjar.com in.hotjar.com my.walls.io *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net rolls-royce.staging.investis.com rolls-royce.production.investis.com www.facebook.com *.doubleclick.net staticzone.idigitalcontents.com viz.tools.investis.com form.typeform.com matt317952.typeform.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.myidx.cloud *.stackadapt.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net assets.investisdigital.com staticcontents.investis.com tagmanager.google.com www.googletagmanager.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fast.fonts.net embed.typeform.com; font-src 'self' 'unsafe-inline' *.myidx.cloud data: fonts.googleapis.com fonts.gstatic.com staticzone.idigitalcontents.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fonts.com fast.fonts.net *.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.myidx.cloud *.incrementdata.com static.cloudflareinsights.com *.stackadapt.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net mktdplp102cdn.azureedge.net staticcontents.investis.com js-agent.newrelic.com otp.tools.investis.com staticzone.idigitalcontents.com viz.tools.investis.com *.analytics.google.com *.google.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com static.ads-twitter.com snap.licdn.com *.googleadservices.com analytics.twitter.com *.flickr.com tag.demandbase.com *.lead-analytics-1000.com *.leadforensics.com track.accountinsight.cloud *.adnxs.com fast.fonts.net *.typekit.net *.lfeeder.com embed.typeform.com; media-src 'self' *.myidx.cloud *.brightcove.com *.brightcovecdn.com brightcove.hs.llnwd.net viz.tools.investis.com; connect-src 'self' *.myidx.cloud *.stackadapt.com *.linkedin.com px.ads.linkedin.com/wa/ cdn.linkedin.oribi.io bam.eu01.nr-data.net facebook.com *.googlesyndication.com *.analytics.google.com *.google.com *.doubleclick.net *.google-analytics.com www.google.co.in analytics.google.com www.facebook.com tag-logger.demandbase.com www.facebook.com/tr/ in.hotjar.com staticzone.idigitalcontents.com viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud api.company-target.com segments.company-target.com track.incrementdata.com *.incrementdata.com *.googleadservices.com googleadservices.com facebook.com *.typekit.net *.amazonaws.com *.googleapis.com; base-uri 'none'; 3 frame-ancestors 'self' https://gov.aitu.io; 3 default-src 'self' 'unsafe-inline' data: https://idosell.com https://idobooking.com https://*.iai-sa.com https://*.iai-system.com https://*.iai-sa.com https://*.idosell.com https://*.idobooking.com https://*.iai-shop.com https://*.idopayments.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://code.jquery.com https://maxcdn.bootstrapcdn.com wss://iai-call.idosell.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.microsoftonline.com/ https://*.google.pl https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.cookiebot.eu https://*.usercentrics.eu https://mozilla.github.io/ https://www.youtube.com https://cdnjs.cloudflare.com https://cdn-widget.callpage.io https://idosell-pages.vercel.app https://snap.licdn.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://*.hubspot.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.usemessages.com https://forms-eu1.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://px.ads.linkedin.com https://*.callpage.io https://api-eu1.hubapi.com https://*.elfsight.com https://phosphor.utils.elfsightcdn.com https://*.typekit.net https://www.slideshare.net https://unpkg.com https://i.ytimg.com https://open.spotify.com https://*.hs-sites-eu1.com https://*.clarity.ms/ https://*.hsappstatic.net https://*.hubspotusercontent-eu1.net https://*.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://idosell.com https://idobooking.com https://*.iai-sa.com https://*.iai-system.com https://*.iai-sa.com https://*.idosell.com https://*.idobooking.com https://*.iai-shop.com https://*.idopayments.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://code.jquery.com https://maxcdn.bootstrapcdn.com wss://iai-call.idosell.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.microsoftonline.com/ https://*.google.pl https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.cookiebot.eu https://*.usercentrics.eu https://mozilla.github.io/ https://www.youtube.com https://cdnjs.cloudflare.com https://cdn-widget.callpage.io https://idosell-pages.vercel.app https://snap.licdn.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://*.hubspot.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.usemessages.com https://forms-eu1.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://px.ads.linkedin.com https://*.callpage.io https://api-eu1.hubapi.com https://*.elfsight.com https://phosphor.utils.elfsightcdn.com https://*.typekit.net https://www.slideshare.net https://unpkg.com https://i.ytimg.com https://open.spotify.com https://*.hs-sites-eu1.com https://*.clarity.ms/ https://*.hsappstatic.net https://*.hubspotusercontent-eu1.net https://*.bing.com; 3 base-uri 'self'; report-uri https://cdn1.hellohumankindness.org/svc/csp-report/?t=2c30318d157a3a246eb902f5cc3f638e4e707b808add86eda11c6278ec01a649725d9f23a60916731e7a6957900326b98ae7d34eed2165c2; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com care.commonspirit.org cdn.commonspirit.org cdn.cookielaw.org cookie-cdn.cookiepro.com fonts.googleapis.com geolocation.onetrust.com privacyportal.onetrust.com ucm-us.verint-cdn.com/files/sites/commonspirit/ use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everestjs.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.youtube.com adobedc.demdex.net ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com assets.adobedtm.com bam.nr-data.net care.commonspirit.org cdn.commonspirit.org cdn.cookielaw.org cdn1.commonspirit.org cdnjs.cloudflare.com commonspirit.experiencecloud.adobe.com cookie-cdn.cookiepro.com experience.adobe.com geolocation.onetrust.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com privacyportal.onetrust.com resources.unlockhealthnow.com/embed-script/ ucm-us.verint-cdn.com/files/modules/ ucm-us.verint-cdn.com/files/sites/commonspirit/ use.typekit.net; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com care.commonspirit.org commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.blob.core.windows.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.twimg.com *.youtube.com api.clearsensecloud.com bam.nr-data.net care.commonspirit.org cdn.healthwise.net cdn.jotfor.ms d20bb9v528piij.cloudfront.net data: dpm.demdex.net i.ytimg.com login.commonspirit.org s3.amazonaws.com s7d1.scene7.com s7d2.scene7.com trinityhealth.com/wp-content/uploads/ ucm-us.verint-cdn.com use.typekit.net www.google.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.googleapis.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net *.recaptcha.net adobedc.demdex.net ajax.microsoft.com analytics.google.com api.ipify.org apiprod.commonspirit.org assets.adobedtm.com bam.nr-data.net cdn.commonspirit.org dpm.demdex.net fid.agkn.com fonts.googleapis.com identity-api.commonspirit.org identity-func.commonspirit.org login.commonspirit.org maps.googleapis.com providers.commonspirit.org readaloud.googleapis.com telemetry.commonspirit.org translate.googleapis.com ucm-us.verint-cdn.com/files/sites/commonspirit/; media-src 'self' d20bb9v528piij.cloudfront.net s7d1.scene7.com; default-src 'self' *.dignityhealth.org account.commonspirit.org cdn1.commonspirit.org commonspirit.demdex.net identity-func.commonspirit.org login.commonspirit.org; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms cdn1.commonspirit.org data: use.typekit.net www.commonspirit.org; 3 default-src 'self' 'unsafe-inline' player.podigee-cdn.net fonts.googleapis.com *.google.at *.google.de *.google.es *.google.ch *.google.com blob:; img-src 'self' cm.everesttech.net secure.gravatar.com i.ytimg.com *.google.at *.google.de *.google.es *.google.ch *.google.com *.axelspringer.com www.googletagmanager.com imgsct.cookiebot.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.podigee-cdn.net www.everestjs.net tags.tiqcdn.com cmp.axelspringer.com www.googletagmanager.com *.google.at *.google.de *.google.es *.google.ch *.google.com consentcdn.cookiebot.com www.googletagmanager.com consent.cookiebot.com ajax.googleapis.com blob:; font-src 'self' player.podigee-cdn.net fonts.gstatic.com data:; frame-ancestors www.axelspringer.com; frame-src open.spotify.com player.podigee-cdn.net www.axelspringer.com cmp.axelspringer.com resources-production.la.welt.de www.youtube.com axelspringerse.demdex.net *.google.at *.google.de *.google.es *.google.ch *.google.com www.googletagmanager.com embed.acast.com consentcdn.cookiebot.com blob:; connect-src 'self' as.axelspringer.com dpm.demdex.net cmp.axelspringer.com *.google.at *.google.de *.google.es *.google.ch *.google.com consentcdn.cookiebot.com *.google-analytics.com googleads.g.doubleclick.net 3 frame-ancestors self; 3 connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io www.google-analytics.com; default-src 'none'; font-src 'self' static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com use.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com static.tierra.net; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com www.googletagmanager.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com js.stripe.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com *.typekit.net; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 3 default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 3 default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self'; connect-src 'self' https://*.iubenda.com https://*.mux.com https://*.ada.support https://*.hotjar.com wss://*.hotjar.com https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com https://*.mypurecloud.ie wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://google.com https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com https://www.googleadservices.com https://*.curator.io/ https://*.eskimi.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com https://tally.so https://*.novemberfive.co https://*.posthog.com https://*.sentry.io https://*.avo.app; script-src 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://googleads.g.doubleclick.net https://siteintercept.qualtrics.com https://ssl.google-analytics.com https://tagmanager.google.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://tally.so https://*.novemberfive.co https://*.posthog.com https://*.sentry.io https://*.avo.app; script-src-elem 'self' 'unsafe-inline' https://*.eskimi.com https://*.iubenda.com https://*.youtube.com https://*.hotjar.com https://googleads.g.doubleclick.net https://*.ada.support https://*.mypurecloud.com https://*.ads-twitter.com https://*.clarity.ms https://*.google-analytics.com https://*.licdn.com https://*.googletagmanager.com https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://www.googleadservices.com https://tally.so https://*.novemberfive.co https://*.posthog.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.ie https://*.mypurecloud.com https://cdn.curator.io https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://*.posthog.com; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.linkedin.com https://*.qualtrics.com https://img.youtube.com https://*.mypurecloud.com https://*.mypurecloud.ie https://analytics.twitter.com https://t.co https://curator-assets.b-cdn.net https://google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://ssl.gstatic.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://*.analytics.google.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://*.digicelbusiness.com https://tally.so https://*.novemberfive.co https://*.datocms-assets.com https://*.posthog.com https://*.digicelgroup.com; font-src 'self' https://fonts.gstatic.com https://*.posthog.com data:; base-uri 'none'; media-src 'self' https://*.datocms-assets.com https://*.posthog.com blob:; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.qualtrics.com https://*.doubleclick.net https://*.mypurecloud.com https://*.mypurecloud.ie https://*.googletagmanager.com https://*.appspot.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com https://www.youtube.com https://tally.so https://*.novemberfive.co https://*.avo.app; form-action https://*.qualtrics.com https://www.facebook.com https://tally.so https://*.novemberfive.co; frame-ancestors 'self' https://*.posthog.com https://*.digicelgroup.com https://*.novemberfive.co 3 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://mc.yandex.ru *.licdn.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/js/swiper.min.js https://googleads.g.doubleclick.net/ https://api-maps.yandex.ru/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net https://ashotb2b.pbx.mts.am/callback.js?uid=3822cf6b-fe65-4d68-980d-fe4b344ba376 *.googletagmanager.com/gtag/ http://www.viva.am/page-not-found https://api-maps.yandex.ru/2.1/?apikey=855a6e65-595e-4144-a39b-bcac9495ca90&load=Map&lang=en_US& https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/css/swiper.min.css https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/css/intlTelInput.css https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.linkedin.com https://mc.yandex.ru https://static.mts.ru/ https://www.google.am https://www.google.com https://api-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net/ https://yandex.com/ https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.8/img/flags.png 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src view.joomag.com viewer.joomag.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://mc.yandex.ru/ https://td.doubleclick.net/ https://www.googletagmanager.com/ *.yandex.com/ https://yandex.com/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://cdn.linkedin.oribi.io https://mc.yandex.ru https://mc.yandex.md https://px.ads.linkedin.com/wa/ https://analytics.google.com/ *.googletagmanager.com/gtag/ https://suggest-maps.yandex.ru/v1/suggest?apikey=a84162da-2823-4250-961a-655808c97cca&types=biz%2Cgeo&text=%D0%A8%D0%BE%D0%BA%D0%BE%D0%BB%D0%B0%D0%B4%D0%BD%D0%B8%D1%86%D0%B0&lang=en_US&results=5&origin=jsapi2Geocoder&print_address=1&bbox=44.41558624267572%2C40.130943052328576%2C44.58038116455074%2C40.21561459277751&strict_bounds=0 *.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://viewer.joomag.com/ https://view.joomag.com/ https://maps.google.com/ https://www.google.com/ 'self' web-chat.nativechat.com 3 frame-ancestors 'self' *.ironmountain.com; 3 frame-ancestors 'self' https://*.boditrax.com/ *.puregym.com/; 3 frame-ancestors 'self' https://*.wynnlasvegas.com https://app.contentful.com; 3 frame-ancestors 'self'; block-all-mixed-content 3 base-uri 'self'; default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' blob: data:; connect-src * blob: data:; frame-ancestors 'self' https://storybook-master.deel.wtf https://ui.deel.com https://alignedup.com https://teamaligned.com https://app.supernova.io https://deel-ui.preview.supernova-docs.io https://deel-ui.supernova-docs.io; 3 upgrade-insecure-requests; frame-ancestors 'self' blaetterkatalog.musicstore.de 3 default-src 'self' style-src 'unsafe-inline' 3 base-uri 'self' https://www.sidn.nl https://www.sidnlabs.nl;default-src 'self';connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.dynamics.com https://*.europe-west4.run.app https://*.facebook.com https://*.googleapis.com https://*.googlesyndication.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.piwik.pro https://*.recruitee.com https://*.sidn.nl https://sidn.nl https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.usmedia.nl https://api.opencagedata.com https://vimeo.com https://www.google.com https://*.run.app;font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://*.piwik.pro https://*.twitter.com https://*.typeform.com https://vimeo.com;form-action 'self' https://*.dynamics.com https://*.mailplus.nl https://internet.nl https://sidn.activehosted.com https://sidn.recruitee.com;frame-ancestors 'none';frame-src 'self' https://*.azureedge.net https://*.doubleclick.net https://*.dynamics.com https://*.google.com https://*.googleapis.com https://*.sidnlabs.nl https://*.spotify.com https://*.twitter.com https://*.typeform.com https://*.vimeo.com https://*.tmrrw.nl https://anchor.fm https://www.facebook.com https://www.youtube.com;img-src 'self' data: https://*.domain-registry.nl https://*.doubleclick.net https://*.europe-west4.run.app https://*.google.com https://*.google.nl https://*.googleapis.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.piwik.pro https://*.sidn.nl https://*.sidnlabs.nl https://*.statcounter.com https://*.twimg.com https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.usmedia.nl https://*.viglink.com https://*.vimeocdn.com https://*.youtube.com https://*.ytimg.com https://downloads.ctfassets.net https://images.ctfassets.net https://static.mailplus.nl https://vimeo.com https://www.facebook.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.azureedge.net https://*.bizographics.com https://*.cloudfront.net https://*.creative-serving.com https://*.doubleclick.net https://*.dynamics.com https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.mailplus.nl https://*.piwik.pro https://*.statcounter.com https://*.twimg.com https://*.twitter.com https://*.typeform.com https://*.usercentrics.eu https://*.ytimg.com https://connect.facebook.net https://sidn.activehosted.com https://vimeo.com https://www.youtube.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://sidn.activehosted.com https://*.azureedge.net https://*.cloudfront.net https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.mailplus.nl https://*.piwik.pro https://*.sidn.nl https://sidn.nl https://*.usercentrics.eu https://*.ytimg.com https://vimeo.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.mailplus.nl https://*.piwik.pro https://*.twitter.com https://*.typeform.com;report-to default;report-uri https://sidn-nl.uriports.com/reports/report 3 child-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.cookieyes.com cdn-cookieyes.com *.paypal.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.paypal.com;frame-ancestors 'self';img-src *.mvmnet.com data: maps.gstatic.com *.gstatic.com *.ggpht.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.facebook.com *.cookieyes.com cdn-cookieyes.com *.paypalobjects.com *.google.it *.paypal.com;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self'; 3 frame-ancestors 'self' http://*.hftmagnates.com/ https://*.hftmagnates.com/ http://fm.fmpedia.lc/ https://fm.fmpedia.lc/ http://il.fmpedia.lc/ https://il.fmpedia.lc/ https://localhost:3002/ https://localhost:3004/ https://localhost:3006/ https://financemagnates.com/ https://financemagnates.com:3002/ https://*.financemagnates.com/ https://*.financemagnates.com:3002/ https://*.financemagnates.com:3004/ https://investinglive.com/ https://investinglive.com:3006/ https://*.investinglive.com/ https://*.investinglive.com:3006/; 3 default-src 'self'; script-src 'self' https://maps.googleapis.com https://newlogin.dimepkairos.com.br https://5chat.5hub.com.br https://script.hotjar.com https://code.jquery.com https://static.hotjar.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.dimepkairos.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com https://l2.io https://cdn.jsdelivr.net https://js-agent.newrelic.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://newlogin.dimepkairos.com.br https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.gstatic.com 'unsafe-inline'; font-src 'self' https://newlogin.dimepkairos.com.br https://fonts.gstatic.com; img-src 'self' data: *; connect-src 'self' https://maps.googleapis.com https://maps.google.com https://maps.google https://stats.g.doubleclick.net https://tagus.5hub.com.br https://www.google.com https://www.google-analytics.com https://bam.nr-data.net http://127.0.0.1:8731; frame-src 'self' https://qcmaint.dimepkairos.com.br https://www.google.com https://5chat.5hub.com.br https://www.dimep.space https://qcmaint.mdcomune.com.br https://www.dimepkairos.com.br https://www.mdcomune.com.br https://www.dimepkairos.pt https://www.dimepkairos.com.mx; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 3 frame-ancestors 'self' http://*.essilor.com https://*.essilor.com; 3 frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com 3 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; worker-src blob: https:; connect-src ws: wss: https:; font-src 'self' https://themes.googleusercontent.com fonts.gstatic.com fonts.googleapis.com *.walkme.com *.cloudfront.net *.tolunastart.com data:; 3 frame-ancestors https://*.rtl.de https://*.sharemagazines.de https://*.sharemagazines-dev.de 3 object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; 3 default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' tracking.netmind-cloud.com *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.start.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self';upgrade-insecure-requests; 3 upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' blog: *.sentry-cdn.com *.callrail.com *.calltrk.com fast.wistia.com googleads.g.doubleclick.net *.marketo.net *.nitroscripts.com nitroscripts.com *.linkedin.com *.licdn.com *.ads-twitter.com *.cloudflareinsights.com *.googletagmanager.com *.gstatic.com *.google.com *.youtube.com *.wellsky.com *.osano.com cmp.osano.com *.calibermind.com cdn.calibermind.com ; 3 frame-ancestors https://*.todsgroup.com 3 connect-src 'self' https://*.hotjar.io wss://ws.hotjar.com cdn.linkedin.oribi.io https://px.ads.linkedin.com *.linkedin.com *.licdn.com *.hotjar.com *.ncino.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com *.google-analytics.com *.pathfactory.com *.6sc.co *.6sense.com *.adnxs.com https://images.ctfassets.net https://assets.ctfassets.net https://adservice.google.com js.zi-scripts.com ws.zoominfo.com *.pusher.com https://idx.liadm.com/idex https://775-trd-708.mktoresp.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://*.algolia.net https://www.google.com https://google.com https://api.consentjs.datagrail.io https://api.contentful.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.ncino.com https://*.hotjar.io wss://ws.hotjar.com cdn.linkedin.oribi.io https://px.ads.linkedin.com *.linkedin.com *.licdn.com *.hotjar.com *.ncino.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com www.google.com https://vercel.live *.pathfactory.com https://www2.ncino.com *.6sc.co cdn.sendergen.com js.zi-scripts.com ws-assets.zoominfo.com *.pusher.com va.vercel-scripts.com/v1/speed-insights/script.debug.js cdn.bizible.com munchkin.marketo.net *.doubleclick.net https://secure.detailsinventivegroup.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.sentry-cdn.com https://api.consentjs.datagrail.io https://www.googleadservices.com https://tags.srv.stackadapt.com; img-src 'self' *.linkedin.com https://www.google.com data: images.ctfassets.net www.googletagmanager.com *.google-analytics.com assets.vercel.com *.wistia.com *.wistia.net *.6sc.co *.pathfactory.com d2iiunr5ws5ch1.cloudfront.net https://cdn.bizible.com https://cdn.bizibly.com https://googleads.g.doubleclick.net; child-src *.wistia.net www.google.com https://vercel.live; style-src 'self' 'unsafe-inline' *.pathfactory.com https://info.ncino.com https://fast.wistia.com https://fast.wistia.net https://tags.srv.stackadapt.com; font-src 'self' data: *.pathfactory.com https://fast.wistia.com https://fast.wistia.net; object-src 'none'; frame-src *.wistia.net www.google.com explore.ncino.com https://vercel.live *.pathfactory.com *.doubleclick.net https://www.googletagmanager.com https://fast.wistia.com https://fast.wistia.net https://info.ncino.com; frame-ancestors 'self' *.wistia.net bankr.cloudforce.com *.ncino.com https://vercel.live https://ncino-fe-preview.vercel.app https://ncino-fe-dev.vercel.app https://app.contentful.com *.salesforce.com *.pathfactory.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; 3 frame-ancestors 'self' *.telekurier.at; 3 default-src 'self' wss: https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.atriumhealth.org https://*.evgnet.com https://*.fortawesome.com https://*.googleapis.com https://*.odeza.com https://atriumhealth.secure.force.com https://atriumhealthbotv4windows.azurewebsites.net https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://clres.s3.amazonaws.com https://code.jquery.com https://dev.virtualearth.net https://developers.google.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://static.cloud.coveo.com https://unpkg.com https://www.bing.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://js.stripe.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.atriumhealth.org https://*.evgnet.com https://*.fortawesome.com https://use.fortawesome.com https://*.googleapis.com https://*.odeza.com https://atriumhealth.us-7.evergage.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://clres.s3.amazonaws.com https://code.jquery.com https://dev.virtualearth.net https://developers.google.com https://maxcdn.bootstrapcdn.com https://r.bing.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://static.cloud.coveo.com https://unpkg.com https://www.bing.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://js.stripe.com; 3 frame-ancestors 'self' *.applytojob.com 3 frame-ancestors 'self' https://*.paperflite.com 3 frame-ancestors self *.deluxe.com deluxe.lookbookhq.com;, default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; 3 base-uri 'self';manifest-src 'self' https://myownconference.com https://cdn.myownconference.com https://myownconference.co https://cdn.myownconference.co;default-src 'self';connect-src 'self' https://cdn.myownconference.com https://cdn.myownconference.co https://client.crisp.chat https://storage.crisp.chat https://sa.searchatlas.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://yoast.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.myownconference.com https://cdn.myownconference.co https://client.crisp.chat https://dashboard.searchatlas.com https://cdn.ampproject.org https://static.cloudflareinsights.com;img-src 'self' data: https://cdn.myownconference.com https://cdn.myownconference.co https://image.crisp.chat https://secure.gravatar.com https://ps.w.org https://s.w.org;style-src 'self' 'unsafe-inline' https://cdn.myownconference.com https://cdn.myownconference.co https://client.crisp.chat https://fonts.googleapis.com;font-src 'self' data: https://cdn.myownconference.com https://cdn.myownconference.co https://client.crisp.chat https://static2.sharepointonline.com https://fonts.gstatic.com;object-src 'self';frame-src 'self' https://support.myownconference.com https://support.myownconference.co https://www.youtube.com;frame-ancestors 'self';form-action 'self';worker-src 'self' blob: https://cdn.myownconference.com https://cdn.myownconference.co;upgrade-insecure-requests 3 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' blob: *; img-src * 'self' blob: data:; connect-src *; font-src *; frame-src *; object-src 'none'; base-uri 'self' https://static-2v.gitbook.com; form-action 'self' https://static-2v.gitbook.com *; frame-ancestors https: ; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.monitor.azure.com *.livechatinc.com https://static.meiqia.com secure-fra.livechatinc.com *.google.com *.gstatic.com/ procentec.com *.procentec.com https://cdn.matomo.cloud https://hms.matomo.cloud https://cdn.cookielaw.org/ https://snap.licdn.com/ https://cdn.leadinfo.net https://*.ldnfrpl.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ *.baidu.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api https://cdn.matomo.cloud; font-src 'self' data: api.stockdio.com *.googletagmanager.com *.gstatic.com https://at.alicdn.com/ https://cdn.leadinfo.net; connect-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.onetrust.com dc.services.visualstudio.com *.azureedge.net *.hms-networks.com https://api.instatus.com *.meiqia.com procentec.com *.procentec.com *.livechatinc.com https://hms.matomo.cloud/ https://cdn.cookielaw.org/ https://px.ads.linkedin.com/ wss://camorope-client-a.meiqia.com/ https://collector.leadinfo.net www.hms-networks.cn https://api.leadinfo.com https://*.ldnfrpl.com https://li-replay.s3-accelerate.amazonaws.com https://www.google.com/ https://pagead2.googlesyndication.com *.baidu.com https://mobile.events.data.microsoft.com/ https://www.googleadservices.com/ https://collector4.leadinfo.net/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com; img-src data: 'self' blob: * *.cookielaw.org https://cdn.cookielaw.org/ https://hm.baidu.com/ https://px.ads.linkedin.com/ https://tenant-assets.meiqiausercontent.com/ https://cdn.livechat-static.com/ https://cdn.livechat-files.com/ https://*.meiqiausercontent.com https://cdn.files-text.com/ https://collector.leadinfo.net https://cdn.leadinfo.net https://www.google.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src 'unsafe-inline' 'self' api.stockdio.com *.googletagmanager.com *.googleapis.com https://cdn.leadinfo.net https://cdn.insight.sitefinity.com https://dec.azureedge.net; frame-src 'self' *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.azureedge.net *.bihl-wiedemann.de secure-fra.livechatinc.com *.google.com https://www.youtube.com warranty.hms-networks-data.com https://td.doubleclick.net/ *.baidu.com; media-src 'self' data: blob: *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.azureedge.net https://static.meiqia.com/; child-src 'self' blob: *.dynamics.com *.cloudinary.com api.stockdio.com *.googletagmanager.com *.hms-networks.com *.bihl-wiedemann.de; style-src-elem 'unsafe-inline' 'self' 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 3 default-src 'self' region1.analytics.google.com *.doubleclick.net my.blendee.com c.blendee.com www.google.com www.ferrero.com acsbapp.com www.google-analytics.com cdn.acsbapp.com region1.google-analytics.com fonts.gstatic.com analytics.ferrero.com privacyportal-eu.onetrust.com static.addtoany.com vod.ferrero.com cdn.cookielaw.org geolocation.onetrust.com ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com; script-src 'self' 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' carewebform-uix.ferrero.com privacyportal-eu-cdn.onetrust.com fonts.googleapis.com cdn.userway.org; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' carewebform-uix.ferrero.com cdn.userway.org tra.neodatagroup.com googleads.g.doubleclick.net c.neodatagroup.com ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com eu-ma.sam4m.com tracker.marinsm.com www.youtube.com www.gstatic.com c.blendee.com www.google.com www.google-analytics.com acsbapp.com analytics.ferrero.com cdn.cookielaw.org www.googletagmanager.com static.addtoany.com cdn.acsbapp.com; img-src 'self' data: blob: carewebform-uix.ferrero.com www.google.be www.youronlinechoices.com cdn.userway.org aax-eu.amazon-adsystem.com tracker.neodatagroup.com www.google.com www.google.it ssl.google-analytics.com www.googletagmanager.com *.doubleclick.net cdn.cookielaw.org privacy-policy.truste.com fonts.gstatic.com lh3.googleusercontent.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' *.onetrust.com www.googletagmanager.com fonts.googleapis.com; object-src 'none'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.userway.org cdn77.api.userway.org www.googletagmanager.com fast.wistia.net fast.wistia.com static.addtoany.com www.facebook.com *.doubleclick.net www.youtube.com www.youtube-nocookie.com geolocation.onetrust.com ssl.google-analytics.com privacyportal-eu-cdn.onetrust.com c.blendee.com www.google.com; connect-src 'self' carewebformbackend.ferrero.com www.googleadservices.com www.google.be ad.doubleclick.net region1.analytics.google.com www.google.com my.blendee.com cdn77.api.userway.org cdn.userway.org www.googletagmanager.com www.googleservices.com googleads.g.doubleclick.net analytics.ferrero.com privacyportal-eu.onetrust.com cdn.cookielaw.org cdn.acsbapp.com region1.google-analytics.com api.userway.org; font-src 'self' 'unsafe-inline' 'unsafe-eval' carewebform-uix.ferrero.com cdn.userway.org cdn77.api.userway.org fonts.gstatic.com; 3 frame-ancestors 'self' https://*.etracker.com https://*.it-nr.de https://*.itk-rheinland.de https://*.duesseldorf.de https://*.rhein-kreis-neuss.de 3 default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com static.cloudflareinsights.com ajax.cloudflare.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 3 frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv https://www.fritz-henkel.com https://fritz-henkel.com dm.henkel-dam.com; 3 frame-ancestors 'self' *.google.com *.googleusercontent.com 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimproveanalytics.com siteimproveanalytics.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com *.formstack.com formstack.com *.google-analytics.com google-analytics.com googletagmanager.com *.googletagmanager.com ajax.googleapis.com http://ajax.googleapis.com *.ajax.googleapis.com *.google.com google.com vercel.live *.vercel.live gateway.id.swg.umbrella.com tockify.com *.tockify.com client.formularynavigator.com *.client.formularynavigator.com netreturns.biz *.netreturns.biz player.vimeo.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com static.cloudflareinsights.com connect.facebook.net *.dynatrace.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com *.ceros.com ceros.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com youtube.com *.youtube.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net azblue.my.site.com *.azblue.my.site.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.googleapis.com *.formstack.com formstack.com *.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com *.ceros.com ceros.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com; img-src 'self' data: assets.azblue.com *.assets.azblue.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com edge.sitecorecloud.io *.edge.sitecorecloud.io *.siteimproveanalytics.io siteimproveanalytics.io google.com *.google.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.ytimg.com *.vimeocdn.com gateway.id.swg.umbrella.com *.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.facebook.com *.my.salesforce-sites.com *.screenmeet.com *.ceros.com ceros.com *.amazonaws.com amazonaws.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com *.googletagmanager.com googletagmanager.com; font-src 'self' data: assets.azblue.com fonts.googleapis.com fonts.gstatic.com *.formstack.com formstack.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.my.salesforce-sites.com *.ceros.com ceros.com azblue.my.site.com *.azblue.my.site.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com; connect-src 'self' assets.azblue.com *.assets.azblue.com edge.sitecorecloud.io *.edge.sitecorecloud.io *.google-analytics.com google-analytics.com *.doubleclick.net doubleclick.net *.siteimproveanalytics.io siteimproveanalytics.io *.cloudflare.com cloudflare.com *.coveo.com coveo.com analytics.google.com siteintercept.qualtrics.com vitals.vercel-insights.com gateway.id.swg.umbrella.com *.dynatrace.com *.my.salesforce-sites.com azblue.secure.force.com *.azblue.secure.force.com bcbsarizona.formstack.com *.ceros.com ceros.com vimeo.com *.vimeo youtube.com *.youtube.com *.sandbox.my.site.com *.sandbox.my.salesforce-scrt.com *.google.com google.com azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com; media-src 'self' assets.azblue.com *.assets.azblue.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.ceros.com ceros.com http://commondatastorage.googleapis.com commondatastorage.googleapis.com *.commondatastorage.googleapis.com; frame-src 'self' *.doubleclick.net *.google.com *.googletagmanager.com tockify.com *.tockify.com client.formularynavigator.com *.client.formularynavigator.com bcbsarizona.formstack.com *.bcbsarizona.formstack.com *.youtube.com youtube.com *.vimeo.com vimeo.com azblue.netreturns.biz netreturns.biz siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.qualtrics.com *.facebook.com *.ceros.com ceros.com vercel.live azblue.my.salesforce-scrt.com *.azblue.my.salesforce-scrt.com azblue.my.site.com *.azblue.my.site.com 3 default-src * http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: portalcloud.oni.pt; frame-ancestors 'self' *.gigas.com portalcloud.oni.pt grupogigas.com;img-src data: 'self' 'unsafe-inline' 'unsafe-eval' http: https:; 3 font-src 'self' themes.googleusercontent.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 3 object-src 'none'; frame-ancestors https://*.neoed.ca https://*.neoed.com https://*.neoed.net https://*.neogov.com https://*.neogov.net https://*.planitpolice.com https://*.powerdms.com https://*.powerdms.net; upgrade-insecure-requests; 3 frame-ancestors 'self' https://app.unbouncepreview.com https://app.unbounce.com https://learn.salfinc.com https://learn.self.inc; 3 default-src *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.thernovotools.com *.thernovotools-preview.com dock.ui.bosch.tech *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src track.securedvisit.com sv.bosch-homecomfort.com track.sv.rkdms.com images.securedvisit.com *.google-analytics.com *.googletagmanager.com *.kameleoon.eu *.kameleoon.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src content.securedvisit.com bosch-tt.kittelberger.net bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src track.sv.rkdms.com content.securedvisit.com api.securedvisit.com *.google-analytics.com *.googletagmanager.com *.kameleoon.io *.kameleoon.eu *.kameleoon.com bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src api.securedvisit.com dqm.crownpeak.com *.thernovotools.com *.thernovotools-preview.com mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: blob:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src 'self' track.securedvisit.com sv.bosch-homecomfort.com mplus-bosch.alo-tech.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.ecorebates.com googleads.g.doubleclick.net www.google.com *.kameleoon.io *.kameleoon.eu *.kameleoon.com *.buderus.com *.googlesyndication.com fi-v2-configs.global.commerce-connector.com api-eu.global.commerce-connector.com www.facebook.com facebook.com wss://*.hotjar.com *.hotjar.io wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech www.bosch-thermotechnology.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.bosch-thermotechnology.com *.hotjar.com px.ads.linkedin.com bat.bing.net bat.bing.com 3 frame-ancestors https://*.builder.io https://builder.io http://localhost:3000 https://*.bodi.com https://*.vercel.app 3 child-src 'self' *.facebook.com connect.facebook.net www.googletagmanager.com *.vidyard.com *.trustarc.com go.jaggaer.com jaggaer.cuvama.com https://*.qualified.com; connect-src 'self' *.googletagmanager.com *.googlesyndication.com pi.pardot.com go.jaggaer.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.trustarc.com *.linkedin.com *.6sense.com secure.adnxs.com js.zi-scripts.com *.6sc.co *.qualified.com ws.zoominfo.com wss://ws.qualified.com play.vidyard.com *.clarity.ms *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' wss://*.qualified.com play.vidyard.com; font-src 'self' *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net *.gstatic.com *.bootstrapcdn.com ; form-action 'self' *.facebook.com connect.facebook.net; frame-src 'self' www.slideshare.net *.facebook.com *.doubleclick.net *.google.com blob: www.google.com play.vidyard.com go.jaggaer.com jaggaer.cuvama.com *.trustarc.com app.qualified.com play.goconsensus.com *.youtube.com www.youtube-nocookie.com *.linkedin.com player.vimeo.com *.soundcloud.com platform.twitter.com www.googletagmanager.com promo.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' pi.pardot.com; img-src 'self' pi.pardot.com *.googlesyndication.com *.youtube.com match.adsrvr.org go.jaggaer.com wec-assets.terminus.services *.ytimg.com *.bing.com *.doubleclick.net *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.vidyard.com data: ts.w.org s.w.org ps.w.org *.linkedin.com *.trustarc.com consent.truste.com *.6sc.co *.clarity.ms https://*.qualified.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; media-src 'self' s.w.org app.qualified.com mediastream:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com https://ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net js.zi-scripts.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self' 'unsafe-inline' *.usbrowserspeed.com *.googlesyndication.com wec-assets.terminus.services tracking.intentsify.io https://*.truste.com https://cdnjs.cloudflare.com https://choices.trustarc.com https://consent.trustarc.com https://connect.facebook.net https://content.linkedin.com https://go.jaggaer.com https://graph.facebook.com https://googletagmanager.com https://js.zi-scripts.com https://js.qualified.com https://js.facebook.com https://j.6sc.co https://okt.to https://play.vidyard.com https://pi.pardot.com https://platform.linkedin.com https://static-exp1.licdn.com https://snap.licdn.com https://static.oktopost.com https://tagmanager.google.com ws-assets.zoominfo.com https://www.gartner.com https://www.googletagmanager.com cdn.jsdelivr.net js.zi-scripts.com *.clarity.ms *.youtube.com platform.twitter.com blob: data: *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'unsafe-inline' ; style-src 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-elem 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-inline' *.licdn.com *.qualified.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com cdn.jsdelivr.net; worker-src 'self' blob: *.qualified.com; upgrade-insecure-requests; 3 frame-ancestors 'self' https://minhaclaro.claro.com.br https://www.clarocadastro.com.br https://clarocadastro.com.br; upgrade-insecure-requests; 3 frame-ancestors 'self'; default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-inline' blob: cdn.lvvwd.com *.lvvwd.com *.juicer.io *.digicert.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net *.facebook.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com *.onelink-edge.com *.youtube.com talkdeskchatsdk.talkdeskapp.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.doubleclick.net *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com *.onelink-edge.com api.talkdeskapp.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com *.googletagmanager.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com *.fbcdn.net *.facebook.net blob: data:; frame-src 'self' *.captionedtext.com *.youtube.com *.doubleclick.net *.google.com *.facebook.com talkdeskchatsdk.talkdeskapp.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 3 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: blob:; 3 default-src 'self' *.crazyegg.com *.survale.com; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.youtube.com/iframe_api https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.recaptcha.net/ *.crazyegg.com *.clarity.ms/ https://static.survale.com/ext/survey.js https://www.google.com/recaptcha/ https://www.clarity.ms/ https://www.googleadservices.com/ https://api.ipify.org/ https://www.recaptcha.net/ https://play.vidyard.com/ http://www.gstatic.cn https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://cdn.syndication.twimg.com/ https://www.marvell.com/ https://script.crazyegg.com/ https://connect.facebook.net/ https://static.addtoany.com/ https://blogs.marvell.com/ https://s.go-mpulse.net/ https://cdn.cookielaw.org/ https://platform.twitter.com/ https://www.google-analytics.com/ https://scripts.demandbase.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.cookielaw.org/scripttemplates/6.1.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.youtube.com https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com assets.adobedtm.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ *.googleapis.com https://ajax.googleapis.com https://code.jquery.com https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/ *.modern.min.js; connect-src 'self' data: https://www.google.com https://geolocation.onetrust.com/ https://app.survale.com/v0/site-settings/1713989634000 https://play.vidyard.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location *.clarity.ms/collect *.crazyegg.com *.marvell.com *.akamaihd.net/ *.akstat.io/ https://tracking.crazyegg.com/ https://c.go-mpulse.net/ https://px.ads.linkedin.com https://analytics.google.com/ https://script.crazyegg.com/ https://ajax.googleapis.com/ajax/libs/ https://marvell.wd1.myworkdayjobs.com https://segments.company-target.com *.js.erb https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com *.omtrdc.net *.demdex.net; img-src 'self' data: *.clarity.ms/ *.crazyegg.com https://c.bing.com/ https://thumbs.bfldr.com/ https://www.facebook.com/ https://picsum.photos/200/300/ https://static.survale.com/survale-logo-black.png https://static.survale.com/ext/assets/graphics/outlines/drop-shadow.png https://static.survale.com/ext/assets/graphics/zoomout.cur https://static.survale.com/ext/assets/graphics/loader.white.gif https://static.survale.com/ext/assets/feedback-buttons/feedback-button-red.png https://static.survale.com/image-uploads/ *.survale.com https://play.vidyard.com/ https://cdn.vidyard.com/ https://i.ytimg.com/ https://marvellsemiconductorprod.112.2o7.net/ *.marvellsemiconductoroneportal.112.2o7.net/ https://blogs.marvell.com/ https://static.addtoany.com/ https://marvell-uat-65.adobecqms.net/ https://syndication.twitter.com/ https://cdn.cookielaw.org/ https://ton.twimg.com/tfw/css/ https://i.vimeocdn.com/ https://pbs.twimg.com/ https://marvellsemiconductorstage.112.2o7.net/ https://platform.twitter.com/css/ https://pbs.twimg.com/card_img/ https://cdn.brandfolder.io https://p.adsymptotic.com https://www.linkedin.com https://img.youtube.com https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com/464526.gif https://segments.company-target.com/ https://px.ads.linkedin.com/ https://match.prod.bidr.io https://www.google.com https://www.google.co.in https://www.google-analytics.com *.everesttech.net *.demdex.net *.omtrdc.net; style-src 'self' 'unsafe-inline' https://blogs.marvell.com/ https://ton.twimg.com/tfw/css/ https://platform.twitter.com/css/ https://platform.twitter.com/css/ https://static.survale.com/ext/assets/survale.min.css https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css; font-src 'self' https://blogs.marvell.com/ https://www.marvell.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ajax/ https://cdnjs.cloudflare.com/* data:; frame-src 'self' https://player.vimeo.com/ https://www.facebook.com/ https://platform.twitter.com/ *.demdex.net *; 3 default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' https://unpkg.com; connect-src 'self' https://unpkg.com; 3 object-src 'none'; img-src * data: blob:; default-src 'self' data: blob: https: *.sentry.io *.stripe.com *.clym.io https://*.hcaptcha.com wss://*.relay.crisp.chat; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' https://*.clym.io https://*.clym-sdk.net https://*.clym-widget.net; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.stripe.com apis.google.com *.clym.io *.clym-sdk.net *.clym-widget.net *.hcaptcha.com *.crisp.chat vercel.live *.googletagmanager.com *.facebook.net googleads.g.doubleclick.net *.ahrefs.com *.g2.com *.redditstatic.com *.licdn.com; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 3 connect-src 'self' *.edenred.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com http://*.xiti.com https://api.websitecarbon.com; font-src 'self' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' *.edenred.com https://cdn.cookielaw.org data: https://api.mapbox.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com; media-src 'self' *.edenred.com; object-src 'self' *.edenred.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://connect.facebook.net cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://connect.facebook.net cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://tagmanager.google.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.edenred.com; report-uri https://www.edenred.com/fr/system/reporting/csp; report-to csp 3 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com https://*.petrolplus.ru https://*.gpc-rus.ru https://*.transitcard.ru https://*.resheno.xyz https://*.petrolplus.kz 3 frame-ancestors 'self' https://*.salt.ch; 3 default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data:; worker-src * blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 3 default-src 'self' http://apps.commbox.io https://apps.commbox.io//launcher/ https://apps.commbox.io https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://login.yahav.co.il; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://apps.commbox.io//Scripts/connect.js https://apps.commbox.io//launcher/ https://apps.commbox.io//Scripts/connect.js https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://apps.commbox.io//Scripts/connect.js https://apps.commbox.io//Scripts/connect.js https://apps.commbox.io///Styles/cb_extentions.css https://fonts.googleapis.com https://fonts.gstatic.com; img-src * 'self' data: https: ; 3 frame-ancestors 'self' http://*.essilorluxottica.com https://*.essilorluxottica.com; 3 frame-ancestors 'self' https://thesource.amcnetworks.com https://www.amcnetworks.com; 3 default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 3 img-src 'self' *.prysmian.com www.google.com www.google.it *.google-analytics.com www.facebook.com *.linkedin.com maps.gstatic.com *.googleapis.com *.ggpht.com *.doubleclick.net img.youtube.com curator-assets.b-cdn.net platform-cdn.sharethis.com www.googletagmanager.com media.corporate-ir.netpx.ads.linkedin.cn beincontact.becloudsolutions.com i.vimeocdn.com l.sharethis.com imgsct.cookiebot.com megaphone.imgix.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prysmian.com www.prysmiangroupcatalogue.com pi.pardot.net rum-static.pingdom.net platform-api.sharethis.com *.cookiebot.com *.hotjar.com static.doubleclick.net googleads.g.doubleclick.net *.adform.net maps.googleapis.com www.googleapis.com jnn-pa.googleapis.com maps.gstatic.com www.gstatic.com www.google.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.facebook.com connect.facebook.net static.xx.fbcdn.net px.ads.linkedin.com syndication.teleborsa.it snap.licdn.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.curator.io cdn.jsdelivr.net buttons-config.sharethis.com platform.twitter.com platform.linkedin.com s3.amazonaws.com pi.pardot.com cdn.livechatinc.com d335luupugsy2.cloudfront.net beincontact.becloudsolutions.com viewer.diagrams.net app.diagrams.net *.cloudfront.net www.scribd.com *.cloudflare.com cdn.babylonjs.com code.jquery.com eu.acsbapp.com blob:; object-src 'self' www.youtube.com; 3 frame-ancestors 'self' fnbo.com *.fnbo.com banking.scsbnet.com *.banking.scsbnet.com banking.houghtonstatebank.com *.banking.houghtonstatebank.com banking.crawfordcountybank.com *.banking.crawfordcountybank.com banking.fsbloomis.com *.banking.fsbloomis.com banking.landmands.com *.banking.landmands.com banking.sibleystatebank.com *.banking.sibleystatebank.com banking.washingtoncountybank.com *.banking.washingtoncountybank.com banking.yorkstatebank.com *.banking.yorkstatebank.com banking.fandmstatebank.com *.banking.fandmstatebank.com banking.fnbodirect.com *.banking.fnbodirect.com 3 frame-ancestors 'self' https://pdftron.sanity.studio; 3 frame-ancestors https://www.iway.ch https://www.sak-digital.ch https://freerideict.ch https://www.crossdata.ch https://www.telcomnet.ch https://www.rhone.ch https://www.uli-l.ch https://www.pc-zbinden.ch https://www.2com.ch https://www.jpag.ch https://www.bluenetsys.ch https://www.bluenetworksystems.ch https://www.agiba.ch https://agiba.ch https://www.ewh.ch https://isptv.ch https://www.isptv.ch https://profifon.ch https://starnet24.com https://www.jobs.ch https://login.ispvoip.ch 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src *; img-src * data: blob:; object-src 'self'; form-action *; frame-ancestors 'self' https://captcha.gecirtnotification.com 3 default-src 'self' https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://acsbapp.com https://widget.datablocks.se; connect-src 'self' https://plausible.io https://acsbapp.com https://*.acsbapp.com wss://ws-eu.pusher.com https://sockjs-eu.push https://widget.datablocks.se https://*.mfn.se; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://*.graphassets.com blob: data:; media-src 'self' https://*.graphassets.com; font-src 'self' https://fonts.gstatic.com data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; upgrade-insecure-requests; 3 object-src 'none'; base-uri 'self'; frame-ancestors 'self' 3 frame-ancestors 'self' wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 3 frame-ancestors 'self' manyavar--dev.sandbox.lightning.force.com manyavar--uat.sandbox.lightning.force.com manyavar.lightning.force.com 3 base-uri 'self' https://portofantwerpbruges.matomo.cloud;child-src 'none';connect-src 'self' https://portofantwerpbruges.matomo.cloud *.sharethis.com https://*.snapchat.com https://sc-static.net https://*.hsforms.net https://*.hubapi.com https://*.hsforms.com https://*.hsappstatic.net https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://*.hs-scripts.com http://*.hs-scripts.com https://*.googlesyndication.com https://*.google-analytics.com https://insights.algolia.io https://www.google-analytics.com https://*.algolia.net https://*.algolianet.com https://*.doubleclick.net https://*.usercentrics.eu https://webapps.portofantwerpbruges.com https://geocode.arcgis.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com wss://*.hotjar.io http://*.hotjar.io https://*.hotjar.io https://*.google.com https://*.linkedin.oribi.io https://www.clarity.ms https://*.clarity.ms https://*.linkedin.com https://data.stbuttons.click https://www.facebook.com;media-src 'self' https://d2csxpduxe849s.cloudfront.net https://media.portofantwerp.com https://media.portofantwerpbruges.com;default-src 'self' https://d2csxpduxe849s.cloudfront.net https://media.portofantwerp.com https://media.portofantwerpbruges.com;font-src 'self' https://sc-static.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;form-action 'self' https://analytics.clickdimensions.com https://www.facebook.com https://*.hsforms.com;frame-ancestors *;frame-src *;img-src 'self' https://portofantwerpbruges.matomo.cloud https://*.hubspotusercontent-eu1.net https://*.snapchat.com https://sc-static.net https://*.hsforms.net https://*.hubapi.com https://*.hsforms.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://*.hsappstatic.net https://*.hs-scripts.com http://*.hs-scripts.com https://*.doubleclick.net https://*.googlesyndication.com *.sharethis.com https://*.amazonaws.com https://cdn.uc.assets.prezly.com https://cdn.uc.assets.hubspot.com https://www.google.be d2csxpduxe849s.cloudfront.net https://media.portofantwerp.com https://media.portofantwerpbruges.com https://*.portofantwerpbruges.com https://www.google-analytics.com https://app.clickdimensions.com www.googletagmanager.com https://*.google.com http://services.arcgisonline.com http://server.arcgisonline.com https://webapps.portofantwerpbruges.com https://unpkg.com https://www.facebook.com https://t.co https://*.twitter.com https://*.linkedin.com https://p.adsymptotic.com https://cdn.jwplayer.com https://*.jwpcdn.com https://www.google.nl https://www.clarity.ms https://*.clarity.ms https://*.bing.com data: https://idloom.events https://www.google.hu https://fonts.gstatic.com https://*.usercentrics.eu;manifest-src 'self';object-src 'none';script-src 'self' https://portofantwerpbruges.matomo.cloud https://cdn.matomo.cloud http://*.hsforms.net https://*.snapchat.com https://sc-static.net https://*.hsforms.net https://*.hubapi.com https://*.hsforms.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hubspot.com https://*.hs-scripts.com http://*.hs-scripts.com https://*.linkedin.com https://*.googlesyndication.com *.sharethis.com https://port-of-antwerp-bruges.involve.me https://*.usercentrics.eu https://www.googletagmanager.com https://www.google-analytics.com https://edge.marker.io https://cdn-us.clickdimensions.com https://analytics.clickdimensions.com https://z.moatads.com 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://cdn.jsdelivr.net https://webapps.portofantwerpbruges.com https://geocode.arcgis.com https://*.google.com https://www.gstatic.com https://snap.licdn.com https://*.ads-twitter.com https://connect.facebook.net wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com wss://*.hotjar.io http://*.hotjar.io https://*.hotjar.io https://www.googleadservices.com https://mfpembedcdnweu.azureedge.net https://*.doubleclick.net https://cdn.jwplayer.com https://*.jwpcdn.com https://www.clarity.ms https://*.clarity.ms https://*.bing.com;style-src 'self' 'unsafe-inline' https://portofantwerpbruges.matomo.cloud https://fonts.googleapis.com https://cdn-us.clickdimensions.com https://unpkg.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://www.googletagmanager.com;worker-src 'self'; 3 default-src 'self' https://b2b-experiences.nequi.com.co/ https://cdnjs.cloudflare.com/ https://b2b-experiences-dev.bancadigital.com.co/ https://b2b-experiences-qa.bancadigital.com.co/ https://captcha-qa.bancadigital.com.co/ https://www.googletagmanager.com/ https://www.clarity.ms/ https://*.dynamicyield.com https://*.dy-api.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://fonts.googleapis.com https://fonts.gstatic.com https://zendesk-eu.my.sentry.io https://web-components-dev.bancadigital.com.co/ https://sdk.twilio.com https://eventgw.twilio.com wss://nequi.zendesk.com wss://voice-js.roaming.twilio.com https://ajax.googleapis.com wss://api.smooch.io https://sdk.twilio.com https://zendesk-eu.my.sentry.io https://media.smooch.io https://api.smooch.io https://nequi.zendesk.com/ https://ekr.zendesk.com https://ekr.zdassets.com https://static.zdassets.com 'unsafe-inline' *.website-files.com cdn.jsdelivr.net https://ajax.googleapis.com fonts.googleapis.com 'unsafe-eval' blob:; script-src-elem 'self' https://b2b-experiences.nequi.com.co/ https://cdnjs.cloudflare.com/ https://b2b-experiences-dev.bancadigital.com.co/ https://captcha-qa.bancadigital.com.co/ https://b2b-experiences-qa.bancadigital.com.co/ https://scripts.clarity.ms/ https://www.clarity.ms/ https://tracker.metricool.com/ wss://nequibotwebsocket.bancadigital.com.co/ https://cdn.prod.website-files.com cdn.prod.website-files.com https://d3e54v103j8qbb.cloudfront.net https://ekr.zdassets.com https://nequi.zendesk.com https://static.zdassets.com https://web-components-qa.bancadigital.com.co/ https://js-cdn.dynatrace.com/ https://apps.usw2.pure.cloud/ https://web-components.nequi.com.co/ https://*.dynamicyield.com 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/* *.visualwebsiteoptimizer.com app.vwo.com https://web-components-dev.bancadigital.com.co/ https://analytics.tiktok.com/ https://ajax.googleapis.com https://www.googletagservices.com/ https://securepubads.g.doubleclick.net/ http://127.0.0.1:5500/ https://us1.clevertap-prod.com/ https://static.elfsight.com/platform/platform.js https://cdn.jsdelivr.net/ https://static.ads-twitter.com https://tpc.googlesyndication.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://s.yimg.com https://www.google.com https://www.gstatic.com/ https://*.cloudfront.net/ https://*.website-files.com/ https://*.zdassets.com/ https://www.googletagmanager.com/; connect-src https://z.clarity.ms/ https://captcha-qa.bancadigital.com.co/ https://b2b-experiences-qa.bancadigital.com.co/ https://a.clarity.ms/ https://v.clarity.ms/ https://mobile-app-assets.nequi.com/ https://static.zdassets.com/ https://o.clarity.ms/collect https://www.googleadservices.com/ https://www.googletagmanager.com/ https://l.clarity.ms/ https://n.clarity.ms/ https://rhaoyl43mj.execute-api.us-east-1.amazonaws.com/ https://rhaoyl43mj.execute-api.us-east-1.amazonaws.com/ https://analytics-ipv6.tiktokw.us/ https://tracker.metricool.com/ wss://nequibotwebsocket.bancadigital.com.co/ https://adservice.google.com/ https://us1.api.clevertap.com/1/counts/profiles.json https://iyl01250.live.dynatrace.com/ wss://websocketchatbot.bancadigital.com.co/ https://bf48591pze.bf.dynatrace.com/ wss://websocketchatbot-qa.bancadigital.com.co/ https://customer-engagement-chatbot-qa.bancadigital.com.co/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://bf64848bdm.bf.dynatrace.com/ https://fileupload.usw2.pure.cloud/ wss://webmessaging.usw2.pure.cloud/ https://api.usw2.pure.cloud/ https://www.google.com/ https://api-cdn.usw2.pure.cloud/ https://customer-engagement-chatbot.bancadigital.com.co https://*.dynamicyield.com https://*.dy-api.com https://analytics.tiktok.com/ https://web-components-dev.bancadigital.com.co/ https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://px.ads.linkedin.com 'self' https://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io wss://voice-js.roaming.twilio.com wss://api.smooch.io https://sdk.twilio.com https://media.smooch.io https://api.smooch.io https://ekr.zendesk.com *.visualwebsiteoptimizer.com app.vwo.com https://securepubads.g.doubleclick.net/ https://nequi-colombia.webflow.io/ https://raw.githubusercontent.com https://ad.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://analytics.google.com https://*.nequi.com.co https://webflow-user-file-uploads-tmp-production.s3.amazonaws.com/ https://webflow.com/ https://s.yimg.com https://stats.g.doubleclick.net https://ekr.zdassets.com/ https://www.google-analytics.com https://nequi.zendesk.com/ https://zendesk-eu.my.sentry.io wss://widget-mediator.zopim.com; media-src https://mobile-app-assets.nequi.com/ https://cdnjs.cloudflare.com/ https://b2b-experiences-qa.bancadigital.com.co/ https://cdn.jsdelivr.net/ https://static.zdassets.com https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com/ https://static.zdassets.com; font-src https://cdn.prod.website-files.com cdn.prod.website-files.com https://assets.website-files.com https://fonts.gstatic.com data:; frame-src https://cdnjs.cloudflare.com/ https://v2assets.zopim.io https://nequitest.nequi.trustx.com https://apps.usw2.pure.cloud/ https://www.facebook.com/ https://www.googletagmanager.com https://heyzine.com/ https://geo-nequi.puntored.co/ https://public.transacciones.com.co/ app.vwo.com *.visualwebsiteoptimizer.com https://cdn.embedly.com/ https://w.soundcloud.com/ https://accounts.google.com/ https://drive.google.com/ https://www.youtube.com/ https://www.instagram.com/ https://status.nequi.com.co/ https://www.google.com/ https://tpc.googlesyndication.com/ https://*.doubleclick.net/; img-src https://cdnjs.cloudflare.com/ https://b2b-experiences-qa.bancadigital.com.co/ https://cdn.jsdelivr.net/ https://fonts.gstatic.com/ https://c.clarity.ms/ https://tracker.metricool.com/ https://cdn.prod.website-files.com cdn.prod.website-files.com https://v2assets.zopim.io https://nequi.zendesk.com https://static.zdassets.com https://adservice.google.com/ https://d3e54v103j8qbb.cloudfront.net/ https://cdn.prod.website-files.com cdn.prod.website-files.com/ https://ad.doubleclick.net 'self' https://www.nequi.com.co https://widget-mediator.zopim.com https://v2assets.zopim.io https://nequi.zendesk.com https://static.zdassets.com https://*.zdusercontent.com https://media.smooch.io https://accounts.zendesk.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.facebook.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google-analytics.com https://cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://www.google.com https://analytics.twitter.com https://t.co https://www.google.com.co https://*.dynamicyield.com data: 3 default-src 'self' https://backend.sbermed.ai https://*.youtube.com https://sber.pro https://yt3.ggpht.com https://*.ytimg.com https://smartcaptcha.yandexcloud.net https://mddc.ai https://mddc.ru https://www.sbermed.ai https://www.mddc.ru https://www.mddc.ai https://sbermed.ai https://mc.yandex.ru https://yandex.ru https://*.rutube.ru https://*.vk.com https://rutube.ru https://vk.com 'unsafe-inline' data: w3.org/svg 3 default-src 'self';frame-src 'self' *.youtube.com https://youtu.be https://www.youtube-nocookie.com *.biomerieux.com *.soundcloud.com *.demdex.net *.adobe.com elearning.easygenerator.com bmx-emlearning.com player.vimeo.com *.google.com https://www.gstatic.com *.doubleclick.net https://www.googletagmanager.com;script-src *.adobe.com https://*.adobedtm.com *.google.com https://www.gstatic.com https://cdn.cookielaw.org *.onetrust.com https://dpm.demdex.net *.youtube.com *.gigya.com *.scene7.com *.biomerieux.com https://www.googletagmanager.com https://munchkin.marketo.net https://connect.facebook.net https://bat.bing.com https://bat.bing.net https://snap.licdn.com https://www.storygize.net https://bh.contextweb.com *.d41.co *.doubleclick.net 'self' 'unsafe-eval' 'unsafe-inline' blob:;img-src 'self' https: data:;style-src *.scene7.com *.biomerieux.com 'self' 'unsafe-inline';connect-src 'self' https:;font-src 'self' data:;media-src 'self' https: blob:; 3 object-src 'none'; report-uri /report-csp-violation 3 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; media-src 'self' blob: https: ; font-src 'self' data: https: ; worker-src 'self' blob: ; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.6sc.co https://*.6sense.com https://*.adroll.com https://marvel-b2-cdn.bc0a.com https://bat.bing.com https://assets.calendly.com https://www.comparably.com https://connect.facebook.net/en_US/fbevents.js https://cdn.cookielaw.org https://*.demandbase.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://plausible.io https://security.imprivata.com https://tracking.intentsify.io https://jobs.jobvite.com https://snap.licdn.com https://*.linkedin.com https://src.litix.io https://app-sj13.marketo.com https://munchkin.marketo.net https://scout-cdn.salesloft.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://js.zi-scripts.com https://pagead2.googlesyndication.com https://ws-assets.zoominfo.com https://js.driftt.com https://widget.drift.com https://www.googleadservices.com https://www.googletagmanager.com https://www.onelink-edge.com; style-src 'self' 'unsafe-inline' blob: https://assets.calendly.com https://fonts.googleapis.com https://security.imprivata.com https://app-sj13.marketo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fast.wistia.com; img-src 'self' data: https://*.6sc.co https://*.6sense.com https://*.adroll.com https://bat.bing.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://google.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://security.imprivata.com https://px.ads.linkedin.com https://app-sj13.marketo.com https://id.rlcdn.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://*.wistia.net https://i.ytimg.com https://segments.company-target.com ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://*.youtube.com; frame-src 'self' https://x.adroll.com https://*.podcasts.apple.com https://demo.arcade.software https://calendly.com https://s.company-target.com https://www.comparably.com https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://security.imprivata.com https://jobs.jobvite.com https://app-sj13.marketo.com https://*.spotify.com https://player.vimeo.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fast.wistia.com https://fast.wistia.net https://*.youtube.com https://js.driftt.com https://widget.drift.com; frame-ancestors 'self'; child-src 'self' blob: https://*.youtube.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.net; connect-src 'self' https://*.6sc.co https://*.6sense.com https://bat.bing.com https://api.company-target.com https://cdn.cookielaw.org https://tag-logger.demandbase.com https://stats.g.doubleclick.net https://*.google-analytics.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.googletagmanager.com https://analytics.google.com https://google.com https://www.google.com https://www.onelink-edge.com https://plausible.io https://px.ads.linkedin.com https://*.litix.io https://geolocation.onetrust.com https://privacyportal.onetrust.com https://scout.salesloft.com https://sentry.io/api/* https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.wistia.com https://fast.wistia.net https://ws.zoominfo.com https://js.zi-scripts.com https://o133414.ingest.us.sentry.io/api/4507454004789248/envelope/; report-uri https://o133414.ingest.us.sentry.io/api/4507454004789248/security/?sentry_key=227a1f1da0ce8dfdc74b1333e0e62a83&sentry_environment=prod; upgrade-insecure-requests 3 default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: mailto: blob:; object-src 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; worker-src blob:; 3 form-action 'self'; frame-ancestors 'self'; 3 default-src 'self'; script-src 'self' https://www.nate.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://main.nateimg.co.kr; object-src 'none'; 3 default-src 'none';object-src 'none';manifest-src 'self';base-uri 'none';style-src 'self' 'unsafe-inline' https://*.cdn.flockler.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/;img-src * data:;media-src 'self' https://media-api.flockler.com/ https://dms.licdn.com/;font-src 'self' https://*.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/;form-action 'self' https://publish.ne.cision.com/Subscription/ https://login.microsoftonline.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://mktdplp102cdn.azureedge.net/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://unpkg.com/@frontify/ https://*.dynamics.com/ https://tietoevry-ext.boost.ai/ https://tietoevry.piwik.pro/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google.com/recaptcha/api.js https://www.google.com/pagead/ https://www.googleadservices.com/ https://s.usea01.idio.episerver.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://sc.lfeeder.com/ https://connect.facebook.net/ https://acdn.adnxs.com/ https://cdn.mookie1.com/ https://az416426.vo.msecnd.net/ https://www.youtube.com/ https://dl.episerver.net/ https://player.vimeo.com/ https://plugins.flockler.com/ https://alb.reddit.com/ https://www.redditstatic.com/ https://bat.bing.com/ https://bat.bing.net https://js.monitor.azure.com/ https://*.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net/;frame-ancestors 'self';frame-src 'self' https://dashboard.find.episerver.net/ https://www.googletagmanager.com/ https://maps.google.com/ https://www.google.com/ https://gfx.tools.investis.com/ https://viz.tools.investis.com/ https://irs.tools.investis.com/ https://tietoevry.dfs.investis.com/ https://tools.euroland.com/ https://tools.eurolandir.com/ https://open.spotify.com/ https://*.svc.dynamics.com/ https://www.youtube.com/ https://vimeo.com/ https://player.vimeo.com/ https://brand.tietoevry.com/ https://td.doubleclick.net/ https://qcnl.tv/;connect-src 'self' https://*.svc.dynamics.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://assets-eur.mkt.dynamics.com/ https://public-eur.mkt.dynamics.com/ https://dc.services.visualstudio.com/ https://brand.tietoevry.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://tietoevry.piwik.pro/ https://api.flockler.app/ https://stats-api.flockler.app/ https://tietoevry-ext.boost.ai/ https://cs.lf-discover.com/ https://www.google.com/ https://ib.adnxs.com/ https://pixel-config.reddit.com/ https://www.redditstatic.com/ https://conversions-config.reddit.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://bat.bing.com/ https://bat.bing.net https://*.clarity.ms https://www.googleadservices.com/ https://googleads.g.doubleclick.net/; 3 default-src * 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com js-agent.newrelic.com pi.pardot.com *.gstatic.com connect.facebook.net *.googletagmanager.com bam.nr-data.net *.google-analytics.com *.clarity.ms bat.bing.com *.spscommerce.com j.6sc.co/6si.min.js googleads.g.doubleclick.net *.intercom.io js.intercomcdn.com *.youtube.com static.ads-twitter.com snap.licdn.com ws.zoominfo.com tag.demandbase.com *.calendly.com *.g2.com *.stackadapt.com *.googleadservices.com *.gaconnector.com acsbapp.com *.6sc.co *.6sense.com *.tfaforms.net *.company-target.com https://google.com *.typeform.com *.intellimize.co tags.srv.stackadapt.com google.com www.google.com https://tags.srv.stackadapt.com https://js.zi-scripts.com blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com bat.bing.com *.stackadapt.com spscommerce.tfaforms.net stackpath.bootstrapcdn.com *.typeform.com *.intellimize.co fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: ps.w.org *.google.com bat.bing.com b.6sc.co *.facebook.com analytics.twitter.com *.spscommerce.com *.linkedin.com match.prod.bidr.io id.rlcdn.com *.company-target.com t.co *.g2.com *.stackadapt.com *.doubleclick.net *.clarity.ms js.intercomcdn.com *.intercomassets.com *.bing.com blubrry.co google.com www.google.ca www.google.com.ph www.googleadservices.com www.google.com.mx bat.bing.net www.google.com blubrry.com www.google.co.nz www.google.com.tr www.google.com.au www.google.hn cdn.honey.io connect.facebook.net www.google.co.uk www.google.com.pr www.google.fi www.google.be www.google.de www.google.sc www.google.com.pk www.google.nl www.google.ru www.google.co.kr www.google.cm www.google.com.sg s.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com www.googletagmanager.com; connect-src 'self' bat.bing.com bam.nr-data.net stats.g.doubleclick.net google-analytics.com ipv6.6sc.co secure.adnxs.com wss://nexus-websocket-a.intercom.io *.clarity.ms api.company-target.com *.facebook.com cdn.linkedin.oribi.io c.6sc.co adservice.google.com ws.zoominfo.com *.intercom.io *.stackadapt.com *.demandbase.com *.gaconnector.com *.linkedin.com *.acsbapp.com acsbapp.com *.tfaforms.net *.company-target.com *.google.com *.typeform.com *.intellimize.co google.com yoast.com www.google.com bat.bing.net www.googleadservices.com www.google.ca region1.google-analytics.com www.google.com.ph www.google.com.pk www.g2.com https://js.zi-scripts.com *.6sense.com https://sourcemap.devowl.io www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com fonts.intercomcdn.com at.alicdn.com stackpath.bootstrapcdn.com data: fonts.googleapis.com; object-src * *.stackadapt.com *.tfaforms.net; media-src * js.intercomcdn.com *.clarity.ms; frame-src 'self' maps.googleapis.com *.youtube.com *.google.com *.facebook.com go.spscommerce.com *.calendly.com *.company-target.com *.demandbase.com calendly.com *.getreprise.com go.pardot.com *.iheart.com *.doubleclick.net youtube.com spscommerce.my.site.com player.captivate.fm *.tfaforms.net intercom-sheets.com universal.accessibe.com www.podbean.com *.typeform.com *.intellimize.co 117822509.intellimizeio.com pwm-image.trendmicro.com bat.bing.com demo.spscommerce.com maps.google.com www.googletagmanager.com; child-src 'self' intercom-sheets.com *.intercom-reporting.com *.youtube.com fast.wistia.net player.vimeo.com www.googletagmanager.com; frame-ancestors * spscommerce.my.site.com https://intercom-sheets.com/; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.spscommerce.com?gdsih-csp-report; 3 connect-src 'self' https://analytics-framework-service.eks.staging.ethos-int.com https://ipinfo.io/json https://segment-api.ethoslife.com https://api.stage.ethoslife.com https://www.ethoslife.com https://api.ethoslife.com https://browser-intake-datadoghq.com https://io.ethoslife.com https://*.ethoslife.com wss://io.ethoslife.com https://www.getethos.com https://api.getethos.com https://io.getethos.com wss://io.getethos.com https://*.ar1d.net https://*.segment.io https://*.bing.com https://*.fullstory.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://google.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://boards-api.greenhouse.io https://api.stripe.com https://*.launchdarkly.com https://*.adroll.com https://*.pinterest.com https://*.katch.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.ar1d.net https://*.optimizely.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://*.ethos.com wss://*.ethos.com https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://*.userway.org https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://*.transcend.io https://late-glade-2372.tines.com https://hooks.torq.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://gum.criteo.com https://*.athenahq.ai; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.userway.org blob: https://*.transcend.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stage.ethoslife.com https://acdn.adnxs.com https://*.ethoslife.com https://*.getethos.com https://*.netlify.com https://*.facebook.com https://*.facebook.net http://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://*.segment.com https://*.bing.com https://*.fullstory.com https://fullstory.com https://*.taboola.com https://*.linkedin.com https://*.licdn.com https://js.stripe.com https://*.quora.com https://*.adroll.com https://*.pinimg.com https://aa.agkn.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://*.cloudfront.net https://*.katch.com https://js.driftt.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.optimizely.com https://assets.customer.io http://tagmanager.google.com/debug http://www.googletagmanager.com https://optimizely.s3.amazonaws.com/ https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://vt.myvisualiq.net https://px.airpr.com/airpr.js https://cdn.pbbl.co https://*.userway.org https://amplify.outbrain.com https://tr.outbrain.com https://*.segment.com https://*.segment.io https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://cdn.riskid.security https://*.transcend.io/ https://www.youtube-nocookie.com/ https://unpkg.com/netlify-cms@%5E2.0.0/dist/netlify-cms.js https://media-library.cloudinary.com https://websitevisitorleads.com https://*.pinterest.com https://*.ethos.com https://dynamic.criteo.com https://*.athenahq.ai; object-src 'self'; frame-src 'self' https://www.googletagmanager.com https://stage.ethoslife.com https://agents.stage.ethoslife.com https://agents.ethoslife.com https://quote-widget.ethoslife.com https://quote-widget.getethos.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ https://js.stripe.com https://d2m2wsoho8qq12.cloudfront.net/ https://hooks.stripe.com https://ethslf.com https://player.vimeo.com https://fast.wistia.net https://www.quotelab.com https://t1.webbconnected.com https://www.emjcd.com https://cj.dotomi.com https://www.mailtrck.com https://www.trcknow.com https://pranwtr.com https://gztkr.mobi https://prformc.com https://www.authoritytrcker.com https://315track.com https://js.driftt.com https://share.intercom.io https://*.optimizely.com https://vars.hotjar.com https://cdn.pbbl.co https://app.storylane.io https://js.storylane.io https://cloudinary.com/ https://console.cloudinary.com/ https://*.userway.org https://www.xol82trk.com https://hackerone.com https://*.transcend.io https://ct.pinterest.com/ https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com https://script.hotjar.com https://*.userway.org; img-src 'self' data: http://www.google-analytics.com http://bat.bing.com https://res.cloudinary.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.ca https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.com https://*.googletagmanager.com https://*.taboola.com https://*.linkedin.com https://create.leadid.com https://data.adxcel-ec2.com https://*.pinterest.com https://*.adroll.com https://*.twitter.com https://*.reddit.com https://*.quora.com https://click.clktraker.com https://pinterest.adsymptotic.com https://*.bluekai.com https://*.rlcdn.com https://*.adnxs.com https://*.nextinsure.com https://*.digitru.st https://*.sharethrough.com https://*.quotelab.com https://*.shmktpl.com https://*.bizographics.com https://*.openx.net https://*.bidswitch.net https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://eb2.3lift.com https://fcmatch.youtube.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://track.customer.io/ https://*.segment.io https://*.hotjar.com https://t.myvisualiq.net https://tapestry.tapad.com https://loadus.exelator.com https://dpm.demdex.net https://dpx.airpr.com https://pixel.pointmediatracker.com/ https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://*.userway.org https://tr.outbrain.com https://pixel.videohub.tv https://rp.liadm.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://i.ytimg.com/; media-src 'self' https://js.intercomcdn.com https://*.userway.org https://res.cloudinary.com; default-src 'self'; worker-src 'self' https://www.datadoghq-browser-agent.com/datadog-rum-v4.js; frame-ancestors https://agents.ethoslife.com; 3 default-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googletagmanager.com *.smartsuppcdn.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.bing.com *.clarity.ms; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hostedstatus.com *.leady.com *.crazyegg.com *.hotjar.com *.hotjar.io wss://*.hotjar.com googleads.g.doubleclick.net *.googlesyndication.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com *.clarity.ms *.licdn.com *.linkedin.com *.seznam.cz *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hotjar.com *.crazyegg.com *.facebook.net *.leady.com c.imedia.cz *.googleadservices.com *.seznam.cz *.smartsuppchat.com *.doubleclick.net *.smartsuppcdn.com *.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com *.bing.com *.clarity.ms *.licdn.com *.linkedin.com; img-src 'self' data: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com *.typekit.net *.gstatic.com *.googletagmanager.com *.facebook.com *.seznam.cz *.smartsuppcdn.com *.maxcdn.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com *.bing.com *.clarity.ms *.licdn.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com *.typekit.net *.googletagmanager.com *.googleapis.com *.gopaycdn.com *.gopaycdn-test.com *.hotjar.com; frame-src *; child-src 'none'; frame-ancestors *; font-src 'self' data: use.typekit.net fonts.gstatic.com *.hotjar.com; object-src 'none'; report-to 'default'; 3 frame-ancestors 'self' https://partner-dev.magasin.dk https://partner.magasin.dk 3 require-trusted-types-for 'script';report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport 3 frame-ancestors 'self' https://www.carmudi.com.ph https://uat.carmudi.com.ph https://uat1.carmudi.com.ph 3 frame-ancestors * ; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 frame-ancestors 'self' https://*.system4travel.com https://*.projectxyz.eu 3 frame-ancestors 'self' https://adobemc.com https://centerparcs.experiencecloud.adobe.com https://experience.adobe.com; 3 default-src 'self'; connect-src 'self' wss://webmessaging.usw2.pure.cloud https://browser-intake-us5-datadoghq.com https://www.googleadservices.com https://*.clarity.ms https://www.facebook.com https://ws.zoominfo.com https://js.zi-scripts.com https://aorta.clickagy.com https://hemsync.clickagy.com https://api.usw2.pure.cloud/ https://api-cdn.usw2.pure.cloud/ https://*.api.sanity.io https://*.apicdn.sanity.io wss://*.api.sanity.io https://csp.withgoogle.com https://google.com https://*.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.gstatic.com https://shop.ezeefiber.com https://api.vercel.com https://vercel.live https://maps.googleapis.com https://fresnel.vimeocdn.com https://sockjs-us3.pusher.com https://*.weglot.com https://cdn-api-weglot.com wss://ws-us3.pusher.com https://recruitingbypaycor.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://bat.bing.com https://amazon-adsystem.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon/ https://paa-reporting-advertising.amazon/ https://www.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com https://mybundle.tv https://www-app-dev.mybundle.tv; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: http://www.gstatic.com https://bat.bing.com https://www.clarity.ms https://connect.facebook.net https://www.facebook.com https://js.zi-scripts.com https://tags.clickagy.com https://*.jquery.com https://apps.usw2.pure.cloud https://www.google.com https://shop.ezeefiber.com https://googleads.g.doubleclick.net https://recruitingbypaycor.com http://recruitingbypaycor.com https://player.vimeo.com https://ezeefiber.speedtestcustom.com/ https://c.speedtestcustom.com https://www.googletagmanager.com https://recruitingbypaycor.com https://f.vimeocdn.com https://maps.googleapis.com https://cdn.weglot.com https://mybundle.tv https://www-app-dev.mybundle.tv https://vercel.live https://www.gstatic.com https://*.hotjar.com http://www.youtube.com https://www.youtube.com https://www.googleadservices.com https://amazon-adsystem.com https://*.amazon-adsystem.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; style-src 'self' 'unsafe-inline' https://vercel.live https://shop.ezeefiber.com https://recruitingbypaycor.com https://ezeefiber.speedtestcustom.com/ https://c.speedtestcustom.com https://fonts.googleapis.com https://cdn.weglot.com https://www.gstatic.com/ *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' blob: data: https://bat.bing.com https://www.facebook.com https://www.google.com https://www.google.com.mx https://www.google.ae https://www.google.co.uk https://lh3.googleusercontent.com https://shop.ezeefiber.com https://www.googletagmanager.com https://cdn.sanity.io https://i.vimeocdn.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.weglot.com https://vercel.live https://vercel.com https://www.gstatic.com https://i.ytimg.com https://insight.adsrvr.org https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; media-src 'self' https://cdn.sanity.io https://player.vimeo.com https://www.youtube.com; frame-src 'self' https://hemsync.clickagy.com https://apps.usw2.pure.cloud https://player.vimeo.com https://www.youtube.com https://ezeefiber.speedtestcustom.com/ https://td.doubleclick.net https://recruitingbypaycor.com https://vercel.live https://www.googletagmanager.com https://mybundle.tv https://www-app-dev.mybundle.tv https://www.google.com https://www.gstatic.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' https://fonts.gstatic.com https://vercel.live https://assets.vercel.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://ezeefiber.speedtestcustom.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google.com https://*.gstatic.com; upgrade-insecure-requests; 3 frame-ancestors 'self' https://*.ally.ac; 3 frame-ancestors 'self' *.umcchurches.org https://trinityoran.org https://enfieldum.org https://canaanum.org https://umclowell.org http://wesleychapelumcreidsville.org https://thearisenetwork.net https://indioumc.org https://sshpumc.org https://www.graceumcmesa.org https://everettumc.org https://unitedchurchofthetford.org https://zionumchurch.com 3 default-src 'self' mychart.org *.mychart.org; script-src 'self' mychart.org *.mychart.org 'unsafe-inline' 'unsafe-eval' stats-test.epic.com stats.epic.com; connect-src 'self' mychart.org *.mychart.org stats-test.epic.com stats.epic.com; style-src 'self' mychart.org *.mychart.org fonts.googleapis.com 'unsafe-inline'; font-src 'self' mychart.org *.mychart.org fonts.gstatic.com; img-src 'self' blob: mychart.org *.mychart.org i.ytimg.com ichart2.epic.com data: stats-test.epic.com stats.epic.com epicpublicsitesqa.blob.core.windows.net epicpublicsitesstg.blob.core.windows.net media.epic.com cfvod.kaltura.com; media-src 'self' mychart.org *.mychart.org cdn.epic.com; frame-src 'self' mychart.org *.mychart.org cdnapisec.kaltura.com; 3 default-src *; font-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://acsbapp.com https://*.googlesyndication.com https://*.marker.io https://*.hsforms.net https://*.cookielaw.org https://*.usefathom.com https://*.techtarget.com https://*.chilipiper.com https://*.googletagmanager.com https://*.revenuehero.io https://*.wistia.com https://*.wistia.net https://*.mend.io https://*.insent.ai https://*.gstatic.com https://*.sentry-cdn.com https://*.clearbit.com https://*.mktoweb.com https://*.marketo.com https://*.6sc.co https://*.licdn.com https://*.google-analytics.com https://*.redditstatic.com https://*.outbrain.com https://*.ads-twitter.com https://*.bing.com https://*.facebook.net https://*.driftt.com https://*.zoominfo.com https://*.ubembed.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.marketo.net https://*.zi-scripts.com https://js.zi-scripts.com https://tags.clickagy.com https://dytzfsedsvijt.cloudfront.net https://*.trendemon.com https://*.teamme.io https://*.teamme.link https://*.navattic.com https://*.doubleclick.net https://*.comeet.co https://*.google.com https://*.googleapis.com https://*.google.pt https://*.google.co https://*.google.com.br https://*.googleadservices.com https://*.jquery.com https://*.madkudu.com https://*.cloudflare.com https://*.bootstrapcdn.com https://*.hotjar.com https://*.omappapi.com https://*.adroll.com https://*.token.awswaf.com https://*.airfleet.co https://hackerone.com https://*.beyondwords.io https://*.brighttalk.com https://*.tofuhq.com; style-src * 'unsafe-inline'; frame-ancestors 'none'; frame-src *; img-src * data: blob: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io; connect-src *; media-src * blob:; 3 frame-ancestors 'self' googleads.g.doubleclick.net www.youtube.com propellerads.com *.propellerads.com; 3 frame-src http://*.hcl-software.com https://*.hcl-software.com https://*.hcltechsw.com https://*.google.com https://*.googletagmanager.com https://*.youtube.com https://www.youtube-nocookie.com https://hclswaichatbot.eu.bigfixaex.ai https://*.terminus.services https://*.webexperiences.com https://*.vercel.app https://player.cloudinary.com https://*.arcade.software https://*.navattic.com https://*.gartner.com/ https://leap.hcl-software.com 3 frame-ancestors 'self' https://*.cloudfront.net/ https://*.inovalon.com https://*.optimizely.com https://www.mdon-line.com/ https://inovalon.canto.com; 3 default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://embed.tawk.to https://salesiq.zoho.com https://css.zohostatic.com https://css.zohocdn.com/* https://css.zohocdn.com/salesiq/styles/fonts/cw/puvi/* https://css.zohocdn.com/salesiq/styles/fonts/cw/* https://css.zohocdn.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://services.ominsure.co.za https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net/* https://css.zohocdn.com https://css.zohostatic.com https://cdn.jsdelivr.net/* https://static.zohocdn.com https://widget.rather.chat https://widget.rather.chat/* https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; img-src 'self' data: https://p.typekit.net https://tawk.link https://tawk.link/* https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com https://services.ominsure.co.za https://*.fls.doubleclick.net https://sp.analytics.yahoo.com https://embed.tawk.to https://embed.tawk.to https://salesiq.zoho.com https://salesiq.zoho https://salesiq.zohopublic.com https://css.zohostatic.com https://css.zohostatic.com/* https://css.zohocdn.com https://analytics.twitter.com/1/i/* https://geo-tracker.trinadsp.co.za/* https://s2s.oldmutual.co.za https://track.adform.net/Serving/TrackPoint/* https://server.seadform.net/serving/cookie/sync/* https://dsp.trinamarketing.co.za/ https://tribalfusion.com/ https://*.tribalfusion.com https://*.twitter.com https://ads-twitter.com https://bat.bing.com https://a.tribalfusion.com https://us4-files.zohopublic.com https://*.company-target.com https://*.rlcdn.com https://flagcdn.com https://flagcdn.com/* https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; frame-src 'self' https://www.oldmutual.co.za/ https://www.oldmutualinvest.com/ https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/ https://services.ominsure.co.za https://registration-oldmutual-oemwebapp-liveness.kyc.business https://alphaweb.iidentifii.com https://secure.myshopper.oldmutual.co.za/ https://checkout.flutterwave.com https://checkout.paystack.com https://online.fliphtml5.com https://manage.ipaygh.com https://app.livestorm.co https://analytics.twitter.com https://*.adform.net https://td.doubleclick.net https://bot-omi-eu.rather.chat/* https://bot-omi-eu.rather.chat https://salesiq.zohopublic.com https://*.company-target.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; connect-src 'self' https://api-eu1.cludo.com/ https://www.google.com https://nba-webchat-server-prod.my.oldmutual.co.za https://cdn.gbqofs.com https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://nba-webchat-server-preprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com https://services.ominsure.co.za https://analytics.google.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://analytics.tiktok.com https://va.tawk.to wss://*.tawk.to wss://vts.zohopublic.com https://salesiq.zoho.com https://salesiq.zohopu https://goals-api.my.oldmutual.co.za https://salesiq.zohopublic.com wss://mpsnare.iesnare.com https://cdn.linkedin.oribi.io/* https://c1001.report.gbss.io https://c2001.report.gbss.io https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://*.eskimi.com https://ams.creativecdn.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://s2s.oldmutual.co.za https://*.demandbase.com https://js-eu1.hs-scripts.com https://api.hubspot.com https://gdpr.loopme.com https://sms.hubtel.com https://*.company-target.com https://google.com https://*.uapoldmutual.co.ug https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://*.zoho.com https://*.rather.chat https://*.rather.chat/* https://maps.googleapis.com/maps/* https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true https://maps.googleapis.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.pagesense.io https://static.zohocdn.com https://customer.cludo.com/ https://salesiq.zohopublic.com https://analytics.twitter.com https://c1001.report.gbss.io https://c2001.report.gbss.io https://cdn.gbqofs.com https://s2s.oldmutual.co.za https://s2s.oldmutual.co.za/static/DhPixel.js https://use.typekit.net https://static.ads-twitter.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://services.ominsure.co.za https://www.youtube.com https://analytics.tiktok.com https://js.paystack.co https://sp.analytics.yahoo.com https://s.yimg.com https://s.yimg.com/wi/ytc.js https://embed.tawk.to https://dsp-media.eskimi.com https://js.zohocdn.com https://s2s.oldmutual.co.za/static/DhPixel.js https://salesiq.zoho.com/widget https://checkout.flutterwave.com *.iovation.com *.iesnare.com https://geo-tracker.trinadsp.co.za/* https://dtm-dre.platform.hicloud.com https://ppscrowd-dra.op.dbankcloud.com https://*.adform.net https://bat.bing.com https://dsp.trinamarketing.co.za/ https://secure.adnxs.com/ https://quantserve.com/quant.js https://tags.creativecdn.com/ http://rtbhouse.com http://rtbhouse.net https://secure.quantserve.com/quant.js https://googleads.g.doubleclick.net https://tag.demandbase.com https://api.company-target.com https://s.company-target.com https://*.dynatrace.com https://*.bf.dynatrace.com https://creativecdn.net https://*.creativecdn.com/* https://*.creativecdn.net/* https://*.demandbase.com https://js-eu1.hs-scripts.com https://api.hubspot.com https://*.loopme.com https://sms.hubtel.com https://*.company-target.com https://widget.rather.chat https://widget.rather.chat/* https://js-cdn.dynatrace.com/jstag/15fc9f135f3/bf62395jrv/a207cbaa8e544abe_complete.js https://js-cdn.dynatrace.com https://www.googletagmanager.com https://ad.doubleclick.net https://www.googleadservices.com; frame-ancestors https://secure.rewards.oldmutual.co.za/ https://customer-site-preprod.eks.my.oldmutual.co.za https://my.oldmutual.co.za https://bot-omi-eu.rather.chat/; media-src 'self' data: https://static.zohocdn.com https://mpsnare.iesnare.com 3 frame-ancestors chrome-extension://mbofgadpoeclogccaclfpdpnclommnmi chrome-extension://ekbmjlhcmklhfndhclgcgpghpgmlcaof chrome-extension://bpamhfbbljgioillepebmmegmjdkaoge chrome-extension://joccojpbogmpagfepecinlmiibacfhlb; 3 img-src 'self' data: https://www.facebook.com https://px.ads.linkedin.com https://library.elementor.com https://gravityforms.s3.amazonaws.com https://s3.amazonaws.com https://api.wpmet.com https://s38924.pcdn.co https://assets.elementor.com https://cdn.gtranslate.net https://store.bdthemes.com https://dashboard.bdthemes.io https://wordpress.org https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org; default-src 'self'; script-src 'self' 'unsafe-inline' https://d.la13-core2.sfdc-lywfpd.salesforceliveagent.com https://d.la1-c2-ord.salesforceliveagent.com https://c.la1-c2-ord.salesforceliveagent.com https://www.googletagmanager.com https://connect.facebook.net https://player.vimeo.com https://snap.licdn.com https://www.google.com https://www.gstatic.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://c.la1-c2-ord.salesforceliveagent.com https://player.vimeo.com https://snap.licdn.com https://d.la13-core2.sfdc-lywfpd.salesforceliveagent.com https://d.la1-c2-ord.salesforceliveagent.com https://www.google.com https://www.gstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://rgsharedweb.s3.amazonaws.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://rgsharedweb.s3.amazonaws.com ; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://player.vimeo.com https://get.purplevrs.com https://library.elementor.com https://get.zpbettertogether.com https://www.google.com https://www.youtube.com blob:; connect-src 'self' https://px.ads.linkedin.com https://www.google-analytics.com https://yoast.com; worker-src 'self' blob:; frame-ancestors 'self' ; upgrade-insecure-requests; 3 frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com https://*.firstcitizens.com 3 frame-ancestors 'self' https://dashboard.sitew.com https://admin.sitew.com https://www.sitew.com; 3 block-all-mixed-content; frame-ancestors 'self' https://dash.cloudflare.com 3 frame-ancestors 'self' *.download.com.vn download.com.vn *.download.vn download.vn *.softvn.com softvn.com *.quantrimang.com quantrimang.com *.meta.vn meta.vn *.vndoc.com vndoc.com *.gamevui.vn gamevui.vn *.hoatieu.vn hoatieu.vn 3 object-src 'self'; frame-ancestors 'self'; 3 default-src * 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net *.google.com *.virtualearth.net *.bing.com *.googleapis.com *.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com code.jquery.com *.facebook.net *.instagram.com analytics.tiktok.com *.abtasty.com secure.quantserve.com rules.quantcount.com quantcast.mgr.consensu.org cmp.quantcast.com cmp.inmobi.com *.trustpilot.com *.googleadservices.com komito.net bat.bing.com *.clarity.ms googleads.g.doubleclick.net *.google-analytics.com static.ads-twitter.com analytics.twitter.com *.adalyser.com use.fontawesome.com snap.licdn.com px.ads.linkedin.com *.playbuzz.com *.seez.dev *.seez.tech *.seez.dk *.ex.co *.infinity-tracking.net *.infinity-tracking.com p.teads.tv go.affec.tv *.permutive.com *.adnxs.com *.monitor.azure.com *.applicationinsights.io *.vo.msecnd.net *.ingest.sentry.io *.pinimg.com *.pinterest.com *.youtube.com *.ytimg.com *.liveperson.net *.lpsnmedia.net widgets-eu.reputation.com ir.tools.investis.com *.eventbrite.co.uk emac-direct.service-plan.co.uk *.jaguarlandrover.com cdn.worldpay.com *.onetrust.com *.netdirector.auto *.netdirector.co.uk s3.amazonaws.com *.list-manage.com *.research-tree.com *.evanshalshaw.com *.stratstone.com *.carstore.com intranet.local *.pendragonplc.com *.pendragonvehiclemanagement.co.uk; frame-src * 'self' data: 'unsafe-inline' *.fls.doubleclick.net *.abtasty.com *.onetrust.com *.pinterest.com ir.tools.investis.com *.evanshalshaw.com *.stratstone.com *.carstore.com; object-src 'none'; font-src 'self' blob: data: *.abtasty.com *.seez.dk *.gstatic.com *.googleapis.com *.netdirector.auto; img-src * 'self' data: blob: pplc-p-001.sitecorecontenthub.cloud *.abtasty.com; child-src * 'self' pplc-p-001.sitecorecontenthub.cloud; connect-src * 'self' data: *.abtasty.com *.ingest.sentry.io *.pinterest.com *.mixpanel.com pplc-p-001.sitecorecontenthub.cloud; worker-src data: blob:; upgrade-insecure-requests; block-all-mixed-content; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.userway.org https://iframely.shorthand.com https://cdn.cookielaw.org https://haymarketimpact.shorthandstories.com https://player.vimeo.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://use.typekit.com https://*.typekit.net; img-src 'self' data: https:; frame-src https://www.youtube.com https://player.vimeo.com https://iframely.shorthand.com; media-src 'self' https://haymarketimpact.shorthandstories.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: ws: wss: http: https:; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tarteaucitron.io https://cdn.tarteaucitron.io https://browser.sentry-cdn.com https://js-de.sentry-cdn.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://region1.google-analytics.com https://region1.analytics.google.com https://widget.trustpilot.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tarteaucitron.io; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://secure.gravatar.com https://tarteaucitron.io https://cdn.tarteaucitron.io https://www.google-analytics.com https://www.google.com https://www.google.fr https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com https://widget.trustpilot.com; connect-src 'self' https://browser.sentry-cdn.com https://js-de.sentry-cdn.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.fr https://www.facebook.com https://widget.trustpilot.com; frame-src 'self' https://tarteaucitron.io https://colisprive.com https://www.googletagmanager.com https://connect.facebook.net https://widget.trustpilot.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://colisprive.com; upgrade-insecure-requests; block-all-mixed-content; 3 frame-ancestors 'self' https://cdn.adkaora.space; 3 base-uri self; frame-ancestors none 3 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://kofax.lightning.force.com https://www.kofax.com https://www.google.co.in https://www.googleadservices.com https://images.g2crowd.com/ https://nytrng.com https://r3.visualwebsiteoptimizer.com https://www.tungstenautomation.com https://www.tungstenautomation.de https://www.tungstenautomation.fr https://www.gstatic.com https://stagecd.tungstenautomation.com https://stagecd.tungstenautomation.fr https://stagecd.tungstenautomation.de https://app.shop.pe https://addshoppers.s3.amazonaws.com https://shopper.shop.pe https://d2mjzob2nc713b.cloudfront.net https://shop.pe https://r1.visualwebsiteoptimizer.com https://shop.pe/widget https://ws.zoominfo.com https://www.linkedin.com https://ad.doubleclick.net https://ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://apps.sitecore.net https://b.6sc.co https://bat.bing.com https://c.6sc.co https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdn.fontawesome.com https://cdn.vidyard.com https://code.jquery.com https://connect.facebook.net https://d30ia583fbtg8i.cloudfront.net https://dev.visualwebsiteoptimizer.com https://dudodiprj2sv7.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://privacyportal-de.onetrust.com https://googleads.g.doubleclick.net https://img.en25.com https://insight.adsrvr.org https://ipv6.6sc.co https://j.6sc.co https://js.adsrvr.org https://js.zi-scripts.com/ https://js.driftt.com https://lift-ai-js.marketlinc.com https://match.adsrvr.org https://media.trustradius.com https://play.vidyard.com https://px.ads.linkedin.com https://rc-sc.js.driftt.com https://s2023.t.eloqua.com https://s7.addthis.com https://site-concierge.driftt.com https://snap.licdn.com https://stats.g.doubleclick.net https://td.doubleclick.net https://8054516.fls.doubleclick.net https://use.fontawesome.com https://visitor-scoring-new.marketlinc.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.trustradius.com https://hook.eu1.make.com https://www.visualize-roi.com https://gateway.zscloud.net https://tungstenautomation--prodtest.sandbox.my.site.com https://tungstenautomation--prodtest.sandbox.lightning.force.com https://kofax--simpdev10.sandbox.my.site.com https://www.youtube.com/iframe_api https://i3.ytimg.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.amazonaws.com https://d2d7do8qaecbru.cloudfront.net https://webto.salesforce.com https://kofax.lightning.force.com https://tungstenautomation--qa.sandbox.lightning.force.com https://tungstenautomation--qa.sandbox.my.site.com https://ob.roundprincemusic.com https://obs.roundprincemusic.com https://manage.safeopt.com https://ondemand.registration.eu.goldcast.io https://regbuilder.eu.goldcast.io https://ws-assets.zoominfo.com/formcomplete.js https://analytics.fatmedia.io https://cdn-0.d41.co https://ff.d41.co https://paapi1685.d41.co https://id.rlcdn.com https://ecf.d41.co https://v2.d41.co https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://r4.visualwebsiteoptimizer.com https://r5.visualwebsiteoptimizer.com https://r6.visualwebsiteoptimizer.com https://adservice.google.com https://conversions-config.reddit.com https://pavff7534.d41.co https://www.youtube.com https://*.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://cdn.dreamdata.cloud https://placehold.co https://dwin1.com https://awin1.com https://zenaps.com https://the.sciencebehindecommerce.com https://wepowerconnections.com https://latern.roeyecdn.com https://latern.roeye.com https://lantern.roeyecdn.com https://lantern.roeye.com https://www.dwin1.com https://www.awin1.com https://www.zenaps.com https://www.the.sciencebehindecommerce.com https://www.wepowerconnections.com https://www.latern.roeyecdn.com https://www.latern.roeye.com https://www.lantern.roeyecdn.com https://www.lantern.roeye.com https://server-side-tagging-27si5ue54a-uc.a.run.app/ https://server-side.tungstenautomation.com http://server-side.tungstenautomation.com https://pagead2.googlesyndication.com; worker-src 'self' blob: https://www.tungstenautomation.com; upgrade-insecure-requests; block-all-mixed-content 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.gstatic.com *.hotjar.com *.doubleclick.net *.arabbank.com *.google.com *.facebook.net *.facebook.com *.googleapis.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google-analytics.com google-analytics.com www.googletagmanager.com www.youtube.com www.linkedin.com linkedin.com instagram.com twitter.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.readspeaker.com data:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.google.com 10.1.228.170 10.1.228.172 www.youtube-nocookie.com youtube-nocookie.com www.youtube.com platform.twitter.com *.arabbank.com embed.typeform.com bid.g.doubleclick.net geo-tracker.ads.memob.com *.readspeaker.com 10.1.30.170 10.1.30.170:15871 tools.eurolandir.com tools.euroland.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.readspeaker.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com google-analytics.com *.googleadservices.com ajax.googleapis.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat analytics.tiktok.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://anaarabi.arabbank.com *.hotjar.com *.doubleclick.net *.google.com *.readspeaker.com www.google-analytics.com google-analytics.com *.googleapis.com *.gstatic.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.facebook.net *.facebook.com *.googletagmanager.com www.google.jo *.googleapis.com *.google-analytics.com google-analytics.com syndication.twitter.com *.gstatic.com *.abwebadmin.com *.arabbank.com geo-tracker.ads.memob.com embed.typeform.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data: blob: ; media-src 'self' blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googleadservices.com *.doubleclick.net *.google.com *.googleapis.com *.readspeaker.com *.facebook.com *.facebook.net script.crazyegg.com 10.1.228.170 10.1.228.172 *.google-analytics.com *.gstatic.com *.googletagmanager.com *.arabbank.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 10.1.30.170:15871 3 frame-ancestors 'self' https://playground.mrf.io 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://vippsmobilepay.boost.ai https://vippsmobilepaytest.boost.ai https://consent.cookiebot.com https://consentcdn.cookiebot.com https://vipps.no https://www.vipps.no https://vipps.se https://www.vipps.se https://mobilepay.dk https://www.mobilepay.dk https://mobilepay.fi https://www.mobilepay.fi; connect-src 'self' https://vippsmobilepay.boost.ai https://vippsmobilepaytest.boost.ai https://consent.cookiebot.com https://consentcdn.cookiebot.com https://zai55r7s.api.sanity.io wss://zai55r7s.api.sanity.io https://api-js.mixpanel.com; style-src 'self' 'unsafe-inline' https://vipps.no https://www.vipps.no https://vipps.se https://www.vipps.se https://mobilepay.dk https://www.mobilepay.dk https://mobilepay.fi https://www.mobilepay.fi; img-src 'self' blob: data: https://vipps.no https://mobilepay.dk https://imgsct.cookiebot.com https://cdn.sanity.io https://i.ytimg.com; font-src 'self' https://designsystem.vipps.io; frame-src 'self' https://consentcdn.cookiebot.com/ https://www.youtube.com/; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://vippsmobilepay-uat.sanity.studio/ https://vippsmobilepay.sanity.studio/ https://www.sanity.io/; upgrade-insecure-requests 3 object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 3 frame-ancestors 'self' https://content.radiosystemscorporation.com; style-src 'self' 'unsafe-inline' * 3 default-src 'self' http: https: ws: wss: data: blob:; frame-ancestors 'self'; script-src 'strict-dynamic' https: 'self'; 3 block-all-mixed-content; frame-ancestors 'none'; 3 base-uri 'self'; default-src https://www.dnshome.de; font-src 'self' data: https:; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://www.paypalobjects.com; script-src 'self' 'unsafe-inline'; style-src 'self'; 3 frame-ancestors 'self' *.amplience.net adm.dynamicyield.eu 3 frame-ancestors self vsadmin.badge.nl 3 connect-src 'self' https://servicios.rnpdigital.com https://analytics.google.com https://*.tawk.to wss://*.tawk.to https://www.youtube.com https://www.google-analytics.com; default-src 'self' https://servicios.rnpdigital.com https://www.rnpdigital.com; form-action 'self' https://servicios.rnpdigital.com https://*.google.com https://*.tawk.to; font-src 'self' data: https://*.tawk.to https://fonts.gstatic.com; frame-ancestors 'self' https://www.rnpdigital.com https://servicios.rnpdigital.com https://www.youtube.com https://www.facebook.com; frame-src 'self' https://*.tawk.to https://www.youtube.com https://www.facebook.com https://servicios.rnpdigital.com; img-src 'self' data: https://*.tawk.to https://cdn.jsdelivr.net https://tawk.link https://s3.amazonaws.com https://www.googletagmanager.com/ https://www.google.co.cr/ https://servicios.rnpdigital.com/ https://www.rnpdigital.com/; media-src 'self' https://*.tawk.to; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://servicios.rnpdigital.com https://www.googletagmanager.com/ https://*.tawk.to https://cdn.jsdelivr.net https://www.google-analytics.com https://www.youtube.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://*.tawk.to https://fonts.googleapis.com https://cdn.jsdelivr.net; 3 upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 3 upgrade-insecure-requests; frame-ancestors 'self' ; report-uri https://cspreports.realpage.com/api/reports/save/violation; 3 default-src 'self'; connect-src *; font-src * data: blob:; media-src * data:; frame-src 'self' mailto: tel: *.acuvue.com *.acuvue.ru *.brightcove.com *.brightcove.net *.doubleclick.net *.eprize.net *.google.com *.googletagmanager.com *.livechatinc.com *.mypurecloud.com *.opinionstage.com *.optimizely.com *.platformsh.site *.qualtrics.com *.valassis.eu *.walkme.com *.walls.io *.yandex.ru *.yandex.com *.youtube.com; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adsrvr.org *.ads-twitter.com *.amazon-adsystem.com *.appsflyer.com *.clarity.ms *.cloudflareinsights.com *.contentsquare.com *.contentsquare.net *.contextweb.com *.cookielaw.org *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jquery.com *.licdn.com *.line-scdn.net *.livechatinc.com *.macromill.com *.mieru-ca.com *.mypurecloud.com *.newrelic.com *.onetrust.com *.optimizely.com *.outbrain.com *.pulseinsights.com *.qualtrics.com *.seznam.cz *.smartnews-ads.com *.tiktok.com *.valassis.eu *.walkme.com *.yahoo.co.jp *.yandex.com *.yandex.ru *.yimg.jp *.youtube.com *.zemanta.com walls.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.gstatic.com *.mypurecloud.com *.onetrust.com *.walkme.com; child-src 'self' blob:; worker-src 'self' blob:; report-to endpoint-1; 3 default-src 'self' www.microsoft.com; script-src 'self' www.microsoft.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.clarity.ms *.google.com www.gstatic.com 204-kzg-685.mktoweb.com bat.bing.com acdn.adnxs.com msamarketing.z22.web.core.windows.net admin.microsoft.com adsuxsiwest.blob.core.windows.net adsuxprodfd-awb5gsddabddbqgv.z01.azurefd.net adsuxsiwestfd-ahfeakeyhtafghd0.z01.azurefd.net *.api.sandbox.ads.microsoft.com *.api.ads.microsoft.com directline.botframework.com petrol-int.office.microsoft.com petrol.office.microsoft.com *.omnichannelengagementhub.com browser.pipe.aria.microsoft.com us-prod.asyncgw.teams.microsoft.com edge.skype.com customervoice.microsoft.com adrecommendation.api.sandbox.ads.microsoft.com adrecommendation.api.ads.microsoft.com res.cdn.office.net; style-src 'self' www.microsoft.com 'unsafe-inline' 204-kzg-685.mktoweb.com; font-src 'self' c.s-microsoft.com www.microsoft.com res-1.cdn.office.net data:; img-src 'self' data: img-prod-cms-rt-microsoft-com.akamaized.net googleads.g.doubleclick.net www.facebook.com px.ads.linkedin.com *.google.com *.google.co * dev-about.ads.microsoft.com qa-about.ads.microsoft.com about.ads.microsoft.com blob:; connect-src 'self' wss: 'unsafe-inline' *.google.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms px.ads.linkedin.com mscom.demdex.net browser.events.data.microsoft.com d.clarity.ms target.microsoft.com dpm.demdex.net *.clarity.ms/collect bat.bing.com dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com *.adnxs.com consentreceiverfd-prod.azurefd.net adsuxprodfd-awb5gsddabddbqgv.z01.azurefd.net adsuxsiwestfd-ahfeakeyhtafghd0.z01.azurefd.net msftenterprise.sc.omtrdc.net westus2-2.in.applicationinsights.azure.com bat.bing.net msamarketing.z22.web.core.windows.net *.microsoft.com adsuxsiwest.blob.core.windows.net *.api.sandbox.ads.microsoft.com *.api.ads.microsoft.com directline.botframework.com petrol-int.office.microsoft.com petrol.office.microsoft.com *.omnichannelengagementhub.com browser.pipe.aria.microsoft.com us-prod.asyncgw.teams.microsoft.com edge.skype.com comms.omnichannelengagementhub.com *.trouter.skype.com *.communication.azure.com us-prod.asyncgw.teams.microsoft.com adrecommendation.api.sandbox.ads.microsoft.com adrecommendation.api.ads.microsoft.com res.cdn.office.net; frame-src 'self' *.google.com * 204-kzg-685.mktoweb.com www.microsoft.com; media-src 'self' blob: dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com; 3 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ams-stage.itchotels.com https://*.affilired.com https://*.denomatic.com https://*.doubleclick.net https://*.google.com https://rum.hlx.page https://cdn.cookielaw.org https://www.googletagmanager.com https://secure.adnxs.com https://web-resources-dyn.offer18a.net https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://readtargeting.com https://secure.datawrkz.com https://connect.facebook.net *.triptease.io https://script.hotjar.com https://static.hotjar.com https://assets.adobedtm.com https://www.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.gstatic.com https://dynamic.criteo.com https://itclimited.sc.omtrdc.net https://sslwidget.criteo.com https://www.youtube.com https://www.jscache.com https://www.tripadvisor.com https://www.tripadvisor.in https://static.tacdn.com; frame-ancestors 'self' https://www.itchotels.com 3 style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://static.searchstax.com https://rtp-static.marketo.com https://use.typekit.net https://static.smartrecruiters.com https://782-qcg-656.mktoweb.com https://p.typekit.net; 3 object-src 'none'; base-uri 'none' 3 frame-ancestors 'self' https://*.medbridge.io https://*.medbridge.com https://*.medbridgeeducation.com https://*.xealth.io; 3 frame-ancestors https://*.realitykings.com 3 default-src 'self' https://*.giosg.com https://*.giosgusercontent.com https://*.interactionbuilder.giosg.com https://*.mouseflow.com; img-src 'self' https://*.mouseflow.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.fi https://*.google.ie https://*.google.nl https://*.bing.com https://*.omtrdc.net https://*.tt.omtrdc.net https://*.onetrust.com https://*.onetrust.eu https://*.demdex.net https://*.everesttech.net https://*.adobedtm.com https://*.facebook.com https://*.linkedin.com https://*.adform.net https://*.g.doubleclick.net https://app.readpeak.com https://*.giosgusercontent.com https://images.ctfassets.net https://bat.bing.net data:; media-src https://*; script-src 'unsafe-inline' 'unsafe-eval' https://*; style-src 'unsafe-inline' 'self' https://*; connect-src https://* wss://*.service.lahitapiola.fi; frame-src https://*; worker-src blob:; child-src https://*.mouseflow.com blob:; font-src 'self' https://*.googleapis.com/ https://*.gstatic.com https://*.giosgusercontent.com https://*.mouseflow.com; 3 upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 3 frame-ancestors 'self' *.voc.ai *.shulex.com 3 img-src * data: blob:; script-src 'self' 'unsafe-eval' cdnjs.cloudflare.com https://api.mapbox.com https://api.tiles.mapbox.com https://cdn.jsdelivr.net https://embed.typeform.com https://npmcdn.com widget.trustpilot.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src *; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self'; upgrade-insecure-requests 3 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src 'self' data: blob: *.wistia.net *.wistia.com *.amazonaws.com embedwistia-a.akamaihd.net; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src 'self' https: blob: data:; frame-ancestors 'self' https://events.bandwidth.com https://app.zuddl.com; style-src * 'unsafe-inline'; worker-src 'self' blob:; font-src 'self' data: blob: *.wistia.net *.wistia.com *.leandata.com *.gstatic.com; 3 frame-ancestors 'self' https://nintex.pathfactory.com https://resources.nintex.com https://pathfactory.nintex.com https://info.nintex.com 3 default-src 'self' https: http: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' https: data:; connect-src 'self' https: wss:; worker-src 'self' blob:; frame-ancestors 'self'; 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests 3 frame-ancestors 'self' *.geant.org geant.org *.geant.net geant.net; frame-src 'self' *.geant.org geant.org *.geant.net geant.net https://mstdn.social https://youtube.com https://*.youtube.com https://*.google.com https://*.google.co.uk https://*.nordu.net https://*.vimeo.com submerse.eu *.submerse.eu https://js.stripe.com https://www.youtube-nocookie.com https://*.revolugo.com https://*.canva.com https://platform.twitter.com https://anchor.fm https://airtable.com https://*.spotify.com https://checkout.freemius.com/ https://chatbot.psnc.pl; report-uri https://csper.geant.org/api/1/security/?glitchtip_key=69dac6024cfb4b528e9c89037d8e03fd 3 default-src 'self' https://css.page-source.com https://www.google-analytics.com https://analytics.google.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' https://fonts.googleapis.com https://analytics.google.com https://www.gstatic.com https://ajax.googleapis.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; upgrade-insecure-requests; 3 frame-ancestors https://*.contentful.com https://www.google.com/ 'self'; 3 frame-ancestors 'self' https://app.kontent.ai http://isolvedhcm.lookbookhq.com https://isolvedhcm.lookbookhq.com http://isolvedhcm.pathfactory.com https://isolvedhcm.pathfactory.com http://pathfactory.isolvedhcm.com https://pathfactory.isolvedhcm.com;frame-src 'self' https://2486383.hs-sites.com https://app.hubspot.com https://s7.addthis.com https://players.brightcove.net https://fast.wistia.net/ https://td.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://www.gartner.com https://www.google.com https://www.googletagmanager.com https://forms.hsforms.com https://forms.office.com https://app.kontent.ai https://forms.monday.com http://isolvedhcm.lookbookhq.com https://isolvedhcm.lookbookhq.com http://isolvedhcm.pathfactory.com https://isolvedhcm.pathfactory.com http://pathfactory.isolvedhcm.com https://pathfactory.isolvedhcm.com https://js.stripe.com https://tribl.io https://platform.twitter.com https://www.youtube.com https://form.jotform.com https://issuu.com/ https://e.issuu.com/ https://fliphtml5.com/ https://*.fliphtml5.com/ https://player.vimeo.com https://www.surveymonkey.com/; 3 frame-ancestors https: 3 default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://js.stripe.com; worker-src 'self' blob:; img-src 'self' data: https://m.nownownow.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.b-cdn.net; media-src 'self' blob: https://m.sive.rs https://*.b-cdn.net; frame-src https://www.youtube-nocookie.com https://js.stripe.com; frame-ancestors 'self'; object-src 'none' 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 3 frame-ancestors *.ooma.com *.ooma.ca https://*.ooma.com https://*.ooma.ca *.talkatone.com https://www.talkatone.com 3 frame-ancestors 'self' https://www.google.com 3 default-src 'self' eviden.com *.eviden.com atos.net *.atos.net yoast.com *.yoast.com 'unsafe-inline' 'unsafe-eval' *.gravatar.com ps.w.org *.matomo.cloud *.marketo.net *.mktoresp.com *.mktoweb.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googleapis.com *.google.fr *.google.com *.gstatic.com cdn-cookieyes.com *.cookieyes.com *.linkedin.com *.licdn.com cdn.linkedin.oribi.io w.soundcloud.com tribl.io gallery.sprinklr.com *.wpml.org; frame-ancestors 'self' eviden.com *.eviden.com atos.net *.atos.net eviden.sharepoint.com; object-src 'none'; font-src 'self' fonts.gstatic.com data: 'unsafe-inline'; img-src 'self' atos.net cdn-cookieyes.com *.linkedin.com *.gstatic.com tribl.io secure.gravatar.com data: 'unsafe-inline'; worker-src 'self' blob: ; 3 frame-ancestors same; report-uri /report-csp-violation 3 img-src * data:; default-src *; style-src * 'unsafe-inline'; worker-src 'self' blob: ; script-src * 'unsafe-inline' 'unsafe-eval' 3 upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src * ;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 3 frame-ancestors 'self' https://*.teemill.com teemill.com 3 frame-ancestors 'self' *.ourbit.com *.ourbit.io *.seebestfirst.com *.seebestsecond.com 3 frame-ancestors 'self' https://*.movavika.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com http://*.webvisor.com https://webvisor.com https://*.webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707147/security/?sentry_key=839cab03978446cdbf603f5f5022e843&sentry_environment=production; report-to csp-endpoint 3 default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.melita.com https://*.melitabusiness.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.zopim.com https://static.zdassets.com https://*.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googleadservices.com https://*.facebook.net https://*.doubleclick.net https://*.addthis.com https://cdn.mxpnl.com https://*.youtube.com https://*.moatads.com https://*.addthisedge.com https://fast.wistia.com https://beacon-v2.helpscout.net https://ekr.zdassets.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://www.googleoptimize.com https://kit.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/11.1.0/jsrsasign-all-min.js https://consent.cookiebot.eu https://consent.cookiebot.com https://cdn-cookieyes.com https://consentcdn.cookiebot.eu; style-src 'self' 'unsafe-inline' https://*.melita.com https://*.melitabusiness.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com *.licdn.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://*.zopim.com https://*.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src * 'self' blob:; form-action 'self' https://*.facebook.com https://*.melita.com; frame-ancestors 'self'; upgrade-insecure-requests; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: maxcdn.bootstrapcdn.com *.klaviyo.com smsapi.7-s.si *.googleapis.com *.gstatic.com www.google.com googletagmanager.com *.googletagmanager.com www.facebook.com connect.facebook.net *.mass.si *.mass-shoes.com *.mass-shoes.at mass-shoes.at bat.bing.com www.google.si assets.adobedtm.com *.cloudfront.net liveupdate.pimcore.org www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net td.doubleclick.net api.instacloud.io business.facebook.com *.paypalobjects.com *.cookiebot.com *.hotjar.com *.hotjar.io creativecdn.com *.google-analytics.com *.pusher.com sessions.bugsnag.com www.youtube.com *.gls-hungary.com *.gls-slovenia.com *.openstreetmap.org *.elfsight.com *.elfsightcdn.com api-js.datadome.co *.analytics.google.com pagead2.googlesyndication.com *.paypal.com *.posta.si *.boxnow.hr x.klarnacdn.net *.klarnaevt.com *.klarna.com; 3 frame-ancestors 'self' https://content.kinaxis.com https://www.kinaxis.com https://kinaxis.com https://*.sharepoint.com https://ssw.live.com https://storage.live.com https://*.search.production.apac.trafficmanager.net https://*.search.production.emea.trafficmanager.net https://*.search.production.us.trafficmanager.net https://*.wns.windows.com https://admin.onedrive.com https://officeclient.microsoft.com https://g.live.com https://oneclient.sfx.ms https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://*.svc.ms *.mpo.com https://*.mpo.com https://www.mpo.com *.mp-objects.com https://*.mp-objects.com https://www.mp-objects.com https://wartsila.cevalogistics.com https://*.cevalogistics.com https://app.drift.com https://core.crazyegg.com https://kinaxis-project.dev.fenix.solutions https://*.lndo.site; report-uri /report-csp-violation 3 default-src 'self' https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai localhost:8888 https://*.sentry.io https://*.facebook.com vitals.vercel-insights.com https://*.hubapi.com https://*.hsforms.com https://*.hs-scripts.com https://*.hsforms.net https://*.hscollectedforms.net https://*.netlify.app https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://*.qualified.com; style-src 'self' 'unsafe-inline' https://diligent.com https://*.diligent.com https://*.sentry.io fonts.googleapis.com vitals.vercel-insights.com https://*.hs-scripts.com https://*.hsforms.net https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com http://*.marketo.com https://*.marketo.com https://*.netlify.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://diligent.com https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai https://*.sentry.io https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com vitals.vercel-insights.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.jquery.com https://*.hs-scripts.com https://*.hsforms.net netlify-cdp-loader.netlify.app http://*.marketo.com https://*.marketo.com https://www.redditstatic.com https://js.zi-scripts.com https://diligent.widget.insent.ai https://*.netlify.app https://cdn.bizible.com https://*.rudderlabs.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://j.6sc.co https://ct.capterra.com https://munchkin.marketo.net https://*.googlesyndication.com https://*.chilipiper.com https://*.crazyegg.com https://*.doubleclick.net https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://js.qualified.com; connect-src 'self' https://diligent.com https://*.diligent.com https://*.flowise.theanswer.ai https://*.theanswer.ai localhost:8888 https://*.sentry.io https://*.facebook.com vitals.vercel-insights.com https://*.hubapi.com https://*.hsforms.com https://*.hs-scripts.com https://*.hsforms.net https://*.hscollectedforms.net https://*.netlify.app https://*.googletagmanager.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://js.zi-scripts.com https://*.zoominfo.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://api.rudderstack.com https://px.ads.linkedin.com https://*.mktoresp.com http://*.mktoresp.com https://*.dataplane.rudderstack.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.chilipiper.com https://*.rudderlabs.com https://*.crazyegg.com https://*.google.com https://*.doubleclick.net https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.optimizely.com https://*.qualified.com wss://*.qualified.com https://bat.bing.com; font-src 'self' https://diligent.com https://*.diligent.com https://*.sentry.io fonts.gstatic.com https://*.hs-scripts.com https://*.hsforms.net data: https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.netlify.app; frame-src 'self' https://diligent.com https://*.diligent.com lastrev.com forms.hsforms.com https://play.vidyard.com https://*.theanswer.ai https://*.flowise.theanswer.ai https://*.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.marketo.com https://diligent.widget.insent.ai https://*.netlify.app https://*.chilipiper.com https://*.fls.doubleclick.net https://www.facebook.com https://*.facebook.com https://*.optimizely.com https://*.cdn.optimizely.com https://cdn.optimizely.com https://cdn3.optimizely.com https://app.optimizely.com https://*.qualified.com; img-src * data: https://diligent.com https://*.diligent.com https://*.googletagmanager.com https://*.ctfassets.net https://*.googletagmanager.com https://*.google-analytics.com https://*.netlify.app https://*.qualified.com; media-src * data:; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com https://*.facebook.com; frame-ancestors 'self' https://lastrev.com https://lr-live-editor.netlify.app https://*.theanswer.ai https://*.flowise.theanswer.ai http://localhost:3333 https://localhost:3333 https://*.sanity.studio https://*.sanity.io https://*.netlify.app https://diligent.com https://*.diligent.com; block-all-mixed-content; upgrade-insecure-requests; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.steelhousemedia.com/ https://*.bazaarvoice.com/ https://mpsnare.iesnare.com/ https://bat.bing.com/ https://cdns.brsrvr.com/ https://*.fullstory.com/ 'unsafe-inline' https://*.krxd.net/ https://h.online-metrix.net/ https://*.igodigital.com/ https://*.certcapture.com/ https://*.qualtrics.com/ https://*.kaspersky-labs.com/ https://s.go-mpulse.net/ https://www.youtube.com/ https://ajax.googleapis.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://*.cookiehub.net https://cdn.cookiehub.eu https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://js.zi-scripts.com https://tags.clickagy.com/;frame-ancestors 'self' *.seismic.com; 3 default-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com https://*.youtube.com https://*.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.linkedin.com https://*.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com https://*.youtube.com https://*.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.linkedin.com https://*.blob.core.windows.net https://siteimproveanalytics.com https://snap.licdn.com https://secure.intelligence-enterprise.com https://public.flourish.studio https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.allenovery.com flo.uri.sh https://*.ceros.com https://cdn.yoshki.com https://cdn.iframe.ly https://*.twitter.com https://*.spotify.com https://*.podbean.com https://*.intelligence-enterprise.com;style-src 'self' 'unsafe-inline' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com https://*.youtube.com https://*.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com;img-src 'self' blob: data: https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.passle.net https://*.ytimg.com https://*.youtube.com https://*.g.doubleclick.net/ https://*.siteimproveanalytics.io https://*.linkedin.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.intelligence-enterprise.com;font-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://*.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com data:;connect-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.vercel-scripts.com https://*.sitecorecloud.io https://cdn.plyr.io https://*.onetrust.com https://px.ads.linkedin.com https://noembed.com https://*.cloudflare.com https://*.g.doubleclick.net https://*.passle.net https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com;object-src 'none';base-uri 'self';form-action 'self';frame-src 'self' https://*.aoshearman.com https://*.gedikeraksoy.com https://*.sitecorecloud.io https://*.allenovery.com flo.uri.sh https://*.ceros.com https://cdn.yoshki.com https://cdn.iframe.ly https://*.twitter.com https://*.spotify.com https://*.podbean.com https://youtube.com https://*.youtube.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com;block-all-mixed-content;upgrade-insecure-requests; 3 frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 3 frame-ancestors 'none';; upgrade-insecure-requests 3 default-src 'self' *; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; object-src 'none'; media-src 'self' https:; frame-src 'self' https:; base-uri 'self'; form-action 'self'; 3 frame-ancestors 'self' https://latitude.sh 3 worker-src 'self' 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ims.tescoinsurance.com ims2.tescotravelmoney.com *.oracleinfinity.io *.oracle.com *.oraclecloud.com *.trustpilot.com *.woopra.com *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.google-analytics.com ; style-src 'self' 'unsafe-inline' *.oracleinfinity.io *.oracle.com *.oraclecloud.com *.googleapis.com apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net *.kampyle.com *.medallia.eu ; img-src 'self' data: blob: * ; child-src 'self' blob: ; font-src 'self' data: * ; connect-src 'self' ims.tescoinsurance.com ims2.tescotravelmoney.com *.oracleinfinity.io *.oracle.com *.oraclecloud.com bam-cell.nr-data.net *.woopra.com *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.lpsnmedia.net *.google.com *.googleapis.com *.qubit.com *.travelex.net *.adobedtm.com *.vo.msecnd.net bat.bing.com c.evidon.com cdn.cookielaw.org *.decibelinsight.net cm.everesttech.net connect.facebook.net dc.services.visualstudio.com *.cloudfront.net *.demdex.net flex.cybersource.com *.g.doubleclick.net *.hotjar.com *.liveperson.net *.tescobank.com *.ensighten.com r.turn.com royalsunallianceinsu.tt.omtrdc.net rsa.d2.sc.omtrdc.net rum-static.pingdom.net service.maxymiser.net *.google-analytics.com stash.qubitproducts.com static.ads-twitter.com static.goqubit.com tescobank.azureedge.net ue.enablermail.com www.facebook.com www.google.co.uk *.googleadservices.com *.googletagmanager.com *.gstatic.com track.omguk.com wss://sync.onfido.com wss://collection.decibelinsight.net mpsnare.iesnare.com *.adnxs.com s.yimg.com *.sociomantic.com *.tiles.mapbox.com api.mapbox.com events.mapbox.com p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu ; frame-src 'self' *.trustpilot.com *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net *.vo.msecnd.net service.maxymiser.net p.teads.tv t.teads.tv cm.teads.tv *.digital-cloud-uk.medallia.eu *.kampyle.com *.medallia.eu apps.commbox.io now.commbox.io js-agent.newrelic.com bam-cell.nr-data.net ; frame-ancestors 'self' *.tescobank.com ; object-src 'self' *.td.doubleclick.net *.fls.doubleclick.net fls.doubleclick.net *.tescobank.com tescobank.demdex.net; media-src 'self' apps.commbox.io ; 3 frame-ancestors 'self' https://* http://* 3 default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https: https://www.gstatic.com; img-src 'self' data: blob: https: https://www.google.com https://www.gstatic.com; font-src 'self' data: https:; frame-src https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://spaces.im https://pixplay.org https://*.pixplay.org https://ru.pixplay.org https://*.ru.pixplay.org https://mvoo.ru https://*.mvoo.ru https://nazone.mobi https://*.nazone.mobi https://mdrako.ru https://*.mdrako.ru https://www.google.com https://www.gstatic.com https://xsolla.com https://*.xsolla.com; frame-ancestors https://vk.com https://*.vk.com https://vk.ru https://*.vk.ru https://spaces.im https://pixplay.org https://*.pixplay.org https://ru.pixplay.org https://*.ru.pixplay.org https://mvoo.ru https://*.mvoo.ru https://nazone.mobi https://*.nazone.mobi https://mdrako.ru https://*.mdrako.ru https://xsolla.com https://*.xsolla.com; connect-src 'self' https: wss: https://www.google.com https://www.gstatic.com https://xsolla.com https://*.xsolla.com; 3 default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 3 default-src 'self'; script-src 'nonce-M0Q2QTkwQjdDMjM5' 'strict-dynamic' https: 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.cookielaw.org *.cookiepro.com *.onetrust.com *.adobedtm.com *.googleapis.com; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; img-src 'self' https: data:; worker-src 'self'; media-src 'self' https://nj-corp-site-resizer.awsmktgint.netjets.com/ https://nj-corp-site-resizer.awsmktgtest.netjets.com/ https://nj-corp-site-resizer.awsmktg.netjets.com/ https://s3.us-east-2.amazonaws.com/netjets-cms-images-int.us-east-2.awsmktgint.netjets.com/ https://s3.us-east-2.amazonaws.com/netjets-cms-images-test.us-east-2.awsmktgtest.netjets.com/ https://s3.us-east-2.amazonaws.com/netjets-cms-images-prod.us-east-2.awsmktg.netjets.com/; font-src https:; form-action 'self' https:; base-uri 'self'; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubb61413121040ab6931e3bb32a195b78a&dd-evp-origin=content-security-policy&ddsource=csp-report; 3 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https: http:; font-src 'self' https: data:; connect-src 'self' https: wss: ws: data: http://127.0.0.1:11100; frame-src 'self' https: blob:; object-src 'none'; base-uri 'self'; media-src 'self' blob: https:; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-src https:; object-src 'none'; frame-ancestors 'self'; form-action 'self' 3 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://webvisor.com http://*.webvisor.com https://*.yandex.ru https://*.yandex.com; 3 default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.xilo.net/api/3/security/?sentry_key=558ec00c6ab34073c96015172684209a 3 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https: dot.niiid.io jobs.b-ite.com cs-assets.b-ite.com; frame-ancestors 'self'; 3 font-src 'self' *.gstatic.com *.cloudflare.com *.sfdcstatic.com *.cstatic.co.za *.lastchance.co.za data:;img-src 'self' *.commercecloud.salesforce.com *.demandware.net *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za googleadservices.com *.googleadservices.com *.gstatic.com *.tiktok.com *.contentsquare.net *.pixlee.com *.pixlee.co *.edgecastcdn.net *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za purecatamphetamine.github.io *.cloudflare.com *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com data: *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.ytimg.com blob:;script-src 'self' 'unsafe-eval' *.googleapis.com *.salesforce.com *.salesforceliveagent.com *.cloudflareinsights.com cloudflareinsights.com *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com vic-m.co *.vic-m.co mimecastprotect.com *.mimecastprotect.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.cloudflare.com *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com unsafe-inline *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.amplitude.com *.lastchance.co.za;frame-src 'self' *.salesforce.com *.salesforceliveagent.com *.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com googleadservices.com *.googleadservices.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com *.pargo.co.za salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;frame-ancestors 'self' *.salesforce.com *.salesforceliveagent.com *.force.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com;script-src-elem 'self' 'unsafe-inline' *.force.com *.lightning.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.secure.force.com *.cloudflareinsights.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com googleadservices.com *.googleadservices.com *.facebook.net *.facebook.com *.youtube.com google.com vic-m.co *.vic-m.co mimecastprotect.com *.mimecastprotect.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.cloudflare.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.jsdelivr.net *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.amplitude.com;connect-src 'self' api.cquotient.com *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za *.demandware.net *.force.com *.salesforce-sites.com *.secure.force.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com *.amplience.net mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.sentry.io *.gitlab.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.amplitude.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.jsdelivr.net unpkg.com *.unpkg.com *.salesforce.com salesforce-sites.com *.salesforce-sites.com *.turnto.eu *.force.com *.secure.force.com *.googletagmanager.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com;style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.jsdelivr.net unpkg.com *.unpkg.com *.salesforce.com salesforce-sites.com *.turnto.eu *.salesforce-sites.com *.force.com *.secure.force.com *.googletagmanager.com criteo.com *.criteo.com pangle-ads.com *.pangle-ads.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com;media-src 'self' *.amplience.net api.cquotient.com *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za *.demandware.net *.force.com development-eu01-capeunion.demandware.net *.salesforce-sites.com *.secure.force.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net *.g.doubleclick.net googlesyndication.com *.googlesyndication.com google.com *.google.com *.google.co.za *.gstatic.com *.tiktok.com *.contentsquare.net *.contentsquare.com *.pixlee.com *.pixlee.co *.facebook.net *.facebook.com *.youtube.com creativecdn.com *.creativecdn.com *.sfdcstatic.com *.turnto.eu *.igodigital.com *.bing.com mobicred.co.za *.mobicred.co.za *.mobicredwidget.co.za *.media.amplience.net *.static.amplience.net *.capeunionmart.co.za *.cstatic.co.za *.paypal.com *.paypalobjects.com salesforce-sites.com *.salesforce-sites.com *.site.com *.sandbox.my.site.com *.salesforce-scrt.com *.srcspot.com *.ytimg.com blob:;worker-src 'self' *.capeunionmart.co.za *.oldkhaki.co.za *.poetrystores.co.za *.lastchance.co.za blob:;child-src 'self' blob:;script-src-attr 'self' 'unsafe-inline';upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;object-src 'none' 3 font-src * data:; 3 default-src 'self'; script-src 'self' https://*.vostok-electra.ru https://vostok-electra.ru https://*.yritz.ru https://yritz.ru https://*.ricso.ru https://ricso.ru https://*.nesko-nv.ru https://nesko-nv.ru https://eric-yanao.ru https://api-maps.yandex.ru https://yastatic.net https://*.yastatic.net https://mc.yandex.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://www.google.com https://google.com https://*.google.com https://www.gstatic.com https://gstatic.com https://*.gstatic.com https://*.gosuslugi.ru https://www.google-analytics.com https://bitrix.info https://*.fontawesome.com https://*.bootstrapcdn.com https://*.jquery.com https://*.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.vostok-electra.ru https://vostok-electra.ru https://*.yritz.ru https://yritz.ru https://*.ricso.ru https://ricso.ru https://*.nesko-nv.ru https://nesko-nv.ru https://eric-yanao.ru https://api-maps.yandex.ru https://yastatic.net https://*.yastatic.net https://mc.yandex.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://www.google.com https://google.com https://*.google.com https://www.gstatic.com https://gstatic.com https://*.gstatic.com https://*.gosuslugi.ru https://www.google-analytics.com https://bitrix.info https://*.fontawesome.com https://*.bootstrapcdn.com https://*.jquery.com https://*.cloudflare.com 'unsafe-inline'; img-src 'self' https://*.vostok-electra.ru https://vostok-electra.ru https://*.yritz.ru https://yritz.ru https://*.ricso.ru https://ricso.ru https://*.nesko-nv.ru https://nesko-nv.ru https://eric-yanao.ru https://api-maps.yandex.ru https://yastatic.net https://*.yastatic.net https://mc.yandex.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://www.google.com https://google.com https://*.google.com https://www.gstatic.com https://gstatic.com https://*.gstatic.com https://*.gosuslugi.ru https://www.google-analytics.com https://bitrix.info https://*.fontawesome.com https://*.bootstrapcdn.com https://*.jquery.com https://*.cloudflare.com data:; font-src 'self' https://*.vostok-electra.ru https://vostok-electra.ru https://*.yritz.ru https://yritz.ru https://*.ricso.ru https://ricso.ru https://*.nesko-nv.ru https://nesko-nv.ru https://eric-yanao.ru https://api-maps.yandex.ru https://yastatic.net https://*.yastatic.net https://mc.yandex.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://www.google.com https://google.com https://*.google.com https://www.gstatic.com https://gstatic.com https://*.gstatic.com https://*.gosuslugi.ru https://www.google-analytics.com https://bitrix.info https://*.fontawesome.com https://*.bootstrapcdn.com https://*.jquery.com https://*.cloudflare.com data:; connect-src 'self' https://*.vostok-electra.ru https://vostok-electra.ru https://*.yritz.ru https://yritz.ru https://*.ricso.ru https://ricso.ru https://*.nesko-nv.ru https://nesko-nv.ru https://eric-yanao.ru https://api-maps.yandex.ru https://yastatic.net https://*.yastatic.net https://mc.yandex.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://www.google.com https://google.com https://*.google.com https://www.gstatic.com https://gstatic.com https://*.gstatic.com https://*.gosuslugi.ru https://www.google-analytics.com https://bitrix.info https://*.fontawesome.com https://*.bootstrapcdn.com https://*.jquery.com https://*.cloudflare.com wss://*.vostok-electra.ru wss://vostok-electra.ru wss://mc.yandex.ru; media-src 'self' https://*.vostok-electra.ru https://vostok-electra.ru https://*.yritz.ru https://yritz.ru https://*.ricso.ru https://ricso.ru https://*.nesko-nv.ru https://nesko-nv.ru https://eric-yanao.ru https://api-maps.yandex.ru https://yastatic.net https://*.yastatic.net https://mc.yandex.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://www.google.com https://google.com https://*.google.com https://www.gstatic.com https://gstatic.com https://*.gstatic.com https://*.gosuslugi.ru https://www.google-analytics.com https://bitrix.info https://*.fontawesome.com https://*.bootstrapcdn.com https://*.jquery.com https://*.cloudflare.com; worker-src 'self'; frame-src 'self' https://*.vostok-electra.ru https://vostok-electra.ru https://*.yritz.ru https://yritz.ru https://*.ricso.ru https://ricso.ru https://*.nesko-nv.ru https://nesko-nv.ru https://eric-yanao.ru https://api-maps.yandex.ru https://yastatic.net https://*.yastatic.net https://mc.yandex.ru https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://www.google.com https://google.com https://*.google.com https://www.gstatic.com https://gstatic.com https://*.gstatic.com https://*.gosuslugi.ru https://www.google-analytics.com https://bitrix.info https://*.fontawesome.com https://*.bootstrapcdn.com https://*.jquery.com https://*.cloudflare.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; object-src 'none' 3 default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' *.global.siteimproveanalytics.io www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.etracker.com; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com info.gesundheitsministerium.gv.at player.vimeo.com; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 3 frame-ancestors 'self' http://localhost:8000 http://*.localhost:8000 https://*.dev.000.ue-ict.net/ https://dev.000.ue-ict.net/ https://*.pre.000.ue-ict.net/ https://pre.000.ue-ict.net/ https://*.universidadeuropea.com/; 3 default-src * 'self' data:; script-src * 'unsafe-inline'; style-src * blob: 'unsafe-inline'; frame-ancestors 'self' app.contentstack.com 3 default-src *.myidx.cloud 'self' *.lfeeder.com sc.lfeeder.com lftracker.leadfeeder.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn *.selective.com *.d41.co tags.srv.stackadapt.com *.imirwin.com px.ads.linkedin.com geo.privacymanager.io cdn.linkedin.oribi.io cdn.cookielaw.org cdn.linkedin.oribi.io *.demandbase.com api.company-target.com geolocation.onetrust.com adservice.google.com www.clarity.ms stats.g.doubleclick.net bam.nr-data.net *.anura.io script.anura.io ads.anura.io www.google-analytics.com *.hotjar.io *.hotjar.com wss://*.hotjar.com www.youtube.com viz.tools.investis.com edge.api.brightcove.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net www.facebook.com lpcdn.lpsnmedia.net ka-f.fontawesome.com ka-p.fontawesome.com *.d41.co customer.selective.com www.google.com segments.company-target.com; img-src *.myidx.cloud 'self' data: *.lfeeder.com *.leadfeeder.com www.google.co.za l.mbs.zip log.pinterest.com tr.lfeeder.com translate.google.com www.google.com.jm www.google.co.uk https://survey-images.hotjar.com www.google.com.jm content.selective.com www.google.com.pe www.google.com.mx www.googleadservices.com photos.prnewswire.com c212.net mma.prnewswire.com tags.srv.stackadapt.com analytics.imirwin.com http://www.selective.com googleads.g.doubleclick.net liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.businesswire.com cts.businesswire.com t.co c.bing.com segments.company-target.com di.rlcdn.com id.rlcdn.com c.clarity.ms px4.ads.linkedin.com p.adsymptotic.com tracking.selective.com www.youtube.com p.adsymptotic.com www.linkedin.com viz.tools.investis.com *.gstatic.com tagmanager.google.com cdn.cookielaw.org www.googletagmanager.com i.ytimg.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com analytics.twitter.com lpcdn.lpsnmedia.net www.rumiview.com customer.selective.com blob:; frame-src *.myidx.cloud 'self' data: tel: www.houzz.com support.google.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net anwebconsole translate.googleapis.com redirect.isolation.zscaler.com login.microsoftonline.com 127.0.0.1 customer.selective.com beuniquelyinsured.selective.com va.shiftstatus.liveperson.net support.google.com va.msghist.liveperson.net va.idp.liveperson.net liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn selective-qa.hclvoltmx.net i.ytimg.com www.youtube.com *.company-target.com view.ceros.com www.facebook.com www.google.com player.vimeo.com otp.tools.investis.com irs.tools.investis.com *.hotjar.com gum.criteo.com lpcdn.lpsnmedia.net bid.g.doubleclick.net td.doubleclick.net va-s.c.liveperson.net https://www.googletagmanager.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net tags.srv.stackadapt.com https://www.googletagmanager.com http://www.google-analytics.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.youtube.com tagmanager.google.com fonts.googleapis.com ka-f.fontawesome.com viz.tools.investis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; font-src *.myidx.cloud 'self' data: croissant-services-data-public-assets-us-east-2-production.s3.us-east-2.amazonaws.com https://script.hotjar.com images.simplycodes.com tagmanager.google.com viz.tools.investis.com fonts.gstatic.com ka-f.fontawesome.com ka-p.fontawesome.com fonts.googleapis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.lfeeder.com *.leadfeeder.com sc.lfeeder.com lftracker.leadfeeder.com *.myidx.cloud *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.mountain.com he70.82omyo.com www.selective.com gs.mountain.com px.mountain.com dx.mountain.com qvdt3feo.com/events.js tags.srv.stackadapt.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn launchpad.privacymanager.io ats-wrapper.privacymanager.io launchpad-wrapper.privacymanager.io static.cloudflareinsights.com *.imirwin.com view.ceros.com static.ads-twitter.com *.d41.co ats.rlcdn.com tag.demandbase.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com static.criteo.net sslwidget.criteo.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net widget.us.criteo.com lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; connect-src *.myidx.cloud 'self' clientstream.launchdarkly.com c.ba.contentsquare.net in.hotjar.com c.ba.contentsquare.net surveystats.hotjar.io https://script.hotjar.com ask.hotjar.io surveystats.hotjar.io segments.company-target.com www.googletagmanager.com region1.google-analytics.com kit.fontawesome.com www.googleadservices.com www.facebook.com wss://va.msg.liveperson.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 privacyportal.onetrust.com analytics.imirwin.com ka-p.fontawesome.com www.clarity.ms px.ads.linkedin.com geolocation.onetrust.com cdn.cookielaw.org liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn www.google.com geo.privacymanager.io api.company-target.com www.google-analytics.com hotjar.com content.hotjar.io tags.srv.stackadapt.com ws.hotjar.com vc.hotjar.io wss://ws.hotjar.com metrics.hotjar.io ads.anura.io script.anura.io; worker-src 'self' selective.com blob:; report-uri https://stageselectiveidx2025.report-uri.com/r/d/csp/reportOnly; style-src-elem 'self' 'unsafe-inline' data: p.typekit.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net fonts.googleapis.com www.gstatic.com tags.srv.stackadapt.com; script-src-elem 'self' 'unsafe-inline' data: *.mountain.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net sc.lfeeder.com www.selective.com gs.mountain.com px.mountain.com dx.mountain.com qvdt3feo.com/events.js tags.srv.stackadapt.com liveassistfor365.com liveperson.com liveperson.net lpsnmedia.net liveengage.net liveengage.com liveper.sn launchpad.privacymanager.io ats-wrapper.privacymanager.io launchpad-wrapper.privacymanager.io static.cloudflareinsights.com *.imirwin.com view.ceros.com static.ads-twitter.com *.d41.co ats.rlcdn.com tag.demandbase.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com static.criteo.net sslwidget.criteo.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net widget.us.criteo.com lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; child-src blob:; 3 default-src * 'unsafe-inline' 'unsafe-eval' data: 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' data: 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 3 default-src 'self' data: blob: https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://cms.globalconnect.net https://cdnjs.cloudflare.com/ajax/libs/lodash.js/ https://unpkg.com/axios/dist/ https://unpkg.com/vue@3/dist/ https://cdnjs.cloudflare.com/ajax/libs/vue/ https://cdnjs.cloudflare.com/ajax/libs/axios/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://*.globalconnect.dk https://globalconnect.fi https://*.globalconnect.fi https://globalconnect.no https://*.globalconnect.no https://*.globalconnect.de https://*.globalconnect.se https://bat.bing.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://apps.mypurecloud.de https://globalconnect-2.mynewsdesk.com/ globalconnect-no.mynewsdesk.com globalconnect-se.mynewsdesk.com globalconnect-fi.mynewsdesk.com globalconnect-de.mynewsdesk.com https://*.adform.net https://s3.amazonaws.com/downloads.mailchimp.com/ https://globalconnect.us1.list-manage.com/ https://snippet.maze.co/maze-universal-loader.js https://snippet.maze.co/static/ https://prompts.maze.co/api/widgets https://chat.kindlycdn.com/; style-src 'unsafe-inline' 'self' https://cms.globalconnect.net https://cdn-images.mailchimp.com; img-src 'self' data: blob: https://cms.globalconnect.net https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://secure.gravatar.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.se/ https://www.google.dk/ https://www.google.fi/ https://www.google.de/ https://www.google.no/ https://www.facebook.com/ https://bat.bing.com/ https://ade.googlesyndication.com https://googleads.g.doubleclick.net/ https://i.ytimg.com https://i.vimeocdn.com https://wp.gcweb.live https://imgsct.cookiebot.com https://ad.doubleclick.net https://static.kindlycdn.com/ https://api-downloads.mypurecloud.de/ https://bot.kindly.ai/ https://ui-avatars.com/ https://attachments.kindlycdn.com; connect-src 'self' https://globalconnect.no https://*.globalconnect.no https://*.globalconnect.dk https://globalconnect.fi https://*.globalconnect.fi https://*.globalconnect.de https://*.globalconnect.se https://api.dataforsyningen.dk/ https://consentcdn.cookiebot.com/ https://yoast.com/ https://api.ip-only.net https://www.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com https://bat.bing.com/ https://api-cdn.mypurecloud.de wss://ws.hotjar.com/ https://content.hotjar.io/ https://metrics.hotjar.io/ https://api.mypurecloud.de wss://webmessaging.mypurecloud.de https://prompts.maze.co/api/widgets https://chat.kindlycdn.com/ https://bot.kindly.ai/ wss://ws-eu.pusher.com/ https://sockjs-eu.pusher.com/ https://storage.googleapis.com/; frame-src 'self' data: blob: https://cms.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://td.doubleclick.net/ https://globalconnect.bbvms.com/ https://player.vimeo.com/ https://response.questback.com/ https://globalconnect-2.mynewsdesk.com/ globalconnect-no.mynewsdesk.com globalconnect-se.mynewsdesk.com globalconnect-fi.mynewsdesk.com globalconnect-de.mynewsdesk.com https://apps.mypurecloud.de https://www.youtube.com/ https://player.vimeo.com/ https://*.doubleclick.net/ https://c1.adform.net https://chat.kindlycdn.com/; media-src 'self' data: blob: https://cms.globalconnect.net https://assets.ip-only.net https://assets.globalconnect.net https://globalconnect.bbvms.com/ https://www.youtube.com/ https://player.vimeo.com/; form-action 'self' https://cms.globalconnect.net; font-src 'self' data: blob: https://assets.ip-only.net/ https://chat.kindlycdn.com/ https://assets.globalconnect.net/; 3 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: d19ayerf5ehaab.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.huffy.com admin.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk s3.lightboxcdn.com forms.huffy.com forms.batchbicycles.com forms.ninerbikes.com forms.buzzbicycles.com apps.bazaarvoice.com apps-stg.bazaarvoice.com cdnjs.cloudflare.com assets.reviews.io *.taggbox.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com *.stripe.com stripe.com *.link.com *.amazon.com admin.huffy.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.certcapture.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.commercepartnerhub.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com td.doubleclick.net 12403326.fls.doubleclick.net js.stripe.com m.stripe.network x.klarnacdn.net recaptcha.google.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net widgets.automizely.com widgets.automizely.io *.gstatic.com *.googleapis.com https://images.unsplash.com *.certcapture.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk apps.bazaarvoice.com apps-stg.bazaarvoice.com network-eu-a.bazaarvoice.com network-eu-stg-a.bazaarvoice.com photos-us.bazaarvoice.com www.lightboxcdn.com s3.lightboxcdn.com forms.huffy.com forms.batchbicycles.com forms.ninerbikes.com forms.buzzbicycles.com bat.bing.com *.google.com *.google.co.uk *.google.ca *.google.eu adservice.google.com guarantee-cdn.com https://p.veritone-ce.com *.taggbox.com *.igodigital.com cdn-cookieyes.com https://*.googlesyndication.com https://bat.bing.net shop.pe shopper.shop.pe app.shop.pe *.facebook.com *.reddit.com *.ads-twitter.com t.co *.twitter.com *.bing.com *.clarity.ms *.google-analytics.com *.googletagmanager.com *.doubleclick.net data: 'self' 'unsafe-inline'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com widgets.automizely.com widgets.automizely.io *.certcapture.com display.ugc.bazaarvoice.com unsafe-inline assets.braintreegateway.com d19ayerf5ehaab.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.network *.stripecdn.com *.amazon.com www.huffy.com admin.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk www.lightboxcdn.com s3.lightboxcdn.com forms.huffy.com forms.batchbicycles.com forms.ninerbikes.com forms.buzzbicycles.com assets.reviews.io widget.reviews.io cdnjs.cloudflare.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com network-eu-a.bazaarvoice.com network-eu-stg-a.bazaarvoice.com s3.amazonaws.com *.tagembed.com https://*.shipearlyapp.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.tagbox.com scontent-iad3-2.cdninstagram.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.magento-datasolutions.com *.magento-ds.com api.automizely.com api.automizely.io *.googleapis.com https://maps.googleapis.com https://player.vimeo.com *.certcapture.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://acsbapp.com cdn.acsbapp.com apps-stg.bazaarvoice.com network-stg-a.bazaarvoice.com network-a.bazaarvoice.com network-eu-a.bazaarvoice.com network-eu-stg-a.bazaarvoice.com *.crazyegg.com adservice.google.com a.clarity.ms www.huffy.com admin.huffy.com bam.nr-data.net js.stripe.com ppm.stripe.com r.stripe.com m.stripe.com x.klarnacdn.net https://*.evergage.com rs.livesession.io api.reviews.co.uk api.reviews.io buzz.attn.tv events.attentivemobile.com app.shop.pe rum-collector-2.pingdom.net *.tagembed.com *.cookieyes.com *.cdn-cookieyes.com cdn-cookieyes.com *.taggbox.com https://*.googlesyndication.com https://bat.bing.net *.lightboxcdn.com forms.huffy.com forms.batchbicycles.com forms.ninerbikes.com forms.buzzbicycles.com 35.85.84.151 3.212.39.155 shopper.shop.pe www.google.com recaptcha.google.com dx.mountain.com nova.collect.igodigital.com api.smartship.io test-api.smartship.io cdn.weglot.com 100.20.58.101 54.156.2.105 18.210.229.244 *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.twitter.com *.ads-twitter.com *.bing.com *.clarity.ms *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com bat.bing.com www.huffy.com admin.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk a.clarity.ms bam.nr-data.net www.google.com commerce.adobedc.net network-a.bazaarvoice.com network-stg-a.bazaarvoice.com network-eu-a.bazaarvoice.com network-eu-stg-a.bazaarvoice.com r.stripe.com api.smartship.io test-api.smartship.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src 'wasm-unsafe-eval' 'unsafe-eval' *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com *.adobe.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com https://rum.hlx.page ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.googleapis.com *.gstatic.com https://maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com forms.huffy.com admin.huffy.com www.huffy.ca www.huffy.co.uk www.buzzbicycles.com www.batchbicycles.com www.batchbicycles.ca www.ninerbikes.com www.ninerbikes.eu www.ninerbikes.co.uk guarantee-cdn.com js.stripe.com x.klarnacdn.net apps-stg.bazaarvoice.com cdn.avmws.com bat.bing.com cdn.evgnet.com acsbapp.com *.crazyegg.com *.lightboxcdn.com forms.batchbicycles.com forms.ninerbikes.com forms.buzzbicycles.com https://api.keen.io www.clarity.ms js-agent.newrelic.com ssl.avmws.com s3.amazonaws.com cdn.attn.tv dx.mountain.com px.mountain.com shop.pe shopper.shop.pe app.shop.pe buzz.attn.tv d2mjzob2nc713b.cloudfront.net addshoppers.s3.amazonaws.com 52.22.50.55 events.attentivemobile.com widget.reviews.io widget.reviews.co.uk rum-static.pingdom.net static.hotjar.com cdn.livesession.io *.igodigital.com *.tagembed.com *.cdn-cookieyes.com cdn-cookieyes.com *.tagbox.com https://*.shipearlyapp.com https://cdn.weglot.com https://cdn.livechatinc.com api.livechatinc.com *.googletagmanager.com *.googleadservices.com *.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.ads-twitter.com *.bing.com *.clarity.ms unpkg.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; 3 default-src 'self' *.techcrunch.com; frame-ancestors 'self'; frame-src 'self' https: data:; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; connect-src 'self' https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; media-src 'self' blob: *.youtube.com *.jetpackdigital.com; font-src 'self' * data:; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; 3 connect-src 'self' www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net analytics.google.com www.google-analytics.com www.redditstatic.com px.ads.linkedin.com js.zi-scripts.com stats.g.doubleclick.net login.microsoftonline.com forms-eu1.hscollectedforms.net forms-eu1.hsforms.com api-eu1.hubapi.com hubspot-forms-static-embed-eu1.s3.amazonaws.com https://tlkfrontprod.azureedge.net toloka.dev sandbox.toloka.dev https://events.framer.com https://framerusercontent.com https://c.bing.com https://*.clarity.ms https://mindrift.ai pixel-config.reddit.com api.framer.com boards-api.greenhouse.io https://agent.tendem.ai;script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.google-analytics.com www.googletagmanager.com www.google.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com bat.bing.com snap.licdn.com www.redditstatic.com js.zi-scripts.com googleads.g.doubleclick.net js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net js-eu1.hsforms.net https://tlkfrontprod.azureedge.net https://framer.com https://framerusercontent.com https://events.framer.com/script https://c.bing.com https://*.clarity.ms https://ga.jspm.io https://app.framerstatic.com https://edit.framer.com https://challenge.framer.com https://*.framer-components.toloka-test.ai https://framer-components.toloka.cloud https://*.workable.com https://dcvxs6ggqztsa.cloudfront.net static.ads-twitter.com https://agent.tendem.ai;style-src 'self' googletagmanager.com fonts.googleapis.com tagmanager.google.com https://tlkfrontprod.azureedge.net https://app.framerstatic.com 'unsafe-inline' https://agent.tendem.ai;img-src https: 'self' data: googletagmanager.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com ssl.gstatic.com www.gstatic.com https://tlkfrontprod.azureedge.net https://agent.tendem.ai;frame-src 'self' td.doubleclick.net bid.g.doubleclick.net www.facebook.com sdx.microsoft.com www.youtube.com youtube.com forms-eu1.hsforms.com https://tlkfrontprod.azureedge.net blob: https://apply.workable.com embed.referral-factory.com www.googletagmanager.com tb.toloka.dev https://edit.framer.com https://framer.com https://job-boards.eu.greenhouse.io;manifest-src 'self' https://tlkfrontprod.azureedge.net;frame-ancestors *.toloka.ai toloka.ai *.toloka-test.ai;report-to default-group;font-src 'self' fonts.gstatic.com https://tlkfrontprod.azureedge.net https://framerusercontent.com https://app.framerstatic.com https://agent.tendem.ai;media-src 'self' https://tlkfrontprod.azureedge.net https://framerusercontent.com https://agent.tendem.ai;base-uri 'self';default-src 'none';object-src embed.referral-factory.com;child-src blob:;style-src-attr 'unsafe-inline';worker-src 'self' blob: data: 3 upgrade-insecure-requests;frame-ancestors 'self'; 3 frame-ancestors 'self' *.storyblok.com; 3 script-src-elem link.sportsgirl.com.au *.wufoo.com *.pinterest.com *.jotform.com *.jotfor.ms *.squarecdn.com https://api.smooch.io/faye https://cdn-widgetsrepository.yotpo.com *.hotjar.com *.rmp.rakuten.com *.facebook.net *.googletagmanager.com *.api.useinsider.com foursixty.com *.adsrvr.org *.scarabresearch.com *.plugins.emarsys.net stockinstore.net *.reloop.com.au *.resultspage.com *.pinimg.com *.bing.com *.tiktok.com *.newrelic.com *.google-analytics.com https://3739-1.sli-r.com/r-api/ https://googleads.g.doubleclick.net *.stockinstore.net *.cloudflare.com https://maps.googleapis.com *.afterpay.com *.addressfinder.io https://www.google.com https://www.gstatic.com *.sli-r.com *.braintreegateway.com *.paypal.com https://ap-gateway.mastercard.com *.zdassets.com https://www.googleadservices.com https://staticw2.yotpo.com https://tpc.googlesyndication.com https://jp-tags.rd.linksynergy.com api.neverbounce.com *.forter.com *.surveymonkey.com *.googleapis.com *.kaltura.com *.creativecdn.com *.sli-spark.com *.useinsider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.jotfor.ms https://cdn-widget-assets.yotpo.com *.sli-r.com https://foursixty.com/ *.resultspage.com *.stockinstore.net https://assets.api.useinsider.com/ *.addressfinder.io https://fonts.googleapis.com https://staticw2.yotpo.com *.creativecdn.com https://cdn-widgetsrepository.yotpo.com *.useinsider.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com 'unsafe-inline' data: *.gstatic.com *.typekit.net *.stockinstore.net *.afterpay.com *.hotjar.com *.useinsider.com *.yotpo.com *.googleapis.com *.jotfor.ms *.slant.co cdn.neverbounce.com *.cdnfonts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * link.sportsgirl.com.au link.sussan.com.au 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.mastercard.com *.adsrvr.org *.useinsider.com *.linksynergy.com *.tiktok.com *.hotjar.com *.doubleclick.net *.demdex.net *.reloop.com.au *.myunidays.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com bid.g.doubleclick.net *.youtube-nocookie.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk * *.sharethis.com *.pinterest.com https://bid.g.doubleclick.net *.cloudflarestream.com videodelivery.net *.surveymonkey.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.paypal.com *.sportsgirl.com.au *.suzannegrae.com.au *.sussan.com.au *.cdninstagram.com *.gstatic.com *.googleapis.com *.google.com *.google.com.au *.google.co.nz *.google.com.ua *.google.by *.google.us *.google.de *.stockinstore.net *.rakuten.com *.afterpay.com *.nr-data.net *.adsrvr.org *.linksynergy.com *.bing.com *.doubleclick.net *.resultspage.com *.resultsstage.com *.resultsdemo.com *.useinsider.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.unidays.world www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.cloudfront.net *.jotfor.ms *.jotform.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.youtube.com https://site-assets.afterpay.com/ *.kaltura.com *.facebook.com https://static.zdassets.com/web_widget/latest/basic_settings_avatar.png www.google.com.ua *.sharethis.com *.pinterest.com *.sli-spark.com https://yotpo-editor-production.s3.amazonaws.com *.creativecdn.com https://barcode.tec-it.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.plugins.emarsys.net *.scarabresearch.com tagmanager.google.com *.paypal.com *.resultspage.com *.resultsstage.com *.resultsdemo.com *.gstatic.com *.google.com *.sli-spark.com *.cloudfront.net *.sli-r.com *.mastercard.com *.googleapis.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.cloudflare.com *.useinsider.com *.livechatinc.com *.adsrvr.org *.newrelic.com *.getwisp.co *.linksynergy.com *.rakuten.com *.afterpay.com *.nr-data.net *.bing.com *.hotjar.com *.tiktok.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.myunidays.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleadservices.com *.yotpo.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.youtube.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk *.squarecdn.com https://hbiq.net songbirdstag.cardinalcommerce.com *.sharethis.com https://rum.hlx.page *.googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.addressfinder.io static.afterpay.com/ tagmanager.google.com fonts.google.com *.googleapis.com *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.afterpay.com *.api.useinsider.com *.reloop.com.au *.hotjar.com unsafe-inline *.yotpo.com *.squarecdn.com assets.braintreegateway.com *.jotfor.ms *.sharethis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.kaltura.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addressfinder.io static.afterpay.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.paypal.com *.braintree-api.com *.braintreegateway.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.cloudflare.com *.googleapis.com *.rakuten.com *.nr-data.net *.useinsider.com *.amplitude.com *.tiktok.com *.hotjar.com *.demdex.net *.everesttech.net *.adobedtm.com *.reloop.com.au *.myunidays.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.cloudfront.net *.forter.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com vimeo.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.cardinalcommerce.com *.google.com google.com *.afterpay.com *.sentry.io *.api.useinsider.com wss://api.smooch.io/faye https://sst.suzannegrae.com.au *.sharethis.com insight.adsrvr.org *.facebook.com *.hotjar.io *.pinterest.com wss://ws.hotjar.com/api/v2/client/ws *.zdassets.com *.bing.com *.zendesk.com *.zendesk-eu.my.sentry.io https://www.google.com.au/ads/* https://www.google.com.au/ analytics.pangle-ads.com *.kaltura.com *.creativecdn.com *.sussan.com.au analytics-ipv6.tiktokw.us https://sst.sportsgirl.com.au *.siteperformancetest.net https://siteperformancetest.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://e350c8f5-2076-4690-909d-d997db0d337e.sansec.watch/; 3 default-src * data: 'unsafe-inline'; frame-ancestors 'self'; 3 object-src 'none'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3 default-src http: https: 'unsafe-inline'; img-src https: 'unsafe-inline' http://wtappscdn.wireless.bell.ca 3 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://ws.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 3 frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; media-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; object-src 'none'; block-all-mixed-content; 3 default-src 'none'; object-src 'self'; media-src blob: https://s3.amazonaws.com https://*.genial.ly https://*.aiaibot.com https://*.elsevier.com https://*.zdassets.com https://*.scene7.com https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://*.userway.org https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com; font-src 'self' data: https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.elfsightcdn.com https://*.med-congress.just-medical.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://elshbe.mediclinic.co.za https://superspider-dev.azurewebsites.net https://*.data.adobedc.net https://extend.vimeocdn.com https://*.sc.omtrdc.net https://*.2o7.net https://assets.adobedtm.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://portal.k8s.preprod.msio.cloud https://*.aiaibot.com https://analytics.tiktok.com https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.yandex.ru https://*.zdassets.com https://analytics-eu.clickdimensions.com https://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.scene7.com https://*.pinimg.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://cdn.dotcy.com.cy https://*.crazyegg.com https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.clever-click.ch https://*.sli.do https://scatec.io https://soundcloud.com/ https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.elfsightcdn.com https://*.doubleclick.net https://analytics.ahrefs.com https://*.med-congress.just-medical.com; connect-src 'self' https://px.ads.linkedin.com/wa https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://adservice.google.com https://analytics.google.com https://*.112.2o7.net https://dpm.demdex.net https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.aiaibot.com https://api.bing.microsoft.com https://analytics.tiktok.com https://*.yandex.ru https://pecontent-health-elsevier-com.s3.amazonaws.com https://*.zdassets.com https://*.elsevier.com https://*.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://cdnjs.cloudflare.com https://*.pinterest.com https://*.medicosearch.ch https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.google-analytics.com https://*.analytics.google.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://*.onetrust.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://ton.twimg.com https://*.clever-click.ch https://scatec.io https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://*.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.snapchat.com https://*.ads-twitter.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://analytics.ahrefs.com https://*.doubleclick.net https://*.med-congress.just-medical.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://mcmebotstorage.blob.core.windows.net https://protect-de.mimecast.com https://*.podigee.com https://*.podigee-cdn.net https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://portal.k8s.preprod.msio.cloud https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://*.crazyegg.com https://ton.twimg.com https://*.userway.org https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.yandex.ru https://*.snapchat.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://analytics.ahrefs.com https://*.med-congress.just-medical.com; frame-src 'self' https://feed.yellow.camera https://*.pinterest.com https://hirslandenag.demdex.net https://portal.k8s.preprod.msio.cloud https://*.medicosearch.ch https://analytics-eu.clickdimensions.com https://*.goreview.co.za https://*.aiaibot.com https://webform.mediclinicsa.co.za https://*.indigo.online https://*.artbutler.com https://*.zvv.ch https://*.genial.ly https://*.3qsdn.com https://*.tourmkr.com https://tourmkr.com https://*.tourextender.ch https://tourextender.ch https://*.podigee.com https://*.podigee-cdn.net https://*.infomaniak.com https://*.business360.ch https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://*.pinimg.com https://*.doubleclick.net https://*.yandex.ru https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com https://*.vimeo.com https://*.brightcove.net https://mixlr.com https://*.mixlr.com https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://createsend.com https://createsend1.com https://*.createsend.com https://*.createsend1.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com https://cdn.dotcy.com.cy https://prodmcmebot.azurewebsites.net https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.info https://*.datahouse.ch https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://www.facebook.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://www.recaptcha.net https://*.ibelsa.com https://*.mediclinic.ae https://*.google.com https://*.elfsightcdn.com https://*.doubleclick.net https://*.med-congress.just-medical.com https://ucrm-app-p.eu.hcnet.biz https://demo.emarsys.net https://*.ucrm-app-p.eu.hcnet.biz https://analytics.ahrefs.com https://*.demo.emarsys.net; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://ton.twimg.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.ads-twitter.com https://*.mediclinic.ae https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://analytics.ahrefs.com https://*.med-congress.just-medical.com; frame-ancestors 'self' https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://*.crazyegg.com https://*.clever-click.ch https://*.sli.do https://*.userway.org https://*.mcme.az.bh.mehilainen.care https://*.powerappsportals.com https://*.linkedin.com https://*.pinterest.com https://*.adform.net https://*.mailxpert.ch https://*.eyevip.ch https://event.hirslanden.ch https://*.ibelsa.com https://*.yandex.ru https://*.snapchat.com https://*.ads-twitter.com https://*.google.com https://*.googletagmanager.com https://*.elfsightcdn.com https://*.doubleclick.net https://analytics.ahrefs.com https://*.mediclinic.ae; 3 frame-ancestors 'self' cooksongold.com cooksongold.answerbase.com cooksongold.services.answerbase.com localhost:3000 avisor.pro *.franceclatdata.fr faq.cooksongold.com 3 default-src https: 'unsafe-inline' 'unsafe-eval' data: wss://ws.hotjar.com https://zn9nu0hwrbff0dgcq-cnhind.siteintercept.qualtrics.com; upgrade-insecure-requests; frame-ancestors 'self' https://prod103.cnhrents.com; https://prod103.newholland.com; https://prod103.casece.com; https://prod103-ce.newholland.com; https://prod103.caseih.com; https://www.cnhrents.com; https://prodstaging.cnhrents.com; https://prodstaging103-ce.newholland.com; https://prodstaging103.newholland.com; https://prodstaging103.caseih.com; https://prodstaging103.casece.com; 3 frame-ancestors 'self' https://m.v12finance.com/ https://sapc.thewosgroup.com; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://secure.quantserve.com/ https://www.instagram.com/ https://app.termly.io/ https://www.google.com/ https://www.gstatic.com/ http://rules.quantcount.com/ http://cdn.scarabresearch.com/ https://assets.juicer.io/ https://www.googletagmanager.com/ http://cdn.scarabresearch.com/ https://cdn.levelaccess.net/ https://www.google-analytics.com/ https://www.googleadservices.com/ http://pixel.quantserve.com/ http://connect.facebook.net/ https://secure-ds.serving-sys.com/ https://s.pinimg.com/ http://xfqprspx.micpn.com/ https://static.bytedance.com/ http://www.lightboxcdn.com/ http://api.lightboxcdn.com/ https://bs.serving-sys.com/ http://www.juicer.io/ https://js.adsrvr.org/; object-src 'none' 3 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-src https:; base-uri 'self'; form-action 'self' https:; worker-src 'self' blob:; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' 'unsafe-hashes'; font-src * data: blob: 'unsafe-inline'; worker-src * 'self' blob: 3 frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com telecharger.tomsguide.fr telecharger.tomshardware.fr; 3 frame-ancestors https://flcourts-admin.ccplatform.net https://flcourts-admin.ccstage.net 3 frame-ancestors 'self' *.carlist.my *.mobil123.com *.one2car.com *.carmudi.co.id *.icarsuite.com *.icarasia.com *.autospinn.com *.wapcar.my *.autofun.co.id *.autofun.co.th *.autofun.vn *.autofun.ph; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org https://www.bnpparibas.de https://brasil.bnpparibas; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.com https://beacon-v2 https://analyticsgroupcom.bnpparibas.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.gstatic.com https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://s.w.org https://wp-rocket.me https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org blob: https://www.google.com/pagead/landing https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://ad.doubleclick.net https://contrib.territories.bnpparibas https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas secure.gravatar.com www.gravatar.com i.ytimg.com data: www.googletagmanager.com; connect-src 'self' https://bnp-privacy.my.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://yoast.com https://cdn.cookielaw.org https://o173685.ingest.sentry.io https://analyticsgroupcom.bnpparibas.com https://contrib.territories.bnpparibas https://www.google.com/pagead/landing https://pagead2.googlesyndication.com https://adservice.google.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com https://fast.wistia.com https://github.com/google/fonts https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas fonts.gstatic.com fonts.googleapis.com data:; media-src 'self' https://asset.mediahub.bnpparibas https://upload.wikimedia.org https://broadcast.mediahub.bnpparibas data: https://mediahub.group.echonet https://my.mediahub.bnpparibas https://cdn-group.bnpparibas.com https://cdn.cookielaw.org https://cdn.territories.bnpparibas; frame-src 'self' https://www.youtube.com https://wp-rocket.me https://open.spotify.com https://www.youtube-nocookie.com https://centric.bnpparibas.com https://13179764.fls.doubleclick.net https://td.doubleclick.net https://gateway.zscalertwo.net https://remove.video https://mozbar.moz.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 3 default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.hubspot.com https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://event.getblue.io https://flashapp.com.br https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hsforms.net https://js.hubspot.com https://platform.linkedin.com https://platform.twitter.com https://s3.amazonaws.com https://script.hotjar.com https://serve.albacross.com/track.js https://snap.licdn.com https://static.hotjar.com https://static.hsappstatic.net https://unpkg.com https://widget.getblue.io https://www.googletagmanager.com https://*.twil.io https://unpkg.com https://js.storylane.io; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://s3.amazonaws.com https://static.hsappstatic.net https://unpkg.com; font-src 'self' https://5938567.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https://5938567.fs1.hubspotusercontent-na1.net https://analytics.google.com https://api.hubapi.com https://api.reclameaqui.com.br https://bat.bing.com https://c.ba.contentsquare.net https://flashapp.com.br https://forms.hsforms.com https://google.com https://js.hs-banner.com https://new-collect.albacross.com https://px.ads.linkedin.com https://server-side-tagging-4xp5wewwsq-uc.a.run.app https://stats.g.doubleclick.net https://us-central1-flash-site-production.cloudfunctions.net https://vc.hotjar.io https://wci-868355199753.us-central1.run.app https://webchat-serverless-9689-dev.twil.io https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com wss://tsock.us1.twilio.com https://*.hubspot.com https://prod.spline.design https://js.hsforms.net https://serverless-pre-sales-chatbot-6734-prd.twil.io; img-src 'self' data: https:; frame-src https://5938567.hs-sites.com https://event.getblue.io https://forms.hsforms.com https://platform.twitter.com https://play.hubspotvideo.com https://server-side-tagging-4xp5wewwsq-uc.a.run.app https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://*.flashapp.site https://app.storylane.io https://www.google.com https://go.vooozer.com; object-src 'none'; base-uri 'self'; form-action 'self' https://forms.hsforms.com;; upgrade-insecure-requests 3 frame-ancestors 'self' https://*.zbj.com https://*.tianpeng.com https://*.chatm.com https://*.mysipo.com https://*.zhubajie.la *.zbjdev.com hljcg.hlj.gov.cn *.qjzbj.com 3 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.sg *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io widgets.tipranks.com site.recognia.com ibkr.paxosclients.com worldtrader.hsbc.ae *.ibkrcampus.com ibkrcampus.com www.ibkrguides.com *.traderstation-international.com; 3 default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;frame-src 'self' *;font-src 'self' * data:;connect-src 'self' *;child-src 'self' * 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.vimeocdn.com *.youtube-nocookie.com *.usefathom.com plausible.io *.pingdom.net *.slideshare.net *.onetrust.com *.libsyn.com *.crazyegg.com *.polyfill.io *.matomo.cloud *.doubleclick.net *.adtran *.adva.com *.advaoptical.com *.pardot.com *.akamaized.net *.cookielaw.org cdn.matomo.cloud *.vimeo.com *.jquery.com cdn.jsdelivr.net *.jsdelivr.net cdn.sheetjs.com *.google.com widget.trustpilot.com *.cloudflare.com cdn.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com *.googleoptimize.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com *.linkedin.com www.clarity.ms www.tiktok.com lf16-tiktok-web.ttwstatic.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com *.twitter.com *.facebook.net *.twimg.com designbysoap.b-cdn.net blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com *.cloudflare.com *.jquery.com *.matomo.cloud cdn.sheetjs.com plausible.io cdn.cookielaw.org *.pingdom.net https://www.google-analytics.com https://pi.pardot.com https://script.crazyegg.com apis.google.com *.gstatic.com https://www.google.com https://web.adtran.com https://region1.google-analytics.com; img-src * 'self' data: blob:; frame-ancestors 'self'; object-src 'none' 3 frame-ancestors deny 3 frame-ancestors 'self' https://speed.blix.com 3 frame-ancestors 'self' https://ntb-centrum.mironet.cz/ https://totem.apps.mironet.cz/ 3 object-src 'self'; block-all-mixed-content; upgrade-insecure-requests; 3 default-src 'none'; script-src 'self' https://cdn.markmonitor.com; connect-src 'self'; img-src 'self' https://cdn.markmonitor.com; style-src 'self' https://cdn.markmonitor.com; base-uri 'self';form-action 'self' 3 default-src 'self'; img-src 'self' *.leandigitalmedia.com amplify.outbrain.com tr.outbrain.com log.outbrain.com sync.outbrain.com merchant-shop.gr *.cloud.adobe.io *.merchant-shop.gr *.mypurecloud.de *.usercentrics.eu pages.worldline.com *.reddit.com wss://*.caas4prd.worldline-solutions.com *.bing.com *.seadform.net *.caas4prd.worldline-solutions.com bit.ly *.blob.core.windows.net callexcellcdn.blob.core.windows.net *.googletagmanager.com *.tiktok.com *.googletagmanager *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.google.com *.g.doubleclick.net *.vimeocdn.com *.vimeo.com dpm.demdex.net dev.day.com cm.everesttech.net worldline.sc.omtrdc.net worldlinesa.tt.omtrdc.net www.gstatic.com *.linkedin.com *.adsymptotic.com *.scene7.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' wss://*.caas4prd.worldline-solutions.com *.bambora.com *.leandigitalmedia.com amplify.outbrain.com *.usercentrics.eu *.caas4prd.worldline-solutions.com *.zdassets.com *.blob.core.windows.net *.callexcellcdn.blob.core.windows.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.zendesk.com cdnjs.cloudflare.com https://google.com *.doubleclick.net *.facebook.com *.g.doubleclick.net track.adform.net *.facebook.net assets.adobedtm.com snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cloudflare.com cdn.jsdelivr.net www.youtube.com ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com *.cloudflare.com files.cdn.leadfamly.com *.ytimg.com *.youtube.com *.jwpsrv.com *.jwpcdn.com *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.doubleclick.net *.pardot.com *.hotjar.io *.hotjar.com *.gstatic.com *.google.com *.worldline.com ajax.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.scene7.com; style-src 'self' 'unsafe-inline' *.bambora.com *.worldline.com wss://*.caas4prd.worldline-solutions.com *.beanstream.com *.caas4prd.worldline-solutions.com *.worldline-solutions.com *.blob.core.windows.net *.fontawesome.com *.lytics.io https://google.com *.fontawesome.com fonts.google.com optimize.google.com play.google.com *.cloudflare.com ssl.p.jwpcdn.com *.googleapis.com *.caas4noprd.worldline-solutions.com *.cloudflare.com *.jwpcdn.com worldline.com maxcdn.bootstrapcdn.com *.scene7.com; connect-src 'self' 'unsafe-inline' data: blob: *.bambora.com amplify.outbrain.com *.leandigitalmedia.com tr.outbrain.com odb.outbrain.com sync.outbrain.com *.adobedc.net *.mypurecloud.com *.mypurecloud.de wss://webmessaging.mypurecloud.de web-worldline-chatbot-api.azurewebsites.net cdn.jsdelivr.net *.bc0a.com ws.zoominfo.com js.zi-scripts.com *.usercentrics.eu *.reddit.com *.redditstatic.com wss://*.caas4prd.worldline-solutions.com *.friendlycaptcha.com *.mktoresp.com *.caas4prd.worldline-solutions.com callexcellcdn.blob.core.windows.net *.linkedin.com worldlinesa.tt.omtrdc.net *.zendesk.com wss://*.zopim.com *.hubspot.com *.hubapi.com *.zdassets.com *.cognigy.ai wss://*.cognigy.ai *.zendesk.com https://google.com *.tiktok.com *.googlesyndication.com *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.net *.googleadservices.com *.google.com *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.g.doubleclick.net six.enterprisebot.co *.fontawesome *.hotjar.io *.spotify.com *.apple.com wss://*.caas4noprd.worldline-solutions.com *.worldline-solutions.com *.scene7.com worldlinesa.demdex.net dpm.demdex.net *.cloud.adobe.io *.tt.omtrdc.net *.omtrdc.net wss://*.hotjar.com wss://ws4.hotjar.com maps.googleapis.com *.blob.core.windows.net optanon.blob.core.windows.net vc.hotjar.io maps.googleapis.com ws21.hotjar.com *.doubleclick.net *.hotjar.com cdn.linkedin.oribi.io; base-uri 'self'; frame-src 'self' 'unsafe-inline' *.bambora.com *.mypurecloud.de https://vimeo.com/ *.adform.net *.usercentrics.eu *.mktoresp.com *.beanstream.com *.zendesk.com *.zdassets.com www.actito.be *.doubleclick.net *.g.doubleclick.net *.spotify.com *.apple.com anchor.fm *.typeform.com *.doubleclick.net business.ingenico.com form.typeform.com files.cdn.leadfamly.com worldline.leadfamly.com *.brighttalk.com *.youtube.com *.hotjar.com *.worldline.com *.equensworldline.com *.google.com worldlinesa.demdex.net https://recaptcha.google.com/recaptcha/; object-src 'none'; font-src *; script-src-elem 'unsafe-inline' *; media-src 'self' data: blob: *.zdassets.com *.scene7.com; worker-src blob:; child-src blob:; frame-ancestors 'self' *.adobe.com https://frontend-v2.ocularium.be; 3 default-src 'self' mittwald.de *.mittwald.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* googleads.g.doubleclick.net pixel.byspotify.com assets.calendly.com *.youtube.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net www.redditstatic.com *.signalize.com *.etracker.com *.etracker.de *.hotjar.com pretix.eu *.ads.linkedin.com snap.licdn.com *.googletagmanager.com *.adform.net mittwald.de *.mittwald.de; style-src 'self' 'unsafe-inline' *.etracker.com assets.calendly.com *.hotjar.com pretix.eu; img-src 'self' data: www.etracker.de assets.calendly.com userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com alb.reddit.com *.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.adform.net px.ads.linkedin.com mittwald.de *.mittwald.de; font-src 'self' data: assets.calendly.com assets.calendly.com userlike-cdn-umm.b-cdn.net fonts.gstatic.com *.hotjar.com mittwald.de *.mittwald.de; connect-src 'self' pixels.spotify.com wss://umd.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com www.redditstatic.com *.signalize.com *.etracker.de *.etracker.com *.hotjar.com *.hotjar.io wss://*.hotjar.com pretix.eu px.ads.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.de *.adform.net pixel-config.reddit.com mittwald.de *.mittwald.de blob:; media-src 'self' userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com mittwald.de *.mittwald.de blob:; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net mittwald.de *.mittwald.de blob:; frame-src 'self' td.doubleclick.net googletagmanager.com *.googletagmanager.com calendly.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net *.youtube.com www.youtube-nocookie.com player.vimeo.com *.adform.net pretix.eu mittwald.de *.mittwald.de; frame-ancestors 'self' https://*.etracker.com; 3 default-src 'self' *.isitesoftware.com *.digitaldisplays.io digitaldisplays.io *.gov *.schoolnutritionandfitness.com schoolnutritionandfitness.com http://district.schoolnutritionandfitness.com onlineordering-images.s3.amazonaws.com digitaldisplays-media.s3.amazonaws.com d36ka9bgcta1yj.cloudfront.net cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gstatic.com *.googleapis.com www.google-analytics.com *.google.com *.amazonaws.com *.twitter.com cdn.syndication.twimg.com *.youtube.com connect.facebook.net *.facebook.com *.instagram.com *.vimeo.com *.payaconnect.com frontierchildnutrition.com *.myschoolmenuboards.com myschoolmenuboards.com translate.google.com unpkg.com 'unsafe-inline' 'unsafe-eval' data:; img-src * data: blob: about:; report-uri https://cgc5aq2c40.execute-api.us-west-2.amazonaws.com/dev/csp-violation-report; 3 script-src 'self' blob: *.hcsctest.net *.hcsc.net rum.hlx.page 'sha256-roBKNtTORGqYTZrY132I7LjnRPmJRBYk0vsWsfTJfi8=' 'sha256-Hu+TB+7+tbK6BX5NWGt+0M+Bq+eQTLzu4mfAdMsLwio=' 'sha256-m6IeQPb422Ecu6vAsJ4XwC+Q4Bnlo5vWz/eAbO1BMMY=' 'sha256-SPsZXjscKwSgFBbdcFRAE/GR7YyFgkl7d5tVBREd+pE=' 'sha256-SDHTnkuO02em0DcuwqvF5tDafRm8LYNMnYP+a2QMeyA=' 'sha256-oFLLqxbCZekFnkJfG4JJcqpyCzBF/l8PMUBQFcUbeZ0=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-+YZqnAWTPJ9G7/VImu/8MHnpEzn7upBYnPfVF/yMQp4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' *.decibelinsight.net *.twitter.com hcsctest.net *.bcbsil.com *.bcbstx.com *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.twitter.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com cdn.decibelinsight.net collection.decibelinsight.net, frame-ancestors 'self', worker-src 'self' blob:, upgrade-insecure-requests 3 default-src *.myidx.cloud 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net *.prod.boltdns.net *.cookielaw.org cdn.cookielaw.org *.analytics.google.com cdnjs.cloudflare.com *.google.com *.google-analytics.com *.googletagmanager.com googleapis.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com www.google-analytics.com fonts.googleapis.com fonts.gstatic.com arg.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com stats.g.doubleclick.net vjs.zencdn.net sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com viz.tools.investis.com *.googletagmanager.com *.arceralifesciences.com assets.adobedtm.com; img-src *.myidx.cloud 'self' 'unsafe-inline' * data: www.w3.org manifest.prod.boltdns.net players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com arg.tools.investis.com snap.licdn.com staticcontents.investisdigital.com staticcontents.investis.com code.jquery.com; frame-src *.myidx.cloud 'self' www.googletagmanager.com *.doubleclick.net *.blubrry.com atkinsrealis.com http://www.atkinsrealis.com/ *.atkinsrealis.com ir.connectidfeed.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.flockler.com *.doubleclick.net *.doubleclick.net players.brightcove.net www.google.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com bcove.video cloud.3dissue.com lavalab-montreal.netlify.app *.googletagmanager.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticzone.idigitalcontents.com flockler.com *.investisdigital.com *.flockler.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com staticcontents.investisdigital.com staticcontents.investis.com; font-src *.myidx.cloud 'self' 'unsafe-inline' * data: vjs.zencdn.net fonts.googleapis.com fonts.gstatic.com; script-src *.myidx.cloud viz.tools.investis.com 'self' *.doubleclick.net atkinsrealis.cm.invdcloud-is.co.uk 'unsafe-inline' 'unsafe-eval' static.trackedweb.net static.cloudflareinsights.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com; connect-src *.myidx.cloud 'self' assets.adobedtm.com cdnjs.cloudflare.com code.jquery.com *.arceralifesciences.com *.googletagmanager.com viz.tools.investis.com *.doubleclick.net *.linkedin.com region1.google-analytics.com atkinsrealis.cd.invdcloud-is.co.uk staticzone.idigitalcontents.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com r1.trackedweb.net *.hs.llnwd.net *.google.com cdn.linkedin.oribi.io *.analytics.google.com *.google-analytics.com *.google.com *.investisdigital.com *.investis.com *.linkedin.oribi.io arg.tools.investis.com manifest.prod.boltdns.net maps.google.com gallery-metrics.api.brightcove.com flockler.com *.flockler.com privacyportal-de.onetrust.com *.cookielaw.org cdn.cookielaw.org www.googleadservices.com www.google-analytics.com maps.googleapis.com googleapis.com *.googleapis.com players.brightcove.net edge.api.brightcove.com f1.media.brightcove.com stats.g.doubleclick.net secure.brightcove.com f1.cf.brightcove.com *.execute-api.eu-west-1.amazonaws.com manifest.prod.boltdns.net geolocation.onetrust.com *.onetrust.com; base-uri 'self'; form-action 'self'; script-src-elem 'self' *.doubleclick.net atkinsrealis.cm.invdcloud-is.co.uk 'unsafe-inline' 'unsafe-eval' static.trackedweb.net sc.lfeeder.com static.cloudflareinsights.com communications.atkinsrealis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com 3 ; 3 default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; form-action 'self' 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; object-src 'none'; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 3 default-src 'self' *.vidyard.com *.onetrust.com *.zi-scripts.com *.salesloft.com; frame-ancestors 'self'; form-action *; object-src 'none'; base-uri 'none'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src *; worker-src * blob:; frame-src * blob:; font-src * data:; media-src *; 3 default-src 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://c.bing.com https://*.clarity.ms https://scripts.clarity.ms/* https://bat.bing.com https://bat.bing.com/* https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.wistia.com https://*.wistia.net; script-src-elem 'report-sample' 'unsafe-inline' blob: https://scripts.clarity.ms/* https://www.clarity.ms https://c.bing.com https://*.clarity.ms https://bat.bing.com https://bat.bing.com/* https://*.hotjar.com https://static.hotjar.com https://script.hotjar.com https://*.contentsquare.net/ https://*.contentsquare.net/* https://elfsightcdn.com/platform.js https://js.stripe.com/v3/?ver=3.3.92 https://js.stripe.com/* https://stripe.com/* https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 https://static.cloudflareinsights.com/* https://*.rib-software.com https://*.rib-software.com/* https://cdn.livechatinc.com/tracking.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.sentry-cdn.com/ https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://api.livechatinc.com/ https://ipapi.co/ https://connect.facebook.net/ https://www.facebook.com/ https://region1.google-analytics.com/ https://www.youtube.com/ ttps://region1.analytics.google.com/ https://ajax.cloudflare.com/ https://api.ipify.org/ https://ipapi.co/ https://privacy-proxy.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics/* https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://region1.analytics.google.com/ https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/ https://static.elfsight.com/platform/platform.js https://universe-static.elfsightcdn.com/ https://bat.bing.com/bat.js https://tr.capterra.com/static/wp.js https://www.google.com/ccm/collect https://px.ads.linkedin.com/collect https://bat.bing.com/p/action/187182089.js https://tr.capterra.com/static/vcvr.js https://www.clarity.ms/tag/uet/187182089 https://www.clarity.ms/* ; style-src 'self' 'report-sample' 'unsafe-inline' blob: data: https://*.hotjar.com https://fast.wistia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.clarity.ms https://c.bing.com https://*.clarity.ms https://bat.bing.com https://bat.bing.com/* https://*.contentsquare.net/ https://*.contentsquare.net/* https://www.facebook.com/ https://connect.facebook.net/ https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net https://bat.bing.com/* https://tr.capterra.com/* https://tr.capterra.com/static/sp.js.map https://aggregator.service.usercentrics.eu/ https://px.ads.linkedin.com/ https://region1.google-analytics.com/ https://googleads.g.doubleclick.net/ https://region1.analytics.google.com/ https://core.service.elfsight.com/ https://elfsightcdn.com/platform.js https://ipapi.co/ https://ipapi.co/49.43.97.126/json/ https://api.ipify.org/ https://ipapi.co/49.43.97.0/json/ https://graphql.usercentrics.eu/graphql https://privacy-proxy.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://api.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://googletagmanager.com https://tagmanager.google.com https://www.google.com/ccm/collect https://www.google.com/* https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://fonts.googleapis.com https://api.usercentrics.eu/ https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/ https://tr.capterra.com/events/ https://tr.capterra.com/* ; font-src 'self' data: https://*.hotjar.com https://*.wistia.com https://go.rib-software.com/* https://*.rib-software.com/ https://*.rib-software.com/* https://fonts.gstatic.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js; frame-src 'self' data: https://js.stripe.com/ https://js.stripe.com/* https://go.rib-software.com/* https://go.rib-software.com/ https://*.rib-software.com/ https://*.rib-software.com/* https://fast.wistia.com https://fast.wistia.net https://www.meinauftrag.rib.de/ https://www.rib-software.com/* https://go.pardot.com/* https://go.pardot.com/ https://go.esam.ncee.rib-software.com/* https://go.esam.ncee.rib-software.com/ https://api.ipify.org/ https://secure.livechatinc.com/ https://td.doubleclick.net/ https://www.byggeweb.dk/ https://app.usercentrics.eu/ https://posimyththemes.com/ https://region1.analytics.google.com/ https://go.rib-software.com/ https://tragwerksplanung.rib-software.com/ https://www.rib-tragwerksplanung.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com https://wistia.com https://wistia.net https://www.youtube.com https://go.dach.data.rib-software.com/ https://go.esam.uki.rib-software.com/ https://www.googletagmanager.com/ https://www.google.com/ccm/collect https://px.ads.linkedin.com/collect; frame-ancestors 'self' https://go.rib-software.com/* https://*.rib-software.com/ https://*.rib-software.com/*; img-src 'self' data: https://www.clarity.ms https://c.bing.com https://*.clarity.ms https://bing.com/* https://bat.bing.com https://bat.bing.com/* https://*.hotjar.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://bat.bing.com https://bat.bing.com/* https://*.contentsquare.net/ https://*.contentsquare.net/* https://*.wistia.com https://*.wistia.net https://www.facebook.com/ https://connect.facebook.net/ https://analytics.google.com/ https://i.ytimg.com/ https://px4.ads.linkedin.com/ https://www.google.de/ads/ga-audiences https://secure.gravatar.com/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://www.google.co.in/ads/ga-audiences https://app.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://api.iconify.design/ https://googleads.g.doubleclick.net/ https://i.vimeocdn.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com; manifest-src 'self'; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net; worker-src 'self' blob: data: ; child-src blob: data: https://www.youtube.com/ https://app.usercentrics.eu/ https://wistia.com https://wistia.net; report-uri https://65f14453bc57ae1120bf6fd9.endpoint.csper.io/?v=1; 3 frame-ancestors 'self' app.contentful.com; upgrade-insecure-requests 3 frame-ancestors 'self' travel-dealz.de travel-dealz.com forum.travel-dealz.de kreuzfahrten.travel-dealz.de cruises.travel-dealz.com; 3 frame-ancestors 'self' https://tmw.secure.vmd.ca; 3 default-src 'self' https://tngr.co https://*.yellow.ai; connect-src 'self' https://develop--whimsical-donut-f2fd99.netlify.app https://uat--whimsical-donut-f2fd99.netlify.app https://uat.tanger.com https://api.tanger.com https://www.tanger.com https://account.tanger.com *.mappedin.com data: *.onetrust.com https://cdn.cookielaw.org https://identity.mparticle.com https://jssdks.mparticle.com https://jssdkcdns.mparticle.com https://images.contentstack.io https://d1p5cqqchvbqmy.cloudfront.net https://api-gateway.mappedin.com https://cdn.mappedin.com https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net https://js.stripe.com/ https://ingesteer.services-prod.nsvcs.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://www.google.com/recaptcha/ https://aw-services.us.vibes.com//api/ https://aw-services.us.vibes.com//authenticate https://aw-services.us.vibes.com//widgets/ wss://*.yellow.ai https://*.yellow.ai https://*.liadm.com https://us01.records.in.treasuredata.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://d1p5cqqchvbqmy.cloudfront.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.cookielaw.org https://jssdkcdns.mparticle.com https://cdn.vibes.com/aw/widget.js https://connect.facebook.net https://analytics.tiktok.com https://resources.fidel.uk https://js.stripe.com https://js.adsrvr.org siteimproveanalytics.com https://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://*.yellowmessenger.com https://b-code.liadm.com cdn.mappedin.com http://cdn.treasuredata.com https://www.youtube.com/ blob:; worker-src 'self' blob:; frame-src 'self' https://www.google.com https://resources.fidel.uk https://js.stripe.com/ https://13250566.fls.doubleclick.net https://td.doubleclick.net https://insight.adsrvr.org *.sojern.com *.doubleclick.net *.adnxs.com https://tngr.co https://cdn.tangeroutlet.com/ https://i.liadm.com https://www.youtube.com/ https://www.youtube-nocookie.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' cdn.mappedin.com https://d1p5cqqchvbqmy.cloudfront.net https://*.hotjar.com https://fonts.googleapis.com https://*.yellowmessenger.com; img-src 'self' blob: https://www.google-analytics.com https://r4.app.yellow.ai https://r4-ym-uploads.s3-us-west-2.amazonaws.com https://r4-ym-confidential.s3.amazonaws.com https://*.yellowmessenger.com https://*.liadm.com *.mappedin.com data: https://www.tanger.com https://images.contentstack.io https://cdn.cookielaw.org https://cdn.mappedin.com https://www.facebook.com https://ad.ipredictive.com https://ad.doubleclick.net https://ciqtracking.com https://secure.adnxs.com https://adservice.google.com https://insight.adsrvr.org *.siteimproveanalytics.io https://*.hotjar.com *.sojern.com *.doubleclick.net *.adnxs.com https://analytics.tiktok.com/ https://upload.wikimedia.org/wikipedia/commons/6/6f/Tanger_logo.svg https://tngr.co https://cdn.tangeroutlet.com https://d2xs7zaan7w9gl.cloudfront.net; font-src 'self' cdn.mappedin.com https://d1p5cqqchvbqmy.cloudfront.net https://*.hotjar.com https://fonts.gstatic.com https://*.yellowmessenger.com; form-action 'self'; manifest-src 'self' 3 default-src 'self' *.everllence.com *.man-es.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.amazon-adsystem.com *.bing.com *.bing.net cdnjs.cloudflare.com cdn.cookielaw.org *.clarity.ms cookie-cdn.cookiepro.com *.doubleclick.net *.everllence.com *.facebook.net *.googleapis.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.hotjar.com *.hsforms.net code.jquery.com *.licdn.com *.linkedin.com *.man-es.com *.onetrust.com *.paa-reporting-advertising.amazon *.podigee-cdn.net *.podigee.io *.youtube.com; frame-src 'self' map.baidu.com *.map.baidu.com *.doubleclick.net everllence.com *.everllence.com www.google.com www.googletagmanager.com *.hsforms.net *.man-es.com *.mandieselturbo.com *.s4hana.ondemand.com *.podigee-cdn.net *.podigee.io player.vimeo.com saipeexternalpmanes.blob.core.windows.net www.youtube-nocookie.com; connect-src 'self' *.adnxs.com api.addsearch.com *.amazon-adsystem.com *.bing.net *.bing.com cdnjs.cloudflare.com cdn.cookielaw.org ad.doubleclick.net *.doubleclick.net everllence.com *.everllence.com web-analytics.everllence.com *.facebook.com google.com *.google.com analytics.google.com *.analytics.google.com *.googleapis.com *.google-analytics.com *.googlesyndication.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.hsforms.com *.linkedin.com *.man-es.com *.s4hana.ondemand.com geolocation.onetrust.com privacyportal-eu.onetrust.com *.paa-reporting-advertising.amazon; style-src 'unsafe-inline' 'self' *.googleapis.com cdn.cookielaw.org *.onetrust.com *.everllence.com; font-src 'self' data: *.googleapis.com fonts.gstatic.com cdn.cookielaw.org *.everllence.com; img-src data: 'self' *.adnxs.com *.bing.com *.cloudfront.net cdn.cookielaw.org ad.doubleclick.net *.everllence.com *.facebook.com *.google.de maps.googleapis.com *.hsforms.com maps.gstatic.com ade.googlesyndication.com *.googletagmanager.com *.linkedin.com *.man-es.com *.google.com *.google.dk; media-src 'self' 3 frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2024.5/;, frame-ancestors 'self' https://borisfx.com/documentation/optics-2025/; 3 default-src 'self'; connect-src * ws: http: https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.googletagmanager.com https://connect.facebook.net https://analytics.tiktok.com https://www.redditstatic.com https://js.stripe.com https://vercel.live https://cdn.vercel-insights.com https://js-agent.newrelic.com https://www.paypal.com https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js https://*.firebaseio.com https://framerusercontent.com https://*.framerusercontent.com https://framer.com https://*.framer.com; style-src 'self' 'unsafe-inline' https://framerusercontent.com https://fonts.googleapis.com https://vercel.live/fonts; img-src 'self' blob: data: * ws: http: https:; media-src 'self' blob: data: * ws: http: https:; font-src 'self' data: https://framerusercontent.com https://fonts.gstatic.com; object-src 'none'; frame-src https://js.stripe.com/ https://vercel.live https://form.typeform.com https://www.sandbox.paypal.com https://www.paypal.com https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ https://iso.metabaseapp.com/ https://*.firebaseio.com https://*.framerusercontent.com https://*.framer.com; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/ https://www.paypal.com https://www.sandbox.paypal.com; frame-ancestors 'self' http://localhost:5001/; upgrade-insecure-requests 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3 https://js.stripe.com https://vercel.live *.nymtech.net *.nymvpn.com *.vercel.app *.nymte.ch *.nyx.network *.nym.com https://nym.com https://nymvpn.com *.nymtech.cc https://api.nym.spectredao.net https://btcpay.nymte.ch; font-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://strapi-www-nym-com.sos-ch-dk-2.exo.io https://strapi-www-nym-com-production.sos-ch-dk-2.exo.io https://cdn-images-1.medium.com https://img.youtube.com https://btcpay.nymte.ch https://assets.nym.com *.vimeo.com *.vimeocdn.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; connect-src 'self' wss://nym-node-cli.devrel.nymte.ch:9001 https://github.com *.vercel.app *.nymtech.net *.nymvpn.com *.nymte.ch *.nyx.network *.nym.com https://nym.com nymvpn.com https://nymvpn.com https://api.nym.spectredao.net https://btcpay.nymte.ch *.nymtech.cc https://vimeo.com; frame-src 'self' https://js.stripe.com https://js.stripe.com/v3 https://www.youtube.com https://www.youtube-nocookie.com https://vercel.live *.vercel.app *.nym.com https://nym.com https://btcpay.nymte.ch *.vimeo.com; worker-src 'self' blob: https://vercel.live *.vercel.app *.nym.com https://nym.com https://btcpay.nymte.ch; 3 frame-ancestors 'self' https://PRD.S4HANA.CORP.TELSTRA.COM 3 "frame-ancestors 'none'" 3 base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com *.visualwebsiteoptimizer.com https://forms.hsforms.com; frame-ancestors 'self' https://newcms.webcentral.au; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 3 default-src 'self' images.salzburg-ag.at *.salzburg-ag.tech; object-src 'self' app.usercentrics.eu/latest/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at maps.googleapis.com; script-src 'self' *.salzburg-ag.at snap.licdn.com *.mouseflow.com *.pinimg.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ assets.adobedtm.com sc-static.net app.usercentrics.eu/latest/ images.salzburg-ag.at js.monitor.azure.com/scripts/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at www.googleadservices.com *.g.doubleclick.net ad.doubleclick.net tr.snapchat.com www.google-analytics.com *.usercentrics.eu www.youtube.com snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.queue.core.windows.net *.cablelink.at https://www.google.com/recaptcha/ *.salzburg-ag.tech px.ads.linkedin.com api.storyblok.com cdn.linkedin.oribi.io *.mouseflow.com https://speedy.cablelink.at:8043/ https://www.google.com/recaptcha/ *.google-analytics.com *.analytics.google.com *.salzburg-ag.at ct.pinterest.com tr.snapchat.com *.g.doubleclick.net ad.doubleclick.net sc-static.net maps.googleapis.com *.usercentrics.eu dc.services.visualstudio.com/v2/track *.omtrdc.net *.demdex.neti data: wss:; img-src 'self' *.salzburg-ag.at *.pinimg.com a.storyblok.com ct.pinterest.com www.google-analytics.com www.google.com www.google.at p.adsymptotic.com *.fls.doubleclick.net *.linkedin.com *.facebook.com *.youtube.com *.g.doubleclick.net ad.doubleclick.net adservice.google.com tr.snapchat.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com app.usercentrics.eu *.usercentrics.eu www.familieundberuf.at *.everesttech.net *.demdex.net *.omtrdc.net data:; style-src 'self' 'unsafe-inline' *.salzburg-ag.at app.usercentrics.eu/latest/ www.googletagmanager.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com maps.googleapis.com data:; frame-src 'self' forms.office.com reglist24.com *.reglist24.com my.matterport.com *.svc.dynamics.com assets-eur.mkt.dynamics.com *.cablelink.at sag.viewer.cit-fusion.com ct.pinterest.com www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://at.eturnity.eu/ ocilion.com p.artworx.at form.typeform.com *.microsoftonline.com login.microsoftonline.com cablelink.preview.speedtestcustom.com cablelink.speedtestcustom.com energie-effizienz-iframe.smartricity.de outlook.office365.com *.fls.doubleclick.net ad.doubleclick.net www.youtube.com maps.googleapis.com tr.snapchat.com *.facebook.com *.demdex.net;media-src 'self' maps.googleapis.com data:; frame-ancestors 'self' app.usercentrics.eu; form-action 'self' tr.snapchat.com www.facebook.com app.usercentrics.eu; 3 frame-ancestors self *.contorion.net *.storyblok.com 3 base-uri 'self'; connect-src 'self' www.gk-software.com; font-src 'self' data:; object-src 'self'; child-src 'self'; frame-src 'self' www.gk-software.com www.google.com; worker-src 'self' blob:; form-action 'self'; frame-ancestors 'self' 3 default-src 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://download-video.akamaized.net https://vod-progressive.akamaized.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.smartgiftit.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://player.vimeo.com https://download-video-ak.vimeocdn.com https://*.vimeocdn.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://dev.movado.com https://id5-sync.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn.cookielaw.org https://cdn-swell-assets.yotpo.com; connect-src 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://evnt.byspotify.com https://*.lt02.net https://*.tangiblee.com https://analytics.pangle-ads.com https://evt-eu.klarnaservices.com wss://*.inside-graph.com https://mvmt.7eer.net https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://js.klarna.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://movado-item.smartgift-uat.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://google.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com https://*.doubleclick.net https://*.pinterest.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://google.com/pay https://evt-na.klarnaservices.com; img-src 'self' 'unsafe-inline' data: blob: https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.facebook.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://*.beamimpact.com https://*.smartgiftit.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://match.adsrvr.org https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://*.inside-graph.com https://*.bidr.io https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.beamimpact.com https://*.tiktok.com https://*.inside-graph.com https://*.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.smartgiftit.com https://*.riskified.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.klarnacdn.net https://*.yotpo.com https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cquotient.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.lt02.net https://www.facebook.com https://*.adyen.com https://*.amazon.com https://*.paypal.com/; font-src 'self' data: https://cdn.builder.io https://x.klarnacdn.net https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://cdn2.smartgiftit.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com https://*.api.commercecloud.salesforce.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://platform.twitter.com https://*.snapchat.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://pixel.byspotify.com https://*.lt02.net https://*.tangiblee.com https://js.klarna.com https://*.equalweb.com https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.klarnaservices.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.googletagmanager.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.movadocompanystore.com https://*.collect.igodigital.com https://*.adyen.com https://*.mvmt.com https://*.klarna.com https://*.tangiblee.com; script-src-elem 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://account.demandware.com https://acsbapp.com https://*.riskified.com https://*.klarnaservices.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.googleapis.com https://static-na.payments-amazon.com https://mvmtwatches.usablenet.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net https://*.linksynergy.com https://*.klarna.com https://*.tangiblee.com; style-src-elem 'self' 'unsafe-inline' https://*.unpkg.com https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.inside-graph.com https://*.equalweb.com https://x.klarnacdn.net https://*.beamimpact.com https://*.riskified.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://*.linksynergy.com https://*.cloudflare.com https://*.listrakbi.com https://bl.listrakbi.com https://*.smartgiftit.com https://*.tangiblee.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-modals allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' https://test.adyen.com/hpp/skipDetails https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cookielaw.org https://*.googleapis.com https://*.yotpo.com; worker-src blob: 'self' https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch; 3 default-src ‘self’ 3 manifest-src *; default-src 'self' blob:; media-src * data: blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src * 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src *; connect-src https: wss:; object-src 'none' 3 frame-ancestors 'self' *.com 3 default-src 'self' blob: *.powerentity.com *.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com static.cloudflareinsights.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com *.eye-able.com *.digiaccess.org *.ksrndkehqnwntyxlhgto.com *.openstreetmap.org *.tiktok.com *.tiktokw.us *.snapchat.com *.adnxs.com 'unsafe-inline' 'unsafe-eval' data: 3 connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ suggest-maps.yandex.ru *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works api-qa.diginetica.net/v1/ rap.skcrtxr.com *.a.mts.ru 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru wss://*.tinkoff.ru wss://*.tcsbank.ru wss://*.tbank.ru business.tinkoff.ru business-webinars.bot.tinkoff-business.com sendsay.ru flijh.tb.ru gmzzu.tb.ru api.amplitude.com *.tb.ru tglk.ru cobrowsing.tinkoff.ru cobrowsing.tbank.ru cdn.tbank.ru cfg.tinkoff.ru www.tbank.ru api-statist.tinkoff.ru business.tbank.ru www.cdn-tinkoff.ru error-hub.tbank.ru origination.tinkoff.ru oplata.tinkoff.ru social.secrets.tbank.ru securepay.tinkoff.ru imgproxy.cdn-tinkoff.ru id.tbank.ru api.mindbox.ru forma.tbank.ru polls.tbank.ru b2g.tbank.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru blob: *.youtube.com sendsay.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru cdn.uxfeedback.ru sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru business.t-static.ru *.ads.linkedin.com *.linkedin.com *.googleusercontent.com *.cloud.google.com *.googleapis.com *.adhigh.net px.adhigh.net *.adsymptotic.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru www.youtube.com rutube.ru youtu.be; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.tinkoff.ru data:; report-uri https://www.tbank.ru/api/front/pfpsme/log/csp-error?appName=pfpsme&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.t-static.ru *.cdn-tinkoff.ru 3 default-src 'self' https://*.cobytes.com; base-uri 'self' https://*.cobytes.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://use.typekit.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://connect.facebook.net https://*.hotjar.com; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://p.typekit.net https://imgsct.cookiebot.com https://secure.gravatar.com https://www.google.com https://*.hotjar.com; font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com https://*.hotjar.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://yoast.com https://www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; form-action 'self' https://*.cobytes.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consentcdn.cookiebot.com https://www.googletagmanager.com; frame-ancestors 'self'; worker-src 'self' blob:; report-uri https://sentry.cobytes.com/api/18/security/?sentry_key=be8d1ecc0a39a743267d314a7fd02311 3 default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; font-src https: 'self' data:; frame-src https: mailto:;frame-ancestors 'self'; 3 script-src * 'unsafe-inline' 'unsafe-eval'; 3 default-src 'self'; script-src 'self' 'unsafe-inline' data: blob: https://cdn.jsdelivr.net https://*.linkedin.com https://*.google.com https://www.google.com https://www.youtube.com https://youtube.com https://*.googlesyndication.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://j.6sc.co https://js.qualified.com https://snap.licdn.com https://bat.bing.com https://*.clarity.ms https://js.hs-scripts.com https://js.hsforms.net https://*.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.zi-scripts.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.linkedin.com https://fonts.googleapis.com https://www.gstatic.com; img-src 'self' data: https://cdn.jsdelivr.net https://*.linkedin.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://*.google.com https://*.googletagmanager.com https://px.ads.linkedin.com https://bat.bing.com https://b.6sc.co https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://track.hubspot.com https://c.bing.com https://www.gstatic.com https://*.gravatar.com https://*.wp.com https://*.hsforms.com https://*.hscollectedforms.net https://*.clarity.ms; font-src 'self' data: https://cdn.jsdelivr.net https://*.linkedin.com https://fonts.gstatic.com https://harver.com https://www.gstatic.com https://*.wp.com; connect-src 'self' https://cdn.jsdelivr.net https://*.linkedin.com https://bat.bing.com https://js.zi-scripts.com https://pagead2.googlesyndication.com https://app.qualified.com wss://ws5.qualified.com https://px.ads.linkedin.com https://www.googleadservices.com https://c.6sc.co https://ipv6.6sc.co https://consentcdn.cookiebot.com https://*.google.com https://*.youtube.com https://*.google-analytics.com https://ws.zoominfo.com https://js.hs-banner.com https://googleads.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://www.gstatic.com https://*.hsforms.com https://*.hscollectedforms.net https://*.clarity.ms; frame-src 'self' https://cdn.jsdelivr.net https://*.linkedin.com https://player.vimeo.com https://www.youtube.com https://youtube.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://app.qualified.com https://*.google.com https://*.hsforms.com https://*.hscollectedforms.net; media-src 'self' https://cdn.jsdelivr.net https://*.linkedin.com https://app.qualified.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hsforms.com https://*.hscollectedforms.net; upgrade-insecure-requests; 3 default-src 'self' 'unsafe-inline' data: *.datatables.net *.trackingplan.com *.wsasitecore.net *.site.com *.salesforce-scrt.com *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.salesforce-sites.com *.widexpro.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.trustarc.com *.typekit.net *.azureedge.net *.azurefd.net *.youtube-nocookie.com *.bootstrapcdn.com *.w3.org *.doubleclick.net *.facebook.net *.mouseflow.com *.googlesyndication.com *.gstatic.com *.sleeknote.com *.stackadapt.com *.linkedin.com *.shoeboxonline.com *.nr-data.net *.force.com *.nakanohito.jp gift.echoes.plus blob:; img-src 'self' data: blob: *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.widexpro.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.ytimg.com *.cloudflare.com *.trustarc.com *.azureedge.net *.azurefd.net *.linkedin.com *.w3.org *.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.com *.ggpht.com *.ytimg.com *.sleeknote.com *.shoeboxonline.com *.sivantos.com *.auditionsolidarite.org *.nakanohito.jp *.userlocal.jp *.simpli.fi *.doubleclick.net www.googleadservices.com *.convertexperiences.com *.convertexperiments.com gift.echoes.plus; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com *.datatables.net *.simpli.fi *.site.com *.cookieinformation.com *.rawgit.com *.salesforce-sites.com *.salesforceliveagent.com *.salesforce.com *.jsdelivr.net *.widex.com *.wsa.com *.signia.net *.signia-hearing.com *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.widexpro.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.trustarc.com *.youtube-nocookie.com *.azureedge.net *.azurefd.net *.facebook.net *.doubleclick.net *.googlesyndication.com https://browser-update.org *.w3.org *.youtube.com *.livechatinc.com *.newrelic.com *.nr-data.net *.stackadapt.com *.gstatic.com *.sleeknote.com *.licdn.com *.shoeboxonline.com *.piwik.pro *.google-analytics.com *.mouseflow.com *.force.com *.nakanohito.jp js.adsrvr.org qvdt3feo.com cdn.bttrack.com static.airtable.com *.convertexperiences.com *.convertexperiments.com gift.echoes.plus; frame-src https://sst.coselgi.com/ https://sst.rexton.com/ https://sst.signia-pro.com/ https://wsaud.my.site.com/ https://wsaud--playground.sandbox.my.site.com/ https://insight.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://consent.trustarc.com/ https://consent-pref.trustarc.com/ https://www.shoeboxonline.com/ https://www.google.com/ https://tracker-detail-page.trustarc.com/ https://features.signia-hearing.com/ https://service.force.com/ https://embed.acast.com/ https://www.googletagmanager.com/ https://airtable.com/ https://sst.audioservice.com https://sst.widex.com https://sst.signia.net https://sst.signia-pro.com https://sst.widexpro.com; media-src storage.userlocal.jp *.widex.com *.wsa.com *.signia.net *.rexton.com *.audioservice.com *.coselgi.com *.signia-pro.com *.signia-hearing.com *.widexpro.com *.azureedge.net *.azurefd.net; worker-src blob:; child-src blob: 3 frame-ancestors 'self' *.gdms.cloud; 3 default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; 3 connect-src maps.nextbike.net *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/ wtb.maptiles.arcgis.com *.arcgisonline.com *.arcgis.com chatbot.wlb.at onlim-chatbot-production.s3.amazonaws.com *.onlim.com wss://cs.onlim.com wss://app.onlim.com/ wss://api.onlim.com/ *.vimeo.com vimeo.com *.addthis.com www.google-analytics.com routenplaner.verkehrsauskunft.at *.wienit.at *.api.wienenergie.at api.wienenergie.at service.wienerstadtwerke.at *.service.wienernetze.at service.wienernetze.at api.wstw.at int-api.wstw.at test-api.wstw.at styles.wienerstadtwerke.at 'self' immoh.containers.piwik.pro immoh.piwik.pro https://info.wienerlinien.at/api/form/v1/8896c.21k0oa6/null https://www.facebook.com/tr/ *.googleapis.com wienit.containers.piwik.pro wienit.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro https://px.ads.linkedin.com/ wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro wienerlinien.piwik.pro https://eu-api.friendlycaptcha.eu bestattungwien.piwik.pro jobs.wienerstadtwerke.at www.google.com wienerstadtwerke.piwik.pro wienerstadtwerke.containers.piwik.pro digitalesgrab.friedhoefewien.at rns.matelso.de *.wienmobil.at bestattungwien.containers.piwik.pro log.wien; style-src https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-feedbacklet-d69f3b461dc32d40f77b744a4b3eb522.css *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.onlim.com fonts.googleapis.com 'unsafe-inline' styles.wienerstadtwerke.at 'self' immoh.containers.piwik.pro immoh.piwik.pro wienit.containers.piwik.pro wienit.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro wienerlinien.piwik.pro bestattungwien.containers.piwik.pro wienerstadtwerke.piwik.pro bestattungwien.piwik.pro wienerstadtwerke.containers.piwik.pro newsletter.wienit.at static.dvinci-easy.com; base-uri 'self' *.onlim.com; script-src https://googleads.g.doubleclick.net/ *.usabilla.com/ *.onlim.com *.onlim.com/ *.googletagmanager.com/ connect.facebook.net/ *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net walls.io *.virtualq.io polyfill.io openstreetmap.org *.openstreetmap.org chatbot.wlb.at app.onlim.com/ *.vimeocdn.com ajax.googleapis.com maps.googleapis.com www.gstatic.com www.google.com www.google-analytics.com assets.adobedtm.com *.ytimg.com *.youtube.com styles.wienerstadtwerke.at 'unsafe-inline' 'unsafe-eval' 'self' wienernetze.piwik.pro wienerlinien.containers.piwik.pro https://www.googletagmanager.com/ *.adform.net immoh.containers.piwik.pro immoh.piwik.pro wienit.containers.piwik.pro wienit.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro https://snap.licdn.com/ wienernetze.containers.piwik.pro wienerlinien.piwik.pro wienerstadtwerke.piwik.pro https://siteimproveanalytics.com static.dvinci-easy.com https://jobs.wienerstadtwerke.at wienerstadtwerke.containers.piwik.pro newsletter.wienit.at rns.matelso.de bestattungwien.containers.piwik.pro bestattungwien.piwik.pro https://app.onlim.com/chat-app/js/host.js *.googleadservices.com; worker-src blob: https://www.wienernetze.at https://www.wienerlinien.at/ https://www.wipark.at/ https://www.friedhoefewien.at/ https://www.immoh.at/ https://digitalesgrab.friedhoefewien.at/ https://www.wstw-immo.at/ https://www.eposa.at/ https://www.wlb.at/ https://partner.wienernetze.at/ https://www.gwsg.at/ https://www.bestattungwien.at/; frame-src https://langenacht.orf.at *.wienernetze.at/ lehrlingstest-wienerstadtwerke.azurewebsites.net video.eko.com ubscal.seeyou.at *.issuu.com issuu.com *.walls.io walls.io *.virtualq.io app.onlim.com www.whatchado.com *.vimeo.com vimeo.com *.youtube.com www.google.com www.bestattungwien.at *.friedhoefewien.at mailto: service.wienerstadtwerke.at 'self' terminreservierung.bestattungwien.at *.facebook.com youtu.be https://terminreservierung.staging.reinisch.tech/ *.youtu.be *.wienit.at/ https://einreichportal.waca.at https://www.servicetreff.at/reservierungstool-app/#/termindaten https://www.googletagmanager.com/ *.riddle.com www.riddle.com https://sketchfab.com/ td.doubleclick.net embeds.whatchado.com https://terminreservierung.reinisch.tech/; media-src 'self' data: *.onlim.com; img-src wienitedv.d3.sc.omtrdc.net *.wienernetze.at/ facebook.com/tr/ rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net *.wien.gv.at *.fluidtime.com *.arcgisonline.com onlim-chatbot-production.s3.eu-central-1.amazonaws.com onlim-base.s3.eu-central-1.amazonaws.com dacodi-production.s3.amazonaws.com *.onlim.com *.openstreetmap.org *.vimeocdn.com *.omtrdc.net *.2o7.net maps.googleapis.com maps.gstatic.com *.ytimg.com csi.gstatic.com chatbot.wlb.at *.wienit.at *.upstream-mobility.at blob: data: styles.wienerstadtwerke.at 'self' immoh.containers.piwik.pro immoh.piwik.pro wienerlinien.containers.piwik.pro wienerstadtwerke.containers.piwik.pro wienerstadtwerke.piwik.pro bestattungwien.containers.piwik.pro https://googleads.g.doubleclick.net *.facebook.com wienit.containers.piwik.pro wienit.piwik.pro wipark.containers.piwik.pro wipark.piwik.pro https://px.ads.linkedin.com/ wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.piwik.pro *.siteimproveanalytics.io https://siteimproveanalytics.com https://stwlciptstruct828prod.blob.core.windows.net/ bestattungwien.piwik.pro https://www.google.at/pagead/ https://www.google.com/pagead/; default-src 'self'; font-src bestattungwien.containers.piwik.pro *.chatvisor.com rg-wl-hr-recruiting-chatbot-qrrkues.azurewebsites.net data: styles.wienerstadtwerke.at chatbot.wlb.at *.onlim.com fonts.gstatic.com 'self' wipark.containers.piwik.pro wipark.piwik.pro wienerlinien.piwik.pro immoh.containers.piwik.pro immoh.piwik.pro wienit.containers.piwik.pro wienit.piwik.pro wienernetze.containers.piwik.pro wienernetze.piwik.pro wienerlinien.containers.piwik.pro https://d6tizftlrpuof.cloudfront.net/themes/production/wienerstadtwerke-test-design-wienerstadtwerke-font-file-url-de462eaa4f394073e3723d639af661c0.woff wienerstadtwerke.piwik.pro bestattungwien.piwik.pro wienerstadtwerke.containers.piwik.pro; 3 frame-ancestors 'self' *.k-asap.eu; 3 default-src 'self' *.hadev.co.za *.hostafrica.ke *.hostafrica.com *.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.semrush.com cdn.simplesat.io https://maillist-manage.com *.maillist-manage.com *.mxpnl.com *.googletagmanager.com *.googleadservices.com *.gstatic.com *.clarity.ms *.jsdelivr.net *.typekit.net *.fontawesome.com *.google.com *.twitter.com *.tawk.to *.google-analytics.com *.doubleclick.net *.youtube.com https://tally.so; style-src 'self' 'unsafe-inline' *.typekit.net cdn.simplesat.io *.googletagmanager.com *.googleadservices.com *.gstatic.com *.tawk.to *.jsdelivr.net *.fontawesome.com *.googleapis.com; img-src 'self' * *.hadev.co.za *.hostafrica.ke *.hostafrica.com data: *.google.com *.google.co.za *.googletagmanager.com *.bing.com *.clarity.ms *.gstatic.com *.google-analytics.com *.tawk.to *.doubleclick.net; font-src 'self' data: *.gstatic.com *.tawk.to *.fontawesome.com *.typekit.net *.gstatic.com; connect-src 'self' wss://*.semrush.com api.simplesat.io *.semrush.com api.amplitude.com *.hostafrica.com *.mixpanel.com *.maillist-manage.com *.googlesyndication.com *.google.com *.fontawesome.com wss://*.tawk.to *.tawk.to *.googletagmanager.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.googleadservices.com; frame-src 'self' blob: *.semrush.com *.groovefunnels.com *.groove.cm *.doubleclick.net *.gstatic.com *.twitter.com *.youtube.com *.tawk.to *.google.com *.googleadservices.com https://tally.so https://www.googletagmanager.com; frame-ancestors 'self'; worker-src 'self' blob:; 3 frame-ancestors 'self' newapp.etracker.com; 3 default-src 'self' repay.com csp-repay.pantheonsite.io dev-repay.pantheonsite.io live-repay.pantheonsite.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.zi-scripts.com *.hubspot.com *.gstatic.com googleads.g.doubleclick.net https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/gtm.js *.clarity.ms https://js-agent.newrelic.com *.mandatlyonline.com *.fontawesome.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.js cdn-cookieyes.com *.cdn-cookieyes.com dev-repay.pantheonsite.io live-repay.pantheonsite.io repay.com *.hotjar.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; style-src 'self' 'unsafe-inline' *.fontawesome.com cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css cdnjs.cloudflare.com fonts.googleapis.com dev-repay.pantheonsite.io live-repay.pantheonsite.io; img-src 'self' data: c212.net *.googlesyndication.com *.mandatlyonline.net *.mandatlyonline.com tsgpayments.com rt.prnewswire.com www.googletagmanager.com i.vimeocdn.com *.google.com *.bing.com *.clarity.ms *.gravatar.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.repay.com *.businesswire.com dev-repay.pantheonsite.io live-repay.pantheonsite.io *.hotjar.com *.hubspot.com *.hubspot.net *.hsforms.com *.linkedin.com *.licdn.com; font-src 'self' data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com dev-repay.pantheonsite.io live-repay.pantheonsite.io *.hotjar.com repay.com; connect-src 'self' *.zoominfo.com *.zi-scripts.com *.hscollectedforms.net *.googlesyndication.com *.mandatlyonline.net *.mandatlyonline.com vimeo.com *.google.com *.contentsquare.net *.fontawesome.com bam.nr-data.net *.adsrvr.org *.cdn-cookieyes.com *.clarity.ms *.cookieyes.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.hubspot.com *.incontact.com *.licdn.com *.linkedin.com api.hubapi.com cdn-cookieyes.com dev-repay.pantheonsite.io live-repay.pantheonsite.io forms.hsforms.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com wss://*.hotjar.com wss://*.niceincontact.com; media-src 'self'; object-src 'none'; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; frame-src 'self' *.google.com businessradiox.com *.googletagmanager.com *.incontact.com *.doubleclick.net vars.hotjar.com *.youtube.com *.vimeo.com *.hubspot.com *.repay.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; worker-src 'self' blob:; manifest-src 'self'; base-uri 'self'; form-action 'self' javascript: *.hsforms.com *.hubspot.com; frame-ancestors 'self' www.google.com *.repay.com 3 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.jsdelivr.net *.reciteme.com alpha.contact-computacenter.com www.computacenter.com www.computacenter-testing.com *.cloudflare.com code.jquery.com stackpath.bootstrapcdn.com *.recruiterbox.com *.computacenter.com youtu.be *.youtu.be *.juicer.io prosysis.com *.prosysis.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.jsdelivr.net *.reciteme.com alpha.contact-computacenter.com www.computacenter.com www.computacenter-testing.com code.jquery.com stackpath.bootstrapcdn.com *.cloudflare.com *.recruiterbox.com *.computacenter.com youtu.be *.youtu.be *.juicer.io prosysis.com *.prosysis.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.reciteme.com *.jsdelivr.net *.youtube.com alpha.contact-computacenter.com www.computacenter.com www.computacenter-testing.com code.jquery.com stackpath.bootstrapcdn.com *.cloudflare.com *.recruiterbox.com *.computacenter.com youtube.com youtu.be *.youtu.be *.juicer.io prosysis.com *.prosysis.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.jsdelivr.net fonts.google.com *.reciteme.com alpha.contact-computacenter.com www.computacenter.com www.computacenter-testing.com code.jquery.com stackpath.bootstrapcdn.com *.cloudflare.com *.computacenter.com youtu.be *.youtu.be *.juicer.io prosysis.com *.prosysis.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.google.com https://twitter.com/ *.youtube.com https://ecotree.green alpha.contact-computacenter.com www.computacenter.com www.computacenter-testing.com *.cloudflare.com code.jquery.com stackpath.bootstrapcdn.com lookerstudio.google.com *.recruiterbox.com *.computacenter.com youtu.be *.youtu.be prosysis.com *.prosysis.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.reciteme.com *.jsdelivr.net localhost *.youtube.com *.twitter.com maps.googleapis.com alpha.contact-computacenter.com www.computacenter.com www.computacenter-testing.com code.jquery.com stackpath.bootstrapcdn.com *.cloudflare.com *.computacenter.com youtu.be *.youtu.be *.juicer.io prosysis.com *.prosysis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.youtube.com *.reciteme.com *.twitter.com alpha.contact-computacenter.com www.computacenter.com www.computacenter-testing.com code.jquery.com stackpath.bootstrapcdn.com *.cloudflare.com *.computacenter.com youtu.be *.youtu.be *.licdn.com *.juicer.io prosysis.com *.prosysis.com; child-src 'self' 3 frame-ancestors 'self' https://cloud.1c.fitness; 3 default-src 'self'; base-uri 'self'; connect-src 'self' *.clarity.ms https://platform-api.sharethis.com/sync.js.map https://*.azure.com https://tracking-api.g2.com https://consent.cookiebot.com https://q.clarity.ms/collect https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://api.herefish.com https://c.6sc.co https://consentcdn.cookiebot.com https://distillery.wistia.com *.applicationinsights.azure.com https://embed-cloudfront.wistia.com https://fast.wistia.com https://ipv6.6sc.co https://js.zi-scripts.com https://l.sharethis.com https://pipedream.wistia.com https://px.ads.linkedin.com https://r.clarity.ms https://stats.g.doubleclick.net https://tracking.g2crowd.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com *.crwdcntrl.net https://fg8vvsvnieiv3ej16jby.litix.io https://forms.hsforms.com; font-src 'self' *.epiqglobal.com *.bluemod.us https://cdnjs.cloudflare.com https://fonts.gstatic.com data: https://fast.wistia.com; frame-src 'self' *.epiqglobal.com *.bluemod.us *.bluemod.me https://app.herefish.com https://www.googletagmanager.com https://form.typeform.com https://www.youtube.com https://fast.wistia.net https://player.vimeo.com https://www.g2.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://t.sharethis.com https://www.google.com https://go.epiqglobal.com/ https://www.buzzsprout.com; frame-ancestors 'self' *.epiqglobal.com *.bluemod.us *.bluemod.me; img-src 'self' data: *.bing.com *.clarity.ms *.bluemod.us *.bludmod.me *.epiqglobal.com *.linkedin.com https://googleads.g.doubleclick.net https://f.hubspotusercontent20.net https://insights.hgpresearch.com https://privacy-policy.truste.com https://pic3.zhimg.com https://pages.hyperiongp.com https://besixth.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://storage.pardot.com https://via.placeholder.com *.sharethis.com https://b.6sc.co https://fast.wistia.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://forms-na1.hsforms.com/embed/v3/counters.gif https://*.vimeocdn.com; manifest-src 'self'; media-src 'self' blob:; object-src 'none'; report-uri https://6658ad1fa52bdea0f50df6d5.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: https://scripts.clarity.ms https://api.herefish.com https://www.epiqglobal.com https://www.clarity.ms https://googleads.g.doubleclick.net https://snap.licdn.com https://embed.typeform.com https://fast.wistia.net https://player.vimeo.com https://www.googletagmanager.com https://platform-api.sharethis.com/panorama.js https://api.herefish.com/scripts/hf.js https://buttons-config.sharethis.com/js/60c0851926c3eb001107c372.js https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fast.wistia.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/766208465/ https://j.6sc.co/6si.min.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://js.zi-scripts.com/zi-tag.js https://pi.pardot.com/analytics https://platform-api.sharethis.com/js/sharethis.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://t.sharethis.com/1/k/t.dhj https://tracking.g2crowd.com/attribution_tracking/conversions/1006581.js https://ws-assets.zoominfo.com/formcomplete.js https://www.clarity.ms/tag/dv7zchxaog https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtm.js https://js.sentry-cdn.com https://js.hsforms.net/forms/v2.js https://pi.pardot.com/pd.js https://go.epiqglobal.com https://www.buzzsprout.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://browser.sentry-cdn.com https://tracking-api.g2.com https://www.googleadservices.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; style-src 'report-sample' 'self' 'unsafe-inline' https://app.herefish.com https://embed.typeform.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; worker-src blob:; 3 font-src 'self' amp.azure.net app-tu.wigeogis.com app.wigeogis.com data: 3 frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; 3 connect-src 'self' https://legal.dev.myptv.com https://api.privacy-center.org https://region1.google-analytics.com https://px.ads.linkedin.com https://legal.staging.myptv.com https://legal.myptv.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://api.myptv.com https://login.myptv.com https://gateway.myptv.com https://analytics.google.com https://collector.leadinfo.net https://api.leadinfo.com https://www.google.de https://www.google.it https://www.google.fr https://www.google.at https://www.google.nl https://www.google.es https://www.google.com https://www.google.com.au https://www.google.ru https://bat.bing.com https://*.omappapi.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://login.staging.myptv.com https://o.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://curie-static.myptv.com https://fonts.gstatic.com/; img-src 'self' blob: data: https://www.ptvgroup.com https://px.ads.linkedin.com https://s1398155824.t.eloqua.com https://blog.ptvlogistics.com https://gateway.myptv.com https://www.google.de https://www.google.it https://www.google.fr https://www.google.at https://www.google.nl https://www.google.es https://www.google.com https://www.google.com.au https://www.google.ru https://www.google.co.in https://www.google.sk https://www.google.lv https://widgets.kununu.com https://assets.kununu.com https://trck.ptvlogistics.com https://*.omappapi.com https://forms-eu1.hsforms.com https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://sdk.privacy-center.org https://*.omappapi.com https://widget.manychat.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://sdk.privacy-center.org https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://img03.en25.com https://googleads.g.doubleclick.net https://cdn.leadinfo.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://bat.bing.com https://cdn.jsdelivr.net https://get.smart-data-systems.com https://img.en25.com https://*.omappapi.com https://widget.manychat.com https://js-eu1.hsforms.net https://www.clarity.ms https://www.youtube.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.omappapi.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self'; frame-ancestors * 3 default-src https: 'unsafe-inline' 'unsafe-eval'; 3 upgrade-insecure-requests; frame-ancestors 'self' https://*.etracker.com 3 default-src https: http: wss: 'self' data: 'unsafe-inline' blob: 'unsafe-eval'; 3 default-src 'self' blob: data: *.apple.com; connect-src 'self' *.apple.com *.apple.com.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com; img-src 'self' data: *.apple.com *.cdn-apple.com; child-src 'self' *.apple.com blob: data: *.apple.com blob: data: *.cdn-apple.com; style-src 'self' 'unsafe-inline' *.apple.com; font-src 'self' data: *.apple.com 3 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline';connect-src * 'unsafe-inline'; frame-src * 3 frame-src *; frame-ancestors *; 3 object-src 'self'; base-uri 'self'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazon-adsystem.com amazon-adsystem.com *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.virtualearth.net ssl.ak.dynamic.tiles.virtualearth.net virtualearth.net *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.thunderhead.com cdn.thunderhead.com thunderhead.com cookielaw.org *.netdirector.auto netdirector.auto onetrust.com *.a.run.app *.ads.linkedin.com *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.configureconnect.com *.coreweave.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.jlr-dev.gorillastreaming.com wss://*.jlr-dev.gorillastreaming.com *.jlr.gorillastreaming.com wss://*.jlr.gorillastreaming.com *.kampyle.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.medallia.eu *.my.salesforce.com *.netdirector.co.uk *.omtrdc.net *.onetrust.com *.pinimg.com *.pinterest.com *.podscribe.com *.psyma.com *.rangerover.com *.sandbox.my.salesforce-scrt.com *.sandbox.my.site.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp wss://a3pm2e78krufa2-ats.iot.us-west-2.amazonaws.com https://api.jlr-ddc.com https://api.pre-prod.jlr-ddc.com api.pureweb.io https://api.staging.jlr-ddc.com asset.mlpx-engine.com assets.exatom.io b-cdn.net c0.adalyser.com cashoffer.accu-trade.com cdn.cookielaw.org cdn.jsdelivr.net collector-37690.tvsquared.com config.landrover.com cookie-cdn.cookiepro.com d34r8q7sht0t9k.cloudfront.net decibel.com global.stun.twilio.com gtm-loadtest.mobify-storefront.com gtm-production.mobify-storefront.com gtm-uat.mobify-storefront.com jlr-360--naptdev1.sandbox.lightning.force.com jlr-360--prepgold.sandbox.lightning.force.com jlr-360.lightning.force.com jlr-360.my.salesforce-scrt.com jlr-360.my.site.com landroverusa.com ldti.syndication.kbb.com leasinglandrover.de lighthouse.edoinc.com wss://lo.msg.liveperson.net loadtest.reserve.landrover.com wss://o5fowqu27k.execute-api.us-west-2.amazonaws.com perseus-consumer-qa.rhcapl.com pixel.tapad.com psyma.com https://services.postcodeanywhere.co.uk snippet.maze.co sophus3.com syndication.kbb.com uat.reserve.landrover.com wss://umd.userlike.com userlike.com web.app www.jnaevents.com www.leasinglandrover.de https://www.rsvpdefender.com wss://xbejkea53vcrjoora2bwxpvfha.appsync-realtime-api.us-west-2.amazonaws.com pinimg.com pinterest.com podscribe.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.unpkg.com unpkg.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com https://api.tomtom.com; 3 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 3 style-src 'report-sample' 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://embed.typeform.com/ https://cdn.honey.io/ https://mozbar.moz.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery-modal/0.9.1/jquery.modal.min.css https://cdn.jsdelivr.net/npm/toastify-js/src/toastify.min.css https://cdn.jsdelivr.net/npm/instantsearch.css@7.3.1/themes/reset-min.css https://fonts.googleapis.com https://hsiassetstorage.sfo2.digitaloceanspaces.com; object-src 'none'; base-uri 'self'; font-src 'self' data: https://fonts.googleapis.com https://hsiassetstorage.sfo2.digitaloceanspaces.com https://fonts.gstatic.com; frame-src 'self' https://encompass-dev.healthsafetyinstitute.com/ https://form.typeform.com/ https://js.hsforms.net/ https://roicalculator.sandbox.hsiplatform.com/ https://www.g2.com/ https://hsi.storylane.io/ https://js.storylane.io/ https://cmp.osano.com/ https://cdn.osano.com/ https://*.osano.com/ https://view.ceros.com/ https://webcasts.td.org/ https://hsi.hs-sites.com/ https://widgets.boast.io/ https://s.pointerpro.com/ https://block.opendns.com/ *.opendns.com https://cn1759620867-8-7vnsr40081.ibosscloud.com/ https://bpb.opendns.com/ https://a46b2ba213084fe2909a2975f59efe90.pages.ubembed.com/ https://www.classmarker.com/ https://univ.sosintl.com/ https://www.osmanager4.com/ https://forms.hsforms.com/ https://otis.osmanager4.com/ https://app.hubspot.com/ https://www.facebook.com/ https://td.doubleclick.net https://vimeo.com/ https://www.googletagmanager.com https://player.vimeo.com https://swiftcdn6.global.ssl.fastly.net; img-src 'self' data: https: https://hsiassetstorage.sfo2.digitaloceanspaces.com/; manifest-src 'self'; report-uri https://6672f92ed528e3ceb6b0d39f.endpoint.csper.io/?v=0; frame-ancestors 'self' https://vimeo.com https://googletagmanager.com https://fastly.net https://webcasts.td.org; worker-src 'self' blob:; 3 upgrade-insecure-requests;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://lp.thinkproject.com https://snap.licdn.com https://munchkin.marketo.net https://js.storylane.io https://cdn.cookielaw.org https://assets.adoberesources.net https://documentcloud.adobe.com https://www.google-analytics.com https://ajax.cloudflare.com https://cdn.dreamdata.cloud https://cdn.drda.io https://optimizely-cmp-analytics.com https://www.clarity.ms https://*.clarity.ms https://bat.bing.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://stats.g.doubleclick.net https://www.google.com https://lp.thinkproject.com https://*.mktoresp.com https://*.mktoutil.com https://cdn.linkedin.oribi.io https://*.cookielaw.org https://*.onetrust.com *.adobe.io wss://*.adobe.io https://px.ads.linkedin.com https://cdn.dreamdata.cloud https://*.bing.com https://bat.bing.net https://*.clarity.ms;font-src 'self' https://fonts.gstatic.com https://*.typekit.net;frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://lp.thinkproject.com https://app.storylane.io https://play.goconsensus.com https://vimeo.com https://player.vimeo.com https://documentcloud.adobe.com; 3 default-src *; script-src * 'unsafe-eval' 'unsafe-inline' data: 'self'; style-src * 'unsafe-inline' 'self'; img-src * data:; font-src * data:; connect-src *; object-src *; frame-ancestors 'self' https://*.crawford.com https://crawford.com https://*.crawco.com https://crawco.com https://*.crawfordandcompany.com https://crawfordandcompany.com https://*.onelink-translations.com; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; report-uri https://bc18f182517eba201a0bfbb26a2a463a.report-uri.com/r/d/csp/wizard 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.visualwebsiteoptimizer.com app.vwo.com https://cdnjs.cloudflare.com https://browser.sentry-cdn.com *.azureedge.net https://client.prod.repmap.microsoft.com https://www.google.com https://www.google.nl https://www.google.be https://www.google.de https://www.google.fr https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.cookiebot.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://*.snapchat.com https://snap.licdn.com https://www.googleadservices.com analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com https://*.googlesyndication.com https://*.dynamics.com https://*.azureedge.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.visualwebsiteoptimizer.com app.vwo.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; img-src 'self' data: https://*.visualwebsiteoptimizer.com app.vwo.com https://picsum.photos https://*.picsum.photos https://*.cloudfront.net https://*.azureedge.net https://assets-eur.mkt.dynamics.com *.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com/docsdf https://*.snapchat.com https://snap.licdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://*.linkedin.com https://*.svc.dynamics.com https://*.cookiebot.com https://loyal-lyrebird.cloudvent.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com; media-src 'self'; frame-src 'self' https://app.vwo.com https://www.youtube.com https://www.youtube-nocookie.com https://tourmkr.com *.svc.dynamics.com https://projects.ivorystudio.net https://open.spotify.com https://*.cookiebot.com https://docs.google.com https://*.snapchat.com https://td.doubleclick.net https://www.facebook.com https://www.googletagmanager.com https://exch.dehaagsehogeschool.nl https://exch.thuas.com; font-src 'self' data: https://script.hotjar.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net https://fonts.gstatic.com https://exch.dehaagsehogeschool.nl https://exch.thuas.com; connect-src 'self' https://sentry.netvlies.nl *.svc.dynamics.com https://*.visualwebsiteoptimizer.com app.vwo.com https://*.analytics.google.com https://*.cookiebot.com https://region1.google-analytics.com www.google-analytics.com analytics.tiktok.com stats.g.doubleclick.net https://*.snapchat.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://*.linkedin.com https://surveystats.hotjar.io https://ask.hotjar.io https://in.hotjar.com https://*.googlesyndication.com https://*.google.com https://analytics.google.com https://googleads.g.doubleclick.net https://*.dynamics.com https://*.azureedge.net https://exch.dehaagsehogeschool.nl https://exch.thuas.com https://www.googleadservices.com https://sentry.netvlies.nl/api/106/store/ https://sentry.netvlies.nl/api/106/envelope/; report-uri /report-csp-violation 3 frame-ancestors 'self' *.myworkdayjobs.com *.hbm.com; upgrade-insecure-requests; script-src hbkworld.com *.hbkworld.com *.livechatinc.com *.youtube.com js-agent.newrelic.com *.adobedtm.com assets.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.google.com *.google-analytics.com *.crazyegg.com *.licdn.com static.cloudflareinsights.com *.cookieinformation.com *.ipify.org *.zoominfo.com *.matomo.cloud *.piwik.pro *.wistia.com *.rlcdn.com *.doubleclick.net *.adsymptotic.com *.facebook.net *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hsleadflows.net js.hubspot.com *.doubleclick.net *.google.com *.linkedin.com *.cloudfront.net *.clickagy.com dqm.crownpeak.com *.myworkdayjobs.com *.force.com *.gstatic.com *.clarity.ms *.cloudflare.com *.a1.typesense.net js.zi-scripts.com *.js.zi-scripts.com *.zi-scripts.com *.bing.com dpm.demdex.net *.hubspot.com *.hsforms.net js.adsrvr.org *.adsrvr.org d-code.liadm.com 'unsafe-inline' 'unsafe-eval' blob:; 3 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 3 connect-src 'self' secure.adnxs.com *.6sc.co epsilon.6sense.com *.google-analytics.com *.linkedin.com *.google.com *.iongroup.com *.doubleclick.net *.iongroup.com *.clarity.ms; 3 frame-ancestors 'self' https://www.carat.fiserv.com; 3 default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com https://*.sheerid.com platform.twitter.com; frame-ancestors 'self' https://*.storyblok.com/; frame-src https://calendly.com/ https://www.googletagmanager.com/ https://meetings-eu1.hubspot.com/ https://app-eu1.hubspot.com/ https://portal.productboard.com https://*.hsforms.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://11264468.fls.doubleclick.net/ https://td.doubleclick.net/ download.lumion.com https://*.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com; object-src 'none'; 3 default-src 'self' https://share.transistor.fm https://service.force.com https://sketchfab.com https://play.vidyard.com https://static.elekta.com; frame-ancestors 'self'; font-src 'self' data:; img-src 'self' https://stats.elekta.com https://play.vidyard.com https://cdn.vidyard.com https://api.mapbox.com https://*.googletagmanager.com https://*.ads.linkedin.com; script-src 'self' 'unsafe-eval' https://stats.elekta.com https://cdn.pardot.com https://pi.pardot.com https://success.elekta.com https://play.vidyard.com https://*.googletagmanager.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://service.force.com https://community.elekta.com; connect-src 'self' https://community.elekta.com https://api.mapbox.com https://success.elekta.com https://stats.elekta.com https://*.algolianet.com https://*.algolia.net https://play.vidyard.com https://ir.elekta.com/latest-news/ https://ko5zn8xqvb.execute-api.eu-central-1.amazonaws.com/Prod/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.ads.linkedin.com 3 frame-ancestors 'self' https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt https://www.visidarbi.lv; 3 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.googleapis.com; worker-src 'self' blob:; 3 frame-ancestors https://community.activisionblizzard.com 3 script-src 'self' 'unsafe-eval' unpkg.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com *.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://rebilly.github.io https://ws.sharethis.com maps.googleapis.com platform.instagram.com platform.twitter.com 'nonce-KXN3GfTGVos1GNE5QE7HOg' 'sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=' 'sha256-rJWF1HTwzCkij/YjN5I/DlTS2OasS08kh3e2pM1Qj/Q=' 'sha256-xQbGZ2VRgYFIBPZn2GyIMrpvD1EZ9CHxEO7U/gwUvnM=' 'sha256-UL5iGLPIaIuci6xCCNMRZfZ/HFxYdnKuPELYWO6Eh/0=' 'sha256-YuT8PtTQSQVdoGr0bfv0HLis2eHoKlqMf8WDm3JOL3o='; script-src-attr 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-eval' unpkg.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com *.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://rebilly.github.io https://ws.sharethis.com maps.googleapis.com platform.instagram.com platform.twitter.com 'nonce-KXN3GfTGVos1GNE5QE7HOg' 'sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=' 'sha256-rJWF1HTwzCkij/YjN5I/DlTS2OasS08kh3e2pM1Qj/Q=' 'sha256-xQbGZ2VRgYFIBPZn2GyIMrpvD1EZ9CHxEO7U/gwUvnM=' 'sha256-UL5iGLPIaIuci6xCCNMRZfZ/HFxYdnKuPELYWO6Eh/0=' 'sha256-YuT8PtTQSQVdoGr0bfv0HLis2eHoKlqMf8WDm3JOL3o='; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.googleapis.com https://cdnjs.cloudflare.com; worker-src 'self' blob: 3 default-src https: 'unsafe-inline' 'unsafe-eval' data: connect-src: wss://chat.sbservers.cz wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io img-src: https://chat.supportbox.cz script-src: 'unsafe-inline' https://chat.supportbox.cz style-src: https://chat.supportbox.cz blob: 3 default-src 'self' https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://go.openlms.net https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://js.driftt.com https://cdn4.mxpnl.com https://*.chilipiper.com https://*.cookie-script.com https://www.googletagmanager.com https://*.googletagmanager.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://w.soundcloud.com https://go.openlms.net https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com https://js.driftt.com https://snap.licdn.com https://cdn4.mxpnl.com https://lltrck.com https://www.clarity.ms https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://zippyfrog.co https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://go.openlms.net https://go.ltgplc.com https://player.vimeo.com https://js.driftt.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;font-src 'self' data: https://fonts.gstatic.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.cookie-script.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://lltrck.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://c.clarity.ms *.google-analytics.com *.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.cheekybranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://app.vwo.com https://*.storylane.io https://td.doubleclick.net https://bat.bing.net https://googleads.g.doubleclick.net https://ct.capterra.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://js.driftt.com https://*.chilipiper.com https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://go.openlms.net https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://js.driftt.com http://*.mixpanel.com http://cdn.mixpanel.com https://*.mixpanel.com https://cdn.mixpanel.com https://api-js.mixpanel.com https://in.hotjar.com wss://ws18.hotjar.com https://ws18.hotjar.com www.googleapis.com https://*.algolianet.com https://*.algolia.net https://ws25.hotjar.com/ https://cdn.segment.com wss://ws11.hotjar.com https://ws11.hotjar.com https://e.clarity.ms wss://ws41.hotjar.com https://ws41.hotjar.com https://region1.google-analytics.com *.google-analytics.com *.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://monitor.clickcease.com https://www.clickcease.com https://*.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.cheekybranding.com https://px.ads.linkedin.com https://ob.esnbranding.com https://obs.esnbranding.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io https://www.google.co.uk https://*.google.co.uk https://td.doubleclick.net https://googleads.g.doubleclick.net https://bat.bing.net https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com;prefetch-src 'self' https://go.openlms.net https://www.googletagmanager.com https://www.google-analytics.com https://*.chilipiper.com;frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://js.driftt.com https://go.ltgplc.com https://go.openlms.net https://weareclasstech.wistia.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.chilipiper.com https://*.cookie-script.com https://*.storylane.io https://googleads.g.doubleclick.net https://td.doubleclick.net https://tracking-api.g2.com https://*.g2.com https://js.storylane.io https://bat.bing.com 3 default-src 'self' *.vanheusenindia.com *.yellowmessenger.com *.trendin.com *.abfrl.net *.abfrl.in *.paytm *.louisphilippe.com *.reebok.in *.aeo.in *.forever21.in *.simoncarter.in *.peterengland.com *.allensolly.com *.trustarc.com *.gstatic.com data: p11.techlab-cdn.com; img-src * 'self' https://*.akstat.io vanhuesenindia.imgix.net blob: data:;script-src 'self' *.juspay.in assets.abfrlcdn.com *.google.com pantaloons.imgix.net tr.snapchat.com tags.creativecdn.com asia.creativecdn.com *.artfut.com t07-vtr-plugin.tryndbuy.com t07plugin.tryndbuy.com *.yellowmessenger.com *.limechat.ai tsm.s3g6.com retag.crossdevicetracking.com static-cdn.trackier.com wd-ret.io in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com targetinng.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com *.trustarc.com go-mpulse.net sc-static.net sdk.rsut.io router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.primeai4.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.abfrl.in *.abfrl.net *.trendin.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com google.com *.googletagmanager.com *.usersnap.com *.clevertap.com https://c.amazon-adsystem.com/ *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com p11.techlab-cdn.com; connect-src 'self' *.juspay.in *.tryndbuy.com widget.usersnap.com wd-ret.io targetinng.com asia.creativecdn.com tr.snapchat.com wss://cloud.yellow.ai *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.yellow.ai *.paytm.in *.akamaihd.net *.limechat.ai wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io https://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com *.trustarc.com *.abfrl.in *.abfrl.net *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com pantaloons.imgix.net bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.primeai4.in https://integration.richrelevance.com/* https://integration.richrelevance.com https://recs.richrelevance.com/* https://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in p11.techlab-cdn.com; style-src 'self' 'unsafe-inline' *.google.com accounts.google.com *.abfrl.in *.abfrl.net *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.primeai4.in *.limechat.ai *.crazyegg.com *.streamoid.com *.trustarc.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net *.abfrl.in *.abfrl.net *.trendin.com *.elastic-cloud.com *.scene7.com *.trustarc.com assets.abfrlcdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' t07-vtr-plugin.tryndbuy.com t07plugin.tryndbuy.com tr.snapchat.com *.juspay.in *.paytm.in afftracer.g2afse.com *.limechat.ai tsm.s3g6.com tracking.icubeswire.co static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.trustarc.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com *.abfrl.in *.abfrl.net *.trendin.com *.youtube.com; child-src pantaloons.imgix.net *.googleapis.com; worker-src localhost:3000 blob: *.vanheusenindia.com *.abfrl.in *.abfrl.net *.louisphilippe.com *.peterengland.com *.allensolly.com; prefetch-src *.googleapis.com *.abfrl.in assets.abfrlcdn.com imagescdn.abfrl.in connect.facebook.net cdn.yellowmessenger.com script.crazyegg.com 3 default-src 'self' www.google.com www.googletagmanager.com storage.googleapis.com www.youtube.com secure.livechatinc.com *.stripe.com truevalue.fisherprinting.net ezadtv.app.ezai.io td.doubleclick.net; connect-src 'self' *.facebook.com www.googletagmanager.com www.google-analytics.com api.ezai.io analytics.google.com vc.hotjar.io ws.hotjar.com wss://ws.hotjar.com content.hotjar.io truevalue.fisherprinting.net api.polotno.com api.polotno.dev api.livechatinc.com *.google.com; font-src * data:; img-src * data: blob:; media-src blob: storage.googleapis.com www.youtube.com; script-src * connect.facebook.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; 3 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self' https://iface.core-networks.de; frame-ancestors 'none'; block-all-mixed-content 3 base-uri 'self'; script-src 'report-sample' 'unsafe-eval' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-8hfDTWqu8k9HvHzrkzt+xhtPpKaUxiTKKafbnLtHZCs=' 'sha256-SMUeP6E2pMrxXZ8/eWo6OvoLUN6jMLYb5qEUgHaaDrA=' 'sha256-EUBEF5WvTGqk0hm+1BG7zR6I+6+DGb6OOh8cyLSJhBk=' 'sha256-EVfbJoCaYvQGy63aF4IaFkCgygoCP13tlf39WBoqnmQ=' 'sha256-XnNQECY9o+nIv2Qgcd1A39YarwxTm10rhdzegH/JBxY=' 'sha256-0XMgg4rqcxPYJ6gk7kILQRAbBe9xK3+Ik6iWqGJcYWg=' 'sha256-g8iVyamDwt3OeOKt7rpBJ01H71OFT38TNW31YoDqtg4=' 'sha256-L0DnDaq26Adb1CiOJaNeUyPd9e4qJm+x6Ywtoa+S3+4=' 'sha256-U7KwF5KvWsJaK9Am2TfiRzMq4/MU6CWFj0mfRqtZkfA=' 'sha256-910MBH4o0XYmt2KdyUfPUnjODdvSFGgoCIXR7njrfSw=' 'sha256-nwrPrPUzetXBOU2PA9lEiV0YlyEa2u1K1E9PzmP4iY8=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-/bm28XTHBk/2+8w4OK5Z3PKsnHRjh6YGqEZrDmAzpxo=' 'sha256-un4Od7TXS3yFrOZTtMAVbkJ1wXe6c2+09LvfoBl4jh4=' 'sha256-fe+DmxUPcLoM27k80UR5jvvr4aLfF0rSHKV5SemJPzg=' 'sha256-qo1RuSBojC8D1TICoE4IFgVurx/k8U1oZK9MRDE/KlE=' 'sha256-mRKioI8+U/Z6IlUernsYX+VQ/+1ZmIz0Exd6vI7EZNY=' 'sha256-hRyOf0WLnTNjcFQ90fQeHumVAWjriqpnqRUaI6h1vj0=' 'sha256-8W8281SYt1k0eR9Y0z66gdPlhw9xO1U+Pwx9xjYYfwo=' 'sha256-q5qXN11uZHDKvdYtrAbOosaCyKbZxuxxNck525tOrsk=' 'sha256-PGwKPKtgIFR7BBaTEzRxRl4FWV1uufjCt5TVa6TI12k=' 'sha256-W0QY3aFcPnZSSetdi5gTeKy2IQMi3eCafbIVKAa20Zg=' 'sha256-aroGK3JMjlNu/zPuSeivrWD3UC/3tMaU+UuxKWdimpM=' 'sha256-ky6kwALluZeYIOUb67vYvNIm+6GYo9ZIpE5+6fUAbiU=' 'sha256-hMbRFabSSL7CIDsoqw8tkSvYtzZ1NeJqQyhGZdSdnxQ=' 'sha256-ceLZobD9Q86jstPOfW76BNTxXlZ7mTw0PF66debOnx4=' 'sha256-X2HVLVOvP9Opbf0ClAql73Fbwflss+KO544zddICf4U=' 'sha256-aZTZsmwqKP8HIwXU9SL0uRZWX9soMifegql0XmccYEw=' 'sha256-1rN3TBB70ehRoaiW/CvP3GHTNFr593iDXloGmle9JiY=' 'sha256-x1FQfFjfHqekbV7feKwmQ6gSdooZVGPGLXw1OK5YdiI=' 'sha256-yri+yF9cdn4VkD2uOCWeqlkqpeFZ/SmhDMhon/fQzEc=' 'sha256-XjcRVp58oyAqZCEyhIdbxI6UjLqnQdmi6PBfRy1+BgA=' 'sha256-Gjk/4NYwu3CbqK8Gj2MWMzyS9v/i8sLwf6xwP/oH5M8=' 'sha256-bQXNx2wNfK+Khvyw++rw7cScVp1Eo8GHhINrXBvF2Kc=' 'sha256-Kqjmds221Sxp42v6MMfVXhclGVC7fCZX4ESjxL3gVLw=' 'sha256-mK2LcNpqkDcXTppsyMqneuE6GEJ5j+7REt0lTsRKUUU=' 'sha256-fCl5PYrISg7MPsnIeZ+T6npnLgyi68m9NcGT5ONA6pI=' 'sha256-H50ABvo0XriiYrFw1nag3drPHQoIE34FfOWFzlCHy3E=' 'sha256-wE+KqdimW+7MWcIE1UdqfODsz8hgcsyd2YuAQ4gVmTY=' 'sha256-MaUq5Wt30Bl8clIlW7/zvNPuKmnZdlAxopQigKrPLso=' 'sha256-I3J1LKXta0FJ/3+aa+dBNCE5dV3fjcG7p7ulnbtcMp0=' 'sha256-zpqVdE6ttrmhTiPbjKj6s39iaE9RMfzNp6aF7UKwtBY=' 'sha256-8kotGhRmEBiesu8MHsrDeRTEpj3SSDokReILPbeA37I=' 'sha256-OyfHFA4tRzHfTynnYncdFb31ISeCD7Am01txqn+O4ys=' 'sha256-DMT61jx96o8Zt4O6NPLDbLFDtyQSPa4zNGgdA8jCqF4=' 'sha256-cdJLDgaTPPJz9rqWbXcX70modqLshn8Wti8X7csGKLs=' 'sha256-Ubpp3UAuqVQ2aqrQydRcFipkEq08tYYEskh9QC1G50Q=' 'sha256-savpz652hUrFSTNoRdzTuvttLoQ8UN1p2KhaqZs4RFo=' 'sha256-d7o/iD0TcPtTf9pAbqA9aa2qsmdqPtbqxI3YMwTtrrA=' 'sha256-vKTtXqBsPdGS4/zx94PM36gvdxCJ/Ax00pQQzPjQipM=' 'sha256-JX/B96MKyLyvkF8KBl3WNnl4E4qTPbCHIVjK18Wsrv4=' 'sha256-dC/jD1PLk3u5eHvMjPSU2sn/MZtS9SvfrUHfM/0ljNg=' 'sha256-2SogunjLOxlI7Wg4N9b3QeLMc6iMRcqBOb+GKaaTRms=' 'sha256-F9WIjqwVFa6OdXSzHYNoMqL8JLBqUXo1Pi7efWcW6Hc=' 'sha256-f43zB0nOsgPWXfe3o5rddAbhDW/vcFrzBSDkk4HjcqI=' 'sha256-X2KwazXyKFvTF732X/K2aV1GfPZfEs0LxZqe2fVEgbQ=' 'sha256-JD3QNZMrcbKEHx/fiFA48Q4qfUSRVJzNY0ddMrIDldw=' 'sha256-a0LCXoGMhTbJbdBhYjYs9SWYUfLEQOK28ScGPz95OGU=' 'self' www.linkedin.com/autofill/js/autofill.js static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com content.linkedin.com snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com sjs.bizographics.com *.salesforceliveagent.com bcvipva02.rightnowtech.com bcvipac02.rightnowtech.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net cdn.linkedin.oribi.io cdn.tt.omtrdc.net bat.bing.com connect.facebook.net cdn.walkme.com gist.github.com embedr.flickr.com; worker-src 'none'; frame-ancestors 'self' *.linkedin.com experience.adobe.com; frame-src blob: lnkd-communities: voyager: *; connect-src wss: blob: data: *; img-src blob: data: android-webview-video-poster: *; media-src blob: data: *; style-src 'unsafe-inline' *; form-action 'self' *.linkedin.com linkedin.secure.force.com linkedinresearch.qualtrics.com *.salesforceliveagent.com linkedin.my.salesforce-sites.com; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=m 3 frame-ancestors 'self' https://tbohotels.com https://*.tbohotels.com https://tboholidays.com https://*.tboholidays.com; 3 frame-ancestors https://p-backoffice.b2c.gebr-heinemann.com/ 3 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https: ; worker-src 'self' blob: ; media-src 'self' blob: https: ; connect-src 'self' blob: https: wss://ws.hotjar.com/ ; 3 frame-ancestors 'self' https://storyblok.com https://*.storyblok.com 3 default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://yastatic.net https://enterprise.api-maps.yandex.ru https://api-cis.exponea.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org *.metrika.yandex.ru *.yandex.tld *.yandex.net https://vk.com https://top-fwz1.mail.ru; style-src https: blob: 'self' 'unsafe-inline'; style-src-elem blob: https: 'self' 'unsafe-inline'; img-src blob: data: https: 'self' 'unsafe-inline' https://*.maps.yandex.net https://enterprise.api-maps.yandex.ru https://api-maps.yandex.ru https://yandex.ru https://mc.yandex.ru; connect-src wss://*.blanc.ru wss://*.vestabankdev.ru https: 'self' 'unsafe-inline' *.sentry.io *.ingest.sentry.io https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net https://api-cis.exponea.com https://stats.g.doubleclick.net https://mc.yandex.ru; font-src data: https: 'self' 'unsafe-inline'; object-src 'self'; media-src 'self'; child-src https: 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://mc.yandex.ru; frame-src blob: 'self' https://*.facct.ru https://*.facct.ru https://wcm-ru.frontend.weborama.fr https://content.adriver.ru https://www.facebook.com http://*.fls.doubleclick.net http://*.doubleclick.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.mkb.ru:* https://*.mirconnect.ru:* https://*.vestabankdev.ru https://*.blanc.ru https://mc.yandex.ru https://mc.yandex.com https://ad.new-programmatic.com https://px.adhigh.net/; form-action https: 'self' 'unsafe-inline'; worker-src https: 'self' blob:; manifest-src https: 'self'; frame-ancestors 'self' https://*.blanc.ru https://avito.ru https://www.avito.ru https://*.avito.ru *.yandex.ru *.yandex.by *.yandex.com *.yandex.com.tr webvisor.com; block-all-mixed-content; report-uri https://o547163.ingest.sentry.io/api/5669457/security/?sentry_key=1f47343ab8d64a3bb44fa53d85499fff; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://player.vimeo.com https://*.bing.com https://www.linkedin.com https://*.mktoutil.com https://*.clickcease.com https://*.jquery.com https://www.gartner.com https://*.litix.io https://*.reddit.com https://*.firstup.io https://www.google-analytics.com https://nitroscripts.com https://*.google-analytics.com https://*.licdn.com https://www.clickcease.com https://clickcease.com https://*.wistia.net https://*.googlesyndication.com https://heapanalytics.com https://*.nitrocdn.com https://*.hockeystack.com https://*.ads.linkedin.com https://heapanalytics.com wss://*.hotjar.com https://*.youtube.com https://*.cloud.adobe.io https://*.default.com https://*.adoberesources.net https://*.hotjar.io https://*.storylane.io https://www.redditstatic.com https://*.cloudflare.com https://*.sentry-cdn.com https://*.bizible.com https://*.heapanalytics.com https://cdn.jsdelivr.net https://connect.facebook.net https://*.cookiebot.com https://*.wistia.com https://*.doubleclick.net https://*.6sc.co https://*.zi-scripts.com https://*.marketo.net https://*.nitroscripts.com https://*.pardot.com https://*.mountain.com https://*.hotjar.com https://*.g2crowd.com https://*.googletagmanager.com https://*.mktoresp.com https://*.getnitropack.com https://*.g2.com https://*.zoominfo.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.bizibly.com https://www.facebook.com https://p.typekit.net https://use.typekit.net https://cdn.fontshare.com https://placehold.co https://www.googleadservices.com https://js.zi-scripts.com https://munchkin.marketo.net https://dx.mountain.com https://secure.gravatar.com https://widget.usersnap.com https://resources.usersnap.com https://js.stripe.com https://maps.googleapis.com https://library.elementor.com https://firstup.io https://yoast.com https://d3rxaij56vjege.cloudfront.net https://player.simplecast.com https://static.userguiding.com https://rum-static.pingdom.net https://rum-agent.na-01.cloud.solarwinds.com/ https://s.w.org https://www.redditstatic.com https://td.doubleclick.net.x.92211b520cc4a047d009342036621b8266e2.d0452016.id.opendns.com https://block.opendns.com https://stats.g.doubleclick.net https://td.doubleclick.net.x.ad1472150db1e0428a08d450764ba7151758.d04520bd.id.opendns.com https://static.hotjar.com https://bat.bing.com https://cdn.bizible.com https://cdn.heapanalytics.com https://alb.reddit.com https://widget.intercom.io https://w.soundcloud.com https://i.ytimg.com https://connect.facebook.net https://pixel-config.reddit.com https://nitroscripts.com moz-extension: https://googleads.g.doubleclick.net https://firstupstage.wpengine.com https://pro.fontawesome.com https://cdn.scite.ai https://infird.com https://*.googleusercontent.com https://www.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://qvdt3feo.com/ https://tags.srv.stackadapt.com; object-src 'none'; connect-src https: wss:; base-uri 'self'; report-uri https://o4509193025683456.ingest.us.sentry.io/api/4509193026732032/security/?sentry_key=734b8ab53e0825f7bce70d3fc8d92599; worker-src blob:; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://plausible.io; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src 'self' data: https://*.medium.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://*.4160.nodely.dev https://plausible.io https://api.emailjs.com; frame-src 'self' https://*.loom.com https://*.youtube.com https://customer-79jhngjtc25rkvy9.cloudflarestream.com; frame-ancestors 'none'; report-to default 3 frame-ancestors 'self' *.futuoa.com 3 default-src 'self' 'unsafe-inline' region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://platform.twitter.com https://www.linkedin.com https://indd.adobe.com https://syndication.twitter.com/; connect-src *; font-src *; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://imtcast.imt.fr/ https://haltools.archives-ouvertes.fr/ https://indd.adobe.com/ https://barometredelascienceouverte.esr.gouv.fr/ https://www.rcf.fr https://platform.twitter.com https://www.linkedin.com https://syndication.twitter.com/ https://v.calameo.com/ https://player.vimeo.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com region1.google-analytics.com stats.g.doubleclick.net google-analytics.com www.youtube.com www.youtube-nocookie.com https://cdn.jsdelivr.net https://platform.linkedin.com https://www.linkedin.com googletagmanager.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill-fastly.io https://www.google.com localhost:35729 yui.yahooapis.com; script-src-elem * 'unsafe-inline' localhost:35729; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdnjs.cloudflare.com; frame-ancestors 'self'; 3 connect-src 'self' data: wss://* sendpulse.com *.sendpulse.com sendpulse.ua *.sendpulse.ua sendpulse.fr *.sendpulse.fr sendpulse.kz *.sendpulse.kz *.google.com *.doubleclick.net *.facebook.com *.facebook.net *.fbcdn.net *.fbsbx.com *.twitter.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.bootstrapcdn.com *.supportsrc.com *.instagram.com *.cdninstagram.com *.cookiebot.com *.clarity.ms *.spcdn.org *.partnersrc.com cdn.jsdelivr.net unpkg.com *.disqus.com *.disquscdn.com *.bing.com *.bing.net *.newrelic.com *.nr-data.net afarkas.github.io *.rawgit.com tiktok.com *.tiktok.com *.capterra.com *.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' sendpulse.com *.sendpulse.com sendpulse.ua *.sendpulse.ua sendpulse.fr *.sendpulse.fr sendpulse.kz *.sendpulse.kz *.google.com *.doubleclick.net *.facebook.com *.facebook.net *.fbcdn.net *.fbsbx.com *.cloudflare.com *.twitter.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.bootstrapcdn.com *.supportsrc.com *.instagram.com *.cdninstagram.com *.cookiebot.com *.clarity.ms *.spcdn.org *.partnersrc.com cdn.jsdelivr.net unpkg.com *.disqus.com *.disquscdn.com *.jquery.com getk2.org *.tinymce.com *.bing.com *.bing.net *.newrelic.com *.nr-data.net afarkas.github.io *.rawgit.com tiktok.com *.tiktok.com *.capterra.com *.crisp.chat; frame-ancestors 'self' sendpulse.com *.sendpulse.com sendpulse.ua *.sendpulse.ua sendpulse.fr *.sendpulse.fr sendpulse.kz *.sendpulse.kz sendpulse.ua *.sendpulse.ua *.crisp.chat; worker-src 'self' blob:; 3 default-src 'self' data: ; connect-src 'self' https: wss: ; font-src 'self' chrome-extension: data: https: ; img-src 'self' data: blob: android-webview-video-poster: about: https: ; frame-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' https: ; style-src-elem 'self' 'unsafe-inline' https: ; style-src-attr 'self' 'unsafe-inline' https: ; worker-src 'self' 'unsafe-inline' https: blob: ; frame-ancestors 'self' https://*.magnews.it https://*.magnews.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cspr-it.mag-news.it/ 3 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 3 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 3 upgrade-insecure-requests; default-src 'self' https://*.screeb.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googletagmanager.com/ disqus.com *.disqus.com *.disquscdn.com https://js.hs-scripts.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com https://gist.github.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsforms.net https://forms.hsforms.com/ https://js.hs-analytics.net https://app.getbeamer.com/js/ https://realtime.getbeamer.com/ https://apis.google.com https://*.screeb.app nominatim.openstreetmap.org http://cdn.matomo.cloud/opendatasoft.matomo.cloud/matomo.js http://cdn.mxpnl.com/ ; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://github.githubassets.com/ *.disquscdn.com https://fonts.googleapis.com https://app.getbeamer.com/styles/ ; img-src * data: blob:; font-src * data:; media-src 'self' https://eu.ftp.huwise.com/odsacademy/ https://eu.ftp.opendatasoft.com/odsacademy/ ; connect-src 'self' *.huwise.com *.opendatasoft.com *.disqus.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.algolia.net api.jawg.io tile.jawg.io https://graph.microsoft.com/ https://backend.getbeamer.com/ wss://realtime.getbeamer.com https://static.getbeamer.com/favico.js https://stats.g.doubleclick.net https://t.hs-growth-metrics.com https://*.screeb.app wss://*.screeb.app https://opendatasoft.matomo.cloud/matomo.php https://api-js.mixpanel.com/ ; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com/recaptcha/ https://accounts.google.com https://docs.google.com https://*.screeb.app *.huwise.com *.opendatasoft.com disqus.com https://app.hubspot.com https://forms.hsforms.com https://app.getbeamer.com https://opendatasoft-trial.com data.opendatasoft.com/ www.youtube.com/embed/ www.youtube-nocookie.com/embed/ www.dailymotion.com/embed/video/ player.vimeo.com/video/ www.veed.io/embed/ app.powerbi.com/ app.powerbigov.us/ app.high.powerbigov.us/ app.mil.powerbigov.us/ public.tableau.com/views/ arcgis.com/apps/View/ docs.google.com/forms/ forms.office.com/ www.google.com/maps/d/embed www.google.com/maps/embed www.arcgis.com/home/webscene/viewer.html www.arcgis.com/home/webmap/viewer.html www.arcgis.com/apps/dashboards/ www.arcgis.com/apps/Embed/ app.streamfizz.live/embed/ player.streamfizz.live/embed/ www.facebook.com/plugins/page.php experience.arcgis.com/experience/; 3 frame-ancestors 'self' https://teams.microsoft.com 3 'self'.model-t.cc.commerce.ondemand.com:443 *.ynk.cl:443 3 default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://tpc.googlesyndication.com/safeframe/ https://www.youtube.com/embed/ https://server.infinety.hu/ https://*.safeframe.googlesyndication.com/safeframe/ ; img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://csi.gstatic.com/ https://maps.googleapis.com/maps/ https://googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://www.facebook.com/ data: https://www.w3.org/2000/svg/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://ad-delivery.net/px.gif https://tpc.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://pagead2.googlesyndication.com/ blob: 'self' https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://www.google.com/pagead/ https://optimize.google.com/ https://nemzeticegtar.hu/files/ https://www.nemzeticegtar.hu/files/ https://www.google.co.uk/ https://nctteszt.opten.hu/ https://admin.nemzeticegtar.hu/ https://i.imgur.com/ https://widget.molin.ai/ https://www.googletagmanager.com https://fonts.gstatic.com https://ceginfo.hu/assets/images/ ; style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/ https://ad.adverticum.net/banners/ https://static.hotjar.com/ https://optimize.google.com/ ; font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://optimize.google.com/ https://cdnjs.cloudflare.com/ajax/libs/ ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://static.hotjar.com/ https://optimize.google.com/ https://connect.facebook.net/en_US/fbevents.js https://unpkg.com/@dotlottie/player-component@latest/dist/dotlottie-player.mjs blob: 'self'; connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/ https://fastlane.rubiconproject.com/a/api/fastlane.json https://adx.adform.net/adx/ https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://*.hotjar.com/ wss://*.hotjar.com/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://script.4dex.io/adagio.js https://ice.360yield.com/ https://prg.smartadserver.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://static.hotjar.com/ https://content.hotjar.io/ https://region1.google-analytics.com/ https://*.doubleverify.com/ https://region1.analytics.google.com/ https://maps.googleapis.com/ wss://molin.ai/ https://eu.posthog.com/ https://assets5.lottiefiles.com/ https://pheu.molin.ai/ https://lottie.host/18ceabf4-51c0-410e-8bce-1e1ee2924c57/gb9fKyPMO2.json https://widget.molin.ai/ https://cmp.inmobi.com/ https://api.cmp.inmobi.com/ https://ep1.adtrafficquality.google/getconfig/ ; frame-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://www.google.hu/ads/user-lists/ https://maps.googleapis.com/ https://googleapis.com/ https://tpc.googlesyndication.com/ https://ls.hit.gemius.pl/ https://www.youtube.com/embed/ https://occsz.e-cegjegyzek.hu/ https://server.infinety.hu/ https://vars.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://*.safeframe.googlesyndication.com/ https://*.doubleverify.com/ https://*.rubiconproject.com/ https://*.criteo.com/ https://www.google.com/maps/ https://optimize.google.com/ https://securepubads.g.doubleclick.net/ https://ep2.adtrafficquality.google/ ; worker-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://static.hotjar.com/ https://sparbanner.kolrus.cloud/ ; media-src https://sparbanner.kolrus.cloud/ https://static.hotjar.com/ https://server.infinety.hu/ https://molin.ai/ ; 3 frame-ancestors "self" 3 default-src 'self' *.wistia.com *.hotjar.com www.google.com www.google.co.in pages.wcgclinical.com www.google-analytics.com *.doubleclick.net *.centerwatch.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.cookielaw.org www.googletagmanager.com *.marketo.com *.marker.io pages.wcgclinical.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.hotjar.com unpkg.com *.unpkg.com *.marketo.net *.cloudfront.net *.mktoresp.com www.google.com *.cdntwrk.com snap.licdn.com *.wistia.com *.wistia.net wcgclinical.staging.wpengine.com widget.yeps.io www.buzzsprout.com gstatic.com *.gstatic.com pki.goog *.pki.goog *.google.com googleapis.com *.googleapis.com js.zi-scripts.com *.centerwatch.com *.sentry-cdn.com *.mktoweb.com edge.fullstory.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com pages.wcgclinical.com *.cdntwrk.com *.wcgclinical.com *.marketo.com *.centerwatch.com *.mktoweb.com; object-src 'self' *.wcgclinical.com *.wcgirb.com *.centerwatch.com *.wpengine.com *.wpenginepowered.com; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.cookielaw.org *.google-analytics.com *.linkedin.oribi.io *.onetrust.com *.doubleclick.net *.marker.io *.hotjar.io *.hotjar.com *.mktoresp.com *.hotjar.io *.wistia.com *.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.yeps.io embedwistia-a.akamaihd.net js.zi-scripts.com *.centerwatch.com *.google.com www.wcgclinical.com browser.sentry-cdn.com; font-src 'self' fast.wistia.com fonts.gstatic.com fonts.googleapis.com *.centerwatch.com data:; frame-src 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.marker.io *.doubleclick.net *.hotjar.com *.google.com *.wistia.net *.wistia.com *.powerbi.com *.youtube.com *.vimeo.com wcgclinical.outgrow.us *.five9.com *.marketo.com www.buzzsprout.com *.centerwatch.com www.googletagmanager.com *.mktoweb.com *.wpengine.com *.wpenginepowered.com data:; img-src 'self' www.wcgclinical.com www.wcgirb.com *.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.in *.cdntwrk.co *.cdntwrk.com *.wistia.net *.wistia.com *.fdanews.com via.placeholder.com wcgclinical.staging.wpengine.com embedwistia-a.akamaihd.net wcgclinical.wpengine.com wcgnewprod.wpengine.com wcgnewprodstg.wpengine.com wcgnewprod.wpenginepowered.com wcgnewprodstg.wpenginepowered.com px.ads.linkedin.com *.cookielaw.org *.centerwatch.com *.mktoweb.com data:; media-src 'self' *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com *.centerwatch.com www.wcgclinical.com data: blob:; worker-src 'self' blob:; 3 connect-src 'self' ws: *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com content.hotjar.io *.bing.com bat.bing.net munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com 106-jev-611.mktoresp.com https://s3.eu-west-1.amazonaws.com/marker.sessions.prod; default-src 'self' *.google-analytics.com *.googletagmanager.com; font-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; form-action 'self' *.cookiebot.com *.google.com; frame-ancestors 'self'; frame-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com *.youtube.com; img-src 'self' data: *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com static.hotjar.com px4.ads.linkedin.com bat.bing.net *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; media-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com static.hotjar.com script.hotjar.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com unpkg.com *.google.com *.wistia.net snap.licdn.com; style-src 'self' 'unsafe-inline' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.marker.io *.umbraco.com unpkg.com *.google.com *.wistia.net snap.licdn.com px.ads.linkedin.com; worker-src 'self' *.cookiebot.com *.google.com; 3 default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; 3 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.sg *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io widgets.tipranks.com site.recognia.com ibkr.paxosclients.com *.ibkrcampus.com ibkrcampus.com *.traderstation-international.com; 3 default-src 'self' https:; connect-src 'self' https: wss://realtime.luckyorange.com wss://in.visitors.live; font-src 'self' https: data:; img-src 'self' https: data: blob:; media-src 'self' blob:; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'report-sample' 'unsafe-inline' https:; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 3 frame-ancestors 'self' *.arcgis.com *.esri.com learn.esri.ca 3 upgrade-insecure-requests; report-uri 3 style-src 'self' 'unsafe-inline'; 3 default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src *; object-src *; base-uri *; form-action *; frame-ancestors *; 3 default-src * 'self' 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://acsbapp.com/ https://*.googleapis.com/ https://bat.bing.com/ https://*.quantummetric.com/ https://*.osano.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.google.com https://*.google.co.uk https://js.stripe.com/ blob: 'unsafe-inline' 'unsafe-eval' 'self'; frame-ancestors 'self'; form-action *; font-src https://fonts.gstatic.com/ https://*.acsbapp.com 'self' data:; img-src www.googletagmanager.com https://*.acsbapp.com https://www.facebook.com https://*.bing.com https://*.google.com https://*.google.co.uk https://*.google.co.in https://*.google.rs https://*.doubleclick.net https://bat.bing.com https://*.google-analytics.com https://*.google.co.in https://*.cibt.com/ https://*.cibtvisas.com https://cibtvisas.com 'self' data: blob:; connect-src 'self' data: https://*.google.com https://*.google.co.in https://*.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googlesyndication.com https://*.bing.com https://*.acsbapp.com https://acsbapp.com https://*.cibt.com https://*.api.osano.com/ https://google.com https://google.co.uk https://google.co.in https://google.rs https://*.cibtvisas.com https://*.*.osano.com *.amazonaws.com https://*.newlandchase.com https://cibt.my.salesforce-sites.com; 3 frame-ancestors 'self' *.recia.fr *.netocentre.fr netocentre.fr *.touraine-eschool.fr *.chercan.fr colleges41.fr *.colleges41.fr e-college.indre.fr *.e-college.indre.fr mon-e-college.loiret.fr *.mon-e-college.loiret.fr *.colleges-eureliens.fr *.nextcloud.recia.aquaray.com 3 object-src data: 'unsafe-eval' 3 object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 3 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://rum-static.pingdom.net/ https://www.googletagmanager.com https://www.google-analytics.com https://web.cmp.usercentrics.eu; style-src 'report-sample' 'self' 'unsafe-inline' https://web.cmp.usercentrics.eu; connect-src 'self' https://app.qweb.nl https://www.foxxl.hosting https://*.google-analytics.com https://*.pingdom.net https://v1.api.service.cmp.usercentrics.eu; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://fonts.gstatic.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self' https://app.qweb.nl; 3 frame-src *; default-src 'self' 'unsafe-eval' 'unsafe-inline' api.fillr.com m.cmpgn.page c.bing.com pvhba-m2prod-maintenance.s3-ap-southeast-2.amazonaws.com applepay.cdn-apple.com *.abtasty.com *.adyen.com *.afterpay.com *.analytics.yahoo.com *.bazaarvoice.com *.calvinklein.com *.clarity.ms *.contentsquare.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.com.au *.google.co.nz *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.imgix.net *.magefan.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.paypal.com *.pinterest.com *.pmnts-sandbox.io *.pmnts.io ads-engagement.presage.io *.teads.tv *.vimeo.com *.vimeocdn.com *.youtube.com *.zdassets.com *.zipmoney.com.au analytics.tiktok.com bat.bing.com bat.bing.net/action/0 blob: d3nocrch4qti4v.cloudfront.net data: df45ay5pw60dy.cloudfront.net duuytoqss3gu4.cloudfront.net ecomm-cdn.trurating.com *.quantserve.com player.vimeo.com prreqcroab.icu pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com pvhba-imgix-global-th-m2prod.s3.ap-southeast-2.amazonaws.com *.zendesk.com sandbox.zipmoney.com.au sc-static.net site-assets.afterpay.com static.afterpay.com static.zipmoney.com.au t.paypal.com tommyau.zendesk.com tr.snapchat.com v2assets.zopim.io wss://*.zopim.com wss://*.zendesk.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com zendesk-eu.my.sentry.io *.zip.co zip.co zipmoney.com.au ; form-action 'self' 3dauthentication.bankcomm.com 3ds.cathay-cube.com.tw 3ds.cathaybk.com.tw 3ds.vib.com.vn 3ds.emlpayments.com *.acs.cmbchina.com *.adyen.com *.americanexpress.com *.apata.io *.cardinalcommerce.com *.facebook.com *.paypal.com acssys.ccb.com.cn xykpay.3d2.icbc.com.cn acsauth.abchina.com.cn acs.revolut.com api.bazaarvoice.com ct.pinterest.com debitc2.3debspay.boc.cn/acs-auth-web www.rsa3dsauth.co.uk www.mycardsecure.com mycardsecure.com *.arcot.com pilot-payflowlink.paypal.com stg.api.bazaarvoice.com www.paypal.com www.sandbox.paypal.com www.securesuite.co.uk www.securesuite.net www.rsa3dsauth.com authentication.cardinalcommerce.com creditc2.3debspay.boc.cn; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' d1m2uzvk8r2fcn.cloudfront.net cfjump.calvinklein.com.au applepay.cdn-apple.com *.abtasty.com *.afterpay.com *.attraqt.io *.bazaarvoice.com *.braintreegateway.com *.cardinalcommerce.com *.cfjump.com cfjump.calvinklein.co.nz cfjump.tommy.com cfjump.vanheusen.com.au *.contentsquare.net *.doubleclick.net *.facebook.net *.google-analytics.com *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.magento-ds.com *.newrelic.com *.nr-data.net *.particularaudience.com *.paypal.com *.paypalobjects.com *.pinimg.com *.pmnts-sandbox.io *.pmnts.io *.stockinstore.net *.teads.tv *.tiktok.com *.trurating.com *.vimeocdn.com *.yimg.com *.zdassets.com *.zendesk.com *.zipmoney.com.au api.braintreegateway.com app.contentsquare.com *.zip.co cdn.attraqt.io cdn.evgnet.com cdn.particularaudience.com cdnjs.cloudflare.com ct.pinterest.com d94qwxh6czci4.cloudfront.net ecommwidget.trurating.com gateway.pmnts-sandbox.io gateway.pmnts.io bat.bing.com *.forter.com d2nww8zpyj5pk0.cloudfront.net dlthst9q2beh8.cloudfront.net d2w2nqfk3z9hdt.cloudfront.net js.afterpay.com js.sandbox.afterpay.com js.squarecdn.com/square-marketplace.js portal.afterpay.com portal.clearpay.co.uk portal.sandbox.afterpay.com portal.sandbox.clearpay.co.uk static.afterpay.com *.clarity.ms mpsnare.iesnare.com rules.quantcount.com sc-static.net secure.quantserve.com static.zipmoney.com.au tr.snapchat.com vimeo.com www.google-analytics.com www.google.com www.vimeo.com zip.co ; connect-src 'self' *.abtasty.com *.adyen.com *.afterpay.com analytics-ipv6.tiktokw.us *.attraqt.io *.bazaarvoice.com *.braintree-api.com *.cardinalcommerce.com *.clearpay.co.uk *.contentsquare.net *.doubleclick.net *.evergage.com *.google-analytics.com *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.nr-data.net *.particularaudience.com *.paypal.com *.pinterest.com *.quantserve.com *.snapchat.com *.stockinstore.net *.teads.tv *.tiktok.com *.trurating.com *.yimg.com *.zendesk.com *.zip.co *.zipmoney.com.au bat.bing.com *.zdassets.com *.clarity.ms applepay.cdn-apple.com clarity.ms dmw2pzbenclyd.cloudfront.net d3mewz86hy02zo.cloudfront.net/merchants/global.json dpe0djwch8671.cloudfront.net/merchants/global.json *.google.co.nz google.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com js.afterpay.com js.sandbox.afterpay.com m1.openfpcdn.io/fingerprintjs pilot-payflowlink.paypal.com pixel.quantcount.com prreqcroab.icu pvh-brands.imgix.net pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com static.afterpay.com static.sandbox.afterpay.com stockinstore.net wss://*.zendesk.com wss://*.zopim.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com zip.co *.forter.com wss://cdn0.forter.com d2o5idwacg3gyw.cloudfront.net dz8rit8v72mig.cloudfront.net db7q4jg5rkhk8.cloudfront.net 1.1.1.1 d94qwxh6czci4.cloudfront.net dr6vcclmzwk74.cloudfront.net wtp.siteperformancetest.net d6wfl40rgh70w.cloudfront.net siteperformancetest.net d6rak4b14t5gp.cloudfront.net d3k4bt74u9esq1.cloudfront.net d1ezzflfzltk6e.cloudfront.net d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d1yz9u4jf6oqub.cloudfront.net d3banl4fzuxsjl.cloudfront.net; 3 connect-src 'self' *.luigisbox.com *.google.com *.google.cz *.google.sk *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.googlesyndication.com skoda-dily-db3 *.doubleclick.net *.mail-komplet.cz *.groovehq.com *.europa.eu *.deepl.com *.jquery.com *.heureka.cz *.heureka.sk *.facebook.net *.jquery.com 3 default-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.appsflyer.com appsflyer.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com *.kfc.com.pe test.ipg-online.com mozbar.moz.com www.kfclesotho.com dev.local.com:8080 *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.local.com:8080 *.local.com dev.local.com *.kaptcha.com *.smartlook.cloud *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.tictuk-qa.com *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *.alignet.io *.entersektehs.com *.klar.mx *.efaka.net *.secureacs.com www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lili.ly *.lytics.io *.groovinads.com global.frcapi.com *.creativecdn.com *.americanexpress.com *.dragontail.com test.ipg-online.com *.kfc.com.pe mozbar.moz.com www.kfclesotho.com dev.local.com:8080 *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com 3ds.eglobal.com.mx *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.tictuk.com telegram.me wa.me m.me powertranztestframeworkdsacssimulator.azurewebsites.net *.kaptcha.com *.ptranz.com *.google.com *.arcot.com *.nutritionix.com *.lji.li lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.local.com:8080 *.local.com kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.google.com voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.lytics.io *.groovinads.com *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.appsflyer.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.kaptcha.com web-sdk.smartlook.com *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com cdn.inspectlet.com lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.appsflyer.com *.groovinads.com appsflyer.com *.lytics.io *.creativecdn.com extranet.prb.com.mx *.dragontail.com dragontail.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.kfc.ph *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo media.api-kfc.com xilnexblobs.b-cdn.net www.telepizza.cl *.googletagmanager.com telepizza.cl *.telepizza.cl *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app s-cs.send.microad.jp *.onelink.me wa.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' *.alignet.io *.entersektehs.com *.klar.mx www.kfcuganda.ug www.rsa3dsauth.com api.paymongo.com payments.gcash.com *.kfc-panama.com kiosk.kfc-panama.com prb-kfc-mx-marketing-prd-gcrs-tagm-srv-513517260482.us-central1.run.app kfc-marketing-gtm-server-side-tagging-37120935558.us-central1.run.app *.onelink.me *.googletagmanager.com *.lytics.io *.creativecdn.com *.dragontail.com dragontail.com test.ipg-online.com dev.local.com:8080 test-tictuk.kfc.com.pe *.izipay.pe edge.fullstory.com rs.fullstory.com www.kfc.tt kfc-com-mx.localhost:4000 *.kfcpuertorico.com *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com kfc.com.mx *.kfc.com.mx *.ipg-online.com pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com kfc.com.pe *.kfc.com.pe ; 3 frame-ancestors 'self' production-cms.ravensburger.bloomreach.cloud; 3 default-src 'self'; script-src 'self'; object-src 'none'; base-uri 'self'; frame-src 'none' 3 frame-ancestors 'self' https://*.shiprocket.in; 3 default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3 base-uri 'self'; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com 'sha256-MX1ZFIBa5L93HBj8qZRBUa/eXPmsVLWRIi36CdDab3g=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' https://connect.facebook.net 'sha256-w9PUUFBTg7mA9KBjVbANsTN5WPOnJRei9DT8Qk2i/Jw=' https://www.flexmail.eu 'sha256-usdx8IxlpnzmYMAcVSSGsgPlT53z1pk04Zvh5xyOIQg=' https://bat.bing.com https://r.bing.com 'sha256-9EfSE/pxhsIRQAZ9nHpzZGKeEticJtki6BUxpyJY/VQ=' https://cdn.zapier.com 'sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk=' https://www.googleadservices.com https://www.google.com https://*.leadinfo.net 'sha256-FXWsZZqcOYsq1NVBThmi3kxKhOetuth7XXym/Ocr0y8=' https://*.refiner.io https://*.googletagmanager.com https://www.googleoptimize.com https://*.iubenda.com pagead2.googlesyndication.com www.googletagmanager.com https://uxwizz.combell.com https://eu.acsbapp.com 'sha256-VLHntiKvzCtmGdA8NQ279URJ1kx7r/qtSLs6ptjnTgY=' 'sha256-haSm1wLMkQLcIeHWY8P5LzrIczokmC3DKYFCl5cNz1g=' 'sha256-6XMixD8SYYh9u6pJSJrkzNCR3Ug4RG5i6DdRnuagT4A=' 'sha256-Fc+Hyj53YD8y3U7K7LY2Zqz2UPytCm0OQLHMxJROPz8=' https://assets.calendly.com 'sha256-9jtpGsNKjE0YTyvebG9dMAiOjUTf88YzA4J/5QzB+HM=' 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-soHj2nJiSISIchYvRpy+YNvaclRxDg8yfOdje4DV1V0=' 'sha256-BLA8fh9YQ/QaKI4r6ichHcqBEuA0P8M8GMKTBccWvQ4=' 'sha256-UCgT4o3W1j0Jb+5Dmp/EiW82gsiCzYrnessD2ygF+yg=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk='; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com *.bing.com https://cdn.zapier.com https://www.googletagmanager.com https://cdn.iubenda.com; object-src 'none'; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io data: www.slant.co; connect-src 'self' https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://cdn.flxml.eu https://*.sentry.io *.bing.com wss://*.bing.com https://zapier.com https://*.zapier.com https://stats.g.doubleclick.net adservice.google.com https://www.google.com https://cdn.linkedin.oribi.io https://*.leadinfo.net https://*.leadinfo.com https://*.refiner.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.iubenda.com pagead2.googlesyndication.com px.ads.linkedin.com www.google.com googleads.g.doubleclick.net https://uxwizz.combell.com https://eu-cdn.acsbapp.com https://eu.acsbapp.com; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com https://www.google.be https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://cdn.flxml.eu *.bing.com *.microsoft.com https://zapier.com https://zapier-images.imgix.net https://www.google.de https://www.google.nl adservice.google.com https://www.google.co.uk https://www.google.lu https://www.google.co.in https://www.google.es https://www.google.ch https://www.google.it https://www.google.ca https://*.google-analytics.com https://*.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net https://uxwizz.combell.com https://tracker.metricool.com; frame-src 'self' https://www.google.com/recaptcha/ https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.slideshare.net https://youtube.com https://www.youtube.com https://www.googletagmanager.com sdx.microsoft.com https://return.flexmail.eu https://*.refiner.io http://open.spotify.com/ https://*.iubenda.com/ googleads.g.doubleclick.net tpc.googlesyndication.com td.doubleclick.net https://calendly.com; report-uri https://flxml-www.endpoint.csper.io; report-to csper; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' sc-static.net *.licdn.com *.tiktok.com *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.linkedin.com *.facebook.com *.snapchat.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: frontend.zestydev.com *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.tiktok.com *.linkedin.com *.facebook.com *.snapchat.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: *.w.org *.facebook.com *.snapchat.com img.rawpixel.com blob: *.youtube.com www.itsligo.ie *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.tiktok.com *.linkedin.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io secure.gravatar.com www.gravatar.com stats.g.doubleclick.net data: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.google-analytics.com *.linkedin.com *.snapchat.com *.cookiebot.com analytics.tiktok.com yoast.com region1.google-analytics.com *.facebook.com ws: *.wpml.org *.dynamics.com *.azureedge.net s.w.org www.pubble.io *.pubble.io api.redirect.li *.civiccomputing.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.tiktok.com *.linkedin.com *.facebook.com *.snapchat.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' *.wikimedia.org *.civiccomputing.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.google.com *.gstatic.com *.google-analytics.com unpkg.com *.typekit.net *.mkt.dynamics.com *.cookiebot.com *.facebook.net *.tiktok.com *.linkedin.com *.facebook.com *.snapchat.com *.wpml.org *.cloudfront.net *.azureedge.net *.dynamics.com www.atu.ie *.pubble.io; frame-src 'self' *.mkt.dynamics.com *.cookiebot.com *.issuu.com blob: forms.office.com *.snapchat.com *.facebook.com login.microsoftonline.com youtu.be *.arcgis.com atlantictu.libcal.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; 3 default-src https: data: 'unsafe-eval' 'unsafe-inline' 3 script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com www.googletagmanager.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;media-src e2b4c6d8f0g1h3i5j7k9l2m4n6o8p0q1r3s5t.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net *.33across.com *.ad-generation.jp *.adform.com *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.axonix.com *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.bizzclick.com *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.net *.cubepile.com *.dailymotion.com *.districtm.io *.doubleclick.net *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.freewheel.tv *.gamoshi.io *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pubmatic.com *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.stroeer.com *.synacor.com *.taboola.com *.tebilisim.com *.teimg.com *.tevideo.org *.thebrave.io *.themediagrid.com *.tradingview.com *.tribalfusion.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.vercel.app *.vidyome.com *.vimeo.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yieldmo.com *.youtu.be *.youtube.com bs.yandex.ru cdn.ampproject.org google.com googlesyndication.com onesignal.com pagead2.googlesyndication.com s1.adform.net track.adform.net trgde.adocean.pl; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://unpkg.com https://*.amazonaws.com https://ad4m.at https://*.bing.com https://*.doubleclick.net https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.de wss://*.moin.ai https://*.moin.ai https://*.payone.com https://*.usercentrics.eu https://*.uxtweak.com https://*.storyblok.com https://gateway.zscloud.net; script-src-elem 'self' 'unsafe-inline' https://unpkg.com https://ad4m.at https://*.bing.com https://*.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://*.moin.ai https://sswt.payone.com https://*.usercentrics.eu 3 base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com cdn.commonspirit.org cdn.cookielaw.org cookie-cdn.cookiepro.com fonts.googleapis.com gateway.foresee.com geolocation.onetrust.com happy-hill-0c4c4691e.azurestaticapps.net p.typekit.net privacyportal.onetrust.com translate.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everestjs.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.youtube.com adobedc.demdex.net ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com assets.adobedtm.com bam.nr-data.net cdn.commonspirit.org cdn.cookielaw.org cdn1.commonspirit.org cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com cookie-cdn.cookiepro.com experience.adobe.com gateway.foresee.com geolocation.onetrust.com googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net js-agent.newrelic.com login.commonspirit.org maps.googleapis.com platform.twitter.com/js/ platform.twitter.com/widgets.js privacyportal.onetrust.com resources.unlockhealthnow.com/embed-script/embed.js services.cognitoforms.com static.cognitoforms.com tpc.googlesyndication.com/sodar/ twemoji.maxcdn.com unpkg.com use.typekit.net www.cognitoforms.com www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.dignityhealth.org *.everesttech.net *.foresee.com *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleadservices.com/pagead/ *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.youtube.com api.clearsensecloud.com assets.gyant.com bam.nr-data.net cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: developers.google.com dpm.demdex.net googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net i.ytimg.com login.commonspirit.org rtd-tm.everesttech.net s3.amazonaws.com static.cognitoforms.com syndication.twitter.com twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net adobedc.demdex.net ajax.microsoft.com analytics.foresee.com analytics.google.com api.ipify.org apiprod.commonspirit.org assets.adobedtm.com bam.nr-data.net brain.foresee.com cdn.commonspirit.org commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com dpm.demdex.net fid.agkn.com fonts.googleapis.com happy-hill-0c4c4691e.azurestaticapps.net identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com readaloud.googleapis.com rxnav.nlm.nih.gov survey.foreseeresults.com telemetry.commonspirit.org translate.googleapis.com www.cognitoforms.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org account.commonspirit.org cdn1.commonspirit.org commonspirit.demdex.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com happy-hill-0c4c4691e.azurestaticapps.net identity-func.commonspirit.org login.commonspirit.org; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms cdn1.commonspirit.org data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net www.commonspirit.org www.slant.co; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: image/svg+xml; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; media-src data: 3 frame-ancestors https://*.wfscorp.com 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 3 frame-ancestors 'self' https://*.k12online.vn https://officeview.coquan.net 3 frame-ancestors 'self' https://manual-sanity-studio.vercel.app 3 default-src * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 3 style-src 'self' 'unsafe-inline' *.eunetic.com *.eunetic.com *.consentmanager.net *.tinymce.com *.tiny.cloud *.googleapis.com *.gstatic.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://chat.copexa.net https://chat.webwide.de https://chat.eunetic.com https://googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com; script-src *.eunetic.com 'self' 'unsafe-inline' *.eunetic.com *.tinymce.com *.tiny.cloud *.googleapis.com *.hotjar.com https://onstats.de https://www.callexa.com https://cdn.ckeditor.com https://js.stripe.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://chat.copexa.net https://chat.webwide.de https://chat.eunetic.com *.google.com https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.consentmanager.net *.acsbapp.com; object-src 'self'; img-src 'self' *.eunetic.com *.consentmanager.net *.tinymce.com *.tiny.cloud *.googleapis.com cdn.ckeditor.com chat.copexa.net www.callexa.com onstats.de *.freepik.com pay.webwide.net https://googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://googleads.g.doubleclick.net https://www.google.com https://google.com data: blob:; connect-src 'self' *.eunetic.com *.tinymce.com *.tiny.cloud *.googleapis.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com https://onstats.de https://www.callexa.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de *.consentmanager.net *.acsbapp.com; worker-src 'self' blob:; font-src 'self' *.eunetic.com *.consentmanager.net *.tinymce.com *.tiny.cloud *.gstatic.com data: 3 default-src blob: https: data: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.smartsimple.biz https://www.google.com *.gstatic.com *.googleapis.com *.stripe.com *.paypal.com *.orcid.org https://orcid.org *.highcharts.com https://www.youtube.com *.walkme.com *.walkmeusercontent.com *.plaid.com; frame-ancestors 'self'; object-src 'none' 3 frame-src 'self' *.youtube.com static.addtoany.com td.doubleclick.net static.addtoany.com www.google.com sidebar.bugherd.com 18.134.245.132 *.issuu.com app.hubspot.com youtube.com *.hsforms.com issuu.com *.typeform.com *.googletagmanager.com; object-src 'none';base-uri 'self' 3 frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.paypal.com 'self' 'unsafe-inline'; style-src https://haywardpools.tfaforms.net/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com static.ecorebates.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; script-src https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-2.2.4.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js https://html5.dcatalog.com/dcviewer.js https://api.ipify.org/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://haywardpools.tfaforms.net/ https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://www.clarity.ms https://p.clarity.ms https://i.clarity.ms https://scripts.clarity.ms assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com *.paypal.com bam.nr-data.net js-agent.newrelic.com tfaforms.com adobedc.demdex.net https://www.clarity.ms/tag/g2gweglsfd *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.yotpo.com *.disqus.com static.ecorebates.com hayward.ecorebates.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www.paypal.com api.braintreegateway.com client-analytics.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://www.youtube.com 'self' *.adobe.com www.totallyhayward.com 'self' 'unsafe-inline'; img-src https://hayward-pool-assets.com https://haywardpools.tfaforms.net https://mavenoidfiles.com/ https://mavenoid.com/ https://www.facebook.com https://www.poolspaparts.net https://connect.facebook.net data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com t.paypal.com www.paypalobjects.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com www.gstatic.com magefan.com cm.magefan.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.ca/ads/ga-audiences *.yotpo.com *.disqus.com https://img.youtube.com dhv2ziothpgrr.cloudfront.net www.paypal.com fpdbs.paypal.com *.hayward-pool-assets.com data: 'self' 'unsafe-inline'; frame-src http://www.haywardnet.com https://html5.dcatalog.com https://haywardpools.tfaforms.net https://maps.google.com/ blob: https://haywardpools.tfaforms.net/72 fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * haywardpools.tfaforms.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com www.paypal.com 'self' 'unsafe-inline'; font-src https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/ www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com https://app.mavenoid.com/fonts/ https://widget-hosts.mavenoid.com/fonts/hayward-fonts/ *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com maxcdn.bootstrapcdn.com static.ecorebates.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; connect-src https://www.haywardnet.com/inground/products/energysolutions/getEnergyCalculatorResults.cfm https://hayward.ecorebates.com/ https://hayward-test-jsons.s3.amazonaws.com/data/locationData.json https://hayward-test-jsons.s3.amazonaws.com/data/featuresData.json https://hayward-test-jsons.s3.amazonaws.com/data/materialData.json https://hayward-test-jsons.s3.amazonaws.com/data/propertyTypeData.json https://hayward-test-jsons.s3.amazonaws.com/data/shapeSizeData.json https://hayward-test-jsons.s3.amazonaws.com/data/galleryData.json https://www.youtube.com https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://us-east-1-otel.formassembly.com/v1/traces https://stats.g.doubleclick.net/g/collect https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://commerce.hayward-pool-assets.com/magento/ https://haywardpools.tfaforms.net/72 https://i.clarity.ms https://e.clarity.ms https://connect.facebook.net https://www.facebook.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.paypalobjects.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com api.addressy.com *.cardinalcommerce.com bam.nr-data.net js-agent.newrelic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www.paypal.com api.braintreegateway.com client-analytics.braintreegateway.com 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; 3 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://popupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.com 3 frame-ancestors 'self' *.altafiber.com *.hawaiiantel.com 3 frame-ancestors 'self' *; default-src 'self' data: wss: int.freekassa.net fk.money mc.yandex.ru mc.yandex.com fpnpmcdn.net cdnwbstts.com *.hcaptcha.com *.fptls.com *.cdnwbstts.com *.fpjs.io *.fpapi.io *.youtube.com finana.io fokusdoom.ru pay.finana.io *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com freekassa.ru freekassa.com *.freekassa.ru *.freekassa.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' blob: mc.yandex.ru mc.yandex.com mzm.fk.money fmw.freekassa.net fmw.fmt.me fpnpmcdn.net fokusdoom.ru hcaptcha.com *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com *.freekassa.ru *.freekassa.com *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *googletagmanager.com *.jivosite.com *.google.com.ua *.freekassa.ru *.freekassa.net *.freekassa.com; font-src 'self' data: *.gstatic.com 'unsafe-inline'; style-src-elem 'self' data: *.jivosite.com *.freekassa.net *.kassa.ai *.googleapis.com *.freekassa.ru *.freekassa.com 'unsafe-inline'; base-uri 'none'; form-action 'self' *; style-src 'self' *.googleapis.com *.freekassa.ru *.freekassa.com *.googletagmanager.com *.jivosite.com 'unsafe-inline' ; style-src-attr 'self' *.googleapis.com *.freekassa.ru *.freekassa.com freekassa.ru freekassa.com 'unsafe-inline'; connect-src 'self' data: wss: wss://cdnwbstts.com fmw.fmt.me mzm.fk.money newassets.hcaptcha.com checkout.paythrone.com mc.yandex.ru cdnwbstts.com openfpcdn.io api.fpjs.io tls-use1.fpapi.io *.fptls.com *.freekassa.net *.freekassa.ru *.jivosite.com *.google.com *.google-analytics.com 3 default-src 'self'; script-src 'self' https://js.stripe.com 'unsafe-inline'; frame-src 'self' https://js.stripe.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3 default-src 'self' https:;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://player.vimeo.com/api/player.js https://policy.app.cookieinformation.com https://www.youtube.com https://mktdplp102cdn.azureedge.net https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://assets-eur.mkt.dynamics.com https://public-eur.mkt.dynamics.com https://cxppeur1rdrect01sa02cdn.blob.core.windows.net *.svc.dynamics.com/f *.svc.dynamics.com/t *.svc.dynamics.com/t/w https://dhigroup.matomo.cloud https://cdn.matomo.cloud/dhigroup.matomo.cloud/container_HH5X4G0y.js https://cdn.matomo.cloud/dhigroup.matomo.cloud/matomo.js;style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com https:;font-src 'self' *.gstatic.com data: https:;img-src 'self' *.googletagmanager.com data: https:;object-src 'self' 'unsafe-inline' *;frame-ancestors 'none';base-uri 'self';form-action 'none'; 3 frame-ancestors 'self'; img-src https://* data: blob: 3 default-src 'self' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://www.googletagmanager.com https://www.youtube.com https://*.youtube.com http://youtu.be https://www.google.com https://fonts.gstatic.com https://twitter.com https://*.twitter.com https://platform-lookaside.fbsbx.com https://streamable.com https://player.vimeo.com https://player.twitch.tv https://gfycat.com https://discordapp.com https://discord.com https://cdn.iframe.ly https://www.google-analytics.com https://stats.g.doubleclick.net https://if-cdn.com https://*.hotjar.com https://vc.hotjar.io/ wss://*.hotjar.com https://gleam.io https://not-ga.dlcompare.services; style-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.jsdelivr.net https://connect.facebook.net https://platform.twitter.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.gleam.io https://*.gleamjs.io/ https://*.google.com https://not-ga.dlcompare.services; img-src 'self' data: https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.akamai.steamstatic.com https://steamcdn-a.akamaihd.net https://cdn.staticaly.com https://graph.facebook.com https://*.twitter.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://i.imgur.com https://if-cdn.com https://www.google-analytics.com https://platform-lookaside.fbsbx.com https://www.google.com https://*.fbcdn.net https://*.hotjar.com https://*.gleam.io https://flagcdn.com https://cdn.discordapp.com https://discord.com https://www.googletagmanager.com 3 default-src 'self' *.mouseflow.com newsletter.abacus.ch fonts.googleapis.com; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net www.abacus.ch fonts.googleapis.com ; img-src 'self' www.googletagmanager.com www.linkedin.com *.googleapis.com www.googletagmanager.com/a px4.ads.linkedin.com www.google-analytics.com www.google.com www.google.ch maps.gstatic.com maps.google.com googleads.g.doubleclick.net px.ads.linkedin.com data:; connect-src 'self' cpl.iubenda.com idb.iubenda.com eu01.rec.mouseflow.com www.google.com googleads.g.doubleclick.net px.ads.linkedin.com o2.mouseflow.com region1.analytics.google.com region1.google-analytics.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com cdn.linkedin.oribi.io; font-src 'self' use.typekit.net fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.iubenda.com embeds.iubenda.com cdnjs.cloudflare.com www.abacus.ch api.mailxpert.ch snap.licdn.com cdn.mouseflow.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com newsletter.abacus.ch maps.googleapis.com maps.google.com googleads.g.doubleclick.net stats.g.doubleclick.net ajax.googleapis.com blob:; frame-src 'self' www.google.com www.googletagmanager.com newsletter.abacus.ch td.doubleclick.net app.livestorm.co; 3 default-src 'self'; script-src https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ 'self'; connect-src 'self'; img-src http://localhost:* 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src https://www.google.com/recaptcha/ com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view://* nsgcepa://* application://* receiver://* 'self'; child-src 'self' com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view://* nsgcepa://nsgcepa application://*; form-action 'self'; object-src 'none'; base-uri 'self'; report-uri /nscsp_violation/report_uri 3 frame-ancestors 'self' dampsoft.de *.dampsoft.de wordpress.p683160.webspaceconfig.de 3 frame-ancestors 'self'; form-action 'self' 3 object-src 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 3 default-src 'self' https://videos.ctfassets.net/; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-src 'self' https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob:; frame-ancestors 'self' *.7across.travel *.7acrosstravel *.accorplusdiscovery.com *.addthis.com *.airportparking.net.au *.avctravel.com.au *.azurewebsites.net *.bzzworld.com *.bzzworldtravel.com *.clubmedaustralia.com.au *.crownclubmarketplace.com *.cruise.ovscruise.com *.cruise.wotif.com *.cruisemegastore.com.au *.cruisepilot.com.au *.dae-travel.com *.discover365.co.nz *.discover365.co.uk *.discover365.com.au *.doubleclick.net *.driveaway.com.au *.facebook.com *.favc.com *.hightide.com.au *.IAMLVC.com *.ice-cdn.com *.icecruises.com.au *.iceenterprise.com *.icevacations.com.au *.kampyle.com *.kivac.com.mx *.latitude21resorts.com *.latitudeguestservices.com *.latitudevacationclub.com *.lifestylebywyndhamlite.com *.liveaquaresidenceclub.com *.livechatinc.com *.looking4.com *.mustdotravels.com *.my241cruise.com.au *.my241rewards.com.au *.myfuturecruisecredit.com *.optimizely.com *.ourvacationcentre.com *.ourvacationcentre.com.au *.ourvacationcentre.net *.ovctour.com *.ovscruise.com *.ovsresort.com *.qvitravelsavings.com *.rci.my241cruise.com.au *.rci.travel *.re-set.mx *.re-set.travel *.saveonresorts.com *.tawk.to *.theclub365.com.au *.tourmegastore.com.au *.travelii.mx *.travelmegastore.com.au *.travelperksplus.com *.travelsavingspassport.com *.tripauthority.com *.tripsavr.com *.tripsavr2.com *.ultiqa.com.au *.ultiqaexplore.com.au *.ultiquaexplore.com.au *.windows.net *.world2go.mx *.wotif.com *.synchronycredit.com *.synchrony.com *.youtube.com 7across.travel accorplusdiscovery.com agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net assets.cruisemail.com.au avctravel.com.au bid.g.doubleclick.net cruise.flybuystravel.com.au cruise.ovscruise.com cruise.wotif.com cruisemegastore.com.au cruisepilot.com.au dae-travel.com discover365.co.nz discover365.co.uk discover365.com.au elcidsales.latitudeguestservices.com hightide.com.au icecruises.com.au iceenterprise.com icevacations.com.au latitudevacationclub.com lifestylebywyndhamlite.com mustdotravels.com my241cruise.com.au my241rewards.com.au myfuturecruisecredit.com ourvacationcentre.com ourvacationcentre.com.au ourvacationcentre.net ovctour.com ovscruise.com rci.my241cruise.com.au rci.travel tawk.to theclub365.com.au tour.icruiserewards.com tour.thevidalifestyle.com tourmegastore.com.au tours.icruise.com tours.tourmegastore.com.au travelmegastore.com.au travelperksplus.com ukproducthub.azureedge.net ukproducthub.blob.core.windows.net ultiqa.com.au ultiqaexplore.com.au ultiquaexplore.com.au windows.net wotif.com localhost:8080 qa-id.synchronycredit.com uat-id.synchronycredit.com id.synchrony.com; block-all-mixed-content; upgrade-insecure-requests; 3 frame-ancestors 'self' ballerup.dk www.hedenstederhverv.dk www.vejenerhverv.dk; 3 default-src 'self'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' * ; style-src 'self' https://* 'unsafe-inline' ; img-src 'self' data: https://*; font-src 'self' data: https://*; connect-src 'self' https://*; frame-src 'self' https://*; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yukiworks.com https://apis.google.com https://*.googleapis.com https://ssl.google-analytics.com https://cdn4.mxpnl.com http://fast.appcues.com https://*.freshworks.com https://js.mollie.com/v1/mollie.js https://*.freshchat.com https://cdn.jsdelivr.net/npm/redoc/bundles/redoc.standalone.js https://cdn.wootric.com/wootric-sdk.js https://*.wootric.eu https://*.chathive.app https://cdn-visma-app-switcher-faatcndaebg3hqhu.z01.azurefd.net/webcomponents/index.js https://*.securelogin.nu https://uptime.betterstack.com/widgets/announcement.js; frame-ancestors 'self' https://*.yukiworks.nl https://*.yukiworks.be https://*.yukiworks.es https://*.yukiworks.com; img-src 'self' https: data: http:; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' applepay.cdn-apple.com apple.com www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net cdn.quantummetric.com cdn.userway.org pay.google.com na5.cdn.thunderhead.com na5.thunderhead.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' applepay.cdn-apple.com apple.com www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net cdn.quantummetric.com cdn.userway.org pay.google.com na5.cdn.thunderhead.com na5.thunderhead.com; connect-src 'self' applepay.cdn-apple.com apple.com na5.cdn.thunderhead.com na5.thunderhead.com *.dynatrace.com *.optimizely.com www.enterice.com www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net *.userway.org google.com *.google.com; img-src 'self' data: na5.thunderhead.com na5.cdn.thunderhead.com *.umbraco.com maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com www.google.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net *.trustarc.com consent.truste.com stats.g.doubleclick.net dashboard.umbraco.org fonts.gstatic.com cdn.userway.org www.gstatic.com; style-src 'self' 'unsafe-inline' na5.thunderhead.com na5.cdn.thunderhead.com fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com www.googletagmanager.com cdn.userway.org; font-src 'self' applepay.cdn-apple.com apple.com na5.thunderhead.com na5.cdn.thunderhead.com fonts.gstatic.com *.trustarc.com cdn.userway.org; frame-src 'self' applepay.cdn-apple.com apple.com na5.thunderhead.com na5.cdn.thunderhead.com *.umbraco.com *.optimizely.com www.google.com *.surveymonkey.com *.asapp.com *.trustarc.com *.inmoment.com cdn.userway.org pay.google.com; worker-src blob:; report-uri /api/cspreport; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://zisson.com https://www.zisson.com data: https://www.google.com https://www.google.fi https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn-cookieyes.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://dc.services.visualstudio.com https://log.cookieyes.com https://cdn-cookieyes.com https://www.google.com; frame-src 'self' https://form.socialboards.com https://faq.socialboards.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; worker-src 'self' blob:; 3 default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.oni.nl; img-src 'self' data: https://*.oni.nl; connect-src 'self' https://*.oni.nl 3 default-src 'self' *.checkngo.com *.xact.com *.alliedcash.com *.pocket360.com *.mouseflow.com *.cashstore.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.tfaforms.net *.krxd.net *.quantcount.com *.googletagmanager.com *.quantserve.com *.fontawesome.com *.bootstrapcdn.com *.googleanalytics.com https://maps.google.com https://optimize.google.com https://tagmanager.google.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.msecnd.net *.hotjar.com https://tag.brandcdn.com https://adservices.brandcdn.com https://widget.trustpilot.com *.siteimproveanalytics.com *.mouseflow.com *.pinimg.com https://siteimproveanalytics.com *.pinterest.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com *.getambassador.com v1.ambassadorsnippet.com cdn.popt.in cdn.segment.com *.fullstory.com *.sentry-cdn.com *.intercom.io pixel.cdnwidget.com https://cdn.popt.in/pixel.js *.satismeter.com cdn.jsdelivr.net *.intercomcdn.com *.mbsy.co *.pusher.com api.getambassador.localhost:8000 https://webto.salesforce.com/* https://cdnjs.cloudflare.com/* unpkg.com https://www.google-analytics.com https://analytics.google.com cdnjs.cloudflare.com/ajax/libs/* *.checkngo.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.tfaforms.net *.fontawesome.com *.bootstrapcdn.com https://optimize.google.com https://tagmanager.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.myfonts.net *.mouseflow.com *.siteimproveanalytics.com *.cloudflare.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.tfaforms.net pre-usermatch.targeting.unrulymedia.com e1.emxdgt.com beacon.krxd.net x.bidswitch.net pixel.advertising.com *.quantserve.com www.google.com dynl.mktgcdn.com maps.google.com optimize.google.com *.azureedge.net *.googletagmanager.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com adservices.brandcdn.com insight.adsrvr.org match.adsrvr.org *.doubleclick.net sync.search.spotxchange.com https://*.ggpht.com *.mouseflow.com *.google-analytics.com *.adswizz.com *.pinterest.com *.tapad.com *.tremorhub.com *.googleusercontent.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.bootstrapcdn.com *.mouseflow.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.trustpilot.com *.google.com *.mouseflow.com *.tfaforms.net https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://*.googleapis.com/ *.googleapis.com *.doubleclick.net https://analytics.google.com *.pinterest.com *.contextine.com *.googletagmanager.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://ipinfo.io/ip https://icanhazip.com https://api.ipify.org *.mouseflow.com *.tfaforms.net https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com *.getambassador.com v1.ambassadorsnippet.com cdn.popt.in cdn.segment.com *.fullstory.com *.sentry-cdn.com *.intercom.io pixel.cdnwidget.com https://cdn.popt.in/pixel.js *.satismeter.com cdn.jsdelivr.net *.intercomcdn.com *.mbsy.co *.pusher.com api.getambassador.localhost:8000 https://webto.salesforce.com/* https://cdnjs.cloudflare.com/* unpkg.com https://www.google-analytics.com https://tagmanager.google.com cdnjs.cloudflare.com/ajax/libs/*; media-src 'self' data: blob: *.azureedge.net; child-src 'self' *.checkngo.com *.alliedcash.com cdn.krxd.net *.hotjar.com www.googletagmanager.com *.doubleclick.net adservices.brandcdn.com insight.adsrvr.org *.mouseflow.com *.trustpilot.com *.pinterest.com *.google.com https://snippet.alliedcash.com https://snippet.checkngo.com https://snippet.cashstore.com https://snippet.xact.com; object-src 'self' 3 frame-ancestors: self 3 frame-ancestors 'self' chromacam.me personifyinc.com 3 default-src https: blob: data: 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' ; img-src https: data: ; media-src https: blob: ; upgrade-insecure-requests; block-all-mixed-content; connect-src https: wss://*.hotjar.com; 3 default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-eval' https://analytics.ajla.net 'unsafe-inline' *.livechatinc.com *.tawk.to https://bam.nr-data.net https://translate-pa.googleapis.com/*; style-src 'self' blob: https: 'unsafe-inline'; report-uri https://sentry.io/api/1424323/security/?sentry_key=41c76badf8dd42cf9c908ee883619619 3 frame-ancestors 'self' *.doppelherz.de *.dppim.gfeserver.de *.doppelherz.ae *.doppelherz.at *.doppelherz.bg *.doppelherz.com *.doppelherz.co.ao *.doppelherz.co.id *.doppelherz.co.kr *.doppelherz-algeria.com *.doppelherz.com.kw *.doppelherz-iraq.com *.doppelherz.dj *.doppelherz.dk *.doppelherz.eg *.doppelherz.es *.doppelherz.fr *.doppelherz.hk *.doppelherz.hr *.doppelherz.hu *.doppelherz.it *.doppelherz.me *.doppelherz.mk *.doppelherz.ng *.doppelherz.pl *.doppelherz.pt *.doppelherz.ro *.doppelherz.rs *.doppelherz.sg *.doppelherz.tn *.doppelherz.ru *.doppelherz.com.tr *.doppelherz.com.gh *.doppelherz.cm *.doppelherz.ge *.doppelherz.qa *.doppelherz.cz *.doppelherz.si *.doppelherz-southkorea.com *.doppelherz.ua *.doppelherz.ch *.doppelherz.tw *.doppelherz.tz *.queisser.de *.queisser.com *.queisser.pl *.queisser.ro *.queisser.bg *.queisser.ua *.doppelherz.ma *.doppelherz.nl *.doppelherz.ba *.doppelherz.uz *.litozin.at *.litozin.de 3 frame-ancestors 'self' esswrp.ethicalsuperstore.com esswrp.pointov.com 3 frame-ancestors 'self' http://porrtogo.staffbase.com https://porrtogo.staffbase.com http://staffbase.com capacitor://porrtogo.staffbase.com capacitor://staffbase.com localhost:* 3 default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag 'sha256-jrgkEqFIwhymCeRxfh3RHm2ssvwC2lNerrrYfQZiAMA=' # Script for WizGov 'sha256-E6VSHz7prXjxYy3IswjAT2XLomQQ+UmhLBThJZm+dGs=' # Script for WizGov https://script-staging.wiz.gov.sg/customs-script.js https://script.wiz.gov.sg/customs-script.js blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud/ https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ https://*.onemap.gov.sg/ https://maps.hack2025.gov.sg https://maps.gov.sg ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://api-chat-fe-flag.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://attachments.apac2.webexengage.com https://cdn-widget.apac2.webexengage.com https://rtm.sg.webexconnect.io https://widget.apac2.webexengage.com ; 3 default-src 'self'; base-uri 'self'; font-src 'self' https://*.abnamro.nl/; frame-src 'self' https://*.abnamro.com/ https://aanmeld-pagina.nl https://abnamrobeleggen.marketxs.com https://www.abnamro.com https://www.abnamrolease.com/nld/nl/lease-berekenen https://abnamrolease.com/lease.eccapp-d-rg.azure.nl.eu.abnamro.com/nld/nl/lease-berekenen https://www.abnamromarkets.nl https://www.abnamro.nl https://abnamro.slgnt.eu https://www.advieskeuze.nl https://alfam.acc.beyondwl.yellowtail.it https://anchor.fm https://aov2.abnamro.nl https://embeds.audioboom.com https://autoverzekering.abnamro.nl https://*.awin1.com https://abnamro-basishypotheek.at.aahhg.nl https://abnamro-basishypotheek.nl https://batretail.abnamro.marketxs.com https://wlb.benergy.nl https://www.bethmannbank.de https://beursinfo.abnamro.nl https://sandbox-extra.aab-bitlibre.nl https://accept-extra.aab-bitlibre.nl https://widgets.bnr.nl https://widget.civey.com https://sdk.companywebcast.com https://deltaloyd2.info.nl/aav https://demo.abnamro.nl https://doorpakken.abnamro.nl https://doorpakken.guideplatform.net https://*.doubleclick.net https://emailservice.abnamro.nl https://energyshopabnamrov2-test-endpoint-bvcsf3hngdaabqh4.z01.azurefd.net https://www-et1.abnamro.nl https://events.abnamro.nl https://abn-expats.azurewebsite.net https://abn-expat-acc-server1.development.yellowtail.nl https://expat.acc.abnamro.yellowtail.it https://expat.dev.abnamro.yellowtail.it https://expat.prd.abnamro.yellowtail.it https://export.abnamromarkets.nl https://extra.abnamro.nl https://financieelinzicht.abnamro.nl https://abn-test.finfiles.nl https://fondsen.abnamro.nl https://fondsenprivate.abnamro.nl https://www.google.com https://www.googleadservices.com https://*.googletagmanager.com https://www.gripoprisicos.nl https://www.gripoprisicos.nl/nrs https://hypotheken.abnamro.nl https://hypotheken-et.abnamro.nl https://www.iac-abnamronl.mdgms.com https://www.iac.abnamronl.show.mdgms.com https://www.investtech.com https://identity.invitedesk.com https://klantenvertellen.nl https://leasecalculator.abnamro.nl https://lifestylecalculator.com https://staging.lifestylecalculator.com https://localfocuswidgets.net https://localfocus2.appspot.com https://mee.mail.abnamro.com https://media.abnamro.com https://customer.morningstareurope.com https://lt.morningstar.com https://nieuwvan.abnamro.nl https://www.neuflizeobc.fr https://new10.com https://nieuwsbrieven.abnamro.nl https://nieuwsbrieven.abnamroprivatebanking.be ockto: https://onlineinvestor.abnamro.marketxs.com https://omny.fm/ https://www.pcngmadvisory.abnamroprivatebanking.com https://pensioencheck.azurewebsite.net https://abn-pensioencheck-acc.server1.development.yellowtail.nl https://pensioencheck.acc.abnamro.yellowtail.it https://abn-pensioencheck-dev-server1.development.yellowtail.nl https://pensioencheck.prd.abnamro.yellowtail.it https://app.powerbi.com https://www.abnamroprivatebanking.be https://quadia.webtvframework.com https://abnamrobank.qualtrics.com https://relaunch.abnamromarkets.nl https://risicoscan.abnamro.nl https://service.abnamro.nl https://service-et.abnamro.nl https://services.abnamro.nl https://services-et.abnamro.nl https://abn-amro.simplecast.com https://player.simplecast.com https://slimwonen.abnamro.nl https://w.soundcloud.com https://speciaal.abnamro.nl https://*.spotify.com https://app.springcast.fm https://tarievenvergelijker.abnamro.marketxs.com https://technische-analyse.abnamro.nl https://treasury.abnamro.nl https://treasurykoersen.abnamro.nl https://www.abnamro-treasury.marketxs.com https://turbo.abnamro.nl https://portal.uilabs.de https://player.vimeo.com https://platform.vixyvideo.com https://rekentools.webbridge.nl https://www.youtube.com https://www.youtu.be https://zoeken.abnamro.nl app.optimizely.com https://a5171550442225664.cdn.optimizely.com https://a5171550442225664.cdn-pci.optimizely.com; frame-ancestors 'self' https://*.abnamro.nl/ app.optimizely.com; img-src 'self' data: https: https://*.doubleclick.net https://*.tealiumiq.com https://*.google-analytics.com https://*.analytics.google.com *.omtrdc.net https://*.awin1.com https://*.facebook.com https://*.linkedin.com https://app.optimizely.com https://cdn.optimizely.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.abnamro.nl/ *.tiqcdn.com https://*.tealiumiq.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.linkedin.com https://*.qualtrics.com https://*.facebook.net https://*.dwin1.com https://*.licdn.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.cookielaw.org/ https://*.cookie-cdn.cookiepro.com https://privacyportal-eu.onetrust.com; style-src 'self' 'unsafe-inline' https://*.abnamro.nl/; connect-src 'self' https://westeurope-5.in.applicationinsights.azure.com *.omtrdc.net https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.qualtrics.com *.tiqcdn.com https://*.tealiumiq.com https://dpm.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com https://abnamro.pandosearch.com https://js.monitor.azure.com/ https://logx.optimizely.com https://*.optimizely.com https://*.cookielaw.org/ https://*.cookie-cdn.cookiepro.com https://privacyportal-eu.onetrust.com; media-src 'self' https://*.abnamro.com/ https://*.sitecorecontenthub.cloud 3 upgrade-insecure-requests ; default-src 'none'; script-src 'self' *.sas.com; connect-src 'self'; img-src 'self' *.sas.com; style-src 'self' *.sas.com; form-action 'self' *.sas.com; frame-action 'self' *.sas.com; font-src *.sas.com ; frame-ancestors 'self' *.sas.com; 3 script-src 'self' 'unsafe-inline'; style-src 'self' https://www.gstatic.com 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://www.gstatic.com https://ep2.adtrafficquality.google; img-src 'self' data: https://ep1.adtrafficquality.google https://www.googletagmanager.com 'unsafe-inline'; upgrade-insecure-requests; object-src 'none'; 3 default-src https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 3 object-src 'none'; script-src * 'unsafe-eval' 'unsafe-inline' blob: data:; base-uri 'self' 3 default-src 'self' https://*.nanelo.com https://nanelo.com; style-src 'unsafe-inline' 'self' https://*.nanelo.com https://nanelo.com; img-src 'self' data: https:; object-src 'none'; script-src 'sha256-H/qD7Jl4/ZhYpH00aG9fel4uuqcGhnJ6mSFRqB7jn1I=' 'self' 3 default-src 'self'; media-src *.purechatcdn.com;font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.googleapis.com; connect-src 'self' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.googleapis.com stats.g.doubleclick.net bat.bing.com *.clarity.ms *.ispringsolutions.com; style-src * 'unsafe-inline'; frame-src 'self' www.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.jobscore.com *.umbraco.com; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go.radancy.com/analytics https://pi.pardot.com/analytics https://pi.pardot.com/pd.js https://pagead2.googlesyndication.com https://www.youtube.com https://www.googleadservices.com https://s45065.pcdn.co https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://*.talentbrew.com/ https://www.google.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://s45065.pcdn.co https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://apply.talentbrew.io https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://ad.doubleclick.net https://www.google.com https://*.bugherd.com https://*.analytics.google.com https://analytics.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://stats.g.doubleclick.net https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://www.facebook.com; font-src 'self' data: https://s45065.pcdn.co; frame-src 'self' blob: https://www.google.com https://*.vimeo.com https://s45065.pcdn.co https://www.radancy.com https://www.googletagmanager.com https://go.pardot.com https://www.youtube.com https://td.doubleclick.net https://s45361.p1717.sites.pressdns.com https://app.survale.com https://3969344.fls.doubleclick.net https://go.radancy.com; img-src 'self' data: https://www.linkedin.com https://www.google.at https://ade.googlesyndication.com https://www.googletagmanager.com https://i.ytimg.com https://ad.doubleclick.net https://s45065.pcdn.co https://www.google-analytics.com https://analytics.twitter.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://*.talentbrew.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self' https://s45065.pcdn.co https://*.talentbrew.com; worker-src 'self' blob: ; 3 frame-ancestors https://funbridge.com https://*.funbridge.com http://localhost:* http://127.0.0.1:*; 3 form-action 'self', frame-ancestors 'self' 3 style-src * 'unsafe-inline'; font-src * data:; img-src * data:; worker-src 'self' blob:; frame-src https://www.youtube-nocookie.com https://www.youtube.com; frame-ancestors https://create.netlify.com; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.addthis.com https://www.googletagmanager.com https://cdn.polyfill.io https://cdnjs.cloudflare.com https://*.keyreply.com https://z.moatads.com https://v1.addthisedge.com https://www.google-analytics.com https://partner.googleadservices.com *.google.com https://*.youtube.com https://*.gov.sg https://*.vimeo.com https://*.imh.com.sg https://pochatcentralus.crm.powerobjects.net; object-src 'self'; base-uri 'none'; 3 default-src * https: data: blob: wss: 'unsafe-inline' 3 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.googletagmanager.com www.google.com www.gstatic.com use.fontawesome.com google-analytics.com connect.facebook.net static.ads-twitter.com polyfill.io;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com;img-src 'self' https://cdn.eigpropertyauctions.co.uk https://www.eigpropertyauctions.co.uk maps.gstatic.com google-analytics.com *.google-analytics.com www.facebook.com analytics.twitter.com maps.googleapis.com t.co data: www.googletagmanager.com;media-src 'self' blob: https://cdn.eigpropertyauctions.co.uk;frame-src 'self' www.youtube.com www.google.com www.facebook.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;connect-src 'self' https://cdn.eigpropertyauctions.co.uk www.google.com google.com maps.googleapis.com ipapi.co *.google-analytics.com www.facebook.com https://livestream.eigpropertyauctions.co.uk https://bidding.eigpropertyauctions.co.uk wss://livestream-service.eigpropertyauctions.co.uk livestream-service.eigpropertyauctions.co.uk wss://eig-liveauctions-uks-prod.service.signalr.net eig-liveauctions-uks-prod.service.signalr.net wss://eig-ams-livestream-prod.service.signalr.net eig-ams-livestream-prod.service.signalr.net;base-uri 'self';child-src 'self';form-action 'self' www.facebook.com;frame-ancestors 'self' *;report-uri https://eigroup.report-uri.com/r/d/csp/enforce 3 font-src *.gstatic.com *.googleapis.com *.fontawesome.com fonts.googleapis.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ *.addthis.com *.facebook.com *.twitter.com *.multisafepay.com https://pay.google.com https://plumrocket.com td.doubleclick.net www.kiyoh.com googleads.g.doubleclick.net *.google.nl https://sst.pharmacy4pets.de https://sst.pharmacy4pets.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.addthisedge.com *.twitter.com *.sooqr.com *.spotlersearch.com *.multisafepay.com www.google.nl *.bing.net *.analytics.google.com *.pharmacy4petsdev.hypernode.io *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl pharmacy4pets.de pharmacy4pets.fr pharmacy4pets.es pharmacy4pets.com pharmacy4pets.nl *.kommunicate.io s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com *.multisafepay.com https://pay.google.com *.hotjar.com bat.bing.com widget.freshworks.com *.freshdesk.com www.smartsuppchat.com widget-v3.smartsuppcdn.com www.clarity.ms sst.pharmacy4pets.fr *.pharmacy4petsdev.hypernode.io *.omappapi.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com google.com *.kommunicate.io 'report-sample' 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.adobedtm.com amcglobal.sc.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com *.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.commerce-payment-services.com *.cloudflare.com pay.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com apis.google.com *.googleadservices.com https://www.gstatic.com/recaptcha https://www.google.com/recaptcha *.google.com *.google.com/ https://maps.googleapis.com/maps/api/js *.instagram.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.magento-ds.com *.paypalobjects.com c.paypal.com *.paypal.com sandbox.paypal.com *.sandbox.paypal.com https://js.stripe.com/v3/ *.stripe.com *.link.com *.typekit.net use.typekit.net *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.sooqr.com *.spotlersearch.com *.multisafepay.com widget-v3.smartsuppcdn.com widget.freshworks.com *.freshdesk.com static-tracking.klaviyo.com *.omappapi.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl www.googletagmanager.com *.kommunicate.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.kommunicate.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.sooqr.com *.spotlersearch.com *.multisafepay.com www.google.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io google-analytics.com *.google-analytics.com googleads.g.doubleclick.net bootstrap.smartsuppchat.com widget.freshworks.com *.freshdesk.com *.smartsuppcdn.com wss://websocket-visitors.smartsupp.com *.googlesyndication.com *.pharmacy4pets.fr *.pharmacy4pets.de *.pharmacy4pets.es *.pharmacy4pets.com *.pharmacy4pets.nl *.clarity.ms *.omappapi.com spotlersearchanalytics.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com google.com pay.google.com *.kommunicate.io *.bing.net wss://*.kommunicate.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 3 default-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3 frame-ancestors 'self' *.bluecatnetworks.com bluecat.pathfactory.com bluecat.lookbookhq.com; 3 font-src fonts.gstatic.com use.typekit.net *.googleapis.com data: https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com static.wesco.fr preprod-static.wesco.fr wesco-static.docker.localhost maxcdn.bootstrapcdn.com ws.colissimo.fr *.iadvize.com *.cloudflare.com cdn.flbx.io *.getflowbox.com *.doubleclick.net www.guaranteed-reviews.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action static.wesco.fr preprod-static.wesco.fr wesco-static.docker.localhost secure.ogone.com appliweb-pp.iglr http://appliweb.iglr *.corcentricplatform.com cegidxrp.croix-rouge.fr cegidxrp-eproc.croix-rouge.fr cegidxrp-recetteeproc.croix-rouge.fr nl.wesco-eshop.be vip.wesco.fr fr.wesco-eshop.be www.wesco-eshop.co.uk www.wesco-eshop.ie www.wesco-eshop.pt www.wesco-eshop.de www.wesco-eshop.at www.wesco-eshop.nl www.wesco-eshop.lu www.wesco.fr fr.wesco-eshop.ch de.wesco-eshop.ch punchout.wesco.fr www.wesco-eshop.it marche.wesco.fr preprod-nl.wesco-eshop.be preprod-vip.wesco.fr preprod-fr.wesco-eshop.be preprod.wesco-eshop.co.uk preprod.wesco-eshop.ie preprod.wesco-eshop.pt preprod.wesco-eshop.de preprod.wesco-eshop.at preprod.wesco-eshop.nl preprod.wesco-eshop.lu preprod.wesco.fr preprod-fr.wesco-eshop.ch preprod-de.wesco-eshop.ch preprod-punchout.wesco.fr preprod.wesco-eshop.it preprod-marche.wesco.fr *.facebook.com *.mouseflow.com babilou.ivalua.app env11-pre.ivalua.app/ aphp-uat.proactiscloud.com aphp.proactiscloud.com *.getflowbox.com *.homestyler.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube.com/ *.youtube-nocookie.com www.google.com https://www.youtube.com https://form.typeform.com static.wesco.fr preprod-static.wesco.fr wesco-static.docker.localhost *.iadvize.com *.facebook.com *.criteo.com *.pinterest.com *.pinterest.fr asset.easydmp.net momento360.com/ *.mouseflow.com *.doubleclick.net *.tradedoubler.com *.worldline-solutions.com *.getflowbox.com *.googletagmanager.com www.societe-des-avis-garantis.fr www.guaranteed-reviews.com www.societa-recensioni-garantite.it gjigle.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.gstatic.com *.googleapis.com cdn.flbx.io *.cloudfront.net https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr https://*.onyourmap.com https://google.fr *.hsforms.net *.hsforms.com static.wesco.fr preprod-static.wesco.fr wesco-static.docker.localhost ws.colissimo.fr *.onyourmap.com api.mapbox.com *.googletagmanager.com *.google.com.ua *.google.com *.google.fr *.iadvize.com *.facebook.com bat.bing.com *.pinterest.com *.mydialoginsight.com *.getflowbox.com www.img-static.com r.phywi.org *.tiktok.com *.doubleclick.net *.criteo.com *.shipup.co bat.bing.net www.societe-des-avis-garantis.fr *.notifpush.com *.pushaddict.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.googleapis.com www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.getflowbox.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.hsforms.net *.hsforms.com static.wesco.fr preprod-static.wesco.fr wesco-static.docker.localhost ws.colissimo.fr api.mapbox.com *.google.com *.googletagmanager.com *.iadvize.com *.facebook.net *.facebook.com bat.bing.com s.pinimg.com cdn.powerspace.com *.criteo.net *.criteo.com *.easydmp.net atout.email-match.com *.doubleclick.net *.taboola.com *.pwspace.com *.mouseflow.com *.mydialoginsight.com cdn.flbx.io *.tiktok.com *.tradedoubler.com *.shipup.co *.worldline-solutions.com *.clarity.ms *.societe-des-avis-garantis.fr notifpush.com gjigle.com gddglis.com *.notifadz.com googleapis.com statics.pushaddict.com *.pinterest.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://*.typeform.com *.fontawesome.com static.wesco.fr preprod-static.wesco.fr wesco-static.docker.localhost maxcdn.bootstrapcdn.com ws.colissimo.fr api.mapbox.com *.iadvize.com *.googletagmanager.com *.cloudflare.com cdn.flbx.io *.getflowbox.com *.doubleclick.net *.shipup.co *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn.flbx.io *.getflowbox.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io insights.algolia.io *.googleapis.com *.getflowbox.com https://ws.colissimo.fr https://maps.googleapis.com https://nominatim.openstreetmap.org https://*.onyourmap.com https://*.mapbox.com t.elasticsuite.io *.hsforms.net *.hsforms.com static.wesco.fr preprod-static.wesco.fr wesco-static.docker.localhost ws.colissimo.fr *.iadvize.com wss://*.iadvize.com *.doubleclick.net *.pinterest.com *.google.com *.mouseflow.com bat.bing.com *.mydialoginsight.com cdn.flbx.io *.taboola.com *.onyourmap.com *.mapbox.com *.tiktok.com *.easydmp.net *.tradedoubler.com *.criteo.com *.shipup.co *.worldline-solutions.com bat.bing.net *.societe-des-avis-garantis.fr notifpush.com *.googlesyndication.com gjigle.com *.notifadz.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.wesco.fr preprod-static.wesco.fr wesco-static.docker.localhost *.iadvize.com *.mouseflow.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 frame-ancestors https://viega.showpad.biz; 3 frame-ancestors 'self'; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://sdk.dcmn.io https://www.facebook.com https://sibautomation.com https://ad4m.at https://hal9000.redintelligence.net https://*.ad-srv.net https://googleanalytics.com https://google-analytics.com https://googleoptimize.com https://*.googletagmanager.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://widget.trustpilot.com https://*.studentbeans.com https://ct.pinterest.com https://*.cdn.optimizely.com https://just-russel.campaign.playable.com https://*.doubleclick.net https://*.clarity.ms https://*.justrussel.com https://*.justrussel.nl https://*.justrussel.be https://*.justrussel.de https://*.justrussel.fr 3 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' https://brita-int.ff360.de 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss: ws:; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src 'self' https:; frame-ancestors 'self' https:; object-src 'none'; media-src 'self' https:; manifest-src 'self'; worker-src 'self'; child-src 'self' https:; base-uri 'self'; form-action 'self' https:; upgrade-insecure-requests; block-all-mixed-content; 3 frame-ancestors 'self' https://secure.safecharge.com; 3 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com cash-f.squarecdn.com *.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.intercomcdn.com/ use.fontawesome.com/releases/v5.6.0/webfonts *.sagepay.com *.opayo.eu.elavon.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.googleusercontent.com *.zencdn.net *.arcot.com *.littlegreene.us yastatic.net *.stackla.com *.hotjar.com *.littlegreene.com *.varify.io data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com * https://www.facebook.com/ https://*.realexpayments.com/ *.facebook.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.nexigroup.com *.pluscard.de *.qiib.com.qa *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no *.nosto.com *.nos.to 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.eewosecure.com *.consorsbank.de *.intercom.io *.soldo.com *.ing.de *.cm-cic.com *.sibs.pt *.sparkassen-kreditkarten.de *.cyris.com *.rb.cz *.secureacs.com *.creditmutuel.fr *.lcl.fr *.airplus.com *.sparkasse.at *.asseco-see.hr *.marqeta.eu *.cic.fr *.cardcomplete.com *.postfinance.ch *.n26.com *.cornercard.ch *.uobgroup.com *.otpbank.hu *.bunq.com *.s-id-check-sparkassen.de *.rabobank.nl 3dsecure-vrp.de *.emlpayments.com *.abanca.com *.bankmillennium.pl *.3dsecure-atruvia.de *.3ds-hanseaticbank.de 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.braintreegateway.com *.paypal.com google.com *.google.com * https://lgpc.prismic.io *.weltpixel.com https://vars.hotjar.com/ https://www.facebook.com/ https://*.realexpayments.com/ https://player.vimeo.com/ https://www.google.com/ *.trustpilot.com https://newassets.hcaptcha.com/ https://static.cdn.prismic.io/ https://example-repository.prismic.io/ https://ct.pinterest.com/ https://r3.girogate.de/ https://*.littlegreene.com/ https://*.littlegreene.us/ https://*.littlegreene.fr/ https://*.littlegreene.de/ https://*.littlegreene.nl/ https://*.littlegreene.eu/ https://*.littlegreene.ie/ https://*.paintandpaperlibrary.com/ https://*.bradite.com/ https://*.nordea.com/ https://*.nordea.fi/ https://*.pkobp.pl/ *.dotdigital-pages.com *.dotdigital.com challenges.cloudflare.com webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.opayo.eu.elavon.com *.arcot.com *.rsa3dsauth.co.uk *.rsa3dsauth.com *.boc.cn *.afs.com.bh *.enfuce.com *.cardcenter.ch *.pluscard.de *.qiib.com.qa *.nexigroup.com *.paylife.at *.redsys.es *.3dsecure.no *.modirum.com *.edb.com *.viseca.ch *.apata.io *.capitalone.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw *.starlingbank.com *.danskebank.com *.pekao24.pl *.lloydsbank.co.uk/ *.lloydsbank.com/ *.lloydsbankinggroup.com/ *.channel-cards-auth-api.lloydsbankinggroup.com/ *.sparebank1.no account.fetchify.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.sibs.pt *.soldo.com *.marqeta.eu *.3ds-hanseaticbank.de *.creditmutuel.fr *.rabobank.nl *.cyris.com *.facebook.com *.ing.de *.postfinance.ch *.lcl.fr *.doubleclick.net *.varify.io *.rb.cz 3dsecure-vrp.de *.stackla.com *.emlpayments.com *.pinterest.com *.s-id-check-sparkassen.de *.abanca.com *.otpbank.hu *.milleis.fr *.sparkassen-kreditkarten.de *.consorsbank.de *.littlegreene.com *.adsrvr.org *.bankmillennium.pl *.sparkasse.at *.sg.fr *.airplus.com *.googletagmanager.com *.cornercard.ch *.cic.fr *.n26.com *.cloudflare.com *.cm-cic.com *.eewosecure.com *.bunq.com *.littlegreene.us *.op.fi *.asseco-see.hr *.uobgroup.com *.neuflizeobc.net *.intercom-reporting.com *.cardcomplete.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com *.typekit.net *.gstatic.com * *.googleapis.com https://images.prismic.io/lgpc/ https://bat.bing.com/ https://www.facebook.com https://*.pinterest.com/ https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://images.prismic.io/ https://prismic-io.s3.amazonaws.com/ https://cookie-cdn.cookiepro.com https://www.magecomp.com/ https://streetviewpixels-pa.googleapis.com/ https://js.intercomcdn.com/ https://www.google.com.ua/ https://*.littlegreene.com/ https://*.littlegreene.us/ https://*.littlegreene.fr/ https://*.littlegreene.de/ https://*.littlegreene.nl/ https://*.littlegreene.eu/ https://*.littlegreene.ie/ https://*.paintandpaperlibrary.com/ https://*.bradite.com/ https://*.cti.digital/ *.facebook.com *.reddit.com *.trackedlink.net *.sagepay.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com www.feedoptimise.com cdn.feedoptimise.com magefan.com cm.magefan.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: www.google.co.id www.google.com.qa www.google.com.co www.google.com.bh *.stackla.com www.google.gg www.google.by www.google.lk www.google.gl yastatic.net *.intercomcdn.com www.google.hr www.google.com.pg www.google.bt www.google.com.np www.google.com.pe www.google.co.il www.google.jo www.google.it www.google.co.zm www.google.ch www.google.com.et *.facebook.net www.google.hu *.google.com www.google.com.pr www.google.li www.google.md www.google.am www.google.im www.google.es www.google.td www.google.is www.google.com.bo www.google.lu www.google.bi *.linkedin.com www.google.co.ma www.google.dm www.google.co.ls www.google.mn *.littlegreene.com www.google.com.ec www.google.ba www.google.me www.google.com.kh *.ctidigital.com www.google.co.th www.google.com.vn www.google.ps www.google.com.hk *.doubleclick.net www.google.rw www.google.com.cy www.google.cv www.google.tt www.google.ge www.google.com.lb *.adsrvr.org www.google.ro www.google.no *.wsimg.com www.google.cd www.google.co.ve www.google.dk www.google.mg www.google.hn www.google.ru www.google.com.bn www.google.ne *.littlegreene.us www.google.ml www.google.sm www.google.com.cu *.cdninstagram.com *.googleusercontent.com www.google.com.vc www.google.com.ni www.google.com.ag www.google.com.eg www.google.com.gt www.google.la www.google.com.br www.google.com.jm www.google.je www.google.com.mt www.google.kg www.google.so www.google.mv www.google.com.af www.google.co.mz www.google.com.tj www.google.com.sl www.google.bg www.google.com.pk www.google.gr *.googletagmanager.com www.google.com.tw www.google.tn www.google.com.sg www.google.co.in *.capitalkoala.com *.ggpht.com www.google.ad www.google.at www.google.vu www.google.al www.google.rs www.google.ie www.google.co.ke www.google.cm www.google.mw www.google.com.pa www.google.ae www.google.pl google.com www.google.com.fj www.google.com.kw www.google.pt www.google.be www.google.com.mx www.google.mu www.google.com.sb www.google.co.cr www.google.ee www.google.com.py www.google.iq www.google.ca www.google.gy www.google.co.jp *.pinimg.com www.google.sr www.google.de d21m4dsqdd3b9h.cloudfront.net www.google.lt *.intercomassets.com www.google.com.do www.google.co.zw www.google.fi www.google.sk www.google.co.ug www.google.com.ph www.google.co.tz www.google.ga www.google.tg www.google.si www.google.lv www.google.com.sa www.google.bj www.google.dj www.google.dz www.google.ci www.google.co.vi www.google.com.ar www.google.com.gh www.google.co.uz www.google.com.my www.google.fr www.google.com.ng www.google.com.om *.prismic.io *.cti.digital www.google.nl www.google.ws www.google.com.sv *.addsauce.com www.google.com.tr www.google.com.uy www.google.se www.google.tl www.google.co.ao *.trustpilot.com www.google.com.na www.google.sn www.google.com.mm www.google.cl *.googlesyndication.com *.tiktok.com www.google.co.za *.cookiepro.com www.google.gm www.google.sc www.google.co.nz www.google.com.bz www.google.co.uk www.google.cg www.google.com.bd www.google.tm www.google.ht www.google.kz www.google.com.au www.google.bs www.google.co.ck www.google.mk *.licdn.com www.google.cz www.google.bf www.google.co.kr www.google.co.bw www.google.az www.google.com.ly www.google.com.gi data: 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com/ www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.cash.app *.visa.com *.mastercard.com *.googleapis.com *.gstatic.com https://static.cdn.prismic.io https://prismic.io https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.hotjar.com/ https://connect.facebook.net/ https://s.pinimg.com/ https://bat.bing.com/ https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://js.intercomcdn.com/ *.trustpilot.com https://*.azureedge.net/ https://cookie-cdn.cookiepro.com/ https://cdn.jsdelivr.net/ https://widget.intercom.io https://widgets.pinterest.com https://assets.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://hcaptcha.com https://cookie-cdn.cookiepro.com https://www.googleoptimize.com/ https://oc-cdn-public-gbr.azureedge.net/ https://*.littlegreene.com/ https://*.littlegreene.us/ https://*.littlegreene.fr/ https://*.littlegreene.de/ https://*.littlegreene.nl/ https://*.littlegreene.eu/ https://*.littlegreene.ie/ https://*.paintandpaperlibrary.com/ https://*.bradite.com/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal challenges.cloudflare.com webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.opayo.eu.elavon.com www.feedoptimise.com cdn.feedoptimise.com player.vimeo.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.hsforms.net *.hsforms.com g10696554090.co *.intercom.io *.varify.io *.termly.io hcaptcha.com *.littlegreene.com *.stackla.com plausible.io snapppt.com *.elavon.com *.addsauce.com *.adsrvr.org yastatic.net *.amazon-adsystem.com *.littlegreene.us *.googlesyndication.com *.zencdn.net *.hotjar.com *.pinterest.com *.cookiepro.com *.pinimg.com *.tiktok.com *.cloudflare.com *.googletagmanager.com *.licdn.com g10498469755.co *.prismic.io *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src *.adobe.com fonts.googleapis.com *.cash.app https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://*.azureedge.net/ https://hello.myfonts.net/ tagmanager.google.com use.fontawesome.com/releases/v5.6.0/css webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com *.zencdn.net *.stackla.com *.littlegreene.com *.typekit.net yastatic.net *.littlegreene.us *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; object-src *.stackla.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; media-src *.adobe.com *.intercomcdn.com *.stackla.com *.cdninstagram.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com * *.googleapis.com https://*.hotjar.com/ https://*.pinterest.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://lg-gb.lgpcm2.ctidev https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://api-iam.intercom.io/ https://api.craftyclicks.co.uk/ https://www.facebook.com/ wss://nexus-websocket-a.intercom.io https://bat.bing.com/ https://bam.nr-data.net/ https://cookie-cdn.cookiepro.com/ https://privacyportal.cookiepro.com/ https://geolocation.onetrust.com/ https://invitejs.trustpilot.com/ *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com t.elasticsuite.io *.hsforms.net *.hsforms.com www.google.com.bd www.google.com.gt www.google.ae www.google.com.py www.google.mn www.google.co.tz www.google.cv www.google.ie *.cookiepro.com *.stackla.com www.google.co.kr www.google.com.ly www.google.cl www.google.dz www.google.co.cr www.google.tg www.google.com.bz www.google.hn *.trustpilot.com www.google.com.gi www.google.com.mx www.google.co.il www.google.co.in *.littlegreene.com www.google.am www.google.no www.google.com.tw www.google.com.pe www.google.lt *.hotjar.io www.google.com.tr www.google.hr www.google.la www.google.ru www.google.co.zm www.google.sk www.google.by www.google.com.sg www.google.it www.google.com.bh www.google.co.vi www.google.co.th www.google.rw *.pinterest.com www.google.ad www.google.com.bo www.google.mk *.hotjar.com www.google.com.pr www.google.lv www.google.tt www.google.com.gh www.google.com.ar www.google.mw *.intercom.io www.google.gr www.google.ci www.google.lu www.google.com.lb www.google.com.jm www.google.com.pk www.google.com.ag www.google.bf www.google.md www.google.com.hk *.facebook.com www.google.mu www.google.sn www.google.tl www.google.com.tj www.google.com.sv www.google.com.pg www.google.az www.google.pt www.google.com.kh www.google.co.uk www.google.cd www.google.iq www.google.co.jp www.google.com.br *.tiktok.com *.adsrvr.org *.zencdn.net *.addsauce.com www.google.li www.google.co.id www.google.com.mm www.google.sc www.google.com.cy www.google.si www.google.ee www.google.co.zw www.google.com.ni www.google.es www.google.ge www.google.sr www.google.se www.google.pl www.google.so *.linkedin.com www.google.com.vn www.google.de www.google.co.ve www.google.co.za www.google.be www.google.com.ec www.google.co.ke *.googlesyndication.com www.google.tn www.google.com.uy www.google.com.fj www.google.co.nz *.cloudflare.com www.google.nl www.google.ch www.google.bg www.google.gg www.google.rs www.google.com.ua www.google.fr www.google.gy www.google.co.mz www.google.bt www.google.co.bw plausible.io *.littlegreene.us www.google.dk www.google.com.et www.google.gm *.intercomcdn.com www.google.ca www.google.com.qa www.google.com.eg *.varify.io www.google.me www.google.co.ls www.google.al www.google.com.do www.google.com.ph www.google.com.na www.google.co.ma www.google.ht www.google.com.my www.google.cz www.google.co.ao www.google.co.uz d21m4dsqdd3b9h.cloudfront.net www.google.ro www.google.com.np www.google.at www.google.tm www.google.bs www.google.cm *.amazon-adsystem.com hcaptcha.com www.google.lk *.ctidigital.com www.google.kz www.google.fi www.google.im www.google.com.pa www.google.ba www.google.jo www.google.hu www.google.com.sl www.google.ps *.prismic.io www.google.mv www.google.com.om www.google.je www.google.com.kw www.google.co.ug www.google.com.au www.google.com.sa www.google.com.af www.google.mg www.google.is *.hcaptcha.com www.google.com.ng www.google.com.co www.google.com.mt 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.trustpilot.com *.stackla.com *.hcaptcha.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; report-uri https://fcd7480d-2ff3-44bf-9367-c8e0d4f26d3d.sansec.watch/; report-to report-endpoint; 3 default-src 'self' https://maxcdn.bootstrapcdn.com blob: ;font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static3.avast.com https://themes.googleusercontent.com https://stackpath.bootstrapcdn.com https://github.com https://s3-eu-west-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://s3-ap-northeast-1.amazonaws.com https://s3.amazonaws.com https://cdn.faceworks.nl https://cdn.abf.nl https://fast.fonts.net https://cdn.ckeditor.com https://*.fontawesome.com https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.quevi.nl data: ;connect-src * data: ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.matomo.cloud https://cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.polyfill.io https://www.google-analytics.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google.com https://ssl.google-analytics.com https://www.google.nl https://stackpath.bootstrapcdn.com https://d3js.org https://www.google.com/jsapi https://ajax.microsoft.com https://maps.googleapis.com https://www.ergo-webreporting.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com https://siteimproveanalytics.com https://www.google-analytics.com/analytics.js https://s3-us-west-2.amazonaws.com/s.cdpn.io/81395/CustomEase.min.js https://cdn.datatables.net https://www.googletagmanager.com/gtm.js https://cdn.abf.nl https://cdn.ckeditor.com https://*.fontawesome.com https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.quevi.nl blob: ;script-src-elem 'self' 'unsafe-inline' https://*.matomo.cloud https://*.quevi.nl https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.polyfill.io https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://d3js.org/ https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google.nl https://www.google.com https://ssl.google-analytics.com https://ajax.microsoft.com https://diyini.junasonuku.com https://data1.khorel.com https://platform.twitter.com https://cdn.syndication.twimg.com https://data1.fedjuh.com https://www.gstatic.com https://nextextlink.com https://d3js.org https://www.google.com/jsapi https://maps.googleapis.com https://www.ergo-webreporting.com https://ajax.aspnetcdn.com https://siteimproveanalytics.com https://s3-us-west-2.amazonaws.com/s.cdpn.io/81395/CustomEase.min.js https://www.google-analytics.com/analytics.js https://cdn.datatables.net https://www.googletagmanager.com/gtm.js https://cdn.abf.nl https://cdn.ckeditor.com https://matomoabf.westeurope.cloudapp.azure.com https://*.fontawesome.com https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.quevi.nl data: ;style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.google.com https://www.google.com https://www.google.nl https://use.typekit.net https://p.typekit.net https://netdna.bootstrapcdn.com https://hello.myfonts.net https://fonts.typotheque.com https://cdn.abf.nl https://cdn-images.mailchimp.com https://cdn.ckeditor.com https://cdn.datatables.net https://code.jquery.com https://*.fontawesome.com https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.quevi.nl ;style-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.google.com https://www.google.com/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://platform.twitter.com https://ton.twimg.com https://hello.myfonts.net https://fonts.typotheque.com https://cdn.abf.nl https://cdn-images.mailchimp.com https://cdn.ckeditor.com https://cdn.datatables.net https://code.jquery.com https://*.fontawesome.com https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.quevi.nl ;img-src * https://osm.abf.nl data: blob: ;frame-src * data: ;object-src * data: ;report-uri https://api.abf.nl/api/cspreport ; 3 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; img-src 'self' blob: data: https:; style-src 'self' https: 'unsafe-inline'; base-uri 'self'; form-action 'self' https:; worker-src 'self' blob: https:; frame-src 'self' https:; child-src 'self' blob: 3 frame-ancestors 'self' https://eway.my.salesforce.com/; 3 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com https://fonts.cdnfonts.com/s/85546/Satoshi-BlackItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Black.woff https://fonts.cdnfonts.com/s/85546/Satoshi-BoldItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Bold.woff https://fonts.cdnfonts.com/s/85546/Satoshi-MediumItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Medium.woff https://fonts.cdnfonts.com/s/85546/Satoshi-LightItalic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Light.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Italic.woff https://fonts.cdnfonts.com/s/85546/Satoshi-Regular.woff https://s3.amazonaws.com/trustspot-pr-widget/ https://trustspot-app-assets.s3.amazonaws.com *.yotpo.com *.googleapis.com *.gstatic.com https://*.klaviyo.com https://*.zmags.com https://*.getfastr.com https://cdn.reamaze.com https://fonts.cdnfonts.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.reamaze.com *.reamaze.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com www.xtento.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://*.adsrvr.org https://ct.pinterest.com https://*.knocdn.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com https://*.fls.doubleclick.net https://td.doubleclick.net https://*.wistia.net https://moultrie.locally.com https://cnc-api.zmags.com https://app.viralsweep.com https://ebsco.widen.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.gstatic.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://meetanshi.com/media/logo.png https://*.bing.com https://tracking.avantlink.com https://*.adsrvr.org https://*.knocdn.com https://www.facebook.com https://*.reddit.com https://*.redditstatic.com https://analytics.tiktok.com store.paradoxlabs.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com media.sezzle.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://app.ravecapture.com https://ravecapture-app-assets.s3.amazonaws.com https://trustspot-product-photos.imgix.net https://trustspot-experience-photos.imgix.net https://trustspot-logos.imgix.net *.yotpo.com https://*.locally.com https://*.zmags.com https://*.getfastr.com https://arttrk.com https://*.clarity.ms https://*.doubleclick.net https://*.moultriefeeders.com https://*.moultrie.com https://*.pradcocommerce.com https://*.summitstands.com https://*.codebluescents.com https://*.knightandhale.com https://*.maxxtuff.com https://*.texashunterproducts.com https://*.lurenet.com https://whiskerseeker.com https://*.whiskerseeker.com https://*.wingscapes.com https://*.simplepets.com https://anilogics.com https://*.anilogics.com https://embed.widencdn.net https://d3k81ch9hvuctc.cloudfront.net https://*.google.ca https://*.google.co.za https://*.google.fr https://*.google.co.uk https://*.google.co.in https://*.google.com.au https://maps.googleapis.com https://*.shgcdn.com https://phosphor.utils.elfsightcdn.com https://storemapper-herokuapp-com.global.ssl.fastly.net https://i.imgur.com/5axkorT.jpg https://*.revenuehunt.com https://pradcooutdoorbrands.canto.com https://d3opzdukpbxlns.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.adobe.io use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.sharethis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com https://services.nofraud.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://*.adsrvr.org https://*.avmws.com https://*.experticity.com https://*.bing.com https://*.byspotify.com https://ct.pinterest.com https://s.pinimg.com https://*.knocdn.com https://connect.facebook.net https://*.reddit.com https://*.redditstatic.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com https://cdn.getblueshift.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://widget.sezzle.com maps.googleapis.com https://app.ravecapture.com https://trustspot.io *.yotpo.com https://*.zmags.com https://cas.zma.gs https://*.addthis.com https://mpsnare.iesnare.com https://assets.armanet.us https://*.clarity.ms https://analytics.tiktok.com https://*.wistia.net https://*.hotjar.com https://*.newrelic.com https://form.jotform.com https://*.locally.com https://*.viralsweep.com https://*.getshogun.com https://*.shgcdn2.com https://static.elfsight.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.reamaze.com https://push.reamaze.com/assets/reamaze-push.js https://cdnjs.cloudflare.com/ajax/libs/pusher/7.0.1/pusher.min.js https://d2hrivdxn8ekm8.cloudfront.net/tag-manager/ https://d2hrivdxn8ekm8.cloudfront.net/tracker-latest.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.sharethis.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com fonts.cdnfonts.com unsafe-inline assets.braintreegateway.com https://fonts.cdnfonts.com/css/satoshi https://app.ravecapture.com https://s3.amazonaws.com/trustspot-pr-widget/ *.yotpo.com *.googleapis.com https://cas.zma.gs https://*.zmags.com https://static-tracking.klaviyo.com https://*.getshogun.com https://*.shgcdn2.com https://cdn.reamaze.com 'self' 'unsafe-inline'; object-src https://www.youtube.com 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: https://cdn.reamaze.com https://*.shgcdn.com https://pradcooutdoorbrands.canto.com https://d3opzdukpbxlns.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sharethis.com https://services.nofraud.com https://*.mmapiws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://*.spotify.com https://*.experticity.com https://*.bing.com https://*.knocdn.com https://*.knocommerce.com https://www.facebook.com https://*.reddit.com https://*.redditstatic.com https://analytics.tiktok.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com gateway.sezzle.com sandbox.gateway.sezzle.com media.sezzle.com widget.sezzle.com https://api.getblueshift.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://media.sezzle.com https://widget.sezzle.com maps.googleapis.com https://app.ravecapture.com https://trustspot.io *.yotpo.com https://www.locally.com https://google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cas.zma.gs https://c.zmags.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://srv.armanet.us https://*.clarity.ms https://ct.pinterest.com https://bam.nr-data.net https://*.hotjar.io wss://ws.hotjar.com https://api-js.datadome.co https://*.elfsight.com https://www.storemapper.co https://api.keen.io/3.0/projects/510989052975163052000002/events/queries https://cdn.reamaze.com wss://ws.reamaze.com/app/ https://whisker-seeker-tackle.reamaze.io/ https://insight.adsrvr.org https://ad.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://whisker-seeker-tackle.reamaze.io/ 'self' 'unsafe-inline'; report-uri https://c2377b7a62d7a797512c7707793b335c.report-uri.com/r/t/csp/enforce; report-to report-endpoint; 3 base-uri 'none'; font-src 'self' https: data:; form-action https:; frame-ancestors 'self' https:; img-src 'self' data: https: https://heapanalytics.com; object-src 'none'; script-src-attr 'unsafe-inline' 'unsafe-hashes'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://heapanalytics.com https://cdn.us.heap-api.com; upgrade-insecure-requests; default-src 'self' https:; connect-src * https://heapanalytics.com https://c.us.heap-api.com; media-src 'self' blob: data: https:; worker-src * blob: data:; 3 frame-ancestors 'self' *.11freunde.de *; 3 default-src 'self' mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel:; connect-src https: blob:; media-src https: mediastream: blob: 3 frame-ancestors 'self' *.betssongroupaffiliates.com 3 default-src 'self' https: ws: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io; style-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io; img-src 'self' 'unsafe-inline' 'unsafe-eval' admin.centralcardlab.com caihss.usbank.com cardlytics.fsvps.com consumer.centralcardlab.com insurance.usbankprepaidcards.com masteradmin.centralcardlab.com portal.cardaccesssite.com portal.clientaccesssite.com portal.paychekplus.com portalpvt.clientaccesssite.com portalpvt.paychekplus.com service.centralcardlab.com sms.fsvsecurecard.com sp.clientaccesssite.com www.accessmygc.com www.blueeliteapply.com www.centralcardlab.com www.elanprepaidcard.com www.elanrewardscard.com www.epaystubaccess.com www.epaystubplus.com www.fsvremote.com www.fsvsecurecard.com www.fsvwebservices.com www.mo-access.com www.myblueelite.com www.mychektoday.com www.mypayadvantage.com www.mysilverselect.com www.paychekplus.com www.paychekplusapply.com www.prepaidgiftbalance.com www.quickcardbalance.com www.rapidfs.com www.silverselectapply.com www.usbankaccelapay.com www.usbankexpensecard.com www.usbankfocus.com www.usbankfocusenroll.com www.usbankincentivecard.com www.usbankoptionscard.com www.usbankprepaidadmin.com www.usbankreliacard.com www.usbankrewardscard.com smetrics.usbank.com tags.tiqcdn.com cdn.appdynamics.com www.google.com www.googleadservices.com cdn.quantummetric.com www.googletagmanager.com googleads.g.doubleclick.net unpkg.com onlinebanking.usbank.com mpsnare.iesnare.com www.google-analytics.com bat.bing.com www.gstatic.com *.qualtrics.com *.socure.com *.marketingcloudapis.com *.apswebapps.com *.cpigateway.com *.creditsystem.com *.marketingcloudapis.com *.pendo.io; 3 script-src https://avdonl-s-checkout-fe.azureedge.net/cdn/static/js/main.js https://avdonl-p-checkout-fe.azureedge.net/cdn/static/js/main.js https://checkout-cdn.avarda.com/cdn/static/js/main.js https://stage.checkout-cdn.avarda.com/cdn/static/js/main.js https://bat.bing.com https://*.clerk.io https://*.commerce-connector.com https://policy.app.cookieinformation.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.coolrunner.dk https://*.criteo.net https://*.criteo.com 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://*.med24.dk/ blob: https://*.med24.no/ blob: https://*.med24.se/ https://ga.jspm.io/npm:es-module-shims@1.10.0/dist/es-module-shims.js https://connect.facebook.net https://*.getsitecontrol.com 'unsafe-eval' 'unsafe-inline' https://optimize.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://translate.google.com https://tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget.intercom.io https://js.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://*.playground.klarna.com https://*.playground.klarnaevt.com https://chimpstatic.com https://at.med24.dk https://at.med24.se https://at.med24.no https://matomo.med24.dk https://matomo.med24.se https://matomo.med24.no https://s.kk-resources.com https://*.fls.doubleclick.net https://*.crazyegg.com https://js.go2sdk.com/v2/tune.js https://*.mouseflow.com 'unsafe-eval' 'unsafe-inline' https://*.perfectcorp.com 'unsafe-eval' 'unsafe-inline' https://checkout.reepay.com https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/5683fc5e/www-widgetapi.vflset/www-widgetapi.js ; font-src https://stage.checkout-cdn.avarda.com https://checkout-cdn.avarda.com https://avdonl-s-checkout-fe.azureedge.net/cdn/ https://avdonl-s-checkout-fe.azureedge.net/cdn/ 'self' data: https://*.getsitecontrol.com https://*.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://matomo.med24.dk https://matomo.med24.se https://matomo.med24.no https://*.mouseflow.com https://*.perfectcorp.com; img-src https://stage.checkout-cdn.avarda.com https://checkout-cdn.avarda.com https://avdonl-s-checkout-fe.azureedge.net/cdn/images/ https://avdonl-p-checkout-fe.azureedge.net/cdn/images/ https://avarda.com/media/ https://bat.bing.com https://*.commerce-connector.com https://*.criteo.net https://*.criteo.com 'self' data: https://www.facebook.com https://*.getsitecontrol.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://translate.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.dk https://www.google.se https://www.google.no https://www.google.de https://www.google.co.uk https://ade.googlesyndication.com https://static.intercomassets.com https://js.intercomcdn.com https://gifs.intercomcdn.com https://downloads.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://*.playground.klarnaevt.com https://s.kelkoogroup.net https://collect.med24.dk https://collect.med24.no https://collect.med24.se https://med24.dk https://med24.no https://med24.se https://www.med24.dk https://www.med24.no https://www.med24.se https://matomo.med24.dk https://matomo.med24.se https://matomo.med24.no https://miljoevenlig-pakning.dk https://*.doubleclick.net https://*.mouseflow.com https://www.partner-ads.com https://*.perfectcorp.com https://*.makeupar.com https://*.beautycircle.com https://*.sleeknote.com https://i.ytimg.com; frame-src https://card-payment-frame.stage.avarda.com https://card-payment-frame.production.avarda.com https://*.commerce-connector.com https://policy.app.cookieinformation.com https://consentcdn.cookiebot.com https://*.criteo.net https://*.criteo.com 'self' https://www1.emarsys.net https://connect.facebook.net https://www.facebook.com https://*.getsitecontrol.com https://optimize.google.com/ https://www.google.com https://www.googletagmanager.com https://adservice.google.com/ https://*.klarna.com https://*.klarnacdn.net https://form.jotform.com https://submit.jotformeu.com https://*.fls.doubleclick.net https://*.doubleclick.net https://*.mouseflow.com https://*.netseidbroker.dk https://netseidbroker.pp.mitid.dk https://*.perfectcorp.com https://checkout.reepay.com https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com/ https://www.youtube-nocookie.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com/ https://*.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://matomo.med24.dk https://matomo.med24.se https://matomo.med24.no https://*.sleeknote.com; connect-src 'self' https://*.getsitecontrol.com https: wss://*.intercom.io https://*.mouseflow.com https://*.perfectcorp.com; object-src 'self'; worker-src 'self'; child-src https://*.getsitecontrol.com https://*.mouseflow.com https://*.perfectcorp.com; media-src https://*.gstatic.com 3 default-src 'self' https://webanalytics.europa.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://better-internet-for-kids.europa.eu https://cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js https://webtools.europa.eu https://cnect-bik.acc.dhs.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts https://static.twitchcdn.net http://cdnjs.cloudflare.com https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js https://unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js https://cdn.jsdelivr.net/gh/ractoon/jQuery-Text-Counter@0.9.1/textcounter.min.js https://cdn.jsdelivr.net/gh/gjunge/rateit.js@1.1.5/scripts/jquery.rateit.min.js https://webanalytics.europa.eu https://cdn.jsdelivr.net *.europa.eu https://www.webanalytics.europa.eu/ppms.js https://cdn.ckeditor.com/ckeditor5/44.0.0/dll/font/font.js; style-src 'self' 'unsafe-inline' https://better-internet-for-kids.europa.eu https://webtools.europa.eu https://cnect-bik.acc.dhs.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts http://cdnjs.cloudflare.com https://unpkg.com/tippy.js@6.3.7/dist/tippy.css https://unpkg.com/tippy.js@6.3.7/dist/tippy.css https://cdn.jsdelivr.net/gh/NigelOToole/progress-tracker@v2.0.7/src/styles/progress-tracker.css https://cdn.jsdelivr.net/gh/gjunge/rateit.js@1.1.5/scripts/rateit.css https://cdn.jsdelivr.net *.europa.eu; img-src 'self' 'unsafe-inline' data: https://better-internet-for-kids.europa.eu https://webtools.europa.eu https://cnect-bik.acc.dhs.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts https://webanalytics.europa.eu https://i.ytimg.com *.europa.eu https://www.webanalytics.europa.eu; media-src 'self' https://better-internet-for-kids.europa.eu https://webtools.europa.eu https://cnect-bik.acc.dhs.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts; frame-src https://better-internet-for-kids.europa.eu https://europa.eu/webtools/rest/nuts https://indd.adobe.com https://player.twitch.tv https://webtools.europa.eu https://www.youtube.com https://youtube.com/ https://player.vimeo.com https://cnect-bik.acc.dhs.tech.ec.europa.eu; frame-ancestors 'self'; font-src 'self' 'unsafe-inline' data: https://webtools.europa.eu https://cnect-bik.acc.dhs.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts https://better-internet-for-kids.europa.eu https://fonts.gstatic.com; connect-src 'self' https://better-internet-for-kids.europa.eu https://*.webtools.europa.eu https://webtools.europa.eu https://cnect-bik.acc.dhs.tech.ec.europa.eu https://europa.eu/webtools/rest/nuts https://webanalytics.europa.eu *.europa.eu https://www.webanalytics.europa.eu/ppms.php; report-uri /report-csp-violation 3 media-src 'self'; 3 frame-ancestors 'self'; form-action 'self'; object-src 'none'; 3 frame-ancestors *.nha.nl *.nha.be *.nhad.de *.buddywise.nl 3 block-all-mixed-content; frame-ancestors 'self' https://bots.getskitickets.com; 3 default-src 'self' ws: wss: blob: maxcdn.bootstrapcdn.com api.tiles.mapbox.com cdn.storelocatorwidgets.com maxcdn.bootstrapcdn.com api.tiles.mapbox.com cdn.storelocatorwidgets.com; font-src 'self' 'unsafe-inline' data: cdn.storelocatorwidgets.com maxcdn.bootstrapcdn.com cdn.storelocatorwidgets.com maxcdn.bootstrapcdn.com webchat.keyreply.com fonts.gstatic.com kit-free.fontawesome.com edge.addthis.com; connect-src 'self' ws: wss: blob: geocode.arcgis.com log.storelocatorwidgets.com b.tiles.expressmaps.com a.tiles.expressmaps.com markers.storelocatorwidgets.com markers.storelocatorwidgets.com tiles.expressmaps.com wss: nhg.app.keyreply.com nhg.app.keyreply.com maps.googleapis.com www.google-analytics.com v1.addthis.com m.addthis.com edge.addthis.com api-public.addthis.com l.sharethis.com datasphere-sbsvc.sharethis.com bcp.crwdcntrl.net analytics.google.com; frame-src 'self' www.google.com youtu.be www.youtube.com s7.addthis.com edge.addthis.com www.nhgp.com.sg t.sharethis.com; frame-ancestors 'self'; img-src * data: maps.gstatic.com *.googleapis.com *.ggpht.com *.storelocatorwidgets.com blob: wh-stg.wh.com.sg wh.com.sg; media-src 'self' data: keyreply.blob.core.windows.net youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss: blob: data: geocode.arcgis.com tiles.expressmaps.com ajax.googleapis.com cdn.storelocatorwidgets.com cdn.storelocatorwidgets.com maps.googleapis.com youtu.be www.youtube.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com v1.addthisedge.com v1.addthis.com edge.addthis.com z.moatads.com api-public.addthis.com wh-stg.wh.com.sg wh.com.sg platform-api.sharethis.com t.sharethis.com ; script-src-elem 'self' 'unsafe-inline' ws: wss: blob: geocode.arcgis.com/ loc.storelocatorwidgets.com/ www.googletagmanager.com www.youtube.com ajax.googleapis.com cdn.storelocatorwidgets.com nhg.app.keyreply.com maps.googleapis.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com v1.addthisedge.com v1.addthis.com edge.addthis.com z.moatads.com api-public.addthis.com platform-api.sharethis.com/js/sharethis.js buttons-config.sharethis.com count-server.sharethis.com t.sharethis.com platform-api.sharethis.com api.mapbox.com; style-src 'self' 'unsafe-inline' data: ajax.googleapis.com s7.addthis.com maxcdn.bootstrapcdn.com api.tiles.mapbox.com cdn.storelocatorwidgets.com maxcdn.bootstrapcdn.com api.tiles.mapbox.com cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com youtu.be www.youtube.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com edge.addthis.com nhg.app.keyreply.com maps.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: maxcdn.bootstrapcdn.com api.tiles.mapbox.com cdn.storelocatorwidgets.com maxcdn.bootstrapcdn.com api.tiles.mapbox.com cdn.storelocatorwidgets.com fonts.googleapis.com kit-free.fontawesome.com; object-src 'self' youtu.be www.youtube.com api.mapbox.com; 3 base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io wss://localhost:44398 https://px.ads.linkedin.com https://metrics.hotjar.io; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.worldpay.com; frame-ancestors 'self' https://ricardo.saleshood.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://calendly.com https://outlook.office365.com https://embed.mindstamp.com https://www.googletagmanager.com https://td.doubleclick.net https://experience.arcgis.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://unpkg.com https://imgsct.cookiebot.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net https://vod-progressive.akamaized.net https://download-video.akamaized.net https://vod-progressive-ak.vimeocdn.com https://download-video-ak.vimeocdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://mathjax.rstudio.com https://*.vimeo.com https://*.calendly.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://optimize.google.com; 3 frame-ancestors 'self' https://*.slipcase.com https://*.marketplace.marsh.com 3 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; 3 base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; media-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 3 frame-ancestors *; report-uri /report-csp-violation 3 default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; font-src *; img-src * data:; connect-src * data:; 3 default-src * https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://dev.azure.com https://login.microsoftonline.com/ https://spsprodcus2.vssps.visualstudio.com https://www.datadoghq-browser-agent.com http://www.datadoghq-browser-agent.com https://rum.browser-intake-datadoghq.com http://rum.browser-intake-datadoghq.com https://prefund-reporting.wrightexpresscorpcard.com https://prefund-reporting-api.wrightexpresscorpcard.com https://owi-internal.internal.wexcp.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4558985839575040.storage.googleapis.com data.pendo.io; worker-src 'self' blob: http://www.google-analytics.com https://www.google-analytics.com http://cdn.appdynamics.com https://cdn.appdynamics.com http://col.eum-appdynamics.com https://col.eum-appdynamics.com https://tfs.encompass.ninja https://www.youtube.com; frame-ancestors 'self' app.pendo.io; child-src app.pendo.io; frame-src 'self' app.pendo.io; 3 default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval'; 3 default-src 'self' data:;font-src 'self' data: fonts.gstatic.com;connect-src 'self' localhost *.doubleclick.net *.clarity.ms *.fg.cz *.google-analytics.com *.analytics.google.com www.google.com requestor.bezpecnostnicentrum.cz maps.googleapis.com translate.googleapis.com translate-pa.googleapis.com *.facebook.com *.googlesyndication.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.clarity.ms www.youtube.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googletagmanager.com *.clarity.ms www.youtube.com recaptcha.net *.fg.cz www.google.com www.gstatic.com *.google-analytics.com requestor.bezpecnostnicentrum.cz maps.googleapis.com translate.google.com translate.googleapis.com translate-pa.googleapis.com connect.facebook.net;form-action 'self' *.facebook.com *.facebook.net;frame-src 'self' *.doubleclick.net www.youtube.com www.youtube-nocookie.com recaptcha.net www.google.com www.googletagmanager.com requestor.bezpecnostnicentrum.cz online.fliphtml5.com;worker-src 'self' blob: www.youtube.com *.doubleclick.net;frame-ancestors 'self' localhost test-edee-jablotron.fg.cz edee.jablotron.com;img-src 'self' data: blob: *.fg.cz *.doubleclick.net *.clarity.ms *.youtube.com *.ytimg.com *.openstreetmap.org *.google.cn *.google.com *.google.cz http://www.google.com maps.gstatic.com maps.googleapis.com fonts.gstatic.com www.gstatic.com translate.googleapis.com *.bing.com *.googletagmanager.com *.facebook.com mapsresources-pa.googleapis.com;style-src 'self' 'unsafe-inline' requestor.bezpecnostnicentrum.cz fonts.googleapis.com www.gstatic.com *.googletagmanager.com;object-src self;media-src 'self' *.fg.cz edee.jablotron.com 3 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src * 3 default-src 'self'; base-uri 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://s.yimg.jp/ https://connect.facebook.net/ https://*.yahoo.co.jp/ https://maps.googleapis.com/ https://*.mul-pay.jp/ https://*.google.com https://global.localizecdn.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com https://cdn.auth0.com https://ads.twitter.com https://imasdk.googleapis.com https://pagead2.googlesyndication.com https://static.ads-twitter.com https://s0.2mdn.net https://www.googletagservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/; connect-src * data: blob: 'unsafe-inline'; frame-src https://*.google.com/ https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://*.facebook.com/ https://www.youtube.com/ https://td.doubleclick.net/ https://imasdk.googleapis.com/; media-src * data: blob:; worker-src * data: blob: 3 frame-ancestors 'self' equinux.com *.equinux.com equinux.net *.equinux.net tizi.tv *.tizi.tv maildesigner365.com *.maildesigner365.com vpntracker.com *.vpntracker.com tvproapp.de *.tvproapp.de; 3 default-src 'self'; style-src 'self' 'unsafe-inline' *.bazaarvoice.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.salesforce-scrt.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.google.co.in/ *.danoneskyr.co.uk/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.adsrvr.org/ *.applicationinsights.io/ *.adyen.com/ *.teads.tv/ *.hotjar.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.adobeaemcloud.com/ *.hotjar.io/ *.visualstudio.com/ *.bootstrapcdn.com/ *.briteverify.com/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.force.com/ *.google.com/ *.googleapis.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.mopinion.com/ *.myfonts.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.zencdn.net/ *.visualwebsiteoptimizer.com app.vwo.com use.typekit.net p.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bazaarvoice.com/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.applicationinsights.io/ *.cloudfront.net/ *.adsrvr.org/ *.amazon-adsystem.com/ blob: https://js-agent.newrelic.com/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.addthisedge.com/ *.adobedtm.com/ *.ads-twitter.com/ *.adyen.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.constant.co/ *.danone-dtc.net/ *.digital4danone.com/ *.doubleclick.net/ *.everestjs.net/ *.facebook.net/ *.force.com/ *.gbqofs.com/ *.gigya.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.googleadservices.com/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.monitor.azure.com/ *.mopinion.com/ *.onetrust.com/ *.outbrain.com/ *.pinterest.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.salesforce.com/ *.salesforceliveagent.com/ *.scene7.com/ *.sharethis.com *.tagcommander.com/ *.teads.tv/ *.theadex.com *.trustcommander.net/ *.trustpilot.com/ *.twitter.com *.visualstudio.com/ *.ytimg.com/ ct.captcha-delivery.com http://*.hotjar.com http://*.hotjar.io http://danone.d3.sc.omtrdc.net/ https://*.hotjar.com https://*.hotjar.io https://live2support.com/ https://s.pinimg.com/ https://sc-static.net/ js.datadome.co www.youtube.com/ *.tiktok.com/ *.jsdelivr.net/ *.visualwebsiteoptimizer.com app.vwo.com use.typekit.net; img-src 'self' data: *.bazaarvoice.com/ *.pixeltrack.it/ *.salesforce-scrt.com/ *.paypalobjects.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ https://staging-danone.pixeltrack.it/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ https://www.aptaclub.co.uk/ *.applicationinsights.io/ *.adsrvr.org/ *.adition.com/ *.danoneskyr.co.uk/ *.hotjar.com/ *.hotjar.io/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.visualstudio.com/ *.adnxs.com/ *.adyen.com/ *.analytics.google.com/ *.assetsadobe.com/ *.assetsadobe2.com/ *.bing.com/ *.channelsight.com/ *.commander1.com/ *.cx.atdmt.com/ *.danone-dtc.net/ *.danone.com/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.everesttech.net/ *.facebook.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.google.ie/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.hotjar.com *.hotjar.io *.live2support.com/ *.lpsnmedia.net/ *.mookie1.com/ *.omtrdc.net/ *.onetrust.com/ *.outbrain.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.trustcommander.net/ *.twitter.com/ *.visualstudio.com/ *.w3.org/ *.ytimg.com/ http://danonegroup-stage.neolane.net/ http://t.co/ https://ca-live.adyen.com/ https://cscoreproweustor.blob.core.windows.net/ https://ct.pinterest.com/ https://www.google.fr/ https://www.google.nl/ *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io p.typekit.net; frame-src 'self' *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.algolia.net/ *.applicationinsights.io/ *.algolia.io/ *.addthis.com *.adsrvr.org/ *.adyen.com/ *.danoneskyr.co.uk/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.amazon-adsystem.com/ *.briteverify.com *.channelsight.com/ *.chargebee.com/ *.cloudfront.net/ *.commander1.com/ *.constant.co/ *.demdex.net/ *.doubleclick.net/ *.facebook.com/ *.flockler.com/ *.force.com/ *.gigya.com/ *.google.com/ *.googleapis.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.nutridrink.com.br/onde-encontrar/ *.onetrust.com/ *.proprofs.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.spotify.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.tohklom.com/ *.trustcommander.net/ *.trustpilot.com *.vimeo.com/ *.visualstudio.com/ *.youtube.com geo.captcha-delivery.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://aax-eu.amazon-adsystem.com/ https://ketchapi.co.uk/ https://tr.snapchat.com/ www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com; connect-src 'self' *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.google.co.in/ *.danoneskyr.co.uk/ *.google.mk/ *.googletagmanager.com/ *.paypalobjects.com/ *.paypal.com/ *.amazonaws.com/ *.adsrvr.org/ *.applicationinsights.io/ *.example.com/ *.paa-reporting-advertising.amazon/ *.tapad.com/ *.azure.com/ *.amazon-adsystem.com/ https://bam.eu01.nr-data.net/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.adyen.com/ *.teads.tv/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.analytics.google.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.briteverify.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.commercetools.com/ *.danone-dtc.net/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.facebook.com/ *.force.com/ *.gbqofs.io/ *.google-analytics.com *.google-analytics.com/ *.googleapis.com/ *.live2support.com/ *.mopinion.com/ *.omtrdc.net/ *.onetrust.com/ *.privacy.trustcommander.net/ *.salesforce-sites.com/ *.scene7.com/ *.sentry.io/ *.sharethis.com/ *.snapchat.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ api-js.datadome.co http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://api.sphere.io/ https://ct.pinterest.com/ https://lasteventf-tm.everesttech.net/ https://privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ wss://*.hotjar.com *.tiktok.com/ *.google.com/ https://*.algolianet.com *.visualwebsiteoptimizer.com app.vwo.com performance.typekit.net *.trustpilot.com *.googleadservices.com; font-src 'self' data: *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.paypalobjects.com/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ *.adsrvr.org/ *.adyen.com/ *.applicationinsights.io/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.danone-dtc.net/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.googleapis.com/ *.gstatic.com/ *.gstatic.mopinion.com/ *.live2support.com/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://gstatic.mopinion.com/ https://vjs.zencdn.net/ *.google.com/ use.typekit.net; media-src 'self' *.bazaarvoice.com/ *.pixeltrack.it/ https://staging-danone.pixeltrack.it/ *.salesforce-scrt.com/ https://danone--uat.sandbox.my.site.com/ https://danone--devrun.sandbox.my.salesforce.com/ *.paypalobjects.com/ *.danoneskyr.co.uk/ *.google.co.in/ *.google.mk/ *.googletagmanager.com/ *.paypal.com/ *.adsrvr.org/ *.briteverify.com/ *.applicationinsights.io/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.googleapis.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.lpsnmedia.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.google.com/ 3 frame-ancestors 'self' https://cms.vistry.co.uk/ *.vistry.co.uk 3 child-src 'self' secure.rnstg.com secure.rewardsnetwork.com; connect-src 'self' *.googlesyndication.com *.googleapis.com *.gstatic.com *.googletagservices.com *.googleadservices.com *.google-analytics.com securepubads.g.doubleclick.net stats.g.doubleclick.net wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.stripe.com *.yimg.com; default-src 'self' *.googlesyndication.com; font-src 'self' data: *.gstatic.com *.zopim.com https://*.hotjar.com; form-action 'self'; frame-src 'self' secure.rnstg.com secure.rewardsnetwork.com *.google.com *.googlesyndication.com *.googleapis.com *.googletagservices.com *.googleadservices.com *.doubleclick.net https://*.hotjar.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com form.typeform.com youtube.com www.youtube.com; frame-ancestors 'self' *.rnqae.com *.rnstg.com *.idine.com http://localhost capacitor://localhost; img-src 'self' data: media.rewardsnetwork.com https://apple-resources.s3.amazonaws.com *.ggpht.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com cdn.buttercms.com res.cloudinary.com *.doubleclick.net stats.g.doubleclick.net seal-chicago.bbb.org *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com *.facebook.com *.yahoo.com; media-src 'self' cdn.buttercms.com res.cloudinary.com *.zdassets.com ; object-src 'self' media.rewardsnetwork.com res.cloudinary.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com res.cloudinary.com *.doubleclick.net cdn.ampproject.org seal-chicago.bbb.org assets.adobedtm.com assets.zendesk.com *.zopim.com *.zdassets.com https://*.hotjar.com *.facebook.net https://*.js.stripe.com https://js.stripe.com embed.typeform.com *.yimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.hotjar.com cloud.typography.com embed.typeform.com; 3 default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; frame-ancestors 'self' https://app.optimizely.com; 3 default-src 'none'; base-uri 'self' https://altoplan.de https://www.altoplan.de; child-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 3 default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net a4560576362315776.cdn.optimizely.com a4560576362315776.cdn-pci.optimizely.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost app.optimizely.com; 3 default-src 'unsafe-inline' 'self' https://*.clarity.ms https://c.bing.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'self' sha256-0/NMaGJWVjIukwBMkinLP6tmeD9zx5luPBD3YAk+Y7Q= *.usabilla.com http: https:; style-src 'unsafe-inline' 'self' *.usabilla.com https:; font-src 'self' *.usabilla.com https: data:; frame-src 'self' *.usabilla.com https:;frame-ancestors 'self' *.travelex.net; img-src 'self' *.usabilla.com http: https: data:; connect-src 'self' *.usabilla.com wss://tufsuyburufn.transport.connect.eu-west-2.amazonaws.com https: http:; style-src-elem 'unsafe-inline' 'self' *.usabilla.com https:; media-src 'unsafe-inline' 'self' https:; 3 default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 3 base-uri 'self' ; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://api.segment.io https://api.segment.com https://track.segment.com https://cdn.segment.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://api.segment.io https://api.segment.com https://track.segment.com https://cdn.segment.com https://web.stage.connect.trimble.com; frame-ancestors https://myprofile.trimble.com https://stage.myprofile.trimblecloud.com https://myprofile-pt.dev.id.trimblecloud.com https://myprofile-qa.dev.id.trimblecloud.com https://myprofile-integration.dev.id.trimblecloud.com https://myprofile-qa1.dev.id.trimblecloud.com https://myprofile-dev14.dev.id.trimblecloud.com https://dxdev.my.trimblecloud.com https://dxqa.my.trimblecloud.com https://mytdev.my.trimblecloud.com https://mtqa.my.trimblecloud.com https://dev.my.trimblecloud.com https://sit.my.trimblecloud.com https://uat.my.trimblecloud.com https://my.trimble.com 3 default-src https: 'self' https://fpt-is.com https://cdn.fpt-is.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fpt-is.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/three@0.121.1/build/three.module.js https://cdn.jsdelivr.net/npm/three@0.121.1/examples/jsm/loaders/GLTFLoader.js https://cdn.jsdelivr.net/npm/three@0.121.1/examples/jsm/controls/OrbitControls.js https://www.google-analytics.com https://www.google.com https://connect.facebook.net https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fpt-is.com ; img-src 'self' 'unsafe-inline' https://cdn.fpt-is.com data: blob: https://secure.gravatar.com https://fpt-is.com https://www.google.com.vn https://www.facebook.com/ https://i.ytimg.com; object-src 'self' https://fpt-is.com; font-src 'self' data:; worker-src 'self' data: blob:; frame-ancestors 'self'; base-uri 'self' 3 frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 3 frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test *.snakeware.local 3 script-src https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self' https://www.googletagmanager.com 'unsafe-inline' https://cdn.moengage.com/ https://www.gstatic.com https://static.hotjar.com https://www.google-analytics.com https://script.hotjar.com https://js.monitor.azure.com 'unsafe-eval' https://www.google.com/ data: https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://cse.google.com/ https://www.googleapis.com https://www.youtube.com https://cdn-apac.onetrust.com/ https://www.instagram.com/ https://www.googleadservices.com/ https://cdnjs.cloudflare.com https://unpkg.com/ https://embed.tawk.to/ https://cdn.jsdelivr.net/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://app-cdn.moengage.com/; style-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.google.com/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ https://unpkg.com/flickity@2/dist/flickity.min.css https://unpkg.com/flickity-fade@1/flickity-fade.css https://embed.tawk.to/ https://use.typekit.net https://p.typekit.net/ https://cdn.moengage.com/ https://app-cdn.moengage.com/ https://fonts.bunny.net/; img-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data: https://www.google.com.my https://gleneagles.com.my/ https://www.googletagmanager.com/ https://www.facebook.com/ https://www.google.com/ https://www.google.com.sg https://clients1.google.com/ https://script.hotjar.com/ https://i3.ytimg.com/ https://i.ytimg.com/ https://www.google-analytics.com/ https://ad.doubleclick.net/ https://cdn-apac.onetrust.com/ https://googleads.g.doubleclick.net https://embed.tawk.to/ https://cdn.jsdelivr.net/ https://cdn-assets-eu.frontify.com/ https://gleneagles-staging.vintedge.com/ https://cdn.shopify.com/ https://d15k2d11r6t6rl.cloudfront.net/ https://moe-email-campaigns.s3.amazonaws.com/ https://image.moengage.com/ https://www.pantai.com.my/; connect-src https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' https://ask.hotjar.io https://in.hotjar.com https://analytics.google.com https://sdk-01.moengage.com wss://localhost:44355/IHHHealthcare https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://vc.hotjar.io/ https://gleneagles.com.my/ https://customsearch.googleapis.com/ https://surveystats.hotjar.io/ https://www.youtube.com https://adservice.google.com/ https://cdn-apac.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-apac.onetrust.com/ https://www.google.com/ https://www.google.com.sg https://google.com https://va.tawk.to/ wss://*.tawk.to/ https://embed.tawk.to/ https://upload.tawk.to/ https://api.healthhub.sg https://parkway.fleetnexg.co https://sdk-01.moengage.com/ https://sdk-02.moengage.com/ https://sdk-03.moengage.com/ https://sdk-04.moengage.com/ https://ipapi.co/ https://ipinfo.io/ https://www.googleadservices.com/pagead/conversion/17637299166/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/17637299166/ ; default-src 'self'; media-src 'self'; font-src data: 'self' https://cdnjs.cloudflare.com/ https://script.hotjar.com/ https://fonts.gstatic.com https://cdn.jsdelivr.net/ https://embed.tawk.to/ https://use.typekit.net/ https://fonts.bunny.net/; frame-src 'self' https://td.doubleclick.net https://hms.gleneagles.hk https://www.google.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.youtube.com/ https://ghk-pilot.hms.local/ https://testserver-2364b.web.app/ https://pantaiproject-db504.web.app/ https://pantai-3d---orthopaedic.web.app/ https://pantai-3d---paediatrics.web.app/ https://pantai-3d---obgyn.web.app https://asiapano.com/vr/hospitals/pcmc/ https://www.insage.com.my/ https://player.vimeo.com/ https://insage.com.my/ https://gleneagles-3d---orthopaedic.web.app/ https://gleneagles-3d---obgyn.web.app/ https://gleneagles-3d---paediatrics.web.app/ https://heartsimulation.web.app/ https://5488992.fls.doubleclick.net/ https://www.instagram.com/ https://simulate-volcano.web.app/ https://www.googletagmanager.com/ https://fast.wistia.net/embed/iframe/50ueave7jo https://youtu.be/ https://parkway-click-to-chat.nubitel.io/ https://pwlabssg-staging.vintedge.com/ https://www.parkwaylabs.com.sg/ https://cdn.moengage.com/ https://ihhmy.listedcompany.com/ 3 frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 3 default-src 'self' *.optimizely.com wss://*.hotjar.com https: survey.bosch.com s.webtrends.com *.mycliplister.com ptptasiaprodsgsa.z30.web.core.windows.net; media-src 'self' *.bosch-pt.com.hk *.bosch-pt.com.cn *.bosch-pt.co.id *.bosch-pt.co.in *.bosch-pt.com.my *.bosch-pt.com.ph *.bosch-pt.com.sg *.bosch-pt.com.tw *.mycliplister.com mycliplister.com cliplister.vo.llnwd.net; font-src www.bosch-pt.com.hk www.bosch-pt.com.cn www.bosch-pt.co.id www.bosch-pt.co.in www.bosch-pt.com.my www.bosch-pt.com.ph www.bosch-pt.com.sg www.bosch-pt.com.tw th.bosch-pt.com vn.bosch-pt.com dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' https: btm.bosch.com; object-src data: 'self'; img-src https: data: blob:; style-src dock.ui.bosch.tech cdn.poll-maker.com cdnjs.cloudflare.com 'self' 'unsafe-inline' https: btm.bosch.com; script-src https: *.optimizely.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https:; frame-ancestors 'self' https: 3 default-src 'self'; object-src data:; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com cookiehub.net static.cookiehub.com plausible.io *.google.com *.gstatic.com isavia.atlassian.net *.infogram.com *.cookiebot.eu ucarecdn.com siteimproveanalytics.com *.facebook.net *.sojern.com *.doubleclick.net *.adnxs.com *.adsrvr.org *.klaviyo.com vercel.live *.hotjar.com *.mappedin.com 'unsafe-eval'; img-src 'self' data: blob: i.vimeocdn.com *.contentstack.com i.ytimg.com *.siteimproveanalytics.io *.usercentrics.eu *.facebook.com *.google.com *.google.is *.googletagmanager.com *.mappedin.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cookiehub.net static.cookiehub.com p.typekit.net *.mappedin.com; font-src 'self' fonts.gstatic.com use.typekit.net d1p5cqqchvbqmy.cloudfront.net *.mappedin.com; frame-src www.youtube-nocookie.com www.youtube.com player.vimeo.com *.google.com *.contentstack.com isavia.atlassian.net *.infogram.com consentcdn.cookiebot.eu *.doubleclick.net maps.kefairport.is maps.kefairport.com app.taktikal.is www.googletagmanager.com vercel.live w.soundcloud.com; media-src 'self' *.contentstack.com *.youtube.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' ws: wss: data: vimeo.com plausible.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com ds.cookiehub.net cookiehub.net *.botpoison.com *.contentstack.com api.worldweatheronline.com submit-form.com *.uploadcare.com *.cookiebot.eu *.doubleclick.net *.google.com *.sojern.com *.facebook.com *.hotjar.com *.hotjar.io *.google.is *.mappedin.com; 3 font-src https: data:; img-src https: data:; 3 script-src http: https: 'unsafe-eval' 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.googletagmanager.com *.zendesk.com wss://*.zendesk.com *.zopim.com wss://*.zopim.com *.cfjump.com *.pinterest.com; style-src 'self' blob: https: 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.zendesk.com; img-src data: http: https: *.zopim.io *.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self'; connect-src 'self' http: https: *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com wss://ws.hotjar.com; font-src 'self' data: fonts.gstatic.com foursixty.com *.zendesk.com; frame-src assets.braintreegateway.com *.google.com *.googletagmanager.com *.youtube.com *.youtu.be *.vimeo.com foursixty.com *.zendesk.com *.paypal.com *.doubleclick.net *.criteo.com *.pinterest.com *.facebook.com; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pghub.io https://www.google.com/recaptcha/api.js https://www.gstatic.com cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob:; style-src 'self' 'unsafe-inline' *.bazaarvoice.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net *.iesnare.com data:; img-src 'self' *.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data:; font-src 'self' fonts.gstatic.com; connect-src * https://pglogin.justsnap.de https://venus.jsnp.io; frame-src 'self' *.googletagmanager.com https://pglogin.justsnap.de https://venus.jsnp.io https://www.google.com https://servedby.flashtalking.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com; manifest-src * 3 default-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br wheely.revolutpeople.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br wheely.revolutpeople.com *.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com cdn.checkout.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br wheely.revolutpeople.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br wheely.revolutpeople.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src 'self' http://localhost:1337 https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br wheely.revolutpeople.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.facebook.com https://connect.facebook.net; media-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br wheely.revolutpeople.com https://js.intercomcdn.com; frame-src 'self' *.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.google.com https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com; connect-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br wheely.revolutpeople.com https://o18635.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://*.googleapis.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.facebook.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://www.facebook.com https://payment-3ds.com; report-uri https://o18635.ingest.sentry.io/api/1453113/security/?sentry_key=17e7a309684a4cc5a82504db707f1e7a; frame-ancestors *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br wheely.revolutpeople.com *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi 3 default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src *; 3 frame-ancestors 'self' https://www.youtube.com 3 frame-ancestors 'self' https://*.ariba.com https://*.in8suite.com https://*.extforms.netsuite.com https://*.jm.com https://*.na.jm.com:44300 https://solutions.sciquest.com https://*.na.jm.com:50001 3 frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 3 frame-ancestors 'self' https://storecake.io https://staging.storecake.io; img-src 'self' https://*.pancake.vn https://img.youtube.com https://lh3.googleusercontent.com https://www.facebook.com https://www.google.com https://www.google.com.vn https://platform-lookaside.fbsbx.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://fonts.gstatic.com https://www.pngrepo.com https://*.mgid.com https://mgid.com https://www.googleadservices.com https://imgur.com https://log.adtimaserver.vn data: blob: 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://www.google-analytics.com https://c.seznam.cz/js/rc.js https://connect.facebook.net https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://bat.bing.com https://*.clarity.ms https://bisko.gjirafa.net https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com https://*.ladesk.com https://libs.smartico.ai https://*.cloudfront.net https://*.daktela.com https://*.coworkers.ai https://secure.payu.com/javascript/sdk https://secure.snd.payu.com/javascript/sdk https://*.adform.net undefined; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.smartico.ai https://*.cloudfront.net undefined; font-src 'self' data: https://fonts.gstatic.com https://*.smartico.ai https://*.cloudfront.net undefined; img-src 'self' https: data: http://c.seznam.cz undefined; connect-src 'self' https: wss: undefined; frame-src 'self' https: https://*.smartico.ai https://*.cloudfront.net undefined; object-src 'none'; 3 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com data: 'self' data: cdn.honey.io www.mheducation.co.uk assets.merci-app.com at.alicdn.com cdn.scite.ai cdnjs.cloudflare.com fonts.bunny.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com shopping.qantas.com www.mhprofessional.com *.wistia.com player.flipsnack.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.mheducation *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.mheducation *.weltpixel.com cdn.dnky.co *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.vidyard.com *.mheducation.com cloud.3dissue.net player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.hsforms.net *.hsforms.com 'self' data: www.google.de adservice.google.com analytics.twitter.com app-sj01.marketo.com asia-s3-mhe-prod.s3.amazonaws.com cdn.honey.io cdn3.iconfinder.com co1.qualtrics.com covers.mhedu.com ecommerce.payulatam.com fonts.gstatic.com i.pinimg.com info.mheducation.com learn.mheducation.com log-papago.naver.com m.media-amazon.com mheducation-mea.github.io mhp-assets.s3.amazonaws.com px4.ads.linkedin.com region1.google-analytics.com simplesharebuttons.com siteintercept.qualtrics.com spain-s3-mhe-prod.s3.amazonaws.com t.co translate.google.com www-mheducation-ca.ezpminer.urmc.rochester.edu www.accessengineeringlibrary.com www.facebook.com *.google.co.uk www.linkedin.com www.mheducation.ca www.mheducation.com www.mheducation.es asia-s3-mhe-prod.s3-eu-west-1.amazonaws.com asia-s3-mhe-prod.s3.eu-west-1.amazonaws.com canada.p.ctidigital.com cdn.vidyard.com connect.facebook.net image.flaticon.com ir-in.amazon-adsystem.com latam-s3-mhe-prod.s3.eu-west-1.amazonaws.com login.dotomi.com media.msg.dotomi.com mhp-assets.s3.eu-west-1.amazonaws.com play.vidyard.com region1.analytics.google.com static.thenounproject.com ws-in.amazon-adsystem.com ad.doubleclick.net betterresearch.com canada.pre-prod.ctidigital.com ssl.google-analytics.com www.mheducation.co.in www.mhprofessional.com cdn.cookielaw.org cloud.3dissue.net fast.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com tagmanager.google.com unpkg.com analytics.tiktok.com connect.facebook.net munchkin.marketo.net script.hotjar.com static.hotjar.com tools.luckyorange.com ucads-cdn.ucweb.com app-sj01.marketo.com gateway.zscalerone.net info.mheducation.com learn.mheducation.com nd3n4.m70vee7.com play.vidyard.com siteintercept.qualtrics.com static.ads-twitter.com code.jquery.com sleeknotecustomerscripts.sleeknote.com wsc2e.ez05w7r.com iframely.net www.google.com 4ddons.com 7896543.s3.amazonaws.com cdnjs.cloudflare.com ssl.google-analytics.com www.ili.ir www.mhprofessional.com www.pagespeed-mod.com cdn.cookielaw.org app-sjqe.marketo.com *.siteintercept.qualtrics.com *.payulatam.com *.cloudflare.com fast.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.gstatic.com tagmanager.google.com app-sj01.marketo.com cdn.honey.io info.mheducation.com learn.mheducation.com fonts.bunny.net www.mhprofessional.com fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; object-src info.mheducation.com player.flipsnack.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com asia-s3-mhe-prod.s3-eu-west-1.amazonaws.com content.studysync.com mhp-assets.s3.amazonaws.com spain-s3-mhe-prod.s3.amazonaws.com asia-s3-mhe-prod.s3.eu-west-1.amazonaws.com cloud.3dissue.net/14552/14572/14643/88645/index.html fast.wistia.com player.flipsnack.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com *.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.facebook.net *.payulatam.com 128-sjw-347.mktoresp.com 128-sjw-347.mktoutil.com 303-fkf-702.mktoresp.com 303-fkf-702.mktoutil.com ad.doubleclick.net adservice.google.com api-preview.luckyorange.com centinelapi.cardinalcommerce.com csmetrics.hotjar.com geolocation.onetrust.com gjtrack.ucweb.com kg668dbov0.execute-api.us-east-1.amazonaws.com metrics.hotjar.io play.vidyard.com plugin.ucads.ucweb.com privacyportal.onetrust.com pubsub.googleapis.com region1.analytics.google.com settings.luckyorange.com siteintercept.qualtrics.com translate.googleapis.com vc.hotjar.io wedata.net ws2.hotjar.com www.facebook.com www.google.ad www.google.ae www.google.at www.google.be www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.th www.google.co.uk www.google.co.za www.google.co.zw www.google.com www.google.com.ar www.google.com.au www.google.com.bh www.google.com.co www.google.com.do www.google.com.ec www.google.com.fj www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tr www.google.cz www.google.de www.google.es www.google.gr www.google.hn www.google.hr www.google.it www.google.nl www.google.ru www.google.se analytics.tiktok.com cdn.linkedin.oribi.io content.hotjar.io realtime.luckyorange.com writer.cardinalcommerce.com ws.hotjar.com ws25.hotjar.com www.google.com.eg www.google.com.tw www.google.ie www.google.ro subwayblaze.com www.mhprofessional.com cdn.cookielaw.org wss://ws.hotjar.com *.wistia.com player.flipsnack.com *.cloudfront.net *.qualtrics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com play.vidyard.com player.flipsnack.com *.wistia.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'none'; connect-src yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com https://clk.streamgo.ru 'report-sample'; font-src https://yastatic.net https://fonts.gstatic.com; frame-src https://yastatic.net https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * data: 'report-sample'; manifest-src 'self'; media-src data: 'self' https://strm.yandex.ru https://*.strm.yandex.net https://cdn.streamgo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://yastatic.net https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://mc.yandex.com 'report-sample'; style-src 'self' 'unsafe-inline' https://www.gstatic.com 'report-sample'; report-uri /csp-report.php 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.gstatic.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com unpkg.com script.crazyegg.com www.google.com; connect-src 'self' cdn.jsdelivr.net unpkg.com www.google.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net jobs.htcinc.com; img-src 'self' www.googletagmanager.com www.google.co.in secure.gravatar.com data: ; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com data: ; object-src 'self'; media-src 'self'; child-src 'self'; frame-src 'self' www.google.com www.recaptcha.net securityscorecard.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; form-action 'self'; frame-ancestors 'self'; worker-src 'self' blob:; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; frame-src * 3 frame-ancestors 'self' https://flex.twilio.com; 3 frame-ancestors 'self'; script-src 'self' cdn.rudderlabs.com js.stripe.com/v3 3 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.bizzdesign.com pi.pardot.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com *.googleadservices.com www.youtube.com bizzdesign.chilipiper.com *.alfabetcloud.com cdn-cookieyes.com *.bing.com *.licdn.com *.oktopost.com js.zi-scripts.com tag.aticdn.net www.redditstatic.com a.quora.com bizzdesign.chilipiper.com blob: ; object-src 'self' *.bizzdesign.com; style-src 'unsafe-inline' 'self' *.bizzdesign.com cdn.jsdelivr.net; img-src data: 'self' *.bizzdesign.com *.bing.com cdn-cookieyes.com *.linkedin.com *.bing.com cdn-cookieyes.com www.googletagmanager.com *.google.com *.google.fr *.google.be *.google.de *.google.co.uk *.google.es q.quora.com alb.reddit.com bizzdesign.chilipiper.com; media-src data: 'self' *.bizzdesign.com; frame-src 'self' td.doubleclick.net www.googletagmanager.com www.youtube.com *.bizzdesign.com bizzdesign.chilipiper.com splunk-prod.alfabetcloud.com; frame-ancestors 'self' *.bizzdesign.com; child-src 'self' *.bizzdesign.com; font-src 'self' *.bizzdesign.com fonts.gstatic.com; connect-src 'self' *.bizzdesign.com px.ads.linkedin.com *.clarity.ms bat.bing.net js.zi-scripts.com google.com *.google.com ws.zoominfo.com bat.bing.com www.google-analytics.com *.doubleclick.net scout.salesloft.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.hotjar.io wss://ws.hotjar.com *.cookieyes.com cdn-cookieyes.com gjzbjmh.pa-cd.com pixel-config.reddit.com www.redditstatic.com cdn.jsdelivr.net bizzdesign.chilipiper.com; report-uri /policies/privacy-policy; upgrade-insecure-requests 3 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' *.guildmortgage.com *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.w.org *.google.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net *.worldchangers.reviews *.guildgiving.org wingify-assets.s3.amazonaws.com s3.amazonaws.com chart.googleapis.com *.cloudfront.net *.googletagmanager.com www.gstatic.com *.cherrycreekcolorado.com *.artisanhomeloans.com *.pentrustmortgage.com *.viewmortgage.com *.bellcohomeloans.com *.betterbuiltmortgage.com *.loansbyjohnny.com *.beauknowsmortgages.com *.smartmortgage.com; 3 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https:; media-src https:; frame-ancestors 'self' 3 frame-ancestors 'self' https://showroom.alh.de https://www.hallesche.de https://www.alte-leipziger.de https://hallesche.de https://alte-leipziger.de https://vermittlerportal.al-h-konzern.de https://vermittlerportal.de 3 connect-src 'self' files-s05.lightning-search.io tokyobaseut.lightning-search.io tokyobaseat.lightning-search.io https://mws.amazonservices.com https://api.amazon.com https://payments.amazon.co.jp https://payments-fe.amazon.com https://api.amazon.co.jp https://mws.amazonservices.jp https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.worldshopping.jp https://*.worldshopping.global https://*.worldshopping.biz https://*.staff-start.com https://syndication.twitter.com https://cdn.syndication.twimg.com studious.co.jp united-tokyo.com public-tokyo.com citytokyo.com the-tokyo.jp conz-tokyo.com ritan-tokyo.com api.tokyobase.io www.insight-x.tech www.googleadservices.com www.google.co.jp ad.doubleclick.net b6.im-apps.net score.im-apps.net sync6.im-apps.net cdn.jsdelivr.net tokyobasept.lightning-search.io analytics.google.com www.google.co.jp b.im-apps.net www.google.com connect.facebook.net popfind-api.probo.biz fspark-ap.com ajax.googleapis.com event.geniee-search.net log.geniee-search.net unpkg.com ac.an-them.net stats.g.doubleclick.net www.facebook.com tripla.jp triplabot-production.tripla.ai idp.tripla.ai concierge.tripla.ai maintenance.tripla.ai p.typekit.net use.typekit.net; font-src 'self' https://assets.payments-amazon.com fonts.googleapis.com fonts.gstatic.com studious.co.jp united-tokyo.com public-tokyo.com citytokyo.com the-tokyo.jp conz-tokyo.com ritan-tokyo.com maxcdn.bootstrapcdn.com use.typekit.net cdnjs.cloudflare.com; frame-src 'self' https://www.facebook.com https://static-fe.payments-amazon.com https://static-na.payments-amazon.com https://payments.amazon.co.jp www.googletagmanager.com www.youtube.com https://platform.twitter.com https://syndication.twitter.com/ studious.co.jp united-tokyo.com public-tokyo.com citytokyo.com the-tokyo.jp conz-tokyo.com ritan-tokyo.com 8965444.fls.doubleclick.net tripla.jp; img-src 'self' files-s05.lightning-search.io tokyobaseut.lightning-search.io tokyobaseat.lightning-search.io https://static.xx.fbcdn.net https://static-fe.payments-amazon.com https://static-na.payments-amazon.com https://images-na.ssl-images-amazon.com https://m.media-amazon.com https://images-fe.ssl-images-amazon.com https://*.google-analytics.com https://*.googletagmanager.com www.googletagmanager.com https://ajax.googleapis.com https://*.worldshopping.jp https://*.worldshopping.global https://*.worldshopping.biz https://zigzag-checkout-screenshots-dev.s3.apnortheast-1.amazonaws.com https://*.staff-start.com https://syndication.twitter.com https://abs-0.twimg.com https://pbs.twimg.com studious.co.jp united-tokyo.com public-tokyo.com citytokyo.com the-tokyo.jp conz-tokyo.com ritan-tokyo.com static.makuake.com x.com poplink-f.probo.biz masvc-prod-function-outside-accesslog.azurewebsites.net b6.im-apps.net atm.im-apps.net tr.line.me cdnjs.cloudflare.com www.google.co.jp www.facebook.com www.google.com connect.facebook.net a.imgvc.com googleads.g.doubleclick.net itag.valuecommerce.ne.jp itag.valuecommerce.com tripla.jp wcscv.valuecommerce.com www.googleadservices.com https://b.imgvc.com; media-src 'self' studious.co.jp united-tokyo.com public-tokyo.com citytokyo.com the-tokyo.jp conz-tokyo.com ritan-tokyo.com; script-src 'self' 'unsafe-inline' files-s05.lightning-search.io tokyobaseut.lightning-search.io tokyobaseat.lightning-search.io https://connect.facebook.net https://static.xx.fbcdn.net https://static-fe.payments-amazon.com https://static-na.payments-amazon.com https://assets.payments-amazon.com static.mul-pay.jp p01.mul-pay.jp https://*.googletagmanager.com https://*.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.worldshopping.jp https://*.worldshopping.global https://*.worldshopping.biz 'unsafe-eval' https://*.staff-start.com https://platform.twitter.com 'unsafe-eval' studious.co.jp united-tokyo.com public-tokyo.com citytokyo.com the-tokyo.jp conz-tokyo.com ritan-tokyo.com poplink-f.probo.biz m.geniee-search.net masvcuploadprodstorage.blob.core.windows.net d29urranc9wrrq.cloudfront.net www.insight-x.tech cdnjs.cloudflare.com use.typekit.net unpkg.com code.jquery.com ajax.aspnetcdn.com tripla.jp p01.owned.letro.jp cv.valuecommerce.com ac.an-them.net fspark-ap.com tokyobase.licomm.net googleads.g.doubleclick.net dmp.im-apps.net d.line-scdn.net cdn.jsdelivr.net popfind.probo.biz s.yimg.jp b97.yahoo.co.jp https://apis.google.com triplabot-production.tripla.ai clj.valuecommerce.com https://b.imgvc.com; style-src 'self' files-s05.lightning-search.io tokyobaseut.lightning-search.io tokyobaseat.lightning-search.io cdn.jsdelivr.net https://assets.payments-amazon.com fonts.googleapis.com 'unsafe-inline' https://ajax.googleapis.com https://*.worldshopping.jp https://*.worldshopping.global https://*.worldshopping.biz studious.co.jp united-tokyo.com public-tokyo.com citytokyo.com the-tokyo.jp conz-tokyo.com ritan-tokyo.com popfind.probo.biz poplink-f.probo.biz cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net unpkg.com triplabot-production.tripla.ai; worker-src 'self' studious.co.jp united-tokyo.com public-tokyo.com citytokyo.com the-tokyo.jp conz-tokyo.com ritan-tokyo.com; 3 default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net 3 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; 3 frame-src 'self' 3 object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 3 frame-ancestors 'self' https://*.usb.ch https://*.uhbs.ch https://zuweiserusb.spinnix.me 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' ; object-src 'self' ; frame-src 'self' ; 3 frame-ancestors https://*.global2000.at https://*.acolono.dev https://*.acolono.net https://*.wwf.at 3 frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline';style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self';child-src 'self';img-src 'self';font-src 'self';connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';prefetch-src 'self';worker-src 'self'; 3 frame-ancestors https://app.contentful.com https://*.netlify.app https://quickedit.octana.io http://localhost:* 'self' 3 frame-ancestors 'self' https://web.sorunapp.com/ 3 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src data: * 'unsafe-inline' blob:; img-src * data: blob: 'unsafe-inline'; frame-src * blob:; style-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; worker-src * blob:; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; font-src 'self' data: https: http:; img-src 'self' data: https: http:; media-src 'self' data: https: http:; frame-src 'self' https: http:; connect-src 'self' https: http:; 3 frame-ancestors 'self' *.storedemo.vn *.storedemo.vn *.botcake.io *.pancake.vn *.storecake.net 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: 3 connect-src 'self' blob: yastatic.net *.adfox.ru *.yandex.ru *.yandex.net yandex.ru yandex.com *.akamaized.net *.googlevideo.com *.ivi.ru mc.webvisor.org *.mc.yandex.ru *.mc.yandex.az *.mc.yandex.by *.mc.yandex.co.il *.mc.yandex.com *.mc.yandex.com.am *.mc.yandex.com.ge *.mc.yandex.com.tr *.mc.yandex.ee *.mc.yandex.fr *.mc.yandex.kg *.mc.yandex.kz *.mc.yandex.lt *.mc.yandex.lv *.mc.yandex.md *.mc.yandex.tj *.mc.yandex.tm *.mc.yandex.uz *.mc.yandex.tr *.mc.yandex.ge *.mc.yandex.am *.mds.yandex.net *.mycdn.me *.rutube.ru *.sharethis.com *.sndcdn.com *.strm.yandex.net *.tiktokcdn.com *.tiktokv.com *.vkuser.net avatars.dzeninfra.ru csi.gstatic.com data: fonts.gstatic.com googleads.g.doubleclick.net i.ytimg.com marketingplatform.google.com mc.yandex.md media-k.ntv.ru pagead2.googlesyndication.com skyfire.vimeocdn.com strm.yandex.ru survey.g.doubleclick.net video-preview.s3.yandex.net www.google-analytics.com *.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com ymetrica1.com ad.adriver.ru wcm.weborama-tech.ru pixel.adlooxtracking.ru bs.serving-sys.ru st.univideos.ru uniloader.pro;default-src 'self' *.akamaized.net *.googlevideo.com *.ivi.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.yandex.tr mc.yandex.ge mc.yandex.am *.mds.yandex.net *.mycdn.me *.rutube.ru *.sharethis.com *.sndcdn.com *.strm.yandex.net *.tiktokcdn.com *.tiktokv.com *.vkuser.net avatars.dzeninfra.ru blob: csi.gstatic.com data: fonts.gstatic.com googleads.g.doubleclick.net i.ytimg.com marketingplatform.google.com media-k.ntv.ru pagead2.googlesyndication.com skyfire.vimeocdn.com strm.yandex.ru survey.g.doubleclick.net video-preview.s3.yandex.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com ymetrica1.com uniloader.pro;font-src 'self' yastatic.net data: fonts.gstatic.com uniloader.pro;frame-ancestors *.webvisor.com metrica.yandex.com.tr metrica.yandex.com metrika.yandex.by metrika.yandex.ru webvisor.com uniloader.pro;frame-src 'self' *.sharethis.com c.sharethis.mgr.consensu.org googleads.g.doubleclick.net mc.yandex.md mc.yandex.ru mc.yandex.com pagead2.googlesyndication.com survey.unidownloader.com tpc.googlesyndication.com google.com www.google.com www.youtube.com yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru udlsetup.ru;img-src 'self' *.rutube.ru *.sharethis.com *.tiktokcdn.com avatars.dzeninfra.ru avatars.mds.yandex.net data: blob: i.mycdn.me i.vimeocdn.com i.ytimg.com i1.sndcdn.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.yandex.tr mc.yandex.ge mc.yandex.am mc.webvisor.org yastatic.net google.com pagead2.googlesyndication.com pic.rutube.ru prismic.infra-hive.com unidownloader.cdn.prismic.io www.google-analytics.com www.googletagmanager.com *.yandex.net *.adfox.ru *.yandex.ru yandex.ru yandex.com ad.adriver.ru wcm.weborama-tech.ru wcm-ru pixel.adlooxtracking.ru bs.serving-sys.ru uniloader.pro;media-src yastatic.net *.yandex.net *.yandex.ru *.adfox.ru yandex.ru yandex.com blob: data: *.googlevideo.com *.mycdn.me https://video.twimg.com *.tiktok.com *.okcdn.ru *.vkuser.net uniloader.pro;object-src data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sharethis.com adservice.google.com adservice.google.ru blob: cdn.jsdelivr.net cdnjs.cloudflare.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.yandex.tr mc.yandex.ge mc.yandex.am mc.webvisor.org pagead2.googlesyndication.com partner.googleadservices.com static.cloudflareinsights.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.recaptcha.net www.youtube.com yastatic.net *.yandex.ru *.adfox.ru yandex.ru yandex.com verify.yandex.ru;script-src-elem 'self' blob: 'unsafe-inline' *.sharethis.com adservice.google.com adservice.google.ru application/javascript cdn.jsdelivr.net cdnjs.cloudflare.com data: mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.yandex.tr mc.yandex.ge mc.yandex.am mc.webvisor.org pagead2.googlesyndication.com partner.googleadservices.com static.cloudflareinsights.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.recaptcha.net www.youtube.com yastatic.net yandex.ru;style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com yastatic.net *.adfox.ru;upgrade-insecure-requests;base-uri 'self';form-action 'self';script-src-attr 'none' 3 style-src * blob: 'unsafe-inline'; img-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; connect-src * ws: wss:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 3 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 3 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fonts.gstatic.com *.postescanada-canadapost.ca 'self' data: *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com data: 'self' 'unsafe-inline'; form-action *.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com google.com *.google.com *.googletagmanager.com *.postescanada-canadapost.ca *.authorize.net *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com *.google.com *.postescanada-canadapost.ca services.postcodeanywhere.co.uk *.hsforms.net *.hsforms.com 'self' data: *.hotjar.com *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.cheneliere.ca *.somabec.com *.editionscaractere.com *.erpi.com *.tcmediaelt.com *.cloudfront.net *.zopim.com *.zopim.io cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.postescanada-canadapost.ca *.authorize.net sandbox-assets.secure.checkout.visa.com *.hsforms.net *.hsforms.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.hotjar.com *.cloudfront.net *.zdassets.com *.zopim.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.postescanada-canadapost.ca *.googleapis.com *.gstatic.com *.hotjar.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.googleapis.com *.gstatic.com *.postescanada-canadapost.ca *.authorize.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com bam.nr-data.net bam-cell.nr-data.net *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com *.hotjar.io *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.amazonaws.com *.pearsonerpi.com *.tcerpi.com *.zdassets.com *.zendesk.com zendesk-eu.my.sentry.io *.zopim.com *.zopim.io wss://widget-mediator.zopim.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 block-all-mixed-content; frame-ancestors 'self' https://*.braintreegateway.com https://*.paypal.com; upgrade-insecure-requests; 3 frame-src https://*; child-src https://*; report-uri /report-csp-violation; upgrade-insecure-requests 3 frame-ancestors 'self' https://s1-eu.ariba.com/ 3 default-src 'self' profiauto.pl profiauto.de profiauto.co.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at *.cookie-script.com ssl.silnet.pl www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.onesignal.com onesignal.com *.googleapis.com cdnjs.cloudflare.com cdn.ampproject.org cdn.datatables.net; style-src 'self' 'unsafe-inline' profiauto.pl profiauto.de profiauto.co.at fonts.googleapis.com ssl.silnet.pl onesignal.com cdnjs.cloudflare.com *.tagmanager.google.com tagmanager.google.com motoflota.pl cdn.datatables.net *.bootstrapcdn.com; img-src 'self' data: *.ggpht.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at silnet.pl ssl.silnet.pl cdn.datatables.net *.doubleclick.net www.google-analytics.com *.google.com *.google.pl *.facebook.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.openstreetmap.org *.gravatar.com motoflota.pl; media-src 'self' profiauto.pl profiauto.de profiauto.co.at; font-src 'self' profiauto.pl profiauto.de profiauto.co.at fonts.gstatic.com *.bootstrapcdn.com; frame-src 'self' profiauto.pl profiauto.de profiauto.co.at *.google.com google.com *.facebook.com onesignal.com *.youtube.com linkedin.com *.linkedin.com kalkulator.raty.aliorbank.pl; connect-src 'self' *.googleapis.com googleapis.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at onesignal.com *.google-analytics.com *.doubleclick.net *.google.com *.google.pl *.facebook.com 3 frame-ancestors 'self' https://app.agilitycms.com; 3 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; worker-src 'self' blob:; 3 upgrade-insecure-requests; frame-ancestors https://app.contentful.com 3 default-src 'self' * 'unsafe-inline' data: blob: ws: wss: gap://ready file//*; child-src *; object-src *; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' data:; style-src * 'unsafe-inline'; font-src *; connect-src * ws: wss:; 3 frame-ancestors 'self' https://indodanafinance.co.id https://quickpay.indodanafinance.co.id https://www.indodana.id https://www.indodanafinance.co.id 3 frame-ancestors 'self' https://secure.simplepart.com https://checkout.simplepart.com https://secure.cml.oeconnection.com https://portal.oeconnection.com; 3 upgrade-insecure-requests; script-src ‘self’; form-action ‘self’; frame-ancestors ‘self’; SameSite=Strict 3 connect-src https://*.ospito.nl https://*.googleapis.com https://*.gstatic.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.google.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://app.greenweb.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 3 base-uri 'none'; default-src: 'none'; block-all-mixed-content 3 default-src * data: mediastream: blob: wss: 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'none' 3 default-src https:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' active24.cz *.active24.cz active24.com *.active24.com active24.eu *.active24.eu *.iubenda.com tracker.metricool.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com trustpilot.com *.trustpilot.com googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net analytics.tiktok.com connect.facebook.net snap.licdn.com bat.bing.com *.ads-twitter.com c.seznam.cz *.ladesk.com *.isy-teamblue.services *.motu-teamblue.services *.teamblue.services *.acsbapp.com *.adform.net *.youtube.com; style-src 'self' 'report-sample' 'unsafe-inline' active24.cz *.active24.cz active24.eu *.active24.eu; object-src 'self'; base-uri 'self'; connect-src 'self' 'report-sample' data: ws://localhost:12387 active24.cz *.active24.cz active24.eu *.active24.eu *.iubenda.com googleapis.com *.googleapis.com *.google.com google.com *.googleadservices.com pagead2.googlesyndication.com px.ads.linkedin.com analytics.tiktok.com bat.bing.com *.google-analytics.com websupport.sk *.websupport.sk h.seznam.cz c.seznam.cz *.motu-teamblue.services *.teamblue.services *.acsbapp.com trustpilot.com *.trustpilot.com *.facebook.com; font-src 'self' 'report-sample' 'unsafe-inline' data: active24.eu *.active24.eu gstatic.com *.gstatic.com; frame-ancestors 'self' *.active24.com; frame-src 'self' 'report-sample' blob: *.active24.cz ladesk.com *.ladesk.com cookiebot.com *.cookiebot.com youtube.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.facebook.com public.infinario.com *.iubenda.com; img-src 'self' 'report-sample' data: cookiebot.com *.cookiebot.com tracker.metricool.com gravatar.com *.gravatar.com *.google.com *.google.al *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ch *.google.com.cy *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.je *.google.kz *.google.li *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mk *.google.mt *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.ru *.google.se *.google.si *.google.sk *.google.sm *.google.rs *.google.com.ua *.google.co.uk *.google.cat *.googleadservices.com *.facebook.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net px.ads.linkedin.com t.co analytics.twitter.com bat.bing.com c.seznam.cz *.motu-teamblue.services *.teamblue.services active24.cz *.active24.cz active24.eu *.active24.eu; manifest-src 'self'; media-src 'self'; worker-src 'self'; 3 frame-ancestors 'self' *.ubiqeducation.com *.amais.com ubiq-staging.azurewebsites.net ubiq.azurewebsites.net;Upgrade-Insecure-Requests; 3 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src *; style-src * 'unsafe-inline'; 3 frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ https://admin-cx.deco.page/ https://deco.chat 3 base-uri 'self'; form-action 'self'; 3 upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' 514fc1854f42ca2ff5db-80cf6c54ed47dc32217f95890ea164c9.ssl.cf3.rackcdn.com youtube.com *.youtube.com edu.gcfglobal.org code.org codecombat.com tynker.com cdn.cookielaw.org data:; connect-src 'self' *.onetrust.com metrics.articulate.com cdn.cookielaw.org; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline'; frame-src 'self' youtube.com *.youtube.com; img-src 'self' 514fc1854f42ca2ff5db-80cf6c54ed47dc32217f95890ea164c9.ssl.cf3.rackcdn.com youtube.com *.youtube.com edu.gcfglobal.org code.org codecombat.com tynker.com cdn.cookielaw.org i.ytimg.com *.genial.ly *.genially.com data:; font-src 'self' 514fc1854f42ca2ff5db-80cf6c54ed47dc32217f95890ea164c9.ssl.cf3.rackcdn.com youtube.com *.youtube.com edu.gcfglobal.org code.org codecombat.com tynker.com cdn.cookielaw.org data:; media-src 'self' 514fc1854f42ca2ff5db-80cf6c54ed47dc32217f95890ea164c9.ssl.cf3.rackcdn.com youtube.com *.youtube.com edu.gcfglobal.org code.org codecombat.com tynker.com cdn.cookielaw.org data:;worker-src 'self' 514fc1854f42ca2ff5db-80cf6c54ed47dc32217f95890ea164c9.ssl.cf3.rackcdn.com youtube.com *.youtube.com edu.gcfglobal.org code.org codecombat.com tynker.com cdn.cookielaw.org data: blob:; 3 img-src * blob: data:;font-src * 3 default-src 'self' data: https://sn2.org *; connect-src 'self' https://sn2.org *; base-uri 'self' *; form-action 'self' *; img-src 'self' data: https://sn2.org *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sn2.org *; style-src 'self' 'unsafe-inline' https://sn2.org *; 3 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/5f78583775.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.2/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/is-in-viewport/3.0.4/isInViewport.min.js https://cdnjs.cloudflare.com/ajax/libs/autosize.js/5.0.1/autosize.min.js https://cdnjs.cloudflare.com/ajax/libs/sharer.js/0.5.1/sharer.min.js https://email.efex.com.au/resources/sharing/embed.js https://unpkg.com/@lottiefiles/lottie-player@1.6.0/dist/lottie-player.js https://www.googletagmanager.com/gtag/js https://unpkg.com/@lottiefiles/lottie-interactivity@1.6.2/dist/lottie-interactivity.min.js https://vimeo.com/api/oembed.json https://f.vimeocdn.com/p/4.25.13/js/player.module.js https://f.vimeocdn.com/p/4.25.13/js/vendor.module.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js https://www.gstatic.com/eureka/clank/117/cast_sender.js https://f.vimeocdn.com/p/4.25.13/js/player.module.js https://f.vimeocdn.com/p/4.25.13/js/vendor.module.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js https://www.gstatic.com/eureka/clank/117/cast_sender.js https://email.efex.com.au/assets/scripts/LandingPagesEmbedded1_2 https://email.efex.com.au/Resources/LandingPagesEmbedded/localised/strings.js https://www.googletagmanager.com/gtm.js https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js https://www.vimeo.com/api/oembed.json https://maps.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://kit.fontawesome.com/5f78583775.js; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com https://kit-uploads.fontawesome.com https://www.google-analytics.com https://maps.googleapis.com https://cke4.ckeditor.com/ckeditor4-secure-version/versions.json; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://email.efex.com.au https://player.vimeo.com https://r1.dotdigital-pages.com https://www.youtube.com/embed/; img-src data: blob: 'self' https://www.googletagmanager.com https://maps.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://i.vimeocdn.com https://lh3.ggpht.com https://lh3.ggpht.com https://i.vimeocdn.com/video/1568323917-4ccc690ec25da531eae5861e5c1a7b7c5b2d65f5ae8f2ac91fc18315e4d8471c-d; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; 3 frame-ancestors 'self' *.swoogo.com 3 frame-src https: 3 frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 3 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.datadoghq-browser-agent.com https://optimise.aws.fortum.com https://*.clarity.ms https://bat.bing.com https://bat.bing.net https://c.bing.com https://try.abtasty.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://optanon.blob.core.windows.net https://ajax.googleapis.com https://*.onetrust.com https://connect.facebook.net https://gtm.fortum.com https://valuesportal.com https://cdn.adt389.net https://gtm.adt313.net https://ion.fortum.com https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://cdn.cookielaw.org https://*.boost.ai https://siteimproveanalytics.com https://*.hs-banner.com https://track.hubspot.com https://*.hsleadflows.net https://js.hubspot.com https://*.hsforms.net https://*.hsforms.com https://*.hs-analytics.net https://*.hs-scripts.com https://tagmanager.google.com https://*.hsadspixel.net https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hubspot.net https://static.hsappstatic.net https://*.usemessages.com https://*.hscollectedforms.net https://feedback.hubapi.com https://*.hubspotfeedback.com https://feedback-eu1.hubapi.com https://qa-assistant.abtasty.com https://*.adform.net https://snap.licdn.com https://survey.fortum.com https://acdn.adnxs.com https://static.ads-twitter.com https://sc-static.net https://tr.snapchat.com https://tr6.snapchat.com https://*.readpeak.com https://www.aservice.cloud https://analytics.tiktok.com; style-src 'self' 'unsafe-inline' https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://try.abtasty.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn2.hubspot.net https://www.gstatic.com https://*.boost.ai https://survey.fortum.com; img-src 'self' blob: data: https://*.fortum.com https://cdn.valuesportal.com https://log.adtraction.fail https://*.g.doubleclick.net https://ad.doubleclick.net https://*.analytics.google.com https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://bat.bing.com https://bat.bing.net https://*.google-analytics.com https://*.googletagmanager.com https://gtm.fortum.com https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://cdn.cookielaw.org https://*.clarity.ms https://optanon.blob.core.windows.net https://www.facebook.com https://editor-assets.abtasty.com https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com https://images.ctfassets.net https://*.siteimproveanalytics.io https://c.bing.com https://track.hubspot.com https://*.hsforms.net https://*.hsforms.com https://ssl.gstatic.com https://www.gstatic.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hubspot.net https://cdn2.hubspot.net https://*.fls.doubleclick.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://*.adform.net https://survey.fortum.com https://ib.adnxs.com https://analytics.twitter.com https://t.co https://fortum.heydaypro.com https://pbs.twimg.com https://fonts.gstatic.com https://tr.snapchat.com https://tr6.snapchat.com https://*.google.com https://*.google.fi https://*.google.no https://*.google.se https://*.google.pl https://*.google.es https://*.google.com.ua https://*.google.nl; media-src 'self' https://videos.ctfassets.net https://www.fortum.com; frame-src https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://player.vimeo.com https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://se.fortum-test.wdr.io https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://datastudio.google.com https://lookerstudio.google.com https://cdn.cookielaw.org https://*.fortum.se https://*.fortum.fi https://pages.upsales.com https://www.fortum.com https://qa.fortum-cms-se.dev.wdr.io https://*.fortum-se.dev.wdr.io https://*.hsforms.net https://*.hsforms.com https://*.hubspot.com https://*.hubspot.net https://*.hs-sites.com https://*.hs-sites-eu1.com https://play.hubspotvideo.com https://play-eu1.hubspotvideo.com https://*.adform.net https://www.facebook.com https://gtm.fortum.com https://survey.fortum.com https://secredirect.wheelq.com https://surveys.wheelq.com https://tr.snapchat.com https://tr6.snapchat.com https://o.clarity.ms https://bat.bing.com; font-src 'self' https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://fonts.gstatic.com https://survey.fortum.com https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self' https://*.wdr.io https://dev.fortum.com https://staging.fortum.com https://*.hsforms.com https://*.hsforms.net https://www.facebook.com https://o.clarity.ms https://px.ads.linkedin.com https://*.boost.ai; frame-ancestors https://app.contentful.com https://*.fortum.se https://*.fortum.fi https://*.fortum.com; connect-src 'self' https://*.fortum.com https://*.fortum.se https://*.fortum.fi https://bat.bing.com https://bat.bing.net https://ion.fortum.no https://api.adtraction.net https://ion.fortum.com https://log.adtraction.fail https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.abtasty.com https://gtm.fortum.com https://apps.apple.com https://play.google.com https://cdn.horizons.confirmit.eu https://horizons.confirmit.eu https://browser-intake-datadoghq.eu https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com https://*.clarity.ms https://*.mittfortum.com https://*.mittfortum.se https://*.contentful.com https://*.onetrust.com https://www.datadoghq-browser-agent.com https://browser-intake-datadoghq.eu https://adservice.google.com https://*.hs-banner.com https://*.hsforms.com https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hscollectedforms.net https://www.google.com https://px.ads.linkedin.com https://survey.fortum.com https://ib.adnxs.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.readpeak.com https://www.aservice.cloud https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://*.boost.ai https://tr.snapchat.com https://tr6.snapchat.com https://www.facebook.com https://*.google.com https://*.google.fi https://*.google.no https://*.google.se https://*.google.pl https://*.google.es https://*.google.com.ua https://*.google.nl; worker-src 'self' blob: data:; upgrade-insecure-requests; report-to browser-intake-datadoghq 3 default-src 'none'; style-src-elem 'self' 'unsafe-inline' https:; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; media-src 'self' https: data:; font-src 'self' data: https:; frame-ancestors https://cupra-admin.porsche-holding.com https://*.googletagmanager.com https://*.doubleclick.net; connect-src 'self' https: ws: wss: data:; frame-src 'self' https:; upgrade-insecure-requests 3 base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' data: https: https://rp-static.com https://r.rp-static.com; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; upgrade-insecure-requests; connect-src 'self' https: wss: https://rp-static.com https://r.rp-static.com; default-src 'self'; frame-src 'self' https:; media-src 'self' https:; worker-src 'self' blob: https:; 3 frame-ancestors 'self' https://*.contentstack.com http://*.viaoutlets.com https://*.viaoutlets.com https://*.bataviastad.nl https://*.fashion-arena.cz https://*.wroclawfashionoutlet.com https://*.freeportfashionoutlet.pt https://*.mallorcafashionoutlet.com https://*.oslofashionoutlet.no https://*.viladocondefashionoutlet.pt https://*.zweibrueckenfashionoutlet.com https://*.landquartfashionoutlet.ch https://*.sevillafashionoutlet.com https://*.hedefashionoutlet.se; 3 default-src 'none'; script-src 'self' 'unsafe-inline' https://www.jindalsteel.com https://docs.jindalsteel.in https://www.googletagmanager.com https://esg.churchgatepartners.com; style-src 'self' 'unsafe-inline' https://docs.jindalsteel.in https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https://docs.jindalsteel.in data:; font-src 'self' https://fonts.googleapis.com https://docs.jindalsteel.in https://docs.jindalsteel.in https://fonts.gstatic.com; media-src 'self' https://docs.jindalsteel.in; connect-src 'self' https://www.jindalsteel.com https://api.jindalsteelpower.com https://www.google-analytics.com; frame-src 'self' https://cmapis.cmots.com https://esg.churchgatepartners.com https://www.youtube.com; 3 script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.israelinfo.co.il *.cloudflareinsights.com https://cdn.rawgit.com https://static.kupatbravo.co.il https://katalog.co.il https://*.ep-mimecast.ads-twitter.com https://*.doubleclick.net https://*.google.com https://*.facebook.net https://*.adtrafficquality.google https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.ampproject.org https://*.ampproject.net https://*.israelinfo.co.il https://adservice.google.co.il https://analytics.twitter.com https://cse.google.co.il https://cdn.syndication.twimg.com https://en.twitter.com https://google-analytics.com https://googletagmanager.com https://partner.googleadservices.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://platform.twitter.com https://static.ads-twitter.com https://sync-dmp.aura-dsp.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://t.co https://m.youtube.com https://www.google-analytics.com https://www.google.co.il https://maps.googleapis.com https://www.googletagmanager.com https://*.tiktok.com;style-src 'self' 'report-sample' 'unsafe-inline' *.israelinfo.co.il *.google.com *.bootstrapcdn.com cdn.ampproject.org fonts.googleapis.com platform.twitter.com ton.twimg.com www.googletagmanager.com https://katalog.co.il https://static.kupatbravo.co.il; 3 frame-ancestors 'self' https://www.google.com https://googletagmanager.com; upgrade-insecure-requests 3 default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.go-mpulse.net maps.googleapis.com;worker-src 'none';object-src *;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' blob: data: *.scalemates.com *.youtube.com *.akstat.io *.gstatic.com *.googleapis.com *.ytimg.com;media-src 'self';frame-src 'self' *.youtube.com;font-src 'self' *.gstatic.com data:;connect-src 'self' *.akstat.io *.scalemates.com *.go-mpulse.net maps.googleapis.com;report-uri https://reporting.go-mpulse.net/report/LLD9T-Q4RA5-2E42A-L3YP5-GSM4N 3 default-src 'self'; style-src 'self' 'unsafe-inline' 3 default-src 'self' *.haitex.it 127.0.0.1 'unsafe-inline' 'unsafe-eval' applepay.cdn-apple.com *.wonderpush.com *.clarity.ms *.feedaty.com *.heidipay.com cdn.pushowl.com *.pinterest.com *.pinimg.com *.trustpilot.com *.brevo.com *.leadchampion.com *.lpages.co *.leadpages.net *.lpcontent.net *.center.io *.hotjar.com cdn.datatables.net *.typekit.net cdnjs.cloudflare.com *.scalapay.com *.zopim.com *.zdassets.com *.trustedshops.com malsup.github.io *.tiktok.com *.popupsmart.com sibautomation.com *.facebook.com *.facebook.net *.gstatic.com *.google.com *.google.ch *.google.hu *.google.es *.google.it *.google.ad *.google.de *.google.no *.google.sk *.google.tn *.google.fr translate-pa.googleapis.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.sendinblue.com *.worldztool.com *.oct8ne.com oct8necdneu.azureedge.net *.etrusted.com www.paypal.com *.paypalobjects.com payments-eu.amazon.com *.payments-amazon.com *.trovaprezzi.it *.nr-data.net *.newrelic.com data: ; img-src * data: ; frame-src applepay.cdn-apple.com *.heidipay.com *.googletagmanager.com *.pinterest.com *.trustpilot.com calendly.com *.brevo.com *.twil.io *.flashoffer.it *.convrrt.com *.doubleclick.net *.sibpages.com *.sibforms.com *.lpages.co *.center.io youtube.com *.youtube.com player.flipsnack.com sibautomation.com boccadamo.info *.boccadamo.info *.facebook.com *.google.com *.oct8ne.com www.worldztool.com *.braintreegateway.com *.paypal.com *.worldztool.com bid.g.doubleclick.net cdn.flipsnack.com *.media-amazon.com *.googlesyndication.com data: ; object-src 'none' ; connect-src *; media-src *; report-uri /csp_collector.php ; report-to /csp_collector.php ; 3 frame-ancestors 'self' https://webvisor.com https://metrika.yandex.ru https://metrica.yandex.ru https://metrika.yandex.com https://metrica.yandex.com; 3 frame-src 'self' consentcdn.cookiebot.com gvb-quiz.vercel.app www.facebook.com gvb.demdex.net www.youtube.com www.tiktok.com *.google.com newassets.hcaptcha.com form.typeform.com typeform.com www.typeform.com bid.g.doubleclick.net activitymap.adobe.com vars.hotjar.com gvb.ch gvb-privatversicherungen.ch hausinfo.ch wetteralarm.ch alarmemeteo.ch allarmemeteo.ch *.doubleclick.net *.demdex.net outlook.office365.com moneypark.ch embed.eventfrog.ch dev-webgis.gvb.ch webgis.gvb.ch www.googletagmanager.com calendly.com propertyowners.digitalpath.pt https://www.propertyowner.ch feedback.echonovum.com www.myky.ch ; child-src blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' gvb-quiz.vercel.app gvbdev.b-cdn.net gvbtest.b-cdn.net gvb.b-cdn.net gvba.b-cdn.net consent.cookiebot.com consentcdn.cookiebot.com hcaptcha.com newassets.hcaptcha.com js.hcaptcha.com plugins.flockler.com dpm.demdex.net www.googletagmanager.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com embed.typeform.com activitymap.adobe.com www.youtube.com www.tiktok.com www.googleoptimize.com static.hotjar.com script.hotjar.com *.google.com snap.licdn.com *.fusedeck.net *.demdex.net cm.everesttech.net assets.adobedtm.com moneypark.ch static.elfsight.com universe-static.elfsightcdn.com elfsightcdn.com/platform.js embed.eventfrog.ch assets.calendly.com gvb.imgix.net code.createjs.com *.adform.net cdnjs.cloudflare.com bat.bing.com www.myky.ch widget.wetteralarm.ch widgets.gekomene.cyon.site 'unsafe-inline'; frame-ancestors 'self' wetterhuette.ch ; 3 default-src 'self' https://*.optimizely.com https://www.google-analytics.com https://*.heg-cp.com; style-src 'self' 'unsafe-inline' https://*.hosteurope.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hosteurope.de https://js.leadinspector.de http://js.leadinspector.de https://js.leadinspector.de tags.tiqcdn.com https://*.doubleclick.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com http://*.optimizely.com www.googleadservices.com https://bat.bing.com www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' data:; object-src 'self'; img-src 'self' 'unsafe-inline' https://www.hosteurope.com/ data: https://www.google.com.ua https://*.leadinspector.de https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com *.doubleclick.net; 3 default-src 'self' https://*.userlane.com; script-src 'self' https://*.cookiebot.eu https://*.cookiebot.com https://www.datadoghq-browser-agent.com https://*.pinterest.com https://tally.so/widgets/embed.js https://*.youtube.com/ https://*.azureedge.net https://*.clarity.ms https://www.instagram.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://*.dynamics.com https://www.googleanalytics.com https://optimize.google.com https://*.mailplus.nl https://connect.facebook.net https://*.clickdimensions.com https://www.gstatic.com https://www.google.com https://www.paypal.com https://www.paypalobjects.com https://checkoutshopper-live.cdn.adyen.com https://checkoutshopper-test.cdn.adyen.com https://script.hotjar.com https://tag.static.eu.context.cloud.sap https://www.google-analytics.com https://*.hotjar.com 'unsafe-inline' https://www.googletagmanager.com https://ssl.google-analytics.com https://*.vo.msecnd.net https://*.userlane.com https://www.googleoptimize.com 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' *.visualwebsiteoptimizer.com http://app.vwo.com 'self' blob:; style-src 'self' https://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.clickdimensions.com https://*.vo.msecnd.net https://cdnjs.cloudflare.com https://checkoutshopper-live.cdn.adyen.com https://checkoutshopper-test.cdn.adyen.com https://cdn-images.mailchimp.com https://fonts.googleapis.com https://*.userlane.com 'unsafe-inline' 'unsafe-inline' *.visualwebsiteoptimizer.com http://app.vwo.com; connect-src 'self' https://*.cookiebot.eu https://checkoutanalytics-live.adyen.com https://checkoutanalytics-test.adyen.com https://*.google.com https://browser-intake-datadoghq.eu https://*.westeurope.logic.azure.com https://*.azureedge.net https://*.dynamics.com https://*.clarity.ms https://o1121245.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://htp741805396-hamiplant.api.eu.context.cloud.sap/ https://htp741805397-hamiplant.api.eu.context.cloud.sap/ https://htp741805396.api.eu.context.cloud.sap/ https://htp741805397.api.eu.context.cloud.sap/ https://tag.static.eu.context.cloud.sap/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.sandbox.paypal.com/ https://www.paypal.com https://checkoutshopper-live.cdn.adyen.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.cdn.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.userlane.com *.visualwebsiteoptimizer.com http://app.vwo.com *.googlesyndication.com; img-src 'self' https://*.usercentrics.eu https://*.cookiebot.com https://*.google.com https://*.google.nl https://*.flowerwebshop.com https://*.holexflower.com https://holex.tech https://i.pinimg.com https://*.clarity.ms https://*.pinterest.com https://*.youtube.com/ https://vmp.wincoholland.com/ https://shop.adomex.nl/ https://*.freshportal.net/ https://*.florinet.nl https://*.azureedge.net https://*.dynamics.com https://www.instagram.com/ https://freshandeasy.nl https://image.floriday.io https://shop.florashopping.nl https://www.flowersplantsandmore.com https://AlfaPro-Online.com https://www.terhaarornamental.nl https://zentoo.florinet.nl https://mijoflowers.com https://pictures.flowerwebshop.net https://023.kbt-pro.nl https://images.easyflor.nl https://webshop3.florashopping.nl https://pictures.flowersales.nl https://vmp.starflor.nl https://img.greenmaster.nl https://webshop.welyflor.com https://webshop3.wbe.nl https://4att.uniware.nl https://services.sdf.nl https://groenenmeer.sdfcloud.nl https://webshop.gdekoning.nl https://webshop.rotoflowers.nl https://img.img20.match-online.nl https://img20.match-online.nl https://winco.florisoftcloud.nl https://summit.florinet.nl https://webshop.freshcap.eu https://webshop.eijkpotplanten.nl https://www.tgca.nl https://webshop.hpvannieuwkerk.nl https://webshop.floraunited.nl https://*.hotjar.com https://floralwebshop.com https://img.floraplaza.nl https://optimize.google.com https://www.google-analytics.com https://*.analytics.google.com https://webshop.mdk.nl https://website.pfitzer.nl https://www.duif.nl https://www.facebook.com https://webshop.fsq.nl/ https://webshop.demooij-import.com/ https://www.ccpictures.net/ https://res.cloudinary.com/ https://*.userlane.com http://83.98.232.238/ https://webshop.frescoflowers.nl/ http://zentoo.florinet.nl/ https://webshop.arendroses.nl/ https://webshop.decofresh.com/ http://summit.florinet.nl/ http://winco.florisoftcloud.nl/ https://www.paypalobjects.com/ https://checkoutshopper-live.cdn.adyen.com/ https://checkoutshopper-test.cdn.adyen.com/ https://api.floriday.io/ http://images.duif.nl/ http://213.125.32.122:81/ https://image.freshportal.com/ http://85.17.33.195/ http://img.logicab.nl/ http://lw-fps-img-01.freshportal.nl/ http://img20.match-online.nl/ https://images.connectwebshop.nl/ https://*.ozplanten.nl https://shop.floraplaza.nl/ data: https://*.google-analytics.com http://webshop.hamifleurs.nl http://webshop.flowertrading.nl https://ssl.google-analytics.com https://www.googletagmanager.com https://floraxchange.blob.core.windows.net http://shop.flowertrading.nl http://accp.flowertrading.nl https://dutchplantshop.nl https://img20.match-online.nl http://www.gasagroup.com https://img.ozexport.nl https://images.connectwebshop.nl http://webshop.flowertrading.nl https://services.sdf.nl/ https://ozplanten.nl https://garden-line.nl https://plantsplaza.com https://alfapro-online.com https://*.freshportal.nl https://img.logicab.nl https://beeldbankfotos.royalfloraholland.com https://api.floriday.com https://images.duif.nl https://023.kbt-pro.nl https://img.greenmaster.nl https://cms.pt-creations.nl *.visualwebsiteoptimizer.com http://app.vwo.com useruploads.vwo.io *.googlesyndication.com; font-src 'self' https://*.hotjar.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.userlane.com data:; frame-src 'self' https://*.cookiebot.eu/ https://pal-live.adyen.com https://pal-test.adyen.com https://*.cookiebot.com/ https://*.googletagmanager.com/ https://*.flowerwn.com/ https://tally.so/ https://*.floralwebshop.com/ https://*.plantsplaza.com/ https://*.floraplaza.com/ https://*.flowerwebshop.com/ https://*.dutchplantshop.nl/ https://*.connectwebshop.com/ https://www.instagram.com/ https://optimize.google.com https://*.hotjar.com https://player.cloudinary.com https://login.microsoftonline.com https://login.windows.net https://forms.office.com https://e.issuu.com https://www.sandbox.paypal.com/ https://checkoutshopper-live.cdn.adyen.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.cdn.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.vimeo.com/ https://*.youtube.com/ https://*.twitter.com https://*.facebook.com/ https://*.pinterest.com/ https://issuu.com/ https://*.google.com *.visualwebsiteoptimizer.com http://app.vwo.com; frame-ancestors 'self' https://accstorefront.cuyu7qqhig-dutchflow1-p2-public.model-t.cc.commerce.ondemand.com/ https://accstorefront.cuyu7qqhig-dutchflow1-s1-public.model-t.cc.commerce.ondemand.com https://*.flowerwn.com/ https://*.floralwebshop.com/ https://*.plantsplaza.com/ https://accstorefront.cuyu7qqhig-dutchflow1-p1-public.model-t.cc.commerce.ondemand.com https://*.floraplaza.com/ https://*.flowerwebshop.com/ https://*.connectwebshop.com/ https://*.dutchplantshop.nl/; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub2f8f657928810848632b384d8a7c9003&dd-evp-origin=content-security-policy&ddsource=csp-report 3 frame-ancestors 'self' https://*.visitor.chat; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' * tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash-staging.bounceexchange.com https://cdn.gbqofs.com/ https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src * 'self' 'unsafe-inline' assets.bounceexchange.com; img-src * 'self' blob: data: assets.bounceexchange.com events.bouncex.net; font-src * 'self' data: assets.bounceexchange.com; child-src assets.bounceexchange.com; worker-src * 'self' blob: assets.bounceexchange.com; frame-src * 'self' assets.bounceexchange.com dash-staging.bounceexchange.com; form-action * 'self' api.bounceexchange.com dev.bounceexchange.com; connect-src * 'self' events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; 3 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://one-time-offer.com https://cashbackprog.completesavings.co.uk;upgrade-insecure-requests; 3 frame-ancestors 'self' https://www.mscbook.com https://virtual-tours.msccruises.com; 3 default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors https: data:; 3 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' ; frame-ancestors 'self' ; base-uri 'self' ; img-src https: data: ; 3 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; 3 frame-ancestors 'self' https://chiemgauevent.expo-ip.com https://ikom.expo-ip.com https://virtuelle.ikom-tum.de 3 default-src'self' 3 frame-ancestors *; report-uri /log/csp-violation 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://assets.adobedtm.com https://cdn.cookielaw.org https://www.google-analytics.com https://stats.wp.com https://script.hotjar.com https://static.hotjar.com https://engagent.h-care.eu https://snap.licdn.com https://cdn.landbot.io https://calc-api.cardif.ysprod.cz https://static.elfsight.com https://connect.facebook.net https://s0.wp.com https://grwapi.net https://acsbapp.com https://s3.eu-central-1.amazonaws.com https://www.clarity.ms https://cdn.acsbapp.com https://cdn.parsely.com https://cdn.jsdelivr.net https://snippet.capybara.lmc.cz https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://engagent.h-care.eu https://cdn.landbot.io https://s0.wp.com https://cdn.acsbapp.com https://cdnjs.cloudflare.com https://snippet.capybara.lmc.cz; img-src 'self' data: https://secure.gravatar.com https://cdn.cookielaw.org https://engagent.h-care.eu https://pixel.wp.com https://www.googletagmanager.com https://fonts.gstatic.com https://*.112.2o7.net https://api.holeest.com https://bo-corp.bnpparibascardif.com https://api.holeest.com https://pixel.wp.com https://www.google.com.pe https://www.google.ro https://px.ads.linkedin.com https://storage.googleapis.com/media.landbot.io/ https://i.ytimg.com https://www.google-analytics.com https://www.google.fr https://cardif.cz; font-src 'self' data: https://engagent.h-care.eu https://cdn.landbot.io https://s0.wp.com https://use.typekit.net https://snippet.capybara.lmc.cz https://cdnjs.cloudflare.com; connect-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com https://stats.g.doubleclick.net https://privacyportal-de.onetrust.com https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://engagent.h-care.eu wss://engagent.h-care.eu wss://ws.hotjar.com https://analytics.google.com https://content.hotjar.io https://*.ads.linkedin.com https://firestore.googleapis.com https://storage.googleapis.com securetoken.googleapis.com https://privacyportal-fr.onetrust.com https://messages.landbot.io https://region1.analytics.google.com https://metrics.hotjar.io https://overbridgenet.com https://welcome.landbot.io https://identitytoolkit.googleapis.com https://vc.hotjar.io https://cdn.acsbapp.com https://*.112.2o7.net https://acsbapp.com https://accesswidget-log-receiver.acsbapp.com https://cdn.landbot.io https://api.capybara.lmc.cz https://cdn.jsdelivr.net; media-src 'self' https://broadcast.mediahub.bnpparibas https://asset.mediahub.bnpparibas https://dam.bnpparibas.com https://my.mediahub.bnpparibas; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://engagent.h-care.eu https://www.googletagmanager.com https://forms.office.com https://widgets.wp.com https://wordpress.com https://mycardif.cardif.de https://player.vimeo.com https://www.welcometothejungle.com https://forms.cloud.microsoft; manifest-src 'self'; worker-src 'self'; object-src 'self' https://engagent.h-care.eu; base-uri 'self'; frame-ancestors 'self' https://frontend-dot-partner-cockpit.ew.r.appspot.com https://partner-cockpit.cardiflab.com; 3 default-src: https: 3 script-src 'self' https: 'unsafe-inline' 'unsafe-eval';script-src-attr 'self' https: 'unsafe-inline';connect-src 'self' https:;frame-src 'self' https:;img-src 'self' https: data: blob:;worker-src 'self' https: 'unsafe-inline' blob:;form-action 'self' https://faucetpay.io;media-src 'self' https: blob: data:;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 3 default-src 'self' *.pinimg.com *.pinterest.com www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;font-src 'self' data: fonts.gstatic.com *.zbozi.cz *.cj.com www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;connect-src 'self' analytics.monkeytracker.cz *.google.com *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.clarity.ms *.smartlook.cloud *.smartlook.com *.tiktok.com *.permutive.com *.teads.tv *.prmutv.co *.adnxs.com *.gjirafa.tech *.gjirafa.net *.mczbf.com *.sjwoe.com *.zbozi.cz *.foxentry.cz *.bing.com *.apple.com apple.com iplatebnibrana.csob.cz api.ipify.org *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.googlesyndication.com www.googletagmanager.com h.seznam.cz c.seznam.cz https://bat.bing.net https://analytics-ipv6.tiktokw.us eshops-uet-tags.ams3.cdn.digitaloceanspaces.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com analytics.monkeytracker.cz *.facebook.net *.imedia.cz *.gstatic.com *.heureka.cz *.heureka.sk *.hotjar.com *.adform.net *.teads.tv *.clarity.ms *.smartlook.cloud *.smartlook.com *.etargetnet.com *.tiktok.com *.permutive.com *.gjirafa.net *.doubleclick.net *.mczbf.com *.zbozi.cz *.seznam.cz *.cj.com https://glamipixel.com *.foxentry.cz *.foxentry.com *.bing.com *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.googleadservices.com *.glami.cz *.glami.sk cdn.heureka.group *.licdn.com *.linkedin.com im9.cz *.seznam.cz *.zbozi.cz *.googlesyndication.com https://www.googletagmanager.com https://tags.creativecdn.com;form-action 'self' *.facebook.com *.facebook.net ;frame-src 'self' blob: www.youtube.com *.facebook.com *.doubleclick.net *.imedia.cz *.hotjar.com *.adform.net *.google.com *.gjirafa.tech *.gjirafa.net *.zbozi.cz *.mczbf.com *.foxentry.cz *.csob.cz *.pinimg.com *.pinterest.com https://ehub.cz *.szn.cz *.iplatba.cz *.essox.cz *.zbozi.cz www.googletagmanager.com;worker-src 'self' blob: www.youtube.com *.facebook.com *.doubleclick.net *.imedia.cz *.hotjar.com *.adform.net *.google.com *.gjirafa.tech *.gjirafa.net *.zbozi.cz *.mczbf.com *.foxentry.cz *.csob.cz *.pinimg.com *.pinterest.com https://ehub.cz *.szn.cz *.iplatba.cz *.essox.cz *.zbozi.cz www.googletagmanager.com;frame-ancestors 'self' ;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.google.com *.google.cz *.google.ie *.facebook.com *.imedia.cz im9.cz *.teads.tv *.seznam.cz *.clarity.ms *.adnxs.com www.zasilkovna.cz www.zasielkovna.sk *.packeta.com *.bing.com *.fg.cz *.zbozi.cz *.mczbf.com *.kdukvh.com *.emjcd.com *.dotomi.com *.foxentry.cz *.pinimg.com *.pinterest.com https://ehub.cz *.cloudfront.net www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk *.glami.cz *.glami.sk *.heureka.cz *.heureka.sk www.googletagmanager.com https://bat.bing.net https://analytics-ipv6.tiktokw.us https://server.seadform.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.gstatic.com www.googletagmanager.com *.zbozi.cz *.cj.com *.foxentry.cz *.pinimg.com *.pinterest.com https://ehub.cz www.fjallraven-slovensko.sk www.arcticfox.hu www.kanken.shop www.levi.sk ;object-src 'self' 3 script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com www.googletagmanager.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;media-src h7i9j1k3l5m7n9o1p3q5r7s9t1u3v5w7x9y.speed-cdn.com 421ab65dd5bf4d8ba68319b057db9f26.speed-cdn.com 6d1a8cd73ca041a1bbbad207c7b5be66.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 3 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.unica.vn www.googletagmanager.com connect.facebook.net web.facebook.com www.facebook.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com onesignal.com tpc.googlesyndication.com webpush.vn cdnjs.cloudflare.com accounts.google.com www.google.com www.youtube.com zoom.us source.zoom.us cdn.jsdelivr.net unpkg.com npmcdn.com translate.google.com sp.zalo.me analytics.tiktok.com w.ladicdn.com salekit.io za.zdn.vn embed.tawk.to cdn.tailwindcss.com ipinfo.io *.googleapis.com apis.google.com *.edubit.vn www.wiris.net edubit.live www.pdftron.com fchat.vn cdn.fchat.vn embed.ybai.me salekit.page player.vimeo.com livechat.fpt.ai www.misa.vn a.pancake.vn api.webcake.io zigzag.vn yoga.vn app.chatbiz.vn player.vdocipher.com chatgpt.com sf-cdn.coze.com rc-help.pagefly.io *.chative.io ahachat.com app.ahachat.com app.preny.ai cdn.mathjax.org *.salekit.com; worker-src blob: https:; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.value-domain.com www.xrea.com www2.xrea.com www.coreserver.jp www2.coreserver.jp www.value-server.com www2.value-server.com www.google-analytics.com *.googlesyndication.com *.doubleclick.net www.google.com;img-src *; 3 font-src portal.bulkgate.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com portal.bulkgate.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com portal.bulkgate.com youtu.be *.vimeo.com *.addthis.com *.meetanshi.com www.googletagmanager.com *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io portal.bulkgate.com https://files.zakeke.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: magefan.com cm.magefan.com https://firebasestorage.googleapis.com https://www.magezon.com meetanshi.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://tile.openstreetmap.org https://balikomat.sps-sro.sk https://i.alza.cz https://cdn.alza.cz maps.gstatic.com bat.bing.net bat.bing.com seznam.cz *.seznam.cz cdn.r2.zakeke.com im9.cz *.foxentry.cz *.cloudfront.net *.clarity.ms *.vsetkonamobil.sk *.google.sk *.bing.com *.emjcd.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io *.meetanshi.com connect.facebook.net *.googletagmanager.com *.packeta.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://unpkg.com https://balikomat.sps-sro.sk/ *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com maps.googleapis.com ajax.cloudflare.com static.cloudflareinsights.com *.smartlook.com *.smartlook.cloud bat.bing.net bat.bing.com seznam.cz *.seznam.cz *.foxentry.cz *.im9.cz *.freshchat.com *.freshworks.com *.mczbf.com *.clarity.ms *.luigisbox.com *.cloudfront.net *.bing.com *.tiktok.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.googleapis.com unsafe-inline assets.braintreegateway.com https://unpkg.com *.stripe.network *.stripecdn.com *.amazon.com *.foxentry.cz *.freshworks.com *.luigisbox.com *.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com portal.bulkgate.com *.gstatic.com https://scripts.luigisbox.com https://cdn.luigisbox.com https://live.luigisbox.com https://api.luigisbox.com *.cloudflare.com *.paypal.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://unpkg.com https://balikomat.sps-sro.sk https://nominatim.openstreetmap.org *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com static.cloudflareinsights.com *.smartlook.com *.smartlook.cloud bat.bing.net bat.bing.com seznam.cz *.seznam.cz *.foxentry.cz *.freshchat.com *.freshworks.com *.mczbf.com *.luigisbox.com *.clarity.ms *.jsdelivr.net *.doubleclick.net *.tiktok.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src zbozi.cz *.zbozi.cz seznam.cz *.seznam.cz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self' https://cdn.mmgcache.net https://adservice.google.com https://www.google-analytics.com https://*.googletagservices.com https://www.googletagmanager.com https://www.gstatic.com https://region1.analytics.google.com https://www.acuris.com https://fast.trychameleon.com https://fast.chmln-cdn.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://app-eu1.hubspot.com https://api-eu1.hubspot.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://*.hscollectedforms.net https://js-eu1.hs-scripts.com https://js-eu1.usemessages.com https://cdn.inframationnews.com https://securepubads.g.doubleclick.net https://fonts.gstatic.com https://stats.g.doubleclick.net https://maps.googleapis.com https://cdnjs.cloudflare.com https://code.highcharts.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com https://www.google.com http://cdn.iframe.ly https://e.infogram.com https://infogram.com https://region1.google-analytics.com https://cdn.datatables.net https://use.fontawesome.com blob: 'unsafe-eval' 'unsafe-inline';style-src 'self' https://*.inframationnews.com https://cdn.mmgcache.net https://fonts.googleapis.com https://fonts.gstatic.com https://forms-eu1.hsforms.com https://cdn.jsdelivr.net https://cdn.datatables.net https://use.fontawesome.com 'unsafe-hashes' 'unsafe-inline';img-src 'self' https://*.inframationnews.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://fast.chmln-cdn.com https://cdn.jsdelivr.net https://www.gravatar.com data: 3 default-src 'none'; connect-src https://yandex.ru wss://mc.yandex.ru https://strm.yandex.ru https://*.strm.yandex.ru https://*.strm.yandex.net https://verify.yandex.ru https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net 'report-sample'; font-src https://fonts.gstatic.com https://yastatic.net 'report-sample'; frame-src https://ad.mail.ru https://googleads.g.doubleclick.net https://mc.yandex.md https://mc.yandex.com https://rutube.ru https://player.vimeo.com https://nuum.ru https://tpc.googlesyndication.com *.google.com https://www.youtube.com https://yastatic.net *.yandex.ru 'report-sample'; img-src 'self' data: an.yandex.ru *.mds.yandex.net counter.yadro.ru https://*.verify.yandex.ru https://amc.yandex.ru https://csi.gstatic.com https://favicon.yandex.net https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.ua https://mc.yandex.uz https://verify.yandex.ru https://www.google-analytics.com https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://yastatic.net imagecache.worldwide-ad-network.biz mc.yandex.ru pagead2.googlesyndication.com *.googleusercontent.com *.google.com 'report-sample'; script-src 'self' 'unsafe-inline' an.yandex.ru https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://ad.mail.ru https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.uz https://pagead2.googlesyndication.com https://partner.googleadservices.com https://r.mradx.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com https://yandex.ru https://yastatic.net mc.yandex.ru www.googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://fonts.googleapis.com; media-src data: strm.yandex.ru *.strm.yandex.net; worker-src https://yastatic.net 'report-sample'; report-uri /csp-report.php 3 base-uri 'self'; frame-ancestors 'self' https://sage.pathfactory.com https://explore.sage.com; 3 img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com *.mzstatic.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn; font-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com; connect-src blob: 'self' data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com wss://*.push.apple.com; frame-src 'self' blob: mailto: sms: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com *.icloud-content.com.cn; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com *.apple.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 2 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 2 default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' data: *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 2 default-src 'none'; script-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; img-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net https://piwik.avm.de data: ; font-src 'self' https://www.myfritz.net https://sso.myfritz.net https://static.myfritz.net; connect-src 'self' https://sso.myfritz.net https://gateway.myfritz.net wss://gateway.myfritz.net https://piwik.avm.de; frame-src 'self' https://sso.myfritz.net https://www.google.com/recaptcha/; media-src 'none'; object-src 'none'; worker-src 'none'; manifest-src https://www.myfritz.net/static/manifest.json https://sso.myfritz.net/static/manifest.json; frame-ancestors https://sso.myfritz.net https://www.myfritz.net; form-action 'self' https://www.myfritz.net 2 object-src 'none'; base-uri 'none'; style-src 'self' www.firefox.com; frame-src 'self' accounts.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube.com; font-src 'self' www.firefox.com; upgrade-insecure-requests; img-src 'self' data: www.firefox.com www.google-analytics.com www.googletagmanager.com www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; connect-src 'self' basket.mozilla.org https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.ingest.us.sentry.io o1069899.sentry.io region1.google-analytics.com www.firefox.com www.google-analytics.com www.googletagmanager.com; default-src 'self' www.firefox.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' s.ytimg.com tagmanager.google.com www.firefox.com www.google-analytics.com www.googletagmanager.com www.youtube.com; frame-ancestors 'none'; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.firefox.com www.mozilla.org 2 frame-ancestors 'self' https://*.un.org; 2 frame-ancestors 'self' *.intranet *.uolinc.com; 2 frame-ancestors 'self' https://partner.tp-link.com https://partner-test.tp-link.com https://www.tapo.com https://*.store.tapo.com https://store.omadanetworks.com https://*.store.tp-link.com https://clarity.microsoft.com https://*.shopifypreview.com https://*.shopify.com https://*.myshopify.com https://*.shopifyapps.com 2 default-src temu: *.temu.com *.kwcdn.com *.temucdn.com wss://*.temu.com *.paypal.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.com.au www.google.co.nz google.com connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com www.paypalobjects.com *.braintree-api.com *.braintreegateway.com cash-f.squarecdn.com api.squareup.com api.lab.amplitude.com *.paidy.com *.cardinalcommerce.com *.stripe.com d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3lqotgbn3npr.cloudfront.net d6rak4b14t5gp.cloudfront.net dlthst9q2beh8.cloudfront.net o160250.ingest.sentry.io *.pagoefectivo.pe wauth.teledit.com *.smartropay.co.kr *.mobilians.co.kr applepay.cdn-apple.com codigoqr.pagoefectivolatam.com blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval'; report-uri /api/sec-csp/110000006/enforce 2 default-src https: 'unsafe-inline' data: blob:; frame-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; media-src https: 'unsafe-inline' data: blob:; img-src https: http: data: blob:; frame-ancestors https: 2 frame-ancestors 'self' *.cnbc.com https://cnbc.zendesk.com; 2 frame-ancestors https://currently.att.yahoo.com https://start.att.net https://test-start.att.net https://test-www.att.net https://www.att.net http://test-start.att.net http://test-ww.att.net; 2 frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; 2 connect-src 'self' https://search.brave.com https://newsletter.brave.app https://analytics.brave.com; default-src 'none'; media-src 'self'; font-src 'self'; frame-ancestors 'self' https://ads.brave.com https://ads.bravesoftware.com; frame-src 'self' https://blocksurvey.io https://survey.brave.app https://contact.ads.brave.com https://html5-player.libsyn.com https://player.vimeo.com https://boards.greenhouse.io https://job-boards.greenhouse.io https://www.youtube-nocookie.com https://app.boostr.com/; img-src 'self' data: https://imgs.search.brave.com https://analytics.brave.com https://boards.greenhouse.io https://job-boards.greenhouse.io; script-src 'self' https://boards.greenhouse.io https://job-boards.greenhouse.io; style-src 'self' 'unsafe-inline'; object-src 'self'; manifest-src 'self'; upgrade-insecure-requests; 2 frame-ancestors 'self' *.wallet.airpay.co.id *.shopee.kr *.airpay.co.id *.shopeemobile.com *.shopee.co.id *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com; 2 frame-ancestors https://platform.theverge.com https://*.theverge.com https://platform.theverge.com https://*.theverge.com 'self' 2 default-src 'self' https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://ekr.zendesk.com wss://mixpanelsupport.zendesk.com https://framerusercontent.com https://mixpanel.com https://*.mixpanel.com https://thesignalprod.wpenginepowered.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://cdn.rollbar.com https://js.stripe.com https://*.zdassets.com https://*.zopim.com https://assets.zendesk.com https://www.google.com https://www.gstatic.com https://widget.kapa.ai https://www.youtube.com/embed/ https://connect.facebook.net https://apis.google.com https://accounts.google.com https://*.sendbird.com 'unsafe-eval' https://*.6sc.co https://static.addtoany.com https://*.adroll.com https://cdn-assets-prod.s3.amazonaws.com https://optimizely.s3.amazonaws.com https://*.bing.com https://cdn.bizible.com https://*.clarity.ms https://cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net dnf20ypvrc856.cloudfront.net https://*.doubleclick.net https://framer.com https://*.framer.com https://framerusercontent.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.g2crowd.com https://app.leandata.com https://cdn.leandata.com https://cdn1.leandata.com https://snap.licdn.com https://*.marketo.com https://*.marketo.net https://mixpanel.com https://*.mixpanel.com https://*.optimizely.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://www.redditstatic.com/ads/ https://js.sentry-cdn.com https://*.singular.net https://*.ads-twitter.com https://*.typeform.com https://use.typekit.net https://mxpnlcms.wpengine.com https://*.youtube.com https://*.zoominfo.com; connect-src 'self' blob: data: wss://api.liveblocks.io https://api.liveblocks.io https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.sentry.io https://api.honeycomb.io https://api.rollbar.com https://api.sprig.com https://*.zdassets.com https://mixpanelsupport.zendesk.com https://*.zopim.com wss://*.zopim.com https://www.google.com https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://proxy.kapa.ai https://storage.googleapis.com https://*.facebook.com https://*.sendbird.com https://*.amazonaws.com ws://*.sendbird.com https://*.6sc.co https://*.adnxs.com https://cdn-assets-prod.s3.amazonaws.com https://*.bing.com https://*.bugsnag.com https://*.clarity.ms https://*.doubleclick.net https://framer.com https://*.framer.com https://app.framerstatic.com https://framerusercontent.com https://google.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://tracking-api.g2.com https://*.g2crowd.com https://app.leandata.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mktoresp.com https://*.optimizely.com https://cdn.linkedin.oribi.io https://*.reddit.com https://www.redditstatic.com/ads/ https://unpkg.com/@rive-app/canvas@1.2.4/rive.wasm https://unpkg.com/@rive-app/webgl2@2.27.5/rive.wasm https://public.rive.app https://*.singular.net https://mxpnlcms.wpengine.com https://thesignalprod.wpenginepowered.com https://*.zoominfo.com; img-src 'self' blob: data: https://api.liveblocks.io https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.zdassets.com https://*.zopim.com https://v2uploads.zopim.io https://storage.googleapis.com https://*.facebook.com https://*.gravatar.com https://*.wp.com https://*.sendbird.com https://*.amazonaws.com ws://*.sendbird.com https://*.3lift.com https://*.33across.com https://*.6sc.co https://*.adnxs.com https://*.adroll.com https://*.bidswitch.net https://*.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://*.bugsnag.com https://ct.capterra.com https://*.casalemedia.com https://*.clarity.ms https://*.crwdcntrl.net https://*.doubleclick.net https://*.exelator.com https://framerusercontent.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.googleusercontent.com https://*.imrworldwide.com https://cdn.leandata.com https://cdn1.leandata.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.openx.net https://*.optimizely.com https://sync.outbrain.com https://*.pubmatic.com https://*.reddit.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://pixel.sitescout.com/ https://sync.taboola.com https://*.turn.com/ https://t.co/ https://analytics.twitter.com https://beacon.walmart.com https://*.wpengine.com https://mxpnlcms.wpengine.com https://mxpnlcms.wpenginepowered.com https://thesignalprod.wpenginepowered.com https://*.analytics.yahoo.com https://i.ytimg.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.google.com https://fonts.googleapis.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://hello.myfonts.net; font-src 'self' data: https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://framerusercontent.com https://*.gstatic.com https://cdn.leandata.com https://cdn1.leandata.com https://mixpanel.com https://*.mixpanel.com; frame-src 'self' https://cdn.mxpnl.com/static/ https://js.stripe.com https://www.google.com https://www.loom.com/embed/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com https://accounts.google.com https://static.addtoany.com https://*.bing.com dta8euw1l8gvs.cloudfront.net https://*.doubleclick.net https://framer.com https://*.framer.com https://*.google.com https://www.googletagmanager.com https://mixpanel.my.leandata.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://capture.navattic.com/ https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://rive.app https://my.spline.design/ https://*.typeform.com; worker-src 'self' blob:; 2 frame-ancestors http://*.wps.com https://*.wps.com 2 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self'; frame-ancestors https://*.lenovo.com lenovoeaastest.service-now.com lenovoeaasdev.service-now.com lenovoeaasstage.service-now.com lenovoeaas.service-now.com 2 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.braintree-api.com *.stripe.com *.dlocal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net surveys-web.delighted.com p2a.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com sr-client-cfg.amplitude.com api-sr.amplitude.com api2.amplitude.com *.cloudflarestream.com code.jquery.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org *.airbrake.io *.sentry.io browser-update.org *.tiktok.com *.bannerbear.com ads.nextdoor.com flask.nextdoor.com *.maze.co us-central1-niftic-agency.cloudfunctions.net/change-starter-image us-central1-niftic-agency.cloudfunctions.net/openai/generate-draft us-central1-niftic-agency.cloudfunctions.net/openai/generate-image cdn.iframe.ly tiles.openfreemap.org a.tile.openstreetmap.org change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self' https://www.paypal.com; frame-ancestors 'self' 2 media-src *.netgear.com;img-src *.commercecloud.salesforce.com *.contentstack.io cdn.contentstack.io assets.contentstack.io placehold.co *.bazaarvoice.com *.google.com *.googletagmanager.com *.netgear.com *.facebook.com *.mobify-storefront.com *.crazyegg.com user-images.crazyeggcdn.com *.facebook.net *.pepperjam.com *.bing.com *.adsrvr.org *.criteo.com *.attn.tv *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.attentivemobile.com rtb-csync.smartadserver.com x.bidswitch.net *.adnxs.com partner.mediawallahscript.com r.casalemedia.com ads.stickyadstv.com ad.360yield.com *.liadm.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com trends.revcontent.com *.rubiconproject.com sync-t1.taboola.com tapestry.tapad.com criteo-sync.teads.tv criteo-partners.tremorhub.com ade.clmbtech.com eb2.3lift.com sync.1rx.io dpm.demdex.net aa.agkn.com *.doubleclick.net *.tpmn.co.kr thrtle.com *.lijit.com *.simpli.fi *.openx.net *.pippio.com *.unrulymedia.com *.crwdcntrl.net *.tpmn.io ad.mrtnsvr.com pippio.com *.imrworldwide.com *.yahoo.com *.rlcdn.com *.pubmatic.com *.bidr.io *.dmxleo.com *.dotomi.com *.ipredictive.com *.mathtag.com *.licdn.com *.linkedin.com *.datagrail.io *.adition.com *.stackadapt.com *.sportradarserving.com *.googlesyndication.com *.tribalfusion.com tg.socdm.com cs.adingo.jp *.chatanexpert.com fonts.gstatic.com user-sync.fwmrm.net *.optimizely.com 'self' data:;script-src storage.googleapis.com cdn.jsdelivr.net apps.bazaarvoice.com *.api.bazaarvoice.com display.ugc.bazaarvoice.com cdn1-sandbox.affirm.com cdn1.sandbox.affirm.com cdn1.affirm.com maps.googleapis.com *.bazaarvoice.com 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.google.com *.gstatic.com unpkg.com *.crazyegg.com *.facebook.net *.pepperjam.com *.bing.com *.adsrvr.org *.criteo.com *.attn.tv *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.facebook.com *.attentivemobile.com *.doubleclick.net *.licdn.com *.salesforce.com *.salesforce-sites.com *.force.com *.salesforceliveagent.com *.linkedin.com *.datagrail.io *.adition.com *.rubiconproject.com *.chatanexpert.com *.sportradarserving.com *.googlesyndication.com geoip-js.com user-sync.fwmrm.net *.datadoghq.com *.datadoghq-browser-agent.com *.liadm.com *.hs-scripts.com *.optimizely.com *.downloads.netgear.com *.forethought.ai https://runtime.commercecloud.com;connect-src api.cquotient.com *.c360a.salesforce.com *.contentstack.com *.cdn.contentstack.io cdn.contentstack.io assets.contentstack.io *.algolianet.com *.algolia.net insights.algolia.io *.bazaarvoice.com sandbox.affirm.com cdn-assets.affirm.com *.affirm.com affirm.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleadservices.com *.doubleclick.net *.a.run.app 'self' 'unsafe-eval' 'unsafe-inline' *.mobify-storefront.com *.crazyegg.com *.facebook.net *.pepperjam.com *.bing.com *.adsrvr.org *.criteo.com *.attn.tv *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.facebook.com *.attentivemobile.com rtb-csync.smartadserver.com x.bidswitch.net ib.adnxs.com partner.mediawallahscript.com r.casalemedia.com ads.stickyadstv.com ad.360yield.com *.liadm.com contextual.media.net exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com trends.revcontent.com *.rubiconproject.com sync-t1.taboola.com tapestry.tapad.com criteo-sync.teads.tv criteo-partners.tremorhub.com ade.clmbtech.com eb2.3lift.com sync.1rx.io dpm.demdex.net aa.agkn.com *.linkedin.com *.datagrail.io *.sportradarserving.com *.googlesyndication.com *.tribalfusion.com *.netgear.com *.chatanexpert.com geoip-js.com *.datadoghq.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.salesforce-sites.com *.optimizely.com *.forethought.ai https://runtime.commercecloud.com;worker-src 'self' blob: *.salesforce.com *.mobify-storefront.com localhost:3000 *.netgear.com;frame-ancestors 'self' localhost:* *.contentstack.com *.optimizely.com https://runtime.commercecloud.com;frame-src *.facebook.com *.affirm.com *.doubleclick.net *.googletagmanager.com *.a.run.app *.adsrvr.org *.criteo.com *.criteo.net *.paa-reporting-advertising.amazon *.attn.tv *.force.com *.salesforceliveagent.com *.datagrail.io *.youtube.com *.brighttalk.com *.hsforms.com *.chatanexpert.com *.optimizely.com *.downloads.netgear.com *.forethought.ai *.crazyegg.com;style-src 'self' *.crazyegg.com *.chatanexpert.com 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 2 script-src 'report-sample' 'self' 'unsafe-eval' 'wasm-unsafe-eval' *.bing.com *.capcutcdn-us.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googlesyndication.com *.googletagmanager.com *.tiktokcdn-us.com appleid.cdn-apple.com ep2.adtrafficquality.google googleads.g.doubleclick.net scripts.clarity.ms www.clarity.ms www.gstatic.com; upgrade-insecure-requests ; worker-src 'self'; base-uri 'none'; frame-ancestors 'self' bytedance: file: *.capcut.com; frame-src 'self' bytedance: *.capcut.com *.capcutw.us *.google.com *.googletagmanager.com capcut-yt.onelink.me ep2.adtrafficquality.google googleads.g.doubleclick.net media-evercloud.capcutapi.us td.doubleclick.net www.tiktok.com; object-src 'none'; report-to csp-endpoint; report-uri https://mon.capcutapi.us/monitor_browser/collect/batch/security/?bid=cc_web_compliance&c=31&ev_type=csp&r=20&v=20 2 upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' https://support.ancestry.com 2 default-src https: blob: ; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' ; img-src https: data: ; media-src blob: https: ; upgrade-insecure-requests; block-all-mixed-content; connect-src https: wss://*.insurads.com wss://*.hotjar.com; 2 connect-src * 'self' *.garmin.com *.sentry.io https://static.garmincdn.com https://*.cloudinary.com https://www.gstatic.com https://*.doubleclick.net https://*.criteo.com https://*.linksynergy.com https://*.bing.com https://*.pinterest.com https://*.snapchat.com https://px.ads.linkedin.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googlesyndication.com https://*.googlesyndication.com https://*.google.com https://akamai.tiqcdn.com https://*.akamaihd.net *.trustarc.com;script-src 'unsafe-inline' 'unsafe-eval' https://*.garmin.cn https://cdn.jsdelivr.net https://app.textrecruit.com 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.realytics.io https://klear.com https://px.adentifi.com https://cdn-eu.realytics.net https://secure.adnxs.com https://p.teads.tv https://js.adsrvr.org https://tag.rmp.rakuten.com https://s.pinimg.com https://sc-static.net https://*.snapchat.com https://ct.pinterest.com https://snap.licdn.com https://px.ads.linkedin.com https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://members.cj.com static-pages.fe.garmin.com http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com;img-src https://secure.adnxs.com https://www.facebook.com https://*.garmin.cn 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://res.garmin.com https://*.criteo.com https://*.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://*.teads.tv https://www.googletagmanager.com https://bat.bing.com https://*.yahoo.com https://sync.outbrain.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com *.akamaihd.net https://*.tealiumiq.com https://deploytealium.com https://pixel.mediaiqdigital.com;frame-src https://my.tealiumiq.com https://www.youtube-nocookie.com https://player.youku.com https://player.bilibili.com https://gum.criteo.com https://static.criteo.net https://assets.textrecruit.com *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://*.googletagmanager.com https://*.doubleclick.net https://*.criteo.com https://insight.adsrvr.org https://*.snapchat.com https://ct.pinterest.com;frame-ancestors https://pilotweb.garmin.com;default-src 'self' *.garmin.com https://static.garmincdn.com;style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com;object-src 'none';upgrade-insecure-requests;base-uri 'self';form-action 'self';script-src-attr 'none' 2 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 2 frame-ancestors 'self' v8.1c.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; script-src 'self' 1c.ru *.1c.ru mc.yandex.ru www.google-analytics.com www.google.com www.gstatic.com api-maps.yandex.ru yastatic.net *.maps.yandex.net vk.com code.jquery.com yandex.st app.chaport.com app.chaport.ru appcdn.chaport.ru call.chatra.io cdn-ru.bitrix24.ru 1csoft.bitrix24.ru www.googletagmanager.com www.youtube.com smartcaptcha.yandexcloud.net 'unsafe-inline' 'unsafe-eval'; 2 frame-ancestors 'self' https://as.com https://argentina.as.com https://chile.as.com https://colombia.as.com https://en.as.com https://mexico.as.com https://peru.as.com https://us.as.com https://apuestas.as.com 2 frame-ancestors https://*.poki.io http://localhost:1234 http://localhost:11001 http://localhost:8080/ 2 frame-ancestors 'self' *.lanacion.com.ar; 2 upgrade-insecure-requests; frame-ancestors 'self' localhost:* *.aftonbladet.localhost *.aftonbladet.dev *.aftonbladet.se *.aftonbladet-cdn.se admarket.schibsted.se *.svd.se *.vg.no; default-src http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; 2 upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* https://*.ecestaticos.com www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org player.h-cdn.com 2 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.vnexpress.net https://vnexpress.net 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; frame-ancestors *.tabor.ru *.tabor.by *.tab33.com *.tabor.kz *.mintapp.org; 2 frame-ancestors 'self' https://*.kicker.de https://*.kicker-tippspiel.de https://*.kicker-vereinsheim.de 2 frame-ancestors 'self' http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 2 frame-ancestors https://www.livehindustan.com https://*.girnarsoft.com https://agent.botsdekho.com 2 frame-ancestors 'self'; script-src https://cfnimg.joyclub.de/ *.joyclub.de https://aa.joyclub.com/ https://edserver-ndev.joyclub.com/* https://maps.googleapis.com/ https://www.google.com/ https://www.googleadservices.com/ www.googletagmanager.com *.youtube.de *.youtube.com *.youtube.ch *.youtube.at *.youtube.be https://www.youtube-nocookie.com https://s.ytimg.com www.tenor.com *.giphy.com https://www.gstatic.com/ https://connect.facebook.net/ blob: https://googleads.g.doubleclick.net/ https://paygate.novalnet.de/v2/ https://cdn.novalnet.de/js/v3/ https://static.zdassets.com/ https://www.joyclub.de/cdn-cgi/ https://www.joyclub.com/cdn-cgi/ https://pagead2.googlesyndication.com/; upgrade-insecure-requests 2 frame-ancestors 'self' https://*.sweb.ru https://webvisor.com http://webvisor.com ; 2 base-uri 'self'; connect-src * blob: data: *.crazyegg.com ; default-src 'self' *.meetup.com *.dev.meetup.com:8001 www.sjwoe.com *.crazyegg.com blob: ; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: *.crazyegg.com ;media-src *.meetup.com *.dev.meetup.com:8001 https://secure.meetupstatic.com www.sjwoe.com *.sendbird.com https://sendbird-us-3.s3.amazonaws.com; script-src * 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; style-src * 'unsafe-inline' *.crazyegg.com ; object-src 'none' 2 frame-ancestors https://www.evernote.com https://evernote.com https://stage.evernote.com https://app.preprod3.evernote.com https://evernote.prismic.io/ 'self' 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self' *.collegeboard.org; connect-src 'self' ws: *.collegeboard.org k625k2vrzvdo5g7ynbvtjejehi.appsync-api.us-east-1.amazonaws.com/graphql dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com/graphql cdn.cookielaw.org geolocation.onetrust.com lambda.us-east-1.amazonaws.com bam.nr-data.net cdn.aimtell.io cognito-identity.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com www.google.com privacyportal.onetrust.com apform.secure.force.com cdnm3.cdnservice.space/start5.json code.jquery.com api.trongrid.io/wallet/getnodeinfo dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com dgtkl2ep7natjmkbefhxflglie.appsync-realtime-api.us-east-1.amazonaws.com analytics.aimtell.com sts.us-west-2.amazonaws.com cognito-identity.us-west-2.amazonaws.com d1ktxyteejjrbw.cloudfront.net full-apform.cs190.force.com yt3.ggpht.com collegeboard-full.my.salesforce.com i.ytimg.com cdn.ckeditor.com telemetry.wiris.net wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net *.my.salesforce-sites.com ipapi.co 9frgh2i4b9.execute-api.us-east-1.amazonaws.com collegeboard--full.sandbox.my.salesforce-scrt.com collegeboard.my.salesforce-scrt.com signals.aimtell.com api.getambassador.com pagead2.googlesyndication.com *.googlevideo.com/videoplayback www.googleadservices.com google.com; font-src 'self' *.collegeboard.org themes.googleusercontent.com fonts.gstatic.com data: moz-extension: use.fontawesome.com static3.avast.com at.alicdn.com cdn.loom.com/assets/fonts/ wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/output/chtml/fonts/woff-v2/; frame-src 'self' *.collegeboard.org service.force.com beacon.aimtell.com datacloudstat.com www.youtube.com ws-lmdc-app03.dhs.state.nj.us gateway.zscloud.net mozbar.moz.com *.id.opendns.com lsrelay-config-production.s3.amazonaws.com pg-sasscer-ckf04.pgcps.org static.deledao.com data: schools-blocked.s3-website-us-east-1.amazonaws.com calendly.com platform.twitter.com *.appcues.com credentialfinder.org apps.credentialengine.org *.webcasts.com td.doubleclick.net www.googletagmanager.com cb-zscaler-pages.s3.amazonaws.com us-east-1.quicksight.aws.amazon.com www.buzzsprout.com cdn.aimtell.com collegeboard--full.sandbox.my.site.com collegeboard.my.site.com; img-src 'self' *.collegeboard.org data: www.google.com googleads.g.doubleclick.net www.googletagmanager.com www.google.co.jp www.google.ca www.google.co www.google.jo translate.google.com d10lpsik1i8c69.cloudfront.net *.appcues.com res.cloudinary.com twemoji.maxcdn.com cdn.cookielaw.org signals.aimtell.com pagead2.googlesyndication.com www.googleadservices.com google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.collegeboard.org cdnjs.cloudflare.com sdk.amazonaws.com cdn.cookielaw.org www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.youtube.com *.salesforceliveagent.com service.force.com ajax.cloudflare.com js-agent.newrelic.com bam.nr-data.net d10lpsik1i8c69.cloudfront.net s3.amazonaws.com/cdn.aimtell.com/ www.google.com static.lightning.force.com *.my.salesforce.com *.my.salesforce-sites.com apform.secure.force.com www.pagespeed-mod.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js assets.calendly.com platform.twitter.com *.appcues.com cb-zscaler-pages.s3.amazonaws.com www.buzzsprout.com cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js collegeboard--full.sandbox.my.site.com collegeboard.my.site.com cdn.aimtell.com client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3.3.2/dist/fp.js pagead2.googlesyndication.com blue.mbsy.co https://athena.collegeboard.org/2.2.4/cbw-widgets.min.js https://atlas.collegeboard.org/apricot/prod/4.9.1/dx_profile.js https://atlas.collegeboard.org/apricot/prod/4.9.1/main.min.js https://bigfuture.collegeboard.org/widgets/v2/CollegeSearchAndSaveTypeahead.js https://cdn.jsdelivr.net/npm/html2canvas@1.3.2/dist/html2canvas.min.js https://cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/tex-mml-chtml.js https://cdnjs.cloudflare.com/ajax/libs/noUiSlider/15.5.1/nouislider.min.js https://github.com/mattfarina/farbtastic/blob/master/src/farbtastic.js; style-src 'self' 'unsafe-inline' *.collegeboard.org service.force.com translate.googleapis.com use.fontawesome.com apform.secure.force.com *.my.salesforce-sites.com d10lpsik1i8c69.cloudfront.net/css/reset.css fonts.googleapis.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com fonts.google.com collegeboard--full.sandbox.my.site.com collegeboard.my.site.com cdn.cookielaw.org https://atlas.collegeboard.org/apricot/prod/4.6.1/org.css https://atlas.collegeboard.org/apricot/prod/4.9.1/athena.min.css https://atlas.collegeboard.org/apricot/prod/4.9.1/dx_ckeditor.min.css https://atlas.collegeboard.org/apricot/prod/4.9.1/dx_profile.css https://atlas.collegeboard.org/apricot/prod/4.9.1/glyphs.css https://atlas.collegeboard.org/apricot/prod/4.9.1/illustrations.css https://atlas.collegeboard.org/apricot/prod/4.9.1/main.min.css https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css https://cdnjs.cloudflare.com/ajax/libs/noUiSlider/15.5.1/nouislider.min.css; frame-ancestors 'self' credentialfinder.org; report-uri https://endpoint5.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV0RBARw3e7I1maofn0rkqtWoPBPNh0wBLdICmPwpVd0aV427YIAMoG3 2 base-uri 'self'; default-src 'self'; connect-src 'self' blob: https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv https://tenor.googleapis.com; script-src 'self' data: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.net https://pixel.mtrcs.samba.tv https://*.google.com 'nonce-NzU0Yjg0NjgtZDY4Mi00MTExLTk3NjktZmM1ZGZhMDIxNWY5' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://*.googletagmanager.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.gstatic.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/ https://tenor.googleapis.com/ https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/; frame-src 'self' https://www.facebook.com/tr/ https://*.google.com https://*.googleapis.com; object-src 'none' 2 frame-ancestors https://platform.vox.com https://*.vox.com https://platform.vox.com https://*.vox.com 'self' 2 frame-ancestors https://*.orange.fr https://*.sosh.fr https://*.parnasse.fr https://*.soshcaraibe.fr https://*.sosh.re https://*.orange.re 2 default-src 'none'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' blob: data: cdn.cookielaw.org smetrics.namestudio.com; script-src-elem 'strict-dynamic' 'sha256-Wrd5SYtFxDbeNoDQS4Z7nuyy0OqRx/CqRyp38WUx5Ls=' 'sha256-658RIMibPtRHbSFPqdWLOsN6W4KvYMcF5qfyRV9CCXs=' 'sha256-DAdcNCznatAic7CJO43q7/GEf+7V28WTTDgMADP97xU=' 'sha256-ZGGYeVNCF0QV+viSUqMz9oAkiCtnRtJXxngSWu6ySeA=' 'sha256-Yy40+F5SQcIhcHjc9wIt/jjqzpB8W+dKgoYzrJzouJU=' 'sha256-SefwzvulzVNL5+vfTekq/y0nLY7bsU9ysLZgLTbz+78='; style-src 'self' 'unsafe-inline'; connect-src 'self' nswm-service.verisign.com api.namestudio.com assets.adobedtm.com cdn.cookielaw.org dpm.demdex.net smetrics.namestudio.com geolocation.onetrust.com privacyportal.onetrust.com verisignincglobaldev.112.2o7.net verisign.sc.omtrdc.net 2 frame-ancestors 'self' *.cafe24.com *.cafe24shop.com *.hanpda.com *.wehost24.com 2 object-src 'self' *.youtube.com; frame-ancestors 'self' 2 default-src 'self'; font-src 'self' data: *.raif.v305.tmphost.ru cdn.megabonus.com fonts.gstatic.com kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com www.gstatic.com yastatic.net; style-src 'self' 'unsafe-inline' *.raif.v305.tmphost.ru cdn.jsdelivr.net kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com www.gstatic.com yastatic.net *.yastatic.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.insapp.ru *.kaspersky-labs.com widget.oval.life polyfill.io code.jquery.com edge.fullstory.com connect.facebook.net *.googleoptimize.com *.tmweb.ru unpkg.com platform.twitter.com *.rutarget.ru *.hybrid.ai snap.licdn.com *.kirarock.space *.mail.ru *.raif.v305.tmphost.ru *.vk.com *.yandexcloud.net analytics.tiktok.com cdn.jsdelivr.net google-analytics.com *.google-analytics.com google.com *.google.com kaplife.ru *.kaplife.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.agentapp.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com ru.id.facct.ru ru.id.group-ib.com statad.ru vk.com www.googletagmanager.com www.gstatic.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net yastatic.net yastatic.net *.yastatic.net; frame-src *.doubleclick.net *.insapp.ru *.raif.v305.tmphost.ru *.vk.com *.yandexcloud.net captcha-api.yandex.ru google.com *.google.com kaplife.ru *.kaplife.ru mc.yandex.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen.agentapp.ru raiffeisen.ru *.raiffeisen.ru ru.id.facct.ru ru.id.group-ib.com sync.1dmp.io vk.com zettains.ru securepaymentway.ru *.sbrf.ru securepaymentgateway.ru securecardpayment.ru *.sberbank.ru mafin.ru raif.ponimau.com www.youtube.com; connect-src 'self' *.doubleclick.net *.insapp.ru *.kirarock.space *.mail.ru *.trackjs.com *.upravel.com *.vk.com analytics.tiktok.com dadata.ru *.dadata.ru google-analytics.com *.google-analytics.com kaplife.ru *.kaplife.ru lottiefiles.com *.lottiefiles.com mc.yandex.ru raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com ru.id.facct.ru vk.com wss://*.raiffeisen.ru raiffeisen.cpeople.ru sentry.b2bpolis.ru sbbe.group-ib.ru *.fp.kaspersky-labs.com *.amplitude.com ymetrica1.com wss://mc.yandex.ru www.googletagmanager.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net; img-src 'self' blob: data: *.mail.ru *.trackjs.com *.upravel.com *.vk.com google-analytics.com *.google-analytics.com kaplife.ru *.kaplife.ru lottiefiles.com *.lottiefiles.com raiffeisen-capital.ru *.raiffeisen-capital.ru raiffeisen-life.ru *.raiffeisen-life.ru raiffeisen-media.ru *.raiffeisen-media.ru raiffeisen.ru *.raiffeisen.ru rbinternational.com *.rbinternational.com statad.ru sync.1dmp.io vk.com www.google.com www.google.ru *.google.com.tr www.gstatic.com www.welldonecode.com proxy-block.raiffeisen.ru:8002 hit.acstat.com yandex.ru *.yandex.ru *.yandex.com *.yandex.by *.yandex.md *.yandex.kz *.yandex.net yastatic.net *.yastatic.net; media-src blob: data: audiocdn.lingualeo.com api.lingvolive.com raiffeisen.ru *.raiffeisen.ru; form-action 'self'; frame-ancestors 'self' raiffeisen.ru *.raiffeisen.ru; 2 frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com 2 frame-ancestors https://*.mintegral.com 2 default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com.cn https://smb.apple.com swdlp.apple.com www.apple.com.cn www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: apple.com *.apple.com *.apple.com.cn *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com *.apple.com.cn 2 frame-ancestors 'self' https://*.webflow.com https://webflow.com https://app.intellimize.com 2 frame-ancestors 'self'; object-src https://*.citrix.com https://capture.navattic.com; plugin-types application/x-shockwave-flash application/pdf 2 frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://content.schwab.com https://client.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabtrustbankcollectives.com 2 frame-ancestors 'self' https://www.northpass.com https://gainsight.pathfactory.com https://content.gainsight.com 2 default-src 'self' https:; font-src 'self' https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://fonts.gstatic.com/ https://p1.answerdash.com/ https://maxcdn.bootstrapcdn.com/; img-src 'self' data: https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://*.paypal.com/ https://www.facebook.com/ https://connect.facebook.net/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com https://chart.googleapis.com/ https://www.google.com/ https://www.google.ca/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.zopim.io/ https://api.smooch.io/ https://hover.zendesk.com/ https://*.licdn.com/ https://*.hsforms.net/ https://*.hsforms.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ad.doubleclick.net/ https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://*.google-analytics.com/ https://www.googleadservices.com/ https://*.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com https://*.braintreegateway.com/ https://*.paypal.com/ https://*.marketingsolutions.yahoo.com/ https://cdnjs.cloudflare.com/ https://www.paypalobjects.com/ https://browser.sentry-cdn.com/ https://sentry.io/ https://js.sentry-cdn.com/ https://p1.answerdash.com/ https://utt.impactcdn.com/ https://*.impact.com/ https://hover-affiliates.pxf.io/ https://d33wwcok8lortz.cloudfront.net/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://static.zdassets.com/ https://api.smooch.io/ https://hover.zendesk.com/ https://googleads.g.doubleclick.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hsforms.net/ https://*.hsforms.com/; style-src 'self' 'unsafe-inline' https://*.braintreegateway.com/ https://hover-assets.s3.ca-central-1.amazonaws.com/ https://s3.ca-central-1.amazonaws.com/hover-assets/ https://p1.answerdash.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.paypal.com/; frame-src 'self' https://assets.braintreegateway.com/ https://td.doubleclick.net/ https://hover-affiliates.pxf.io/ https://www.ojrq.net/ https://*.fls.doubleclick.net/ https://*.kaptcha.com/ https://*.paypal.com/ https://*.hsforms.net/ https://*.hsforms.com/; connect-src 'self' https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://analytics.google.com/ https://www.google.com/ https://pagead2.googlesyndication.com/ https://px.ads.linkedin.com/ https://*.braintree-api.com/ https://*.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://*.paypal.com/ https://api.smooch.io/ https://hover.zendesk.com/ https://ekr.zdassets.com/ https://ad.doubleclick.net/ https://stats.g.doubleclick.net/ wss://widget-mediator.zopim.com/ https://cdn.linkedin.oribi.io/ https://sentry.io/ https://js.sentry-cdn.com/ https://www.facebook.com/ https://*.hscollectedforms.net/ https://*.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com; media-src 'self' https://px.ads.linkedin.com/ https://static.zdassets.com/ 2 default-src 'none'; script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ web-sdk-cdn.singular.net/singular-gtm-interface/latest/singular-gtm-interface.js web-sdk-cdn.singular.net/singular-sdk/latest/singular-sdk.js static.ads-twitter.com s.yimg.com *.usercentrics.eu snap.licdn.com collector-47804.us.tvsquared.com/tv2track.js ; worker-src 'self' blob: ; frame-src www.google.com/recaptcha/ www.youtube.com/iframe_api/ www.youtube.com/embed/ www.googletagmanager.com boards.greenhouse.io tr6.snapchat.com tr.snapchat.com fcm.quick1fr.com *.usercentrics.eu https://preview.widgets.ninetailed.io/ https://*.fls.doubleclick.net/ ; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com ; font-src 'self' cdn.robinhood.com data: ; media-src 'self' cdn.robinhood.com *.usercentrics.eu videos.ctfassets.net/ilblxxee70tt/ videos.ctfassets.net/1hpl803w8xsv/ ; img-src 'self' images.robinhood.com cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net i.ytimg.com/vi/ images.ctfassets.net downloads.ctfassets.net www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com www.googleadservices.com tr.snapchat.com tr6.snapchat.com bat.bing.com googleads.g.doubleclick.net ad.doubleclick.net pixel.pointmediatracker.com cnv.event.prod.bidr.io/log/cnv data: alb.reddit.com analytics.twitter.com t.co sp.analytics.yahoo.com *.usercentrics.eu cdn.blisspointmedia.com/assets/img/ px.ads.linkedin.com collector-47804.us.tvsquared.com/tv2track.php images.ctfassets.net/ilblxxee70tt/ images.ctfassets.net/1hpl803w8xsv/ https://lh7-us.googleusercontent.com https://lh7-rt.googleusercontent.com ; frame-ancestors 'self' https://app.contentful.com ; manifest-src 'self' cdn.robinhood.com ; connect-src 'self' robinhood.com *.robinhood.com *.x1creditcard.com *.apollo.rhinternal.net www.google-analytics.com stats.g.doubleclick.net bat.bing.com/actionp/ bat.bing.com/p/conversions/ us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink ssl.google-analytics.com analytics.google.com sentry.io o62437.ingest.sentry.io www.googletagmanager.com tagmanager.google.com www.google.com/ccm/collect www.google.com/gmp/conversion www.google.com/pagead/1p-conversion/ www.google.com/recaptcha/ www.googleadservices.com/pagead/conversion/ www.facebook.com/privacy_sandbox/topics/registration/ ad.doubleclick.net www.redditstatic.com/ads/conversions-config/v1/pixel/config/ pixel-config.reddit.com/pixels/ conversions-config.reddit.com/v1/pixel/ analytics.tiktok.com sdk-api-v1.singular.net/api/v1/event boards-api.greenhouse.io preview.contentful.com cdn.contentful.com experience.ninetailed.co s.yimg.com *.usercentrics.eu api.instagram.com/ px.ads.linkedin.com assets.ctfassets.net/ilblxxee70tt/ assets.ctfassets.net/1hpl803w8xsv/ https://ingest.insights.ninetailed.co ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o62437.ingest.sentry.io/api/1336410/security/?sentry_key=dadc326d25814a55b5486cb04f439a29; base-uri 'self' 2 default-src 'self' 'unsafe-inline' data:;;script-src 'self' 'unsafe-eval' 'unsafe-inline' players.brightcove.net vjs.zencdn.net *.contentsquare.net app.contentsquare.com;;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' siteintercept.qualtrics.com zn1ozcgbmcuc4phgv-allaccor.siteintercept.qualtrics.com cdn.cookielaw.org www.googletagmanager.com players.brightcove.net js.hcaptcha.com *.contentsquare.net;;style-src 'self' 'unsafe-inline' players.brightcove.net;;style-src-elem 'self' 'unsafe-inline';;img-src https: data: 'self' 'unsafe-inline' players.brightcove.net *.boltdns.net *.akamaihd.net *.contentsquare.net;;frame-src https://www.google.com https://charts.symex.be https://players.brightcove.net https://newassets.hcaptcha.com https://allaccor.qualtrics.com;;connect-src 'self' 'unsafe-inline' https://privacyportal-de.onetrust.com/ https://*.google-analytics.com https://cdn.cookielaw.org https://siteintercept.qualtrics.com https://rum-ingest.eu0.signalfx.com https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://accor.symex.be https://*.algolia.net https://players.brightcove.net https://edge.api.brightcove.com *.contentsquare.net *.contentsquare.com;;media-src 'self' blob: *.brightcovecdn.com *.boltdns.net;;worker-src 'self' blob:;;child-src blob:; 2 default-src https://*.peacocktv.com; form-action https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.qualtrics.com https://*.paypal.com; font-src 'self' data: https://*.peacocktv.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.peacocktv.com https://core.spreedly.com https://browser.sentry-cdn.com https://*.salesforceliveagent.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://*.optimizely.com https://nbcstreaming.sc.omtrdc.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://assets.adobedtm.com https://js.createsend1.com https://www.googletagmanager.com https://nbcuss.demdex.net https://jssdkcdns.mparticle.com https://www.google.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.google-analytics.com https://t.contentsquare.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://s0.ipstatp.com https://d.impactradius-event.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com https://*.onetrust.com https://s.yimg.com https://sp.analytics.yahoo.com https://*.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://s8t.teads.tv https://tr.snapchat.com https://www.paypal.com https://www.clarity.ms https://ct.pinterest.com https://*.qualtrics.com https://www.youtube.com https://content.zenimpact.io https://hub2.zenimpact.io https://insight-api-kgw.zenimpact.io https://cys26963.jscrambler.com https://d-code.liadm.com https://idx.liadm.com https://edge.fullstory.com https://rs.fullstory.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; connect-src 'self' localhost:* ws://localhost:* https://*.campaign.adobe.com https://*.peacocktv.com https://core.spreedly.com https://*.force.com https://*.salesforce.com https://*.my.salesforce.com https://*.salesforce-sites.com https://graph.facebook.com https://nbcuss.demdex.net https://*.mparticle.com https://createsend.com https://www.createsend.com https://www.facebook.com https://*.ott.sky.com https://sas-apm-prod.telemetry.nbcuott.com https://0d15692193ba43a8a9384fed500b3a1d.apm.us-east-1.aws.cloud.es.io https://sdk.iad-03.appboy.com https://sdk.iad-03.braze.com https://*.contentsquare.net https://*.optimizely.com https://ct.pinterest.com https://nbcstreaming.sc.omtrdc.net https://analytics.tiktok.com https://cdn.cookielaw.org https://*.onetrust.com https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr.snapchat.com https://www.google-analytics.com https://imp.i305175.net https://analytics.twitter.com https://dpm.demdex.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://*.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://*.paypal.com https://api.ipify.org https://www.redditstatic.com https://analytics.pangle-ads.com https://*.analytics.google.com https://stats.g.doubleclick.net https://tr6.snapchat.com https://*.clarity.ms https://*.qualtrics.com https://subscriber-incentives.pickaxe.ai https://content.zenimpact.io https://hub2.zenimpact.io https://idx.liadm.com https://rp.liadm.com https://rp4.liadm.com https://insight-api-kgw.zenimpact.io https://cys26963.jscrambler.com https://nbcu-ds-svr-side-tag-dev-001.ue.r.appspot.com https://edge.fullstory.com https://rs.fullstory.com https://browser-intake-datadoghq.com https://ara.paa-reporting-advertising.amazon https://www.google.com https://logx.optimizely.com https://*.optimizely.com; img-src 'self' data: localhost:* blob: https://peacocktv.com https://*.peacocktv.com https://t.co https://www.facebook.com https://nbcstreaming.sc.omtrdc.net https://www.google.com https://www.google.co.uk https://us-gmtdmp.mookie1.com https://www.google-analytics.com https://*.contentsquare.net https://stats.g.doubleclick.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://d.agkn.com https://s0.ipstatp.com https://alb.reddit.com https://ct.pinterest.com https://business.topbuzz.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://*.onetrust.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://roost.nbcuni.com https://*.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://a.teads.tv https://s8t.teads.tv https://www.paypalobjects.com https://*.scene7.com https://ad.doubleclick.net https://cm.everesttech.net https://*.qualtrics.com https://content.zenimpact.io https://hub2.zenimpact.io https://rp.liadm.com https://rp4.liadm.com https://cnv.event.prod.bidr.io https://rs.fullstory.com https://www.googletagmanager.com https://dpm.demdex.net https://cdn.optimizely.com; style-src 'self' 'unsafe-inline' https://*.peacocktv.com https://*.force.com https://*.salesforce-sites.com https://*.my.salesforce.com https://cdn.cookielaw.org https://*.onetrust.com https://content.zenimpact.io https://hub2.zenimpact.io; media-src 'self' data: blob: localhost:* https://peacocktv.com https://*.peacocktv.com https://roost.nbcuni.com https://content.zenimpact.io https://hub2.zenimpact.io; frame-src https://core.spreedly.com https://www.peacocktv.com/sas-3dsecure https://*.peacocktv.com https://nbcuss.demdex.net https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.fls.doubleclick.net https://td.doubleclick.net https://imp.i305175.net https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://peacockprincess22.creativezing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr6.snapchat.com https://pinterest.com http://ct.pinterest.com https://match.adsrvr.org https://*.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://www.youtube.com https://*.paypal.com https://*.optimizely.com https://*.qualtrics.com https://open.spotify.com https://content.zenimpact.io https://hub2.zenimpact.io https://www.googletagmanager.com https://a18154240447.cdn.optimizely.com https://a18154240447.cdn-pci.optimizely.com; block-all-mixed-content; upgrade-insecure-requests; 2 base-uri 'self'; connect-src 'self' https://api.github.com/repos/ https://api.github.com/search/issues https://gitlab.com/api/ https://analytics.python.org fastly-insights.com *.fastly-insights.com *.ethicalads.io https://api.pwnedpasswords.com https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/sre/mathmaps/ https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.stripe.com https://billing.stripe.com; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://pypi-camo.freetls.fastly.net/ *.fastly-insights.com *.ethicalads.io ethicalads.blob.core.windows.net; script-src 'self' https://analytics.python.org *.fastly-insights.com *.ethicalads.io 'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0=' https://cdn.jsdelivr.net/npm/mathjax@3.2.2/ 'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII=' 'sha256-0POaN8stWYQxhzjKS+/eOfbbJ/u4YHO5ZagJvLpMypo='; style-src 'self' fonts.googleapis.com *.ethicalads.io 'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE=' 'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE=' 'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA=' 'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='; worker-src *.fastly-insights.com 2 frame-ancestors 'self' https://app.optimizely.com 2 upgrade-insecure-requests;frame-ancestors 'self' https://*.sueddeutsche.de https://*.jetzt.de https://*.szcms.de https://*.szdm.io; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.allrecipes.com; upgrade-insecure-requests; 2 default-src 'self' *.trafficjunky.com *.trafficjunky.net blob: ; script-src 'self' *.trafficjunky.com 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com *.gstatic.com *.pendo.io *.googleapis.com blob: unpkg.com connect.facebook.net snap.licdn.com cdn.debugbear.com *.anura.io *.redditstatic.com accounts.google.com www.googleapis.com static.trafficjunky.com ht-cdn-uat.trafficjunky.net ; connect-src 'self' *.trafficjunky.com mgpg2.probiller.com mgpg.stage.pbk8s.com www.facebook.com www.google.com maps.googleapis.com *.google-analytics.com *.googlesyndication.com *.linkedin.com *.pendo.io *.trafficjunky.net data.debugbear.com *.anura.io api.fpjs.io *.redditstatic.com pixel-config.reddit.com ads.reddit.com accounts.google.com www.googleapis.com ; img-src 'self' https: data: alb.reddit.com ; style-src 'self' *.trafficjunky.com 'unsafe-inline' *.googleapis.com *.pendo.io accounts.google.com ; font-src 'self' *.trafficjunky.com *.gstatic.com ; media-src 'self' https: ; frame-src 'self' *.trafficjunky.com *.trafficjunky.net static.trafficjunky.com www.google.com www.googletagmanager.com *.geekadm.net api.yoti.com www.youtube.com app.pendo.io ; frame-ancestors none 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.verywellhealth.com; upgrade-insecure-requests; 2 default-src 'self' *.google.com *.doubleclick.net *.chargebee.com *.fbot.me *.youtube.com *.snapchat.com *.stripe.com *.learneo.com *.cookielaw.org *.amplitude.com *.quillbot.com *.quillbot.dev *.zendesk.com;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.quillbot.com *.quillbot.dev *.amplitude.com *.google.co.in *.google.com *.bing.com *.linkedin.com *.snapchat.com *.licdn.com sc-static.net *.googletagmanager.com *.cloudflareinsights.com *.gstatic.com *.cookielaw.org *.quora.com *.redditstatic.com *.partnerstack.com *.datadoghq-browser-agent.com *.google-analytics.com *.clarity.ms *.hotjar.com *.googleadservices.com *.chargebee.com *.fontawesome.com *.stripe.com *.zdassets.com *.sentry-cdn.com *.taboola.com *.facebook.net *.lngtd.com *.zendesk.com blob:;style-src * www.gstatic.com accounts.google.com *.quillbot.dev *.quillbot.com 'unsafe-inline' *.chargebee.com *.googleapis.com *.fontawesome.com *.paypalobjects.com *.zendesk.com blob:;img-src 'self' * quillbot.com *.quillbot.com *.cookielaw.org *.gstatic.com *.quora.com *.google-analytics.com *.reddit.com *.quillbot.dev *.linkedin.com *.bing.com *.google.co.in *.googletagmanager.com *.googleapis.com *.doubleclick.net *.googleusercontent.com *.clarity.ms *.grammarly.com *.zendesk.com data: blob: *.gravatar.com;font-src * *.gstatic.com 'self' *.quillbot.com *.paypalobjects.com *.fontawesome.com *.zendesk.com data:;connect-src * 'self' *.googleapis.com *.doubleclick.net *.chargebee.com *.fbot.me *.youtube.com *.snapchat.com *.stripe.com *.learneo.com *.cookielaw.org *.amplitude.com *.quillbot.com *.quillbot.dev *.onetrust.com *.redditstatic.com *.linkedin.com partnerlinks.io grsm.io *.bing.com *.browser-intake-datadoghq.com *.clarity.ms *.google-analytics.com *.hotjar.io *.googleadservices.com *.zdassets.com *.taboola.com *.gstatic-cache.com *.coursehero.com *.lngtd.com *.zendesk.com data: blob:;child-src * blob:;media-src *.wikimedia.org data: *.quillbot.com *.quillbot.dev *.zendesk.com blob:;worker-src blob:;frame-ancestors 'self';frame-src 'self' * *.opendns.com *.zscaler.com *.zscaler.net *.zscloud.net *.quillbot.com *.google.com *.chargebee.com *.snapchat.com *.stripe.com *.youtube.com *.securly.com *.learneo.com *.doubleclick.net px.ads.linkedin.com *.bing.com *.quora.com *.zendesk.com;form-action 'self' *.quillbot.com *.zendesk.com;manifest-src 'self' *.quillbot.com *;report-uri https://sentry-webapp.quillbot.com/api/2/security/?sentry_key=5743ef12f4887fc460c7968ebb2de54d;report-to https://sentry-webapp.quillbot.com/api/2/security/?sentry_key=5743ef12f4887fc460c7968ebb2de54d 2 default-src https: data: blob: ws: wss: mailto: 'unsafe-inline' 'unsafe-eval' 2 base-uri 'self' *.adform.net https://cdn.justpremium.com; font-src 'self' https: data: *.taboola.com; form-action 'self'; frame-ancestors *; img-src 'self' https: data: *.testfaz.net *.faz.net *.taboola.com; object-src 'self'; script-src-attr 'unsafe-inline'; style-src https: 'unsafe-inline' 'self' *.testfaz.net *.faz.net *.taboola.com; script-src 'unsafe-inline' 'unsafe-eval' https: *; upgrade-insecure-requests; connect-src *; default-src 'self' https:; frame-src *; media-src 'self' https: data:; worker-src * blob:; 2 upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn *.googleapis.com blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' zalo://* *.zalo.me zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com data: blob:; 2 default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src blob: https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2 default-src 'self' blob: *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at *.maptoolkit.net *.youtube.com *.vimeo.com archiv.yourvideo.tv *.buzzsprout.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at wien.kavedo.com code.jquery.com cdn.priv.center prod-origin.truendo.com track.adform.net *.adform.net siteimproveanalytics.com *.siteimproveanalytics.io siteimproveanalytics.io *.maptoolkit.net *.webspellchecker.net platform.twitter.com syndication.twitter.com js.stripe.com; connect-src 'self' https://*.cms-wien.magwien.gv.at https://*.magwien.gv.at https://stadtservicebot.wien.gv.at ws://stadtservicebot.wien.gv.at https://clients.wh-i.at https://*.wien.gv.at https://*.maptoolkit.net https://ux.maptoolkit.net https://prod-origin.truendo.com https://*.truendo.com https://*.priv.center https://svc.webspellchecker.net https://*.jsdelivr.net https://wien.kavedo.com; style-src 'self' 'unsafe-inline' *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at wien.kavedo.com; style-src-elem 'self' 'unsafe-inline' *.cms-wien.magwien.gv.at * magwien.gv.at *.wien.gv.at scds.dev.handbuch.wien.gv.at wiener-melange-theme.wien.gv.at svc.webspellchecker.net; img-src 'self' data: blob: *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at *.seadform.net *.siteimproveanalytics.io siteimproveanalytics.io *.maptoolkit.net *.stripe.com *.blob.core.windows.net wien.kavedo.com; worker-src 'self' blob: *.maptoolkit.net; font-src 'self' data: blob: *.wien.gv.at *.webspellchecker.net wien.kavedo.com; frame-src 'self' *.cms-wien.magwien.gv.at *.magwien.gv.at *.wien.gv.at *.truendo.com *.adform.net cams.its-viennaregion.at platform.twitter.com youtu.be vimeo.com *.youtube.com *.vimeo.com *.yourvideo.tv *.justlive.tv justlive.tv js.stripe.com webtv.feratel.com 2 script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' *.cdn.office.net *.public.onecdn.static.microsoft *.office.com aadcdn.msauth.net aadcdn.msftauth.net blob: https: https://a-ring.msedge.net https://amcdn.msauth.net https://amcdn.msftauth.net https://b-ring.msedge.net https://graph.microsoft.com https://gtm-dyn-direct.office365.com https://js.monitor.azure.com https://k-ring.msedge.net https://outlook.live.com https://outlook.office.com https://ow1.res.office365.com https://partner.dev.oasis.microsoft.com https://r4.res.office365.com https://s-ring.msedge.net https://web.vortex.data.microsoft.com https://webshell.suite.office.com https://webshell.suite.officeppe.com res.cdn.office.net;style-src 'report-sample' 'self' 'unsafe-inline' *.cdn.office.net *.fluidpreview.office.net *.microsoft.com https://www.microsoft.com/ res-dev.cdn.officeppe.net res.public.onecdn.static.microsoft;default-src 'self' *.cdn.office.net *.public.onecdn.static.microsoft cdn.fluidpreview.office.net https://midgardbranches.blob.core.windows.net res-dev.cdn.officeppe.net res.cdn.office.net res.public.onecdn.static.microsoft;img-src 'self' *.augloop.svc.cloud.microsoft *.cdn.office.net *.clipchamp.com *.create.microsoft.com *.loki.delve.office.com *.oasis.microsoft.com *.onecdn.static.microsoft *.osi.office.net *.osi.officeppe.net *.public.onecdn.static.microsoft *.s-microsoft.com *.sharepointonline.com *.svc.ms aadcdn.msftauthimages.net az787822.vo.msecnd.net blob: browser.events.data.microsoft.com cdn.create.microsoft.com cdn.designerapp.osi.office.net cdn.hubblecontent.osi.office.net clipchamp.df.onecdn.static.microsoft clipchamp.public.onecdn.static.microsoft content.lifecycle.office.net content.lifecycle.officeppe.net content.powerapps.com copilotstudio.preview.microsoft.com data: designer.cloud.microsoft designer.microsoft.com designerapp.edog.officeapps.live.com designerapp.officeapps.live.com forms.office.com https://outlook.office.com https://sdfpilot.outlook.com https://webshell.suite.office.com m365.cloud.microsoft measure.office.com media.licdn.com outlook-1.cdn.office.net pmservices.cp.microsoft.com powerautomate.microsoft.com preview.content.powerapps.com prod.msocdn.com prodapiicons.cdn.powerappscdn.net res-1.cdn.office.net res-dev.cdn.officeppe.net res.cdn.office.net res.public.onecdn.static.microsoft.com secure.aadcdn.microsoftonline-p.com spoprod-a.akamaihd.net static2.sharepointonline.com staticresources.payments.microsoft.com statics.teams.cdn.office.net substrate.office.com tip1apiicons.cdn.powerappscdn.net tip2apiicons.cdn.powerappscdn.net www.microsoft365.com;connect-src 'self' *.augloop.svc.cloud.microsoft *.cdn.office.net *.collabhubrtc.officeapps.live.com *.public.onecdn.static.microsoft *.microsoft.com *.office.com *.office365.com *.officeapps.live.com *.rtc.svc.cloud.microsoft *.sharepoint-df.com *.sharepoint.com *.svc.ms arc-emea.msn.com arc.msn.com blob: data: https: https://admin.microsoft.com https://api.onedrive.com https://artifacts.dev.azure.com https://browser.events.data.microsoft.com https://browser.pipe.aria.microsoft.com https://cdn.config.centro.core.microsoft https://clients.config.gcc.office.net https://clients.config.office.net https://config.edge.skype.com https://config.edge.skype.net https://consentreceiverfd-prod.azurefd.net https://eu-mobile.events.data.microsoft.com https://eu-office.events.data.microsoft.com https://graph.microsoft.com https://login.microsoftonline.com https://my.microsoftpersonalcontent.com https://nleditor.osi.officeppe.net https://odc.edog.officeapps.live.com https://outlook.cloud.microsoft https://petrol-int.office.microsoft.com https://petrol.office.microsoft.com https://pp1.prd.bmc.teams.microsoft.com https://teams.cloud.microsoft https://titles.prod.mos.microsoft.com res-dev.cdn.officeppe.net res.cdn.office.net wss: wss://*.augloop.office.com wss://*.augloop-gcc.office.com wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.gcc.augloop.svc.cloud.microsoft wss://*.trouter.teams.microsoft.com wss://augloop.office.com wss://augloop.svc.cloud.microsoft wss://gcc.augloop.svc.cloud.microsoft wss://substrate.office.com;font-src 'self' 'unsafe-inline' *.azureedge.net *.cdn.office.net *.public.onecdn.static.microsoft *.fluidpreview.office.net *.sharepointonline.com cdn.create.microsoft.com data: fs.microsoft.com https://c.s-microsoft.com prod.msocdn.com res-dev.cdn.officeppe.net res.cdn.office.net res.public.onecdn.static.microsoft sharepointonline.com spoprod-a.akamaihd.net;frame-ancestors 'self' data: https://support.office.com;frame-src 'self' * *.cdn.office.net *.oasis.microsoft.com *.office.com *.officeapps.live.com *.sharepoint-df.com *.sharepoint.com blob: https://amcdn.msftauth.net https://create.cloud.microsoft https://create.microsoft.com https://login.live.com https://login.microsoftonline.com https://microsoft-onmicrosoft-com.access.mcas.ms https://my.microsoftpersonalcontent.com https://onedrive.live.com https://webshell.suite.officeppe.com https://www.odwebp.svc.ms ms-excel: ms-powerpoint: ms-word: onenote:;upgrade-insecure-requests;media-src 'self' https://*.sharepoint-df.com https://*.sharepoint.com blob: data: *.cdn.office.net *.azureedge.net *.core.windows.net *.clipchamp.com *.oasis.microsoft.com *.create.microsoft.com;manifest-src 'self';child-src blob:;object-src 'none';form-action https://*;worker-src 'self' blob:;trusted-types 'allow-duplicates' 1DSScriptURL @1js/midgard-trusted-types @azure/ms-rest-js#xml.browser @centro/floodgate @centro/hvc-loader @fluidx/loop @fluidx/loop#loop-app @fluidx/loop#loop-page-container @fluidx/loop#odsp-driver @fluidx/loop#office-fluid-container @microsoft/1ds-getcollectorurlsnippet-js#sanitize-html @msstream/azuremediaplayer#worker-noop @msstream/one-player#noop-create-html @msstream/one-player#sanitize-html MeControlScriptURL cdn-url#oneshell default domPurifyHTML domUtilsTrustedTypePolicy dompurify html2canvas html2canvas-feedback nextjs nextjs#bundler ocvPolicy officebrowserfeedback#domUtils safe-xml#oneshell sccEntityDrawerTrustedTypesPolicy script-url#webpack shellInfoPolicy;report-uri https://csp.microsoft.com/report/OfficeAppHome-PROD;report-to AppHomeReportToEndpoint 2 default-src 'self';object-src 'none';manifest-src 'none';media-src 'self' blob: https://channel.sas.com https://service.sas.com *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com *.visualwebsiteoptimizer.com app.vwo.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.mrpfd.com d3js.org https://web.cvent.com *.boltdns.net players.brightcove.net *.brightcove.com *.akamaihd.net *.brightcovecdn.com vjs.zencdn.net;style-src 'self' data: 'unsafe-inline' https://cdn.developer.sas.com https://player.interactivity.brightcove.com players.brightcove.net https://fonts.googleapis.com https://script.crazyegg.com *.visualwebsiteoptimizer.com app.vwo.com;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com assets.adobedtm.com players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io;font-src 'self' data: https://www.sas.com https://cdn.developer.sas.com https://www.jmp.com https://fonts.gstatic.com https://player.interactivity.brightcove.com players.brightcove.net; connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com *.visualwebsiteoptimizer.com app.vwo.com;frame-src 'self' sas.navattic.com assets.adobedtm.com www.youtube.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com *.jmp.com *.outgrow.us *.service-now.com *.visualize-roi.com *.brightcove.com players.brightcove.net https://www.googletagmanager.com https://px.anteriad.com https://web.cvent.com https://event-guestside-app-pr50.cvent-production.cvent.cloud *.visualwebsiteoptimizer.com app.vwo.com;worker-src 'self' blob:;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics; 2 frame-ancestors 'self' https://*.dish.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.osano.com https://scout-cdn.salesloft.com https://snap.licdn.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hsforms.com https://*.inkeep.com https://*.linkedin.com https://*.osano.com https://*.segment.com https://*.segment.io https://api.ashbyhq.com https://cdn.growthbook.io https://cdn.sanity.io https://hubspot-forms-static-embed.s3.amazonaws.com https://pagead2.googlesyndication.com https://scout.salesloft.com https://translate.googleapis.com; worker-src 'self' blob: https://*.osano.com; report-uri https://render.report-uri.com/r/t/csp/reportOnly; report-to wizard; 2 frame-ancestors 'self' https://redis.io https://app.mutinyhq.com 2 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.travelandleisure.com; upgrade-insecure-requests; 2 frame-ancestors 'self' https://workforceexperience.hp.com https://wordpress.workforceexperience.hp.com https://test.ecosystems.us; 2 frame-ancestors 'self' https://tpc.googlesyndication.com 2 frame-ancestors 'self' *.wallet.airpay.vn *.shopee.kr *.airpay.vn *.shopeemobile.com *.shopee.vn *.shopee.cn *.shopee.io *.facebook.com *.dailyshopee.vn https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com; 2 default-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://polyfill.io https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.heapanalytics.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://ws.zoominfo.com https://scout-cdn.salesloft.com https://googleads.g.doubleclick.net https://static.hsappstatic.net https://www.vimeo.com https://vimeo.com https://*.hsforms.com https://secure.cold5road.com/ https://*.mutinycdn.com https://*.mutinyhq.io https://ajax.googleapis.com https://*.chilipiper.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.clearbit.com https://www.google.com https://www.googleanalytics.com https://*.qualified.com https://*.website-files.com https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsload@1/cmsload.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmscore@1/cmscore.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-animation@1/animation.esm.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsslider@1/cmsslider.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-queryparam@1/queryparam.js https://*.adroll.com https://tracking.g2crowd.com https://bat.bing.com https://tag.unifyintent.com https://www.redditstatic.com/ads/pixel.js https://*.opendns.com https://trk.crozdesk.com; connect-src blob: data: 'self' https://sprig.com https://*.sprig.com *.userleap.com *.ingest.sentry.io https://api.hubspot.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://google.com https://googletagmanager.com https://*.googletagmanager.com https://*.doubleclick.net https://cdn.segment.com https://api.segment.io https://events.launchdarkly.com https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://ws.zoominfo.com https://scout-cdn.salesloft.com https://scout.salesloft.com https://api.ashbyhq.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.mutinycdn.com https://*.mutinyhq.io https://*.mutinyhq.com https://*.chilipiper.com https://*.mux.com https://storage.googleapis.com https://*.clearbit.com https://cdn.linkedin.oribi.io wss://ws.qualified.com https://*.website-files.com https://px.ads.linkedin.com https://forms.hscollectedforms.net https://bat.bing.com https://clientstream.launchdarkly.com https://tracking.g2crowd.com https://unifyintent.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://*.opendns.com https://trk.crozdesk.com; img-src https://*.sprig.com *.userleap.com *.assets-servd.host data: 'self' https://track.hubspot.com https://heapanalytics.com https://*.linkedin.com https://t.co https://p.adsymptotic.com https://www.facebook.com https://*.google-analytics.com https://*.google.com https://googletagmanager.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.analytics.google.com https://*.doubleclick.net/ https://userleap.ghost.io https://*.hsforms.com https://i.vimeocdn.com https://www.gravatar.com https://*.googleadservices.com/ https://js.na.chilipiper.com https://*.mux.com https://*.mutinycdn.com https://*.mutinyhq.io https://analytics.twitter.com https://api.producthunt.com https://uploads-ssl.webflow.com https://*.website-files.com https://*.adroll.com https://i.ytimg.com https://bat.bing.com https://api.urlbox.io https://logo.clearbit.com https://alb.reddit.com/rp.gif https://*.opendns.com https://pixel.tapad.com; style-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://js.na.chilipiper.com https://fonts.googleapis.com https://*.website-files.com https://*.opendns.com; worker-src blob:; font-src https://*.sprig.com *.userleap.com 'self' data: https://fonts.gstatic.com https://app.sprig.com https://*.mutinycdn.com https://fonts.gstatic.com https://uploads-ssl.webflow.com https://*.website-files.com https://*.opendns.com; frame-src blob: https://sprig.com https://*.sprig.com *.userleap.com 'self' https://meetings.hubspot.com/ https://player.vimeo.com/ https://app.hubspot.com/ https://share.transistor.fm/ https://www.facebook.com/ https://*.hsforms.com/ https://*.doubleclick.net/ https://www.youtube.com/ https://*.chilipiper.com https://*.wistia.net https://*.qualified.com https://cdn.embedly.com https://*.adroll.com https://*.opendns.com; media-src blob: 'self' https://*.mux.com https://sprig.com https://servd-white-cougar.b-cdn.net https://*.website-files.com https://*.opendns.com; form-action 'self' https://www.facebook.com/ https://*.hsforms.com/ https://*.opendns.com; frame-ancestors 'self' https://sprig.com/ https://*.sprig.com https://app.mutinyhq.com https://*.opendns.com; 2 frame-ancestors https://poshmark.lightning.force.com *.goshd.com *.goshd.ca *.poshmark.com; report-uri https://poshmark.report-uri.com/r/t/csp/enforce 2 frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com https://sslcheck.securly.com https://cse.google.com https://js.hs-scripts.com https://s3.amazonaws.com https://sendy.securly.com https://www.youtube.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://boards.greenhouse.io https://js.driftt.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://td.doubleclick.net https://app.qualified.com https://ajax.googleapis.com https://job-boards.greenhouse.io https://js.qualified.com https://consent-pref.trustarc.com https://submit-irm.trustarc.com; connect-src 'self' https://www.googletagmanager.com https://sslcheck.securly.com https://cse.google.com https://js.hs-scripts.com https://s3.amazonaws.com https://sendy.securly.com https://www.youtube.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://boards.greenhouse.io https://boards-api.greenhouse.io https://my.greenhouse.io https://js.driftt.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://td.doubleclick.net https://app.qualified.com https://ajax.googleapis.com https://job-boards.greenhouse.io https://js.qualified.com https://consent-pref.trustarc.com https://submit-irm.trustarc.com https://consent.trustarc.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://*.google.com https://forms.hsforms.com https://*.s3.amazonaws.com https://ws2.qualified.com wss://ws2.qualified.com https://*.aptrinsic.com https://scout.salesloft.com; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.eatingwell.com; upgrade-insecure-requests; 2 default-src 'unsafe-inline' 'unsafe-eval' vitals.vercel-insights.com https: data: wss://*.qualified.com *.arkoselabs.com; block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'report-sample' www.gstatic.com www.recaptcha.net; style-src 'self' 'report-sample'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' www.recaptcha.net; frame-ancestors 'none'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none' 2 default-src * blob: data:; style-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; img-src * data: blob: 'unsafe-inline' ; connect-src * 'unsafe-inline' data: blob:; frame-src * blob: data:;font-src * data: blob:;report-to default; 2 default-src 'self' ; style-src https: 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://top-fwz1.mail.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://morp.firstvds.ru/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ wss://*.chathost.ru/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.firstvds.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://mc.yandex.com/ https://smartcaptcha.yandexcloud.net/ https://www.gstatic.com/ https://cdn.botfaqtor.ru/ 'unsafe-inline'; img-src * data: blob:; connect-src 'self' https://analytics.google.com/ https://stats.g.doubleclick.net/ https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://mc.yandex.ru/ https://mc.yandex.com/ wss://*.chathost.ru/ https://*.chathost.ru/ https://*.botfaqtor.ru/; frame-src 'self' https://mc.yandex.ru/ https://smartcaptcha.yandexcloud.net/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/ https://*.botfaqtor.ru/; font-src 'self' data: https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors 'self' https://metrika.yandex.ru/ http://webvisor.com; 2 connect-src 'self' www.google-analytics.com stats.g.doubleclick.net ; default-src 'self' ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com scone-pa.clients6.google.com www.youtube.com player.vimeo.com ; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com gstatic.com data: * ; object-src 'none' ; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com gstatic.com tagmanager.google.com ; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.southernliving.com; upgrade-insecure-requests; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.marthastewart.com; upgrade-insecure-requests; 2 Strict-Transport-Security: max-age=31556952; includeSubDomains; preload 2 frame-ancestors 'self' *.everydayhealth.com *.infermedica.com *.ceros.com *.opinionstage.com *.doctor.com *.googleapis.com *.zdbb.net *.specless.tech *.specless.io *.totalbrain.com *.migraineagain.com *.epionhealth.com 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com giscus.app connect.facebook.net clearbit.com clearbitjs.com cdn.jsdelivr.net apis.google.com accounts.google.com www.googletagmanager.com tag.clearbitscripts.com platform.twitter.com static.ads-twitter.com vercel.live cdn.vercel-insights.com cdn.lr-ingest.com cdn.logr-ingest.com x.clearbitjs.com googleads.g.doubleclick.net googleadservices.com www.googleadservices.com analytics.tiktok.com snap.licdn.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsforms.net *.hsforms.net forms.hsforms.com *.hsforms.com js.usemessages.com https://decagon.ai/loaders/codeium.js https://decagon.ai/loaders/codeium_embed.js https://hubspot.com https://app.hubspot.com https://sibautomation.com https://challenges.cloudflare.com https://us-central1-exa2-fb170.cloudfunctions.net; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.vercel-insights.com js.stripe.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net cdn.vercel-insights.com js.stripe.com; img-src * blob: data: exafunction.github.io; media-src 'self' exafunction.github.io; connect-src * data: https://accounts.google.com/; font-src 'self' cdn.jsdelivr.net assets.vercel.com fonts.gstatic.com; frame-src 'self' giscus.app windsurf.com staging-real-2.windsurf.com codeium-staging-exafunction.vercel.app exa2-fb170.firebaseapp.com js.stripe.com platform.twitter.com vercel.live youtube.com www.youtube.com codeium-staging.firebaseapp.com exafunction.github.io https://github.com viewscreen.githubusercontent.com notebooks.githubusercontent.com td.doubleclick.net auth-staging.codeium.com auth.codeium.com auth-staging.windsurf.com auth.windsurf.com https://hubspot.com https://decagon.ai https://app.hubspot.com https://forms.hsforms.com/ *.hsforms.com *.hsforms.net https://challenges.cloudflare.com https://us-central1-exa2-fb170.cloudfunctions.net accounts.google.com docs.google.com www.googletagmanager.com; frame-ancestors 'self' https://github.com; worker-src blob:; 2 upgrade-insecure-requests; default-src 'self' *.dominos.com *.dominos.pizza; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.dominos.com *.raygun.io tags.tiqcdn.com dpm.demdex.net cm.everesttech.net dominos.demdex.net www.gstatic.com/recaptcha/ *.launchdarkly.com *.akstat.io *.go-mpulse.net maps.googleapis.com applepay.cdn-apple.com *.speedcurve.com *.paypal.com *.paypalobjects.com *.braintreegateway.com *.maze.co www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.snapchat.com analytics.tiktok.com *.pinterest.com *.uidapi.com cdnssl.clicktale.net cdn.quantummetric.com bat.bing.com s.pinimg.com b-code.liadm.com js.adsrvr.org ink1001.com sc-static.net d34r8q7sht0t9k.cloudfront.net; style-src 'unsafe-inline' blob: 'self' *.dominos.com www.gstatic.com/recaptcha/ fonts.googleapis.com *.maze.co; img-src data: blob: 'self' *.dominos.com dominos.demdex.net dpm.demdex.net cm.everesttech.net *.gstatic.com *.google.com events.launchdarkly.com *.akstat.io maps.googleapis.com *.speedcurve.com *.paypal.com *.paypalobjects.com assets.braintreegateway.com *.maze.co www.googletagmanager.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.ispot.tv s.amazon-adsystem.com trkn.us tags.w55c.net analytics.tiktok.com *.pinterest.com kp-redirector.g.yp.com pixel.tapad.com sp.analytics.yahoo.com idsync.rlcdn.com rp.liadm.com bat.bing.com *.exacttarget.com verifi.pdscrb.com; connect-src 'self' *.dominos.com *.tealiumiq.com *.raygun.io dpm.demdex.net cm.everesttech.net dominos.demdex.net *.gstatic.com *.google.com google.com *.launchdarkly.com *.akstat.io *.go-mpulse.net *.raygun.com *.cybersource.com *.aciondemand.com maps.googleapis.com *.akamaihd.net *.speedcurve.com *.paypal.com *.paypalobjects.com *.braintreegateway.com *.braintree-api.com *.maze.co www.googletagmanager.com pagead2.googlesyndication.com www.googleadservices.com ad.doubleclick.net *.snapchat.com analytics.tiktok.com *.pinterest.com *.uidapi.com www.google-analytics.com analytics-ipv6.tiktokw.us rp.liadm.com insight.adsrvr.org *.apple.com ipv4.pdscrb.com; font-src data: 'self' *.dominos.com fonts.gstatic.com applepay.cdn-apple.com *.paypalobjects.com *.maze.co; frame-src data: blob: 'self' *.dominos.com *.raygun.io dpm.demdex.net cm.everesttech.net dominos.demdex.net *.gstatic.com *.google.com *.launchdarkly.com *.akstat.io *.go-mpulse.net maps.googleapis.com *.paypal.com *.braintreegateway.com applepay.cdn-apple.com *.maze.co www.googletagmanager.com *.doubleclick.net *.snapchat.com *.pinterest.com *.adsrvr.org *.youtube.com; child-src assets.braintreegateway.com *.paypal.com; frame-ancestors 'self'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=bmTWyG6xBFSLGEHDhYpvjQ; report-to raygun; 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.website-files.com https://*.prod.website-files.com https://uploads-ssl.webflow.com https://webflow.com https://*.survicate.com https://*.survicate-cdn.com https://*.intercom.io wss://*.intercom.io https://*.intercom-messenger.com wss://*.intercom-messenger.com https://*.intercomcdn.com https://static.intercomassets.com https://*.cookiebot.com https://www.googletagmanager.com https://d3e54v103j8qbb.cloudfront.net https://*.google-analytics.com https://*.googlesyndication.com https://*.analytics.google.com https://analytics.google.com https://adservice.google.com www.googleadservices.com https://stats.g.doubleclick.net https://td.doubleclick.net https://assets.calendly.com https://calendly.com https://tracking.g2crowd.com https://*.g2.com https://cdn.mxpnl.com https://api-js.mixpanel.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com/ https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-banner.com *.hsforms.net *.hsforms.com https://forms.hubspot.com https://js.partnerstack.com partnerlinks.io https://grsm.io *.sharethis.com ipapi.co https://www.youtube-nocookie.com https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://fonts.gstatic.com https://bcp.crwdcntrl.net https://survicate.traffit.com https://cdn.embedly.com/ https://*.demio.com https://tube.rvere.com https://*.storylane.io https://app.getcontrast.io https://sc.lfeeder.com https://jscloud.net https://*.ahrefs.com; media-src https: data:; img-src https: data:; worker-src 'self' blob:; report-to csp-endpoint-landing; 2 frame-ancestors 'self' embed-v1.handelsblatt.com hbapp.handelsblatt.com amp2.handelsblatt.com grafik.handelsblatt.com preview-www.handelsblatt.com preview-www.staging--hb.hmg.systems bugfix-preview-www.handelsblatt.com edit.cms.production.hmg.systems; 2 form-action 'self' *.myqnapcloud.com *.myqnapcloud.cn; base-uri 'self'; default-src * data:; script-src http: https: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.myqnapcloud.com *.myqnapcloud.cn *.event.qnap.com *.static.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline'; connect-src data: wss: http: https: *.myqnapcloud.com *.myqnapcloud.cn fcm.googleapis.com *.google.com *.firebaseio.com ; worker-src 'self' blob:; 2 connect-src 'self' https://adservice.google.com global.ketchcdn.com *.calibermind.com *.ketchcdn.com *.ketchjs.com *.google.com *.g2crowd.com *.linkedin.com *.chilipiper.com cmstesting.salesloft.com https://munchkin.marketo.net https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.contentstack.io api.contentstack.io *.contentstack.io *.hotjar.com *.sequel.io *.salesloft.com *.adnxs.com unpkg.com *.hotjar.com *.hotjar.io *.6sc.co *.6sense.com *.marketlinc.com *.nr-data.net/ *.analytics.google.com *.marketo.com *.mktoresp.com *.doubleclick.net *.google-analytics.com/ *.googletagmanager.com/ *.pantheonsite.io/ *.cookielaw.org/ *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.litix.io *.netdna-ssl.com https://api.company-target.com/api/v2/ip.json https://api.brightfunnel.com/v1/sd https://api-iam.intercom.io/messenger/web/ping wss://nexus-websocket-a.intercom.io/ https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/partner/5254305/domain/salesloft.com/token wss://wsp13.hotjar.com/api/v2/client/ws *.google.com *.googleoptimize.com *.hotjar.com *.introvoke.com *.mktoweb.com *.benchmarkseverywhere.com https://saasbenchmarks.ai/ https://live-salesloft-v2.pantheonsite.io/ https://test-salesloft-v2.pantheonsite.io/ https://images.contentstack.io https://slft-cons-preproduction.contentstackapps.com *.driftt.com *.drift.com wss://ws.hotjar.com/api/v2/client/ws; font-src 'self' data: https://fonts.gstatic.com *.netdna-ssl.com https://js.intercomcdn.com/fonts/ *.fontawesome.com *.wistia.com *.bootstrapcdn.com; frame-src 'self' *.doubleclick.net *.sequel.io *.vidyard.com *.youtube.com *.chilipiper.com *.salesloft.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://staticxx.facebook.com/ http://www2.salesloft.com *.greenhouse.io/ *.megaphone.fm *.google.com/ *.contentstack.io *.contentstack.com *.spotify.com *.twitter.com *.facebook.com *.driftt.com *.drift.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io *.googletagmanager.com; img-src 'self' https: data: blob: *.netdna-ssl.com https://ssl.gstatic.com/ *.vidyard.com; manifest-src 'self' blob:; media-src 'self' blob: *.driftt.com *.wistia.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com *.marketo.com *.netdna-ssl.com https://tagmanager.google.com/ https://fonts.googleapis.com/ *.salesloft.com *.bootstrapcdn.com *.google.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io/; worker-src blob: data: *.netdna-ssl.com *.contentstackapps.com localhost:3000 salesloft.com cmstesting.salesloft.com *.salesloft.com; base-uri 'none'; frame-ancestors 'self' *.contentstack.com; default-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline' http://pages.salesloft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://tagmanager.google.com/ 'self'; 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self' https://*.softpedia.com/; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 2 frame-ancestors 'self' zpfsmigration.zohostratus.com 2 default-src 'self' https://auth.zonatelecom.ru/ https://auth.zt.ru/ https://*.zonatelecom.ru http://code.jivo.ru *.zonatelecom.ru *.zt.ru zt.ru ws://*.zonatelecom.ru wss://*.zonatelecom.ru *.svc.team https://vk.com https://mc.yandex.ru https://yastatic.net https://*.doubleclick.net http://*.zonatelecom.ru https://*.mail.ru https://*.yandex.ru https://*.yandex.com https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js https://*.payselection.com wss://*.payselection.com ws://*.payselection.com;base-uri 'none';style-src 'self' 'unsafe-inline' https://*.zonatelecom.ru https://*.zt.ru https://zt.ru http://code.jivo.ru blob:;img-src 'self' https://cdn.zt.ru https://cdn.zt.ru http://code.jivo.ru *.svc.team *.zonatelecom.ru *.zt.ru zt.ru https://vk.com https://*.vk.com https://*.yandex.ru https://*.yandex.com https://*.mail.ru https://*.maps.yandex.net https://*.yandex.ru data: blob: https:;connect-src https: 'self' wss: ws://b24.zt.ru uaas.yandex.ru *.zonatelecom.ru *.zt.ru zt.ru wss://*.payselection.com https://*.yandex.ru https://*.yandex.com;font-src 'self';manifest-src 'self' *.zonatelecom.ru *.zt.ru zt.ru;object-src 'none';child-src blob: https://mc.yandex.ru blob: https://mc.yandex.com https://*.yandex.com https://*.yandex.ru;script-src 'self' https://sdk.inappstory.ru https://api.inappstory.com https://*.svc.team http://*.svc.team http://code.jivo.ru https://auth.zonatelecom.ru/ https://auth.zt.ru/ https://*.zonatelecom.ru https://*.zt.ru https://zt.ru 'unsafe-inline' 'unsafe-eval' https://vk.com https://mc.yandex.ru https://mc.yandex.com https://yastatic.net https://*.mail.ru https://*.yandex.ru https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js abt.s3.yandex.net https://*.payselection.com;frame-src 'self' https://*.payselection.com https://widget.cloudpayments.ru https://b24.zt.ru/ https://*.yandex.ru https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://auth.zt.ru/ https://*.zonatelecom.ru/ https://www.zonatelecom.ru/ https://zt.ru/ https://*.auth.svc.team https://*.payselection.com http://localhost:3000/ http://*.ztk-front.svc.team https://*.ztk-front.svc.team blob: https://mc.yandex.ru https://*.yandex.ru https://*.yandex.com;frame-ancestors 'self' https://*.payselection.com https://widget.cloudpayments.ru https://b24.zt.ru/ https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://auth.zt.ru/ https://*.zonatelecom.ru/ https://*.zt.ru/ https://zt.ru https://www.zonatelecom.ru/ https://zt.ru/ https://*.auth.svc.team https://*.payselection.com http://localhost:3000/ http://*.ztk-front.svc.team https://*.ztk-front.svc.team https://*.yandex.ru https://*.yandex.com 2 default-src 'self'; img-src 'self' data:; script-src 'self' 'sha256-J/tux0AP4WAYsCxprPoE+2XJ+XNJ8Esd8nCF8o/diiw='; style-src 'self' 'unsafe-inline'; 2 default-src 'unsafe-inline' 'self' https: wss: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; worker-src 'self' blob:; frame-ancestors 'self' https://*.unitycms.io; 2 default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://avm-cs.zendesk.com avm.zendesk.com v2.zopim.com fritz.com avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de www.commerce-connector.com www.surveygizmo.eu ; img-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de data: https://shoplogos.commerce-connector.de https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com https://static.zdassets.com https://gpt.avm.botario.com https://www.gravatar.com ; media-src 'self' *.fritz.com *.avm.de service.avm.de static.zdassets.com https://maps.googleapis.com https://maps.gstatic.com https://vimeo.com https://i.ytimg.com https://i.vimeocdn.com blob: data: ; font-src 'self' https://fritz.com https://*.fritz.com https://avm.de https://*.avm.de service.avm.de https://fonts.gstatic.com data: ; style-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://fonts.googleapis.com 'unsafe-inline' ; connect-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://maps.googleapis.com https://noembed.com https://avm.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com wss://widget-mediator.zopim.com wss://pod-28.zendesk.com wss://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com wss://gpt.avm.botario.com ; script-src 'self' avm.de *.avm.de fritz.com *.fritz.com service.avm.de piwik.avm.de https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://maps.googleapis.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://gpt.avm.botario.com 'unsafe-eval' 'unsafe-inline' blob: ; script-src-elem 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com piwik.avm.de https://maps.googleapis.com https://player.vimeo.com https://vimeocdn.com https://*.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com https://static.zdassets.com https://pod-28.zendesk.com https://pod-28-sunco-ws.zendesk.com https://widget-mediator.zopim.com https://gpt.avm.botario.com 'unsafe-inline' blob: ; worker-src 'self' blob: ; frame-src 'self' fritz.com *.fritz.com avm.de *.avm.de service.avm.de https://player.vimeo.com https://www.youtube-nocookie.com https://gpt.avm.botario.com ; frame-ancestors 'self' avm.de *.avm.de service.avm.de fritz.com *.fritz.com 2 script-src 'self' gameloft.com *.gameloft.com gameloft.org *.gameloft.org *.google.com *.gstatic.com *.google-analytics.com *.youtube.com *.doubleclick.net *.amazonaws.com *.googletagmanager.com *.privacy-center.org *.crazyegg.com *.tiktok.com *.ads-twitter.com *.facebook.net *.singular.net *.gsght.com *.cloudflare.com 'unsafe-eval' 'unsafe-inline'; 2 frame-ancestors 'self' https://www.broxxx.com https://www.broxxx2cn.com https://www.broxxx.pro 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.foodandwine.com; upgrade-insecure-requests; 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' http://img.youtube.com 2 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://sdk.privacy-center.org https://api.privacy-center.org; 2 frame-ancestors 'self' http://*.dji.com https://*.dji.com 2 frame-ancestors https://platform.sbnation.com https://*.sbnation.com https://platform.sbnation.com https://*.sbnation.com 'self' 2 frame-ancestors 'self' https://mobile.southwest.com https://mobile-offline.southwest.com https://www.southwest.com https://www.swabiz.com; 2 child-src blob: https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net;default-src 'self' https://*.wistia.com https://*.wistia.net;connect-src analytics.o11.tech www.google.com eps.6sc.co ml314.com insight.adsrvr.org analytics.o11.tech https://td.doubleclick.net/ http://localhost:3000 https://devsite.blueconic.com/ https://stgsite.blueconic.com/ https://blueconic.com/ https://www.blueconic.com/ https://cdn.acsbapp.com px.ads.linkedin.com https://analytics.google.com https://dogfood.blueconic.com https://pl21.blueconic.com https://assets.ctfassets.net https://viewlicense.adobe.io https://ngmrewndgx-dsn.algolia.net https://ngmrewndgx-2.algolianet.com https://ngmrewndgx-3.algolianet.com https://ngmrewndgx-1.algolianet.com https://ngmrewndgx-dsn.algolia.net https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://l.clarity.ms https://*.clarity.ms https://bat.bing.com https://ipv6.6sc.co/ https://c.6sc.co/ https://secure.adnxs.com https://cdn.linkedin.oribi.io https://epsilon.6sense.com https://358-xtm-616.mktoresp.com https://js.zi-scripts.com https://ws.zoominfo.com https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://api.tofuhq.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://google.com https://www.google.ca https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.mx https://www.google.fr https://www.google.it https://www.google.nl https://api.claydar.com https://cdn.dreamdata.cloud;script-src 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com analytics.o11.tech a.usbrowserspeed.com ml314.com insight.adsrvr.org analytics.o11.tech https://td.doubleclick.net/ https://go.blueconic.com/ unpkg.com https://cdnjs.com https://cdnjs.cloudflare.com https://dogfood.blueconic.com https://li.protechts.net/ https://static.licdn.com/ https://j.6sc.co https://acsbapp.com https://ws.zoominfo.com https://js.zi-scripts.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com https://munchkin.marketo.net https://secure.adnxs.com https://js.zi-scripts.com https://ipv4.d.adroll.com/ https://www.googleanalytics.com google-analytics.com https://www.google-analytics.com https://www.googleoptimize.com www.google-analytics.com www.googletagmanager.com https://pl21.blueconic.com https://code.jquery.com https://cdn.jsdelivr.net https://dogfood.blueconic.com https://fast.wistia.com https://documentcloud.adobe.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://stats.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com https://s.adroll.com/j/roundtrip.js https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://s.adroll.com https://d.adroll.com https://www.clarity.ms https://connect.facebook.net https://*.clarity.ms https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://public.api.tofuhq.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://static.claydar.com https://cdn.claydar.com https://cdn.dreamdata.cloud https://cdn.drda.io;style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://td.doubleclick.net/ https://fast.wistia.com https://pl21.blueconic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com/ https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com;font-src 'self' data: https://www.blueconic.com https://fonts.blueconic.com https://cdn2.hubspot.net https://fonts.gstatic.com https://*.wistia.com https://fonts.gstatic.com https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://js.intercomcdn.com https://fonts.intercomcdn.com;img-src 'self' blob: data: downloads.ctfassets.net https://td.doubleclick.net/ https://x.adroll.com https://ds.reson8.com https://b.6sc.co https://images.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://fast.wistia.com https://embed-ssl.wistia.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://googleads.g.doubleclick.net https://www.google.com https://pl21.blueconic.com pl21.blueconic.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://t.co https://analytics.twitter.com https://px.ads.linkedin.com https://bat.bing.com https://px.ads.linkedin.com https://d.adroll.com https://c.clarity.ms https://*.clarity.ms https://www.facebook.com https://c.bing.com https://x.bidswitch.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://us-u.openx.net https://image2.pubmatic.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://ib.adnxs.com https://sync.taboola.com https://idsync.rlcdn.com https://image2.pubmatic.com https://px4.ads.linkedin.com https://segments.company-target.com https://p.adsymptotic.com https://global.ib-ibi.com https://odr.mookie1.com https://privacy-policy.truste.com https://acsbapp.com https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://www.google.ca https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.mx https://www.google.fr https://www.google.it https://www.google.nl;media-src 'self' blob: data: videos.ctfassets.net downloads.ctfassets.net https://td.doubleclick.net/ https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com;worker-src 'self' blob: https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com;frame-src 'self' videos.ctfassets.net analytics.o11.tech https://td.doubleclick.net/ https://x.adroll.com https://go.blueconic.com/ https://get.blueconic.com/ https://dogfood.blueconic.com view.ceros.com https://358-xtm-616.mktoweb.com/ https://li.protechts.net/ li.protechts.net www.linkedin.com https://static.licdn.com/ https://www.linkedin.com https://acsbapp.com http://358-xtm-616.mktoweb.com https://more.blueconic.com https://documentcloud.adobe.com https://fast.wistia.com https://fast.wistia.net https://cdn.leandata.com https://app.leandata.co https://app.leandata.com https://blueconic.my.leandata.com https://*.leandata.com https://blueconic.jebbit.com https://www.googletagmanager.com;form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io 2 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://www.youtube.com https://survey.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com;report-uri /us/_/ThinkWithGoogle/cspreport/allowlist;worker-src blob: 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://*.remotepc.com https://*.remotedesktop.com https://media.twiliocdn.com https://cdn.weglot.com https://sdk.amazonaws.com https://static.idriveonlinebackup.com https://*.facebook.com https://*.google.com https://*.googleapis.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://api.maxaccess.io https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://*.stripe.com https://cdnjs.cloudflare.com https://bat.bing.com https://www.googletagmanager.com https://www.clarity.ms https://hcaptcha.com https://*.hcaptcha.com; img-src https://* 'self' data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.remotepc.com https://*.remotedesktop.com https://fonts.googleapis.com https://cdn.weglot.com https://ssl.google-analytics.com https://code.jquery.com https://hcaptcha.com https://*.hcaptcha.com https://catamphetamine.gitlab.io https://*.bootstrapcdn.com; font-src https://* data: ;object-src 'self' https://secure.livechatinc.com; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.thomannmusic.com *.thomann.de app.storyblok.com connect.facebook.net analytics.tiktok.com cdn.brcdn.com *.adform.net www.google-analytics.com sc-static.net s.pinimg.com www.youtube.com challenges.cloudflare.com *.payments-amazon.com www.googleadservices.com userlike-cdn-umm.b-cdn.net bat.bing.com www.googletagmanager.com www.googletagservices.com tr.snapchat.com ct.pinterest.com js.appboycdn.com *.g.doubleclick.net widgets.trustedshops.com tpc.googlesyndication.com *.clarity.ms cdn.avo.app maps.googleapis.com pagead2.googlesyndication.com ep2.adtrafficquality.google; frame-src 'self' *.thomannmusic.com *.thomann.de *.g.doubleclick.net *.safeframe.googlesyndication.com challenges.cloudflare.com ct.pinterest.com td.doubleclick.net tpc.googlesyndication.com tr.snapchat.com www.facebook.com www.google.com www.youtube-nocookie.com www.googletagmanager.com ep2.adtrafficquality.google; frame-ancestors 'self' app.storyblok.com; object-src 'none' 2 frame-ancestors https://hpsecurity.my.salesforce.com; 2 frame-ancestors 'self' *.kugou.com 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.treehugger.com; upgrade-insecure-requests; 2 frame-ancestors 'self' *.dn.se *.retriever-info.com 2 frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be; 2 frame-ancestors 'self' https://bluebelldigital.com/; report-to default 2 connect-src 'self' https://chat.elster.de wss://chat.elster.de ; default-src 'self' ; font-src 'self' data: https://chat.elster.de ; form-action 'self' https://warteraum.elster.de ; frame-ancestors 'self' ; img-src 'self' https://chat.elster.de ; media-src 'self' https://download.elster.de ; object-src 'none' ; script-src 'self' https://chat.elster.de ; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-8iQ2C8eb3U8w2Ju2KXNjCyA/smg8byFgqNObcw1AX74=' 'sha256-YYGOQLmFupNssV6Yh7nuq54fYxTXHNrLhuEwg06WCkw=' 'sha256-uGLs916BWWd82O+HGlWvl29QI9Ql1zsRzxZP1/7F9xI=' https://chat.elster.de 2 object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.googleadservices.com app.purechat.com app-script.monsido.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com polyfill.io *.googletagmanager.com *.google-analytics.com *.google.com www.gstatic.com cdn.jsdelivr.net *.hotjar.com *.gtranslate.net js.createsend1.com www.createsend.com *.blackbaudhosting.com *.googleapis.com *.payments.blackbaud.com payments.blackbaud.com/Checkout/bbCheckout.2.0.js *.simpli.fi https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src * 'report-sample' 'unsafe-inline'; worker-src 'self'; base-uri 'self'; form-action 'self' www.createsend.com *.blackbaudhosting.com js.createsend1.com *.nla.gov.au *.payments.blackbaud.com; frame-ancestors 'self' 2 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 2 child-src blob:; connect-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://go.telia.se https://www.google.com https://www.google.se https://www.googletagmanager.com privacyportal-de.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net https://*.doubleclick.net https://*.giosg.com https://*.giosgusercontent.com wss://*.giosg.com static.customersaas.com teliase-259.qelpcare.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://www.google-analytics.com ssgtm.telia.se https://optimizely.teliacompany.com https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se https://dialogflow.telia.se captive.apple.com connectivitycheck.gstatic.com https://go.telia.se https://*.adyen.com https://*.tf-b2c.com https://dialogflow.telia.se; default-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; font-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://cdn.giosgusercontent.com data: https://*.adyen.com https://*.tf-b2c.com; frame-src https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se ssgtm.telia.se https://*.doubleclick.net static.customersaas.com static-accept.customersaas.com https://*.giosg.com https://*.giosgusercontent.com *.kampyle.com *.medallia.eu *.ace.teliacompany.com telia.humany.net https://optimizely.teliacompany.com bankid: https://app.bankid.com https://*.adyen.com https://*.tf-b2c.com; img-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://dcosix8as1189.cloudfront.net https://*.giosgusercontent.com https://www.facebook.com/ d35v9wsdymy32b.cloudfront.net d3mwk3f7r8fv9u.cloudfront.net images.customersaas.com horizon-cms.s3.eu-central-1.amazonaws.com *.ace.teliacompany.com telia.humany.net https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net *.kampyle.com *.medallia.eu https://www.google-analytics.com https://www.google.com https://www.google.se https://www.googletagmanager.com https://optimizely.teliacompany.com https://webbshop.telia.se data: https://*.adyen.com https://*.tf-b2c.com; object-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; report-uri /.api/csp-report/v1/report; script-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://go.telia.se https://www.google.com https://www.google.se https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net https://*.giosg.com https://*.giosgusercontent.com https://*.interactionbuilder.giosg.com https://connect.facebook.net static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://www.google-analytics.com https://www.googletagmanager.com ssgtm.telia.se blob: https://optimizely.teliacompany.com https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://glu2.ham.telia.se 'unsafe-inline' 'unsafe-eval' https://go.telia.se https://*.adyen.com https://*.tf-b2c.com; style-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://www.googletagmanager.com https://*.giosg.com https://*.giosgusercontent.com static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://telia-se.blueconic.net https://t944.telia.se https://n467.telia.se https://telia-se-b2b.blueconic.net 'unsafe-inline' https://*.adyen.com https://*.tf-b2c.com; worker-src blob: 2 default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; script-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com payanyway.ru https://pay.google.com https://pay.yandex.ru https://mc.yandex.ru https://yastatic.net https://cdn-ru.bitrix24.ru 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru www.payanyway.ru *.payanyway.com 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru *.payanyway.com ; connect-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru payanyway.ru sbp.payanyway.ru *.payanyway.com https://mc.yandex.ru https://qr.nspk.ru https://widget.cbrpay.ru https://b24-eye5y3.bitrix24.ru ; frame-src https: sberpay: sbolpay: qr.nspk.ru mc.yandex.ru ; child-src blob: https://mc.yandex.ru ; report-uri /cspreport.htm 2 frame-ancestors 'self' https://next.brella.io 2 base-uri 'self'; default-src 'self' *.photonengine.com; block-all-mixed-content; connect-src 'self' *.photonengine.com *.azure.com *.addsearch.com *.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://static.cloudflareinsights.com; frame-ancestors 'self'; frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io *.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' *.photonengine.com *.azure.com https://*.google-analytics.com https://*.googletagmanager.com blob: data:; object-src 'self' *.photonengine.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com https://www.gstatic.com *.azure.com https://*.google-analytics.com https://*.googletagmanager.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline'; 2 default-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' data:; img-src * data: blob:; font-src * data:; connect-src * data: blob: ws: wss:; media-src * data: blob:; frame-src *; child-src *; worker-src * blob: data:; base-uri 'self'; form-action *; frame-ancestors 'self'; upgrade-insecure-requests 2 img-src 'self' https: data: cdn.paris.fr; frame-ancestors 'self' *; frame-src 'self' * 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://match.prod.bidr.io/cookie-sync/contanuity https://tracking.contanuity.com/page-tracking/nrich_9655/ https://d-code.liadm.com/did-004v.min.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js https://connect.facebook.net/ https://www.google-analytics.com/analytics.js https://tracking.contanuity.com/tag.js https://www.googletagmanager.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://x.clearbitjs.com/ https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com/ https://cdn.dreamdata.cloud/ https://cdn.mouseflow.com/ https://static.hsappstatic.net/ *.nrich.ai https://cdnjs.cloudflare.com/ https://*.hs-analytics.net/ https://*.hubspot.com/ https://*.hubspot.net/ https://hubspot.net/ https://*.hs-banner.com/ https://io.clickguard.com/ http://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://*.fs1.hubspotusercontent-na1.net/ https://js.usemessages.com/conversations-embed.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://*.hotjar.com/ https://tag.clearbitscripts.com/ https://tracking.g2crowd.com/ https://www.clarity.ms/ https://platform.linkedin.com/ https://platform.twitter.com/ https://www.gartner.com/ https://secure.smart-company-vision.com/ https://tag.clearbitscripts.com/ https://s3-us-west-2.amazonaws.com/ https://js.hubspotfeedback.com/ https://unpkg.com/swiper/swiper-bundle.min.js https://b-code.liadm.com/lc2.js https://cdn.ampproject.org/ https://www.googletagmanager.com/gtm.js https://secure.smart-company-vision.com/js/267476.js https://app-oss.byte-app.com/common/js/byteh5monitor.aio.min.js https://js.hsadspixel.net/ https://apis.google.com/js/client.js https://dyv6f9ner1ir9.cloudfront.net/ https://www.google.com/pagead/ https://www.googleadservices.com/pagead https://cdn.jsdelivr.net/npm/basiclightbox@5.0.4/dist/basicLightbox.min.js https://scripts.clarity.ms/0.8.38/clarity.js https://pulse.clickguard.com/s/accvTTkgXOEVo/astIQzln53nBG; worker-src 'self' blob:; object-src 'none'; report-uri https://o1168991.ingest.sentry.io/api/6261364/security/?sentry_key=7d242ac12119401194fa3bf0fb45a4bf;; upgrade-insecure-requests 2 object-src 'none'; connect-src https://stats-stg.jiosaavn.com https://stats.jiosaavn.com https://qa-api.jiosaavn.com https://staging-api.jiosaavn.com https://api1.jiosaavn.com https://public.releases.juspay.in 'self' https://static-cdn.trackier.com wss://wsstaging.jiosaavn.com wss://ws.jiosaavn.com https://identitytoolkit.googleapis.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://hbopenbid.pubmatic.com https://www.google.com https://www.gstatic.com https://pagead2.googlesyndication.com *.pubmatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' *.juspay.in/ https://payments.juspay.in/ https://api.assets.juspay.in/ https://sandbox.assets.juspay.in/ https://js.stripe.com https://public.releases.juspay.in https://api.juspay.in https://sandbox.juspay.in tez://upi/pay phonepe://pay paytmmp://upi/pay paytmmp://pay credpay://upi/pay upi://pay upi://mandate paytmmp://mandate paytmmp://upi/mandate phonepe://mandate tez://upi/mandate *.googlesyndication.com *.safeframe.googlesyndication.com https://ads.pubmatic.com https://www.google.com data: tez: upi: paytmmp: phonepe: https://*.jiocoupons.in; worker-src 'none';manifest-src 'self'; 2 frame-ancestors 'self' *.boursorama.com *.boursobank.com 2 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com teams.cloud.microsoft *.skype.com 2 frame-ancestors 'self' https://www.ub.edu 2 default-src 'self' 'unsafe-inline'; script-src creatives.al-adtech.com telegram.org px.adhigh.net cdn.uxfeedback.ru cloud.ru content.cloud.ru cdn.cloud.ru mtm.sbercloud.tech facecast.net qoopler.ru *.mindbox.ru *.jivo.ru ad.adriver.ru dmp.sbermarketing.ru www.googleanalytics.com www.google-analytics.com www.googleoptimize.com www.googletagmanager.com www.googleadservices.com mc.yandex.ru api-maps.yandex.ru connect.facebook.net top-fwz1.mail.ru api.ipify.org vk.com vkvideo.ru googleads.g.doubleclick.net yastatic.net *.cdnvideo.ru st.top100.ru www.youtube.com optimize.google.com abt.s3.yandex.net www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data: blob:; img-src ssp.al-adtech.com px.adhigh.net *.ops.beeline.ru *.jivo.ru *.uxfeedback.ru tech.rtb.mts.ru *.hc.sbercloud.ru *.hc.cloud.ru optimize.google.com i.ytimg.com mc.yandex.ru *.api-maps.yandex.ru cdn.cloud.ru cdn.sbercloud.ru cloud.ru www.google.com www.google.ru vk.com vkvideo.ru www.google-analytics.com www.facebook.com www.googletagmanager.com content.cloud.ru google-analytics.bi.owox.com kraken.rambler.ru top-fwz1.mail.ru ad.adriver.ru *.mindbox.ru data:; connect-src ai-agents.api.cloud.ru telegram.org marketplace.cloud.ru id.cloud.ru console.cloud.ru widget-api.uxfeedback.ru *.jivo.ru *.mindbox.ru uaas.yandex.ru *.api-maps.yandex.ru api-maps.yandex.ru *.maps.yandex.net dmp.sbermarketing.ru mlspace.aicloud.sbercloud.ru cloud.ru api.cloud.ru mtm.sbercloud.tech www.facebook.com www.google-analytics.com mc.yandex.ru top-fwz1.mail.ru stats.g.doubleclick.net vk.com vkvideo.ru kraken-mdt.rambler.ru kraken.rambler.ru sentry.sbercloud.tech analytics.google.com wss://*.jivo.ru blob:; frame-src console.cloud.ru yandex.ru facecast.net vk.com vkvideo.ru px.adhigh.net rutube.ru content.adriver.ru optimize.google.com w.soundcloud.com readymag.website readymag.com www.facebook.com www.youtube.com mc.yandex.ru www.google.com recaptcha.google.com blob:; media-src cdn.cloud.ru cdn-video.cloud.ru cloud.ru *.jivo.ru; style-src cloud.ru optimize.google.com *.jivo.ru fonts.googleapis.com 'unsafe-inline'; font-src cloud.ru fonts.gstatic.com data:; worker-src blob:; child-src mc.yandex.ru blob:; style-src-elem 'unsafe-inline' cloud.ru cdn.uxfeedback.ru *.jivo.ru *.mindbox.ru; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2 frame-ancestors 'self' ura.news ura.ru *.ura.news *.uranews.xyz *.uran.news momenty.org webvisor.com *.yandex.ru *.yandex.com *.yandex.by *.yandex.com.tr; 2 frame-ancestors https://offers.monlix.com https://freecash.com 2 default-src 'none'; img-src 'self' data: blob: https://www.goldmansachs.com https://consent.trustarc.com https://googletagmanager.com https://www.googletagmanager.com https://www.google.com https://px.ads.linkedin.com https://gs.sc.omtrdc.net https://*.doubleclick.net https://*.parsely.com https://cdn.gs.com https://gateway.zscalerthree.net https://prod.forms.workflow.ep.site.gs.com *.gs.com:* https://public.flourish.studio https://gateway.zscaler.net https://adservice.google.com https://www.linkedin.com https://*.6sc.co https://www.facebook.com https://iad1.qualtrics.com https://siteintercept.qualtrics.com https://*.adobe.com https://*.omtrdc.net https://*.demdex.net https://*.tt.omtrdc.net https://*.adobedtm.com https://*.adobetag.com https://*.targetcdn.adobe.com https://*.adobedc.net https://*.experience.adobe.com https://*.adobe.io https://*.everesttech.net https://*.experiencecloud.adobe.com; style-src 'self' 'unsafe-inline' https://www.goldmansachs.com https://amp.akamaized.net https://cdn.gs.com *.gs.com:* https://public.flourish.studio https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.goldmansachs.com https://consent.trustarc.com https://googletagmanager.com https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://bat.bing.com https://gs.sc.omtrdc.net https://*.doubleclick.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://*.parsely.com https://*.go-mpulse.net https://*.akstat.io https://amp.akamaized.net https://cdn.gs.com https://gateway.zscalerthree.net *.gs.com:* https://public.flourish.studio https://www.googleadservices.com https://*.6sc.co https://*.adobe.com https://*.omtrdc.net https://*.demdex.net https://*.tt.omtrdc.net https://*.adobedtm.com https://*.adobetag.com https://*.targetcdn.adobe.com https://*.adobedc.net https://*.experience.adobe.com https://*.adobe.io https://*.everesttech.net https://*.experiencecloud.adobe.com https://sdk.ceros.com; connect-src 'self' https://www.goldmansachs.com https://www.google.com https://px.ads.linkedin.com https://gs.sc.omtrdc.net https://*.doubleclick.net https://dpm.demdex.net https://siteintercept.qualtrics.com https://*.parsely.com https://*.go-mpulse.net https://*.akstat.io https://amp.akamaized.net https://cdn.gs.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.gs.com:* https://api.goldmansachs.wallst.com https://www.gsam.com/bin/gsam/servlets/EmailSubscriptionServlet https://public.flourish.studio https://adobedc.demdex.net https://adservice.google.com https://*.6sc.co https://*.akamaihd.net https://sdk.iad-07.braze.com https://*.adobe.com https://*.omtrdc.net https://*.demdex.net https://*.tt.omtrdc.net https://*.adobedtm.com https://*.adobetag.com https://*.targetcdn.adobe.com https://*.adobedc.net https://*.experience.adobe.com https://*.adobe.io https://*.everesttech.net https://*.experiencecloud.adobe.com; font-src 'self' data: https://www.goldmansachs.com https://amp.akamaized.net https://cdn.gs.com *.gs.com:* https://public.flourish.studio https://fonts.gstatic.com; frame-src 'self' mailto: https://www.goldmansachs.com https://www.googletagmanager.com https://*.doubleclick.net https://onegs.iad1.qualtrics.com https://d1pmpteesu3euy.cloudfront.net https://cdn.gs.com https://playlist.megaphone.fm https://gateway.zscalerthree.net *.gs.com:* https://goldmansachs.demdex.net https://gateway.zscaler.net https://consent-pref.trustarc.com https://flo.uri.sh; media-src 'self' data: blob: https://www.goldmansachs.com https://cdn.gs.com https://video.goldmansachs.com *.gs.com:*; frame-ancestors 'self' https://www.goldmansachs.com *.gs.com:* https://*.targetcdn.adobe.com https://*.experience.adobe.com https://*.adobe.io; 2 default-src 'self' blob: wss: data: https:; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' https://*.dynamicyield.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://www.googletagmanager.com https://www.google-analytics.com; connect-src * data: https://*.dy-api.com https://*.dynamicyield.com https://www.googletagmanager.com https://www.google-analytics.com; style-src * 'unsafe-inline' https://*.dynamicyield.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/*; img-src * data: https://*.dynamicyield.com https://images.ctfassets.net; font-src * https://fonts.googleapis.com https://fonts.gstatic.com; frame-src *; frame-ancestors * https://app.contentful.com; media-src *; worker-src 'self' blob:; 2 frame-ancestors 'self' http://info.barchart.com 2 default-src 'self' https://cdn.finnair.com https://pay.finnair.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.finnair.com *.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://bat.bing.com https://*.akamaihd.net https://*.go-mpulse.net https://*.quantummetric.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://connect.facebook.net https://www.dwin1.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://snap.licdn.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com https://*.hotjar.com https://*.ads-twitter.com https://cdn.jsdelivr.net/npm/tesseract.js@v5.0.4/ https://cdn.jsdelivr.net/npm/tesseract.js-core@v5.0.0/ https://xsell.expedia.com; style-src 'self' 'unsafe-inline' *.finnair.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.reactandshare.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com; img-src 'self' data: *.finnair.com *.google-analytics.com https://*.ytimg.com https://*.akamaihd.net https://*.akstat.io https://www.googletagmanager.com https://maps.googleapis.com https://*.gstatic.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://pagead2.googlesyndication.com *.doubleclick.net https://www.googleadservices.com https://*.analytics.google.com https://www.facebook.com https://www.awin1.com https://www.dwin1.com https://cdn.smartvel.com https://bat.bing.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://analytics.twitter.com https://t.co https://script.hotjar.com https://play-lh.googleusercontent.com https://ade.googlesyndication.com https://cms-scdn.airtime.geemedia.com; manifest-src 'self' https://cdn.finnair.com; font-src 'self' data: https://cdn.finnair.com https://maps.googleapis.com https://*.gstatic.com https://cdn.smartvel.com https://cdn-qa.smartvel.com https://*.reactandshare.com https://script.hotjar.com; connect-src 'self' *.finnair.com https://sentry.io https://*.sentry.io https://*.akamaihd.net https://*.akstat.io https://c.go-mpulse.net https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://search-api.swiftype.com https://finnair-app.quantummetric.com *.google-analytics.com https://pagead2.googlesyndication.com https://www.googleadservices.com *.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://www.facebook.com https://green.am.apps.avarko.com https://*.aurinkomatkat.fi https://api.smartvel.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://finnair-app-search.ent.eu-central-1.aws.cloud.es.io https://*.reactandshare.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://*.analytics.twitter.com https://finnair.my.salesforce-sites.com https://finnair.my.site.com https://*.my.salesforce-scrt.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.safetravel.amadeus.com https://wasm.oho.prd.icm.aero; child-src 'self' https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://www.facebook.com https://staticxx.facebook.com blob:; frame-src 'self' https://sst.finnair.com https://*.force.com https://*.salesforce.com https://*.my.site.com https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://api-dev.finnair.com https://api-test.finnair.com https://api-preprod.finnair.com https://3530909.fls.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://finnair.eu.qualtrics.com https://www.facebook.com https://*.points.com https://13389050.fls.doubleclick.net https://vars.hotjar.com https://product-router.cartrawler.com https://*.hotels.finnair.com; worker-src 'self' https://finnair.3dseatmapvr.com blob:; sandbox allow-popups allow-forms allow-scripts allow-same-origin allow-modals allow-popups-to-escape-sandbox allow-top-navigation allow-downloads; frame-ancestors 'self'; object-src 'none'; media-src https://finnair.3dseatmapvr.com; 2 frame-src *.sailpoint.com *.facebook.com *.gartner.com *.google.com *.intellimizeio.com/ https://*.qualified.com https://8495553.fls.doubleclick.net/ https://api.intellimize.co/ https://all-demos-sigma.vercel.app/ https://app.smartsheet.com/ https://bid.g.doubleclick.net/ https://bugcrowd.com/ https://business-demo-bay.vercel.app/ https://business-plus-demo.vercel.app/ https://challenges.cloudflare.com/ https://indd.adobe.com https://platform.twitter.com/ https://pixel.mathtag.com/ https://play.vidyard.com https://player.vimeo.com/ https://recaptcha.google.com/recaptcha/ https://sailpoint2016.wpengine.com https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ https://sp-next-sanity.vercel.app/ https://static.hotjar.com https://static.hotjar.io https://syndication.twitter.com/ https://td.doubleclick.net/ https://vars.hotjar.com/ https://vars.hotjar.io/ https://webto.salesforce.com https://w.soundcloud.com/ https://www.brighttalk.com/ https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.linkedin.com/ https://www.podbean.com/ https://www.youtube-nocookie.com/ https://www.youtube.com; style-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com https://platform.twitter.com/ https://sailpoint2016.wpengine.com *.twimg.com/ https://code.jquery.com https://c.bing.com https://play.vidyard.com https://fonts.googleapis.com https://res.cloudinary.com https://*.qualified.com https://www.gstatic.com 'unsafe-inline'; script-src blob: *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com *.cloudflare.com/ https://sailpoint2016.wpengine.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.zi-scripts.com/ https://cdn.intellimize.co/ https://tags.clickagy.com/data.js *.zoominfo.com https://cdn.ampproject.org/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/ https://ib.adnxs.com/ https://tr.outbrain.com/ https://cdn.smartnews-ads.com/ https://pixel.mathtag.com/ https://pixel.advertising.com/ https://amplify.outbrain.com/ https://cnt.ads.8card.net/ https://cdn.syndication.twimg.com/ https://googleads.g.doubleclick.net https://platform.twitter.com https://api.swiftype.com https://code.jquery.com https://code.createjs.com https://www.amcharts.com https://cdn.amcharts.com/ https://connect.facebook.net/ https://j.6sc.co/ https://trk.techtarget.com/ https://googleadservices.com https://www.googleadservices.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://script.hotjar.com https://script.hotjar.io https://play.vidyard.com https://static.hotjar.com/ https://static.hotjar.io https://lltrck.com/scripts/ https://snap.licdn.com/ https://ws.zoominfo.com/ https://bat.bing.com/ https://cdn.cookielaw.org/ http://munchkin.marketo.net/ https://munchkin.marketo.net/ https://d.adroll.com/ https://static.cloudflareinsights.com/beacon.min.js/ *.clarity.ms/ https://instant.page/3.0.0 https://cdn.jsdelivr.net/ https://www.googletagmanager.com/gtm.js https://client.prod.mplat-ppcprotect.com/ https://www.redditstatic.com https://res.cloudinary.com https://ob.forroundprince.com https://obs.forroundprince.com https://*.qualified.com https://www.brighttalk.com/ https://home.integrate.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://lib-3pas.admatrix.jp https://webto.salesforce.com 'unsafe-inline' 'unsafe-eval'; img-src data: *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.twimg.com/ https://sailpoint2016.wpengine.com *.gartner.com https://cnv.event.prod.bidr.io/ https://www.google-analytics.com https://sailpoint-digital-marketing.imgix.net/ https://cdn.cookielaw.org/ https://conversionadvocates.com/ https://www.linkedin.com/ https://t.6sc.co/ https://ups.analytics.yahoo.com/ https://pixel.advertising.com/ https://x.bidswitch.net/ https://cm.g.doubleclick.net/ https://image2.pubmatic.com/ https://beacon.krxd.net/ https://idsync.rlcdn.com/ https://www.googletagmanager.com/ https://pixel.mathtag.com/ https://dsum-sec.casalemedia.com/ https://i.smartnews-ads.com/ https://tr.outbrain.com/ https://sync.taboola.com https://sync.outbrain.com/ https://ads.yahoo.com *.twitter.com https://apt.techtarget.com/ https://dpm.demdex.net/ *.google.com/ https://googleads.g.doubleclick.net https://us-u.openx.net/ https://stags.bluekai.com/ https://www.facebook.com https://io.narrative.io/ https://p.adsymptotic.com/ https://pixel.rubiconproject.com/ https://secure.gravatar.com https://c.bing.com/ *.clarity.ms/ https://lltrck.com/ https://b.6sc.co/ https://bat.bing.com/ https://d.adroll.com https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://play.vidyard.com https://cdn.sanity.io/ https://ad.ipredictive.com/ https://res.cloudinary.com https://alb.reddit.com https://obs.forroundprince.com https://*.qualified.com https://custom.cvent.com https://googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://*.admatrix.jp 'self'; font-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ https://sailpoint2016.wpengine.com https://fonts.gstatic.com https://cdn.cookielaw.org; frame-ancestors *.sailpoint.com https://www.majorkeytech.com/partner/sailpoint https://sailpoint2016.wpengine.com 'self'; connect-src ws://localhost:3000/_next/webpack-hmr *.sailpoint.com https://*.apicdn.sanity.io https://*.google-analytics.com https://*.googletagmanager.com https://td.doubleclick.net https://*.g.doubleclick.net https://google.com https://www.googleadservices.com https://*.intellimize.co https://cdn.cookielaw.org https://*.google.com https://play.vidyard.com https://*.onetrust.com https://*.googlesyndication.com https://sailpoint-digital-marketing.imgix.net/ https://cdn.sanity.io/ wss://*.qualified.com https://*.qualified.com wss://ws.hotjar.com https://*.hotjar.io https://px.ads.linkedin.com https://*.6sc.co https://*.6sense.com https://o4507821606436864.ingest.us.sentry.io https://pixel-config.reddit.com https://conversions-config.reddit.com https://www.redditstatic.com https://secure.adnxs.com https://626-lto-177.mktoresp.com https://*.clarity.ms https://js.zi-scripts.com https://ws.zoominfo.com https://obs.forroundprince.com https://analytics-api.integrate.com https://ibc-flow.techtarget.com https://webto.salesforce.com https://www.facebook.com; 2 frame-ancestors 'self' https://app.contentstack.com https://eu-app.contentstack.com http://localhost:5173 2 frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com *.clarity.ms stats.g.doubleclick.net;default-src 'self';frame-src 'self' intercom-sheets.com; script-src 'self' *.intercomcdn.com *.heapanalytics.com www.googletagmanager.com cdn.cookielaw.org platform.twitter.com www.clarity.ms www.google-analytics.com static.ads-twitter.com widget.intercom.io 'unsafe-inline';style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com fonts.gstatic.com fast.fonts.net heapanalytics.com cdn.cookielaw.org c.clarity.ms t.co analytics.twitter.com c.bing.com www.google.com www.google.com.np https://www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests 2 default-src 'self' *.snai.it ws: wss: www.datocms-assets.com * *.google-analytics.com snai-pscp.mstchannel.com; connect-src 'self' *.snai.it ws: wss: www.datocms-assets.com acsbapp.com captainup.com registry.spid.gov.it api.livestreaming.imgarena.com widgets.sir.sportradar.com www.googletagmanager.com * *.geniussports.com *.llnwd.net *.typekit.net *.go-mpulse.net *.woosmap.com *.cookiebot.com *.dynatrace.com *.sportradar.com *.akstat.io *.googleapis.com *.akamaihd.net onetag-sys.com *.akamaized.net *.google-analytics.com *.applicationinsights.azure.com; script-src 'self' *.snai.it blob: acsbapp.com mpsnare.iesnare.com www.googletagmanager.com * *.typekit.net *.woosmap.com *.cookiebot.com *.dynatrace.com *.pokersnai.it *.rfihub.com *.rfihub.net www.snaiabilita.it skill-sn.gioconlineitalia.it b2b.betpoint.it snaiwpprod.game360.it game-launcher-lux.isoftbet.com login-it.casino.pokersnai.it captainup.com vetrina.gntn-pgd.it snai.live.giocaonline.casino www.gntn-pgd.it litlobby.grattaevinci.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.snai.it extstg1-login.ptstaging.eu acsbapp.com b2b.betpoint.it captainup.com www.snaiabilita.it mpsnare.iesnare.com skill-sn.gioconlineitalia.it widgets.sir.sportradar.com www.googletagmanager.com *.gntn-pgd.it * *.go-mpulse.net *.game360.it *.isoftbet.com *.woosmap.com *.betpoint.it snai-pscp.mstchannel.com *.cookiebot.com *.dynatrace.com *.pokersnai.it *.rfihub.net *.rfihub.com *.qa.gameaccount.com *.sisal.it *.googleapis.com lit.grattaevinci.com onetag-sys.com *.gioconlineitalia.it snai-pscp-staging.mstchannel.com *.giocaonline.casino snai.live.giocaonline.casino webapp.woosmap.com 'unsafe-inline'; style-src 'self' *.snai.it fonts.cdnfonts.com widgets.sir.sportradar.com * *.typekit.net *.googleapis.com 'unsafe-inline'; frame-src 'self' *.snai.it acquistionlinetest.poste.it *.safecharge.com *.sisal.it *.gntn-pgd.it * *.mstchannel.com *.cookiebot.com *.ptstaging.eu *.pokersnai.it *.jumio.ai *.rfihub.net *.rfihub.com snai-pscp-staging.mstchannel.com report.liveg24.com login-it.casino.pokersnai.it snai.betstream.betgenius.com www.snaigiochi.it vetrina.giocodellotto.it litlobby.grattaevinci.com cachedownload-poker.casino.pokersnai.it mobile.casino.pokersnai.it cachedownload.casino.pokersnai.it 'unsafe-inline'; media-src 'self' *.snai.it blob: data: mpsnare.iesnare.com api.livestreaming.imgarena.com * *.geniussports.com *.llnwd.net *.akstat.io *.akamaized.net; font-src 'self' *.snai.it data: fonts.cdnfonts.com * *.typekit.net *.gstatic.com *.googleapis.com login-it.casino.pokersnai.it; img-src 'self' *.snai.it blob: data: www.datocms-assets.com login-pza.techonlinecorp.com imgsct.cookiebot.com * *.woosmap.com *.gstatic.com *.amazonaws.com *.sportradar.com *.googleapis.com *.doubleclick.net *.google-analytics.com www.googletagmanager.com; form-action 'self' *.snai.it; base-uri 'self' *.snai.it; frame-ancestors 'self' *.snai.it *.gntn-pgd.it * *.snaitech.net; object-src 'self' *.snai.it blob: data: *; block-all-mixed-content; upgrade-insecure-requests; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: data: blob: 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.jnj.com https://*.brightspotcdn.com https://*.jnj.psdops.com https://*.brightspot.cloud https://*.s3.amazonaws.com https://*.gstatic.com https://snap.licdn.com https://vjs.zencdn.net https://cdn.jsdelivr.net https://*.brightspotcdn.com https://cdn.plyr.io https://*.youtube.com https://*.facebook.com https://*.twitter.com https://*.linkedin.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com http://*.facebook.net https://*.facebook.net https://*.doubleclick.net https://static.ads-twitter.com https://app.bowencraggs.com https://t.co https://p.adsymptotic.com https://*.brightcove.com https://*.brightcovecdn.com http://*.brightcove.net https://*.brightcove.net https://manifest.prod.boltdns.net https://*.akamaihd.net http://*.arcgisonline.com https://cdn.linkedin.oribi.io https://cdn.cookielaw.org https://*.onetrust.com https://*.googlesyndication.com https://perfectsense.atlassian.net https://trinitymedia.ai https://*.trinitymedia.ai https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.kameleoon.io https://*.kameleoon.com https://*.contextweb.com https://beacon.deepintent.com https://thrtle.com https://datawrapper.dwcdn.net https://www.datawrapper.de blob: https://cdn.ampproject.org https://*.clarity.ms https://*.boltdns.net https://www.google.de https://*.adobedtm.com https://*.taboola.com https://*.yimg.jp https://*.smartnews-ads.com https://*.line-scdn.net https://*.yahoo.co.jp https://*.line.me https://*.jnj.com.cn https://*.ytimg.com https://*.google-analytics.com https://*.bing.com https://*.jsdelivr.net; frame-ancestors https://cms2.jnj.com https://www.jnj.com https://cms.jnj-qa.lower.jnj.brightspot.cloud https://cms.jnj-uat.lower.jnj.brightspot.cloud; 2 default-src 'self' * data: https: blob:; object-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * 'self' blob:; img-src * 'self' data: https: blob:; style-src * 'self' 'unsafe-inline'; font-src * data:; frame-src * 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://inno.tech https://privacy-cs.mail.ru https://emd.hybrid.ai https://dss.hybrid.ai https://st.hybrid.ai https://st.top100.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.inet.vtb https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://yastatic.net; style-src 'self' 'unsafe-inline' https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; img-src * data:; font-src 'self' data: https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; media-src 'self' blob: https://inno.tech https://t1.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://chat.vtb.ru wss://chat.vtb.ru https://t1-cloud.ru; frame-src 'self' 'unsafe-inline' blob: https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net https://mc.yandex.ru; connect-src 'self' blob: wss://mc.yandex.ru https://api.hh.ru https://api.sendsay.ru https://inno.tech https://api.calc.t1.cloud https://privacy-cs.mail.ru https://yandex.ru https://pagead2.googlesyndication.com https://kraken.rambler.ru https://t1.ru https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://stream.datago.ru https://*.corp.dev.vtb:* https://*.inet.vtb https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://siteapi.vtb.ru https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://vb.vtb.ru https://yastatic.net https://api.hh.ru/; frame-ancestors 'self' https://inno.tech https://siteapi.t1-academy.ru https://draft.t1-academy.ru https://review.t1-academy.ru https://web.t1-academy.ru https://t1-academy.ru https://*.inet.vtb https://*.vtb.ru:* https://mc.yandex.ru https://metrika.yandex.ru; 2 worker-src 'self' blob: *.vix.tv *.vix.com; frame-ancestors SAMEORIGIN; 2 default-src 'self' https://*.pixelcut.app https://auth.prod.pixelcut.ai https://accounts.google.com/gsi/; img-src 'self' https: data: blob: gs: https://d33v4339jhl8k0.cloudfront.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com/gsi/style https://*.iubenda.com https://assets.churnkey.co; font-src 'self' 'unsafe-inline' https://*.pixelcut.app https://fonts.gstatic.com https://assets.churnkey.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://accounts.google.com/gsi/client https://*.googleapis.com https://googleads.g.doubleclick.net https://apis.google.com https://cdn-cookieyes.com https://*.cookieyes.com https://challenges.cloudflare.com/turnstile/v0/api.js https://www.dropbox.com/static/api/2/dropins.js https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://*.googletagmanager.com https://js.stripe.com/v3 https://js.stripe.com/v3/ https://assets.churnkey.co https://*.iubenda.com https://r.wdfl.co todesktop-internal://*; object-src 'self' blob:; media-src 'self' blob: https://beacon-v2.helpscout.net https://cdn3.pixelcut.app https://storage.googleapis.com/ https://*.pixelcut.app https://*.pixelcut.ai; frame-src 'self' https://accounts.google.com/gsi/ https://auth.prod.pixelcut.ai https://challenges.cloudflare.com/ https://content.googleapis.com/ https://docs.google.com/ https://accounts.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com https://www.facebook.com https://js.stripe.com/; connect-src 'self' file: data: blob: filesystem: ws: https://images.unsplash.com https://images.pexels.com https://*.pixelcut.app https://d3hb14vkzrxvla.cloudfront.net https://*.pixelcut.app https://accounts.google.com/gsi/ https://*.googleapis.com https://www.googleadservices.com https://*.sentry.io https://*.mixpanel.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://endpoint1.collection.us2.sumologic.com https://cdn-cookieyes.com https://*.cookieyes.com https://dl.dropboxusercontent.com/1/ https://apis.google.com/ https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.google.com https://stripe.com https://*.stripe.com https://api.churnkey.co https://fal.media https://*.fal.media https://content.pixelcut.ai https://content-staging.pixelcut.ai https://assets.pixelcut.ai https://assets.staging.pixelcut.app https://api.getrewardful.com https://api.statsig.com https://featuregates.org https://statsigapi.net https://events.statsigapi.net https://api.statsigcdn.com https://featureassets.org https://assetsconfigcdn.org https://prodregistryv2.org https://cloudflare-dns.com https://beyondwickedmapping.org; worker-src 'self' blob:; child-src 'self' blob:; frame-ancestors 'none' 2 font-src *.fontawesome.com https://cdn.checkout.com fonts.gstatic.com cdn.checkout.com script.hotjar.com db.onlinewebfonts.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * affiliates.cdkeys.com affiliates.loaded.com *.snapchat.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.certcapture.com www.cdkeys.com www.loaded.com app.storyblok.com *.brandswap.com 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.certcapture.com *.safeframe.googlesyndication.com *.adtrafficquality.google *.googleapis.com *.cloudflare.com *.cloudfront.net *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.btloader.com *.media.net ad-delivery.net d.impct.site ag.dns-finder.com fast.ssqt.io https://js.checkout.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com *.addthis.com *.facebook.com *.twitter.com fp.cdkeys.com fp.loaded.com ad4m.at widget.trustpilot.com simplicity.trustpilot.com www.facebook.com js.checkout.com embed.twitch.tv accounts.google.com web.facebook.com www.trustpilot.com vars.hotjar.com sandbox-checkout.epag.io checkout.epag.io *.snapchat.com www.emjcd.com static.criteo.net cj.dotomi.com *.doubleclick.net www.paypalobjects.com unpkg.com optimize.google.com apps.rokt.com wsdk.rokt.com platform.twitter.com ad.ad-srv.net analytics.fatmedia.io *.rfihub.com www.surveymonkey.com shop.spreadshirt.com cdkeys.myspreadshop.com loaded.myspreadshop.com preview.tagging.cdkeys.com preview.tagging.loaded.com tagging.cdkeys.com tagging.loaded.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com cdkeys.pxf.io cdkeys.sjv.io loaded.pxf.io loaded.sjv.io app.termly.io *.brandswap.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.certcapture.com id5-sync.com *.adtrafficquality.google *.googleapis.com *.cloudflare.com *.cloudfront.net *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.btloader.com *.media.net d.impct.site ad-delivery.net ag.dns-finder.com fast.ssqt.io https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.addthisedge.com *.twitter.com *.cdkeys.com *.loaded.com *.omn-it.net www.gravatar.com steamcdn-a.akamaihd.net *.storyblok.com region1.analytics.google.com www.google.tm optimize.google.com *.doubleclick.net ssl.gstatic.com www.gstatic.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.spreadshirt.com image.spreadshirtmedia.com cdkeys.myspreadshop.com loaded.myspreadshop.com cm.everesttech.net preview.tagging.cdkeys.com preview.tagging.loaded.com tagging.cdkeys.com tagging.loaded.com www.facebook.com static.xx.fbcdn.net alb.reddit.com *.snapchat.com t.co cw.addthis.com syndication.twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com ad.360yield.com *.3lift.com sync.ad-stir.com *.adform.net *.adnxs.com *.adscale.de *.amazon-adsystem.com anymindgroup.go2cloud.org pixel.advertising.com x.bidswitch.net bat.bing.com bat.bing.net www.bizrate.com tags.bluekai.com match.bnmla.com r.casalemedia.com usersync.cdglib.com www.chinesean.com *.criteo.com dpm.demdex.net *.dotomi.com sync.e-planning.net secure.getprice.com.au matching.ivitrack.com beacon.krxd.net *.liadm.com contextual.media.net visitor.omnitagjs.com *.openx.net sync.outbrain.com jadserve.postrelease.com *.pubmatic.com idsync.rlcdn.com pixel.rubiconproject.com match.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net tg.socdm.com *.stickyadstv.com *.taboola.com pixel.tapad.com criteo-sync.teads.tv s.thebrighttag.com criteo-partners.tremorhub.com *.yahoo.com ad.yieldlab.net ads.yieldmo.com sync-criteo.ads.yieldmo.com lt45.net ds1.net dt51.net ndt5.net fr135.net as.ad4m.at ad.ad-srv.net *.clarity.ms *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com *.loggly.com www.ojrq.net cdkeys.pxf.io loaded.pxf.io cdkeys.sjv.io loaded.sjv.io delight-magento.fly.dev delight-s3-bucket.s3.eu-west-2.amazonaws.com tvspix.com tvpix.com fonts.gstatic.com *.brandswap.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com ajax.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.certcapture.com *.id5-sync.com *.adtrafficquality.google *.googleapis.com *.cloudflare.com *.cloudfront.net *.googletagmanager.com *.gstatic.com *.google-analytics.com *.inmobi.com *.fuseplatform.net *.amazon-adsystem.com *.googlesyndication.com *.btloader.com btloader.com *.media.net ad-delivery.net d.impct.site ag.dns-finder.com fast.ssqt.io https://maps.googleapis.com https://cdn.checkout.com *.klarnacdn.net *.nsureapi.com api.fpjs.io device.maxmind.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com landofcoder.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com widget.surveymonkey.com prodregistryv2.org featureassets.org cdn.jsdelivr.net widget.trustpilot.com invitejs.trustpilot.com connect.facebook.net cdn.checkout.com polyfill.io *.algolia.net embed.twitch.tv *.google.com platform.twitter.com www.google.com www.gstatic.com cdn.simility.com static.hotjar.com script.hotjar.com sandbox-checkout.epag.io checkout.epag.io *.doubleclick.net *.zoho.com *.criteo.net *.criteo.com sc-static.net analytics.twitter.com *.ads-twitter.com *.bing.com bat.bing-int.com www.redditstatic.com maillist-manage.com *.cnnx.io unpkg.com ad4m.at/osij2yav.js optimus.360and1.com www.googleoptimize.com optimize.google.com apps.rokt.com wsdk.rokt.com *.clarity.ms *.cdkeys.com *.loaded.com *.omn-it.net c1.rfihub.net a.ad.gt applepay.cdn-apple.com pagead2.googlesyndication.com *.spreadshirt.com adtm.spreadshirts.net cdkeys.myspreadshop.com dpm.demdex.net static.zdassets.com/ *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com analytics.fatmedia.io utt.impactcdn.com delight-magento.fly.dev analytics.tiktok.com app.termly.io d2r1yp2w7bby2u.cloudfront.net wzrkt.com *.snapchat.com *.brandswap.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.certcapture.com *.googleapis.com *.cloudflare.com *.cloudfront.net *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.btloader.com *.media.net ad-delivery.net d.impct.site ag.dns-finder.com fast.ssqt.io *.fontawesome.com https://cdn.checkout.com unsafe-inline assets.braintreegateway.com cdn.checkout.com maxcdn.bootstrapcdn.com optimize.google.com adtm.spreadshirts.net cdkeys.myspreadshop.com delight-magento.fly.dev *.brandswap.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.googleapis.com *.cloudflare.com *.cloudfront.net *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.btloader.com *.media.net ad-delivery.net d.impct.site ag.dns-finder.com fast.ssqt.io cdn.cdkeys.com static.zdassets.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolianet.com *.insights.algolia.io insights.algolia.io *.certcapture.com *.fuseplatform.net *.jsdelivr.net *.33across.com *.criteo.com *.smartadserver.com onetag-sys.com *.media.net *.connectad.io *.adnxs.com *.adnxs-simple.com *.4dex.io *.casalemedia.com *.a-mo.net *.servenobid.com *.amazon-adsystem.com *.googlesyndication.com *.eu-1-id5-sync.com id5-sync.com *.adtrafficquality.google *.criteo.net *.btloader.com btloader.com *.ampproject.org *.inmobi.com *.facebook.com *.facebook.net *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.hcaptcha.com *.hotjar.com *.newrelic.com *.nr-data.net *.speaker.com *.ssl.cf3.rackcdn.com *.typeform.com *.youtube.com *.googleapis.com *.cloudflare.com *.cloudfront.net *.googletagmanager.com *.gstatic.com ap.lijit.com exchange.cootlogix.com direct.adsrvr.org s.seedtag.com prebid.dblks.net *.ingage.tech exchange.kueezrtb.com ad-delivery.net d.impct.site ag.dns-finder.com fast.ssqt.io https://maps.googleapis.com https://player.vimeo.com https://js.checkout.com *.klarnaevt.com *.nsureapi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com landofcoder.com prodregistryv2.org featureassets.org www.facebook.com js.checkout.com *.simility.com graph.facebook.com *.hotjar.io wss://*.hotjar.com/api/v2/client/ws pagead2.googlesyndication.com *.doubleclick.net freegeoip.app maillist-manage.com invitejs.trustpilot.com widget.trustpilot.com bat.bing.net bat.bing.com unpkg.com *.clarity.ms *.spreadshirt.com cdkeys.myspreadshop.com loaded.myspreadshop.com dpm.demdex.net preview.tagging.cdkeys.com preview.tagging.loaded.com tagging.cdkeys.com tagging.loaded.com static.zdassets.com ekr.zdassets.com cdkeys.zendesk.com loaded.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com cdkeys.pxf.io loaded.pxf.io cdkeys.sjv.io loaded.sjv.io api.delightglobal.io pro.ip-api.com analytics.tiktok.com analytics-ipv6.tiktokw.us app.termly.io *.api.termly.io ads-twitter.com ads-api.twitter.com analytics.twitter.com www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com match.adsrvr.org *.snapchat.com *.brandswap.com trackingapi-brandswap-stg.azurewebsites.net tagapi-brandswap-stg.azurewebsites.net t.elasticsuite.io 'self' 'unsafe-inline'; child-src *.certcapture.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https://www.myherbalife.com/nfC_/cxPd/Gx/HTd-/3c4A/D7ONVQchtbwSzSw7/UEZsSQ/AD/BCFkgmWGA * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' p11.techlab-cdn.com; 2 frame-ancestors 'self' https://liveshopping.bonprix.de/ https://www.liveshopping.bonprix.de/ https://app.eu.contentful.com 2 frame-ancestors 'self' *.sf.intra.laposte.fr *.labanquepostale.fr file://* ; 2 frame-ancestors 'self' https://register.sch.gr; 2 frame-ancestors 'self' https://webhare.utwente.nl https://portal-test.utsp.utwente.nl 2 object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https: blob:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data: 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com ; style-src 'self' data: 'unsafe-inline' https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://*.googletagmanager.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://stats.g.doubleclick.net https://cbgames.s3.amazonaws.com https://player.vimeo.com https://script.hotjar.com http://script.hotjar.com ; font-src 'self' data: https://*.mmcdn.com https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com ; connect-src 'self' blob: blob https://*.mmcdn.com wss://*.mmcdn.com wss://*.mmcdn.com:8443 https://*.mmcdn.com:8443 https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com wss://ws-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://tls-use1.fpapi.io https://use1.fptls.com https://eun1.fptls.com https://aps1.fptls.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com ; media-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://storage.googleapis.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com; object-src 'self' https://*.mmcdn.com https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ; frame-src 'self' https://*.mmcdn.com https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://*.wnu.com https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://player.vimeo.com https://vars.hotjar.com https://directory-live.cb.dev https://directory-v3-live.cb.dev https://*.live.mmwebc.dev https://cbxyz.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://*.wnu.com https://wnu.com https://devportal.cb.dev https://*.web.amer-1.jumio.ai https://saas-onboarding.incodesmile.com https://smartpay.coinsmart.com https://crypto-payments.net https://secure.paygarden.com ; manifest-src 'self' https://*.mmcdn.com https://*.highwebmedia.com ; report-uri https://report-uri.mmcdn.com/r/t/csp/enforce; 2 default-src 'self' 'unsafe-inline' *.criipto.id cdnjs.cloudflare.com *.maxcdn.com ajax.googleapis.com maxcdn.bootstrapcdn.com *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; ;frame-ancestors 'self' *.webhosting.dk webhosting.dk ajax.googleapis.com *.facebook.com *.facebook.net googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; img-src https://* data:; frame-src 'self' 'unsafe-inline' ajax.googleapis.com *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com doubleclick.net *.doubleclick.net *.googleadservices.com googleadservices.com; 2 frame-ancestors 'self' https://*.weheartit.com https://weheartit.com https://*.fooducate.com https://fooducate.com 2 frame-ancestors *.procore.com https://app.contentful.com *.bugcrowd.com bugcrowd.com 2 default-src 'self' 'unsafe-inline' https://clear.navattic.com https://*.factors.ai https://*.google.com/ https://www.incometax.gov.in https://go.arena.im https://assets1.cleartax-cdn.com https://www.googletagmanager.com https://www.redditmedia.com https://assets.cleartax-cdn.com https://*.gstatic.com https://www.google-analytics.com https://js-agent.newrelic.com https://api.portal.peppercontent.in https://cleartax.in https://*.cleartax.in https://vc.hotjar.io https://*.cleartax.co https://*.cleartax.com https://cleartax.com https://www.youtube.com https://i.tryinteract.com https://cleartax-media.s3.amazonaws.com https://*.cloudfront.net https://web.archive.org https://img.youtube.com https://*.googleusercontent.com https://v.24liveblog.com https://sentry.io https://px.ads.linkedin.com https://doubleclick.net https://*.doubleclick.net https://platform.twitter.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com/ https://i.ytimg.com https://code.jquery.com https://*.googleapis.com https://www.google.co.in https://*.clarity.ms https://sumome.com https://*.sumome.com https://clear.in https://*.clear.in https://www.w3schools.com https://cdnjs.cloudflare.com http://localhost:80 https://*.website-files.com https://cleartax.mynexthire.com https://sumo.com https://*.sumo.com https://*.livechatinc.com https://*.hs-scripts.com https://www.youtube-nocookie.com https://*.hubapi.com https://*.hubspot.com https://*.webflow.io https://*.s3.ap-south-1.amazonaws.com https://*.netcoresmartech.com https://*.cmp.usercentrics.eu https://assets.apollo.io https://aplo-evnt.com; img-src 'self' data: https://bat.bing.com https://www.facebook.com https://analytics.twitter.com https://*.linkedin.com https://*.google.com/ https://*.cleartax-cdn.com https://img.youtube.com https://cleartax-media.s3.amazonaws.com https://www.google.co.in https://assets.clear.in https://www.googletagmanager.com https://sumome.com https://*.website-files.com https://*.cloudfront.net https://*.jquery.com https://*.doubleclick.net https://*.usercentrics.eu https://static.wixstatic.com; font-src 'self' data: https://*.cleartax-cdn.com https://*.gstatic.com https://*.website-files.com https://*.webflow.com https://assets.clear.in; style-src 'self' 'unsafe-inline' https://*.google.com https://*.cleartax-cdn.com https://*.googleapis.com https://*.clarity.ms https://*.gstatic.com https://*.website-files.com https://*.jquery.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://www.redditstatic.com https://sc-static.net https://static.ads-twitter.com https://connect.facebook.net https://cdnjs.cloudflare.com https://js.hs-banner.com https://js.hsadspixel.net https://js.usemessages.com https://www.google-analytics.com https://www.googletagmanager.com https://doubleclick.net https://*.doubleclick.net https://snap.licdn.com https://www.youtube-nocookie.com https://sumo.com https://*.sumo.com https://*.livechatinc.com https://*.hs-scripts.com https://*.hs-analytics.net https://go.pardot.com https://*.cleartax-cdn.com https://*.clarity.ms https://*.google.com https://*.gstatic.com https://*.sumome.com https://code.jquery.com https://*.cloudfront.net https://*.googleapis.com https://www.googleadservices.com https://*.website-files.com https://*.webflow.io https://cleartax.mynexthire.com https://*.factors.ai https://*.netcoresmartech.com https://assets.clear.in/cleartax/images/1752568698_lottieplayer.js https://*.cmp.usercentrics.eu https://assets.apollo.io https://assets.clear.in blob: https://cleartax.in 2 frame-ancestors 'none'; form-action 'self'; 2 default-src 'self' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.youtube.com data:;connect-src 'self' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in *.youtube.com data:;script-src 'self' 'unsafe-eval' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in;style-src 'self' 'unsafe-inline' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in;object-src 'self' data:;frame-src 'self' docs.google.com *.youtube.com *.youtube-nocookie.com *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in app.powerbi.com data:;frame-ancestors 'self' docs.google.com *.youtube.com *.youtube-nocookie.com *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.apisetu.gov.in *.mybharat.gov.in *.myscheme.in *.wcd.gov.in app.powerbi.com data:; 2 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://gebrauchtwagen.autobild.de https://vorschau.autobild.de https://interred.autobild.de 2 base-uri 'none'; default-src 'none'; style-src 'self' 'unsafe-inline' www.bbthat.com assets.bwbx.io ; script-src 'self' bsso.bloomberg.com pro.bloomberglaw.com www.google.com www.gstatic.com gk-api.bloombergindustry.com wsauth.bloombergindustry.com gk-api.bloomberglaw.com essential.bloombergindustry.com wsauth.bloombergindustry.com profile.bloombergindustry.com go.bloombergtax.com www.bbthat.com a.bloombergtax.com a.bloomberglaw.com; connect-src 'self' bsso.bloomberg.com pro.bloomberglaw.com www.google.com www.gstatic.com gk-api.bloombergindustry.com wsauth.bloombergindustry.com gk-api.bloomberglaw.com essential.bloombergindustry.com wsauth.bloombergindustry.com profile.bloombergindustry.com go.bloombergtax.com www.bbthat.com a.bloombergtax.com a.bloomberglaw.com; img-src 'self' bsso.bloomberg.com bsso.blpprofessional.com access.bloombergindustry.com wsauth.bloombergindustry.com wsauth.bloomberglaw.com wsauth.bloomberg.com data:; font-src 'self' assets.bwbx.io; frame-ancestors 'self'; object-src 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content 2 frame-ancestors 'self' *.telekurier.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; worker-src 'self' blob:; 2 frame-ancestors 'self' *.sunrise.ch; frame-src https: mailto:; report-uri https://www.sunrise.ch/csp-collector 2 frame-ancestors *.toast.com *.dooray.com dooray.com 2 default-src 'self'; font-src data: https://apps.bazaarvoice.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.de https://app.usercentrics.eu https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.de https://tags.tiqcdn.com https://web.cmp.usercentrics.eu https://www.dm.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; worker-src 'self' blob:; connect-src 'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.de https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omacs.nonprod.services.dmtech.com https://omacs.services.dmtech.com https://omc.dm.de https://predictive-shopping-service.services.dmtech.com https://product-based-recos.services.dmtech.com https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm.de https://staedtetour.dm-fb2.de https://stars.services.dmtech.com https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://v1.api.service.cmp.usercentrics.eu https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cartnext.services.dmtech.com https://products.dm.de https://products.intern.dm.de https://shopping-list-prod.services.dmtech.com; media-src 'self'; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de https://composer.apps.nonprod.gcp.dmtech.cloud; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.de https://giftcard-checkout.dm.de/api/checkout https://signin.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://composer.apps.nonprod.gcp.dmtech.cloud https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://editorial-content.dm-static.com https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://products.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.de https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://kinderwunschsprechstunde.podigee.io https://player.podigee-cdn.net https://recaptcha.google.com/recaptcha/ https://sandbox.om.dm.de https://web.cmp.usercentrics.eu https://www.google.com/recaptcha/ https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 2 base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://cse.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://partner.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://www.google.com; frame-ancestors 'self'; form-action 'self' https: https://*.state.ak.us https://*.alaska.gov; img-src 'self' https://*.state.ak.us https://*.alaska.gov https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com 2 base-uri 'none'; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; object-src 'none'; 2 frame-ancestors 'self' https://*.erp.tu-dresden.de:* https://piwik.mz.tu-dresden.de https://matomo.tu-dresden.de 2 default-src 'self' https: 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.googleapis.com *.gstatic.com *.googleusercontent.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://recaptcha.net https://cdn.cookielaw.org blob:; object-src https:; style-src 'unsafe-inline' https:; img-src 'self' https: *.keepeek-dev.com *.keepeek.com https://cdn.cookielaw.org mediaassets.airbus.com data:; media-src 'self' https: *.keepeek-dev.com *.keepeek.com blob:; frame-src 'self' https: https://www.youtube.com/embed/ https://youtu.be https://www.google.com/maps/ *.keepeek-dev.com *.keepeek.com https://airbus2024eutfm.q4web.com; child-src blob: https://airbus2024eutfm.q4web.com; font-src https: data:; connect-src https: wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 frame-ancestors 'self' https://cms.bolt.eu https://cms.prelive.bolt.eu https://mm-web.bolt.eu https://mm-web.prelive.bolt.eu; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; base-uri 'self'; 2 default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 2 frame-src https://portal.exoscale.com/ https://push.getbeamer.com/ https://app.getbeamer.com/ https://changelog.exoscale.com/ 2 frame-ancestors 'self' https://store-qa2.enphase.com https://store.enphase.com/; report-uri https://enphase.com/report-uri/enforce 2 frame-ancestors 'self' rockwellautomation.com rockwellautomation.com.cn *.rockwellautomation.com *.rockwellautomation.com.cn *.rockwellautomation.adobecqms.net ra.pisrc.net rabot.pisrc.net localhost localhost:*; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https: wss:; media-src 'self' https: blob:; object-src 'none'; child-src https:; worker-src 'self' https:; frame-ancestors 'self' https:; form-action 'self' https:; base-uri 'self' 2 frame-ancestors 'none'; connect-src 'self' www.google-analytics.com https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://sockjs.pusher.com1 https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com api.userback.io logx.optimizely.com 287-ugb-469.mktoresp.com px.ads.linkedin.com events.rm-api.com stats.g.doubleclick.net ws.zoominfo.com play.vidyard.com https://lottie.host https://sockjs.pusher.com https://analytics.google.com *.google.com https://connect.facebook.net connect.facebook.net http://c.6sc.co/ https://ipv6.6sc.co/ https://eps.6sc.co/v3/company/details https://v.eps.6sc.co/v https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hscollectedforms.net https://api.hubapi.com https://epsilon.6sense.com/v3/company/details https://forms.hubspot.com https://cdn.jsdelivr.net https://ipmeta.io; object-src blend.localhost blendcom.localhost blendcom2.localhost blend.com blendcom2-blend.pantheonsite.io blend25-blend.pantheonsite.io; img-src 'self' blob: blendcom2-blend.pantheonsite.io blend25-blend.pantheonsite.io blend.com p.typekit.net www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com *.cloudfront.net https://sidebar.bugherd.com https://bugherd-attachments.s3.amazonaws.com *.google-analytics.com *.analytics.google.com px.ads.linkedin.com cdn.bizible.com px4.ads.linkedin.com *.google.com *.google.com.tr *.facebook.com *.hubspot.com t.co analytics.twitter.com cdn.bizibly.com videos.blend.com play.vidyard.com cdn.vidyard.com image.cnbcfm.com https://www.google.ba/ https://b.6sc.co/ https://forms-na1.hsforms.com https://forms.hsforms.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.bugherd.com devserver.blend.localhost devserver.blendcom2.localhost https://sidebar.bugherd.com *.google-analytics.com *.analytics.google.com static.userback.io/widget/v1.js cdn.optimizely.com *.googletagmanager.com static.ads-twitter.com connect.facebook.net snap.licdn.com munchkin.marketo.net ws.zoominfo.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com assets.rampmetrics.com cdn.bizible.com info.blend.com cdnjs.cloudflare.com play.vidyard.com https://unpkg.com/@lottiefiles/ https://unpkg.com/@dotlottie/ https://googleads.g.doubleclick.net https://j.6sc.co/j/d33c7c8c-8e24-425f-b6ab-1506d07b624b.js https://j.6sc.co/6si.min.js https://js.hs-scripts.com/ https://js.hsforms.net/ https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net/fb.js https://js.hs-banner.com https://js-na1.hs-scripts.com/ http://js.hsforms.net/forms/embed/v2.js https://ipmeta.io; style-src 'unsafe-inline' 'self' info.blend.com; font-src 'self' data: *.typekit.net at.alicdn.com; frame-src 'self' *.youtube.com https://sidebar.bugherd.com info.blend.com play.vidyard.com docs.google.com player.cnbc.com td.doubleclick.net www.googletagmanager.com https://forms.hsforms.com/; base-uri 'none' 2 frame-ancestors 'self'; img-src 'self' data: https:; 2 default-src 'none'; frame-ancestors https://*.sr.se http://localhost:* https://lookerstudio.google.com https://app.kilkaya.com; form-action 'self' https://www.sverigesradio.se; base-uri 'self'; connect-src 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se https://*.cdn.svt.se https://sr.reco.ebu.io https://*.google-analytics.com https://*.ingest.de.sentry.io https://cl-eu6.k5a.io https://statistics-event-api-fe.sr.se; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cl-eu6.k5a.io https://sr.neobox.ebu.io https://*.ebu.io/news-reco-sr.js https://analytics.codigo.se https://trafficgateway.research-int.se; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://sr.se https://*.sr.se https://www.googletagmanager.com https://trafficgateway.research-int.se https://i.scdn.co; font-src 'self' data:; manifest-src 'self'; worker-src 'self' blob:; media-src https://*.sverigesradio.se https://sverigesradio.se https://*.sr.se blob:; frame-src https://*.reco.ebu.io https://sr.neobox.ebu.io; 2 report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.fontawesome.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jaris.co *.jaris.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com api.preczn.com caas-sf.wildapricot.org https://*.forethought.ai live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ reserveddomainnames.wildapricot.org sf.wildapricot.org; img-src * data: blob:; media-src * blob:; font-src * https://*.aptrinsic.com data:; 2 media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2 block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' bugcrowd.com; 2 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://maps.googleapis.com https://googleads.g.doubleclick.net https://s.ytimg.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/ https://www.youtube.com https://youtube.com https://youtube.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport/allowlist 2 frame-ancestors 'self' https://fizy.com https://play.fizy.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: webpack-internal: webpack: blob: https://*.calltouch.ru https://*.calltouch.net wss://ws.calltouch.ru https://ab-ct.ru https://aw-demo.ru https://*.addevent.com https://addevent.com https://*.adriver.ru push4site.com https://ads.betweendigital.com https://adservice.google.com https://*.ad.smaato.net https://*.analytics.google.com https://analytics.google.com https://an.yandex.ru https://anycomment.io https://api.enkod.ru https://api-maps.yandex.ru https://api.tomi.ai https://*.bidswitch.net https://bitrix.info https://*.botfaqtor.ru https://*.bumlam.com https://calltouchru.push4site.com https://cdn.accutics.net https://cdn.anycomment.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-migrate-1.4.1.min.js https://connect.facebook.net https://const.uno *.digitaltarget.ru https://dm.hybrid.ai https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.hybrid.ai https://ib.adnxs.com https://*.integrations-hub.ru https://inv-nets.admixer.net https://leonardo.osnova.io https://linur.dj https://madte.st https://*.mail.ru https://manalyticshub.com https://match.new-programmatic.com/userbind https://mc.yandex.com https://mc.yandex.md https://mc.yandex.ru https://*.openx.net https://*.beeline.ru https://*.ops.beeline.ru https://pixel.onaudience.com https://push4site.com https://redirect.frontend.weborama.fr https://*.witstroom.com https://secure.gravatar.com https://ssp.bestssp.com https://static.terratraf.io https://smartcaptcha.yandexcloud.net https://sync.bumlam.com https://tags.soloway.ru https://td.doubleclick.net https://tech.rtb.mts.ru https://*.tildacdn.com https://track.onef.pro https://*.turbotargeting.io https://unpkg.com/swiper@7/ https://us.ck-ie.com https://vk.com https://widget.anycomment.io https://www.1c-bitrix.ru https://www.googleadservices.com https://www.google-analytics.com https://www.google.by https://www.google.bg https://www.google.co.id https://www.google.com https://www.google.com.cy https://www.google.de https://www.google.me https://www.google.nl https://www.googleoptimize.com https://www.google.pt https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://www.w3.org https://www.youtube-nocookie.com https://youtu.be https://x01.aidata.io https://yandex.ru https://yastatic.net https://*.youtube.com https://*.ytimg.com https://kinescope.io wss://mc.yandex.ru ; report-uri https://sentry.calltouch.ru/api/49/security/?sentry_key=051618c290784f49b8f0714d8f3295e5 2 img-src 'self' *.commercecloud.salesforce.com i1.adis.ws cdn.media.amplience.net washford.a.bigcontent.io cdn.media.halfords.com www.halfords.com api.ecpplatform.com cdn.cookielaw.org *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.linkedin.com *.facebook.com *.quantserve.com *.affec.tv *.google.com *.google.pt *.google.co.uk *.teads.tv bat.bing.net *.adnxs.com *.adsrvr.org bat.bing.com maps.gstatic.com fonts.gstatic.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.bloomreach.cloud https://tiles.woosmap.com https://a.tiles.woosmap.com https://b.tiles.woosmap.com *.googlesyndication.com www.google.ro www.googleadservices.com *.contentsquare.net *.contentsquare.com c.az.contentsquare.net l.contentsquare.net https://heapanalytics.com s.yimg.com sp.analytics.yahoo.com https://track.omguk.com track.omguk.com https://applepay.cdn-apple.com *.feefo.com *.brsrvr.com *.webtrends-optimize.com data:;script-src cdn.cookielaw.org js-agent.newrelic.com *.nr-data.net nonce *.webtrends-optimize.com *.webtrends-optimize.workers.dev *.googletagmanager.com *.google-analytics.com 'unsafe-inline' bat.bing.com *.licdn.com connect.facebook.net *.tiktok.com *.medallia.eu *.quantserve.com go.affec.tv *.adnxs.com *.doubleclick.net *.teads.tv www.ist-track.com 'self' 'unsafe-eval' rules.quantcount.com *.contentsquare.net *.contentsquare.com app.contentsquare.com t.contentsquare.net https://cdn.heapanalytics.com https://heapanalytics.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com https://sdk.woosmap.com blob: s.yimg.com https://track.omguk.com https://www.facebook.com test.oppwa.com eu-prod.oppwa.com *.force.com *.salesforce.com *.halfords.com *.salesforceliveagent.com https://applepay.cdn-apple.com *.feefo.com cdn.brcdn.com cdns.brsrvr.com pidataplatformhalfords.azure-api.net c.az.contentsquare.net https://runtime.commercecloud.com p11.techlab-cdn.com;script-src-attr 'unsafe-inline' p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' cdn.cookielaw.org cookie-cdn.cookiepro.com https://fonts.googleapis.com test.oppwa.com eu-prod.oppwa.com *.googleapis.com *.force.com *.salesforce.com *.halfords.com *.salesforceliveagent.com https://applepay.cdn-apple.com *.feefo.com *.webtrends-optimize.com https://heapanalytics.com;connect-src 'self' cdn.cookielaw.org halfords-privacy.my.onetrust.com bam.eu01.nr-data.net *.webtrends-optimize.com *.webtrends-optimize.workers.dev https://api.cquotient.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.analytics.google.com *.google-analytics.com/g/collect *.analytics.google.com/g/collect bat.bing.com bat.bing.net *.a.run.app *.google.com *.google.pt analytics.tiktok.com *.teads.tv *.googlesyndication.com pixel.quantcount.com px.ads.linkedin.com localhost:* *.googleapis.com *.gstatic.com https://api.woosmap.com *.dxpapi.com wto-halfords-productfeed.azurewebsites.net *.contentsquare.net *.contentsquare.com https://heapanalytics.com s.yimg.com https://api.edq.com https://track.omguk.com https://www.facebook.com https://pixel.quantserve.com pixel.quantserve.com google.com play.google.com *.force.com *.salesforce.com *.halfords.com *.salesforceliveagent.com https://applepay.cdn-apple.com *.feefo.com pidataplatformhalfords.azure-api.net *.azurewebsites.net https://runtime.commercecloud.com p11.techlab-cdn.com;frame-src *;child-src blob: 'self';worker-src https://test.oppwa.com https://eu-prod.oppwa.com 'self' blob:;form-action *;default-src 'self' p11.techlab-cdn.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self' https://runtime.commercecloud.com;object-src 'none';upgrade-insecure-requests 2 default-src 'self' *; font-src * data:;img-src * data:; frame-src * 'self' 'unsafe-inline' ;worker-src blob:; connect-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' ;frame-ancestors * 'self'; form-action * 'self'; 2 default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com marketing-forms-api.github.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com s88570519.t.eloqua.com/e/f2; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com octocaptcha.com play.vidyard.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com images.ctfassets.net/8aevphvgewt8/; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com videos.ctfassets.net/8aevphvgewt8/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com a.quora.com www.redditstatic.com *.doubleclick.net *.yoast.com yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com *.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net *.clarity.ms *.termly.io *.googlesyndication.com *.bing.com *.licdn.com *.posthog.com *.ads-twitter.com *.matomo.cloud; frame-src 'self' blob: *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me *.termly.io *.matomo.cloud https://*.googletagmanager.com; object-src 'self'; worker-src 'self' blob: https://wpml.org; connect-src 'self' *.wpml.org *.posthog.com https://ipinfo.io https://pagead2.googlesyndication.com https://conversions-config.reddit.com https://bat.bing.com https://bat.bing.net https://www.redditstatic.com https://*.doubleclick.net *.redditstatic.com *.reddit.com q.quora.com *.linkedin.com *.clarity.ms *.helpscout.net *.wistia.com *.termly.io d3hb14vkzrxvla.cloudfront.net *.nr-data.net *.facebook.com yoast.com *.yoast.com *.wpml.org wss://*.wpml.org https://*.wpml.org *.matomo.cloud https://google.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 2 default-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; media-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; prefetch-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; script-src https://www.phonepe.com https://www.googletagmanager.com https://phonepe.com https://website.phonepe.com https://www.gstatic.com https://www.google.com https://cdn.jotfor.ms https://form.jotform.me https://code.jquery.com https://www.google-analytics.com https://platform.twitter.com/ https://www.googleadservices.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://connect.facebook.net https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; style-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com https://cdn.jotfor.ms https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; img-src data: https://website.phonepe.com data: https://www.phonepe.com https://phonepe.com https://imgstatic.phonepe.com https://images.phonepe.com https://cdn.jotfor.ms www.googletagmanager.com 'self' https://www.google-analytics.com https://*.doubleclick.net https://adservice.google.com https://css.page-source.com https://www.google.com https://www.google.co.in https://www.facebook.com https://analytics.twitter.com https://t.co; font-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com https://cdn.jotfor.ms https://fonts.gstatic.com/ 'self'; connect-src https://www.google-analytics.com https://boards-api.greenhouse.io https://api.phonepe.com https://www.phonepe.com https://phon.pe https://phonepe.com https://website.phonepe.com https://insights-api.phonepe.com https://sentry.phonepe.com https://page-source.com https://css.page-source.com https://logo.page-source.com https://cdn.page-source.com https://hcaptcha.com https://*.hcaptcha.com 'self'; frame-src https://www.greenhouse.io https://script.google.com/a/macros/phonepe.com/ https://boards.greenhouse.io https://boards-api.greenhouse.io https://form.jotform.me https://docs.google.com https://qr.phonepe.com https://www.google.com https://phonepe.helpshift.com https://phonepe.freshdesk.com https://hcaptcha.com https://*.hcaptcha.com *.phonepe.com https://www.sisainfosec.com https://website.phonepe.com https://www.youtube.com https://platform.twitter.com/ https://*.doubleclick.net https://bugbase.ai; frame-ancestors https://mercury.phonepe.com https://mercury-t1.phonepe.com https://mercury-t2.phonepe.com https://bugbase.ai; base-uri 'self'; object-src 'none'; report-uri https://csp.phonepe.com/log 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.liveabout.com; upgrade-insecure-requests; 2 default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.youtube.com snap.licdn.com static.hotjar.com plugin.handtalk.me unpkg.com *.hubspot.net cdnjs.cloudflare.com www.gstatic.com script.hotjar.com www.google.com try.abtasty.com static.hotjar.com code.jquery.com googleads.g.doubleclick.net www.google-analytics.com www.clarity.ms ajax.googleapis.com cdn.cookielaw.org connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com plugin.handtalk.me px.ads.linkedin.com snap.licdn.com *.hsappstatic.net unpkg.com *.hubspot.com *.hubspotusercontent-na1.net cdn.jsdelivr.net *.cloudfront.net *.bing.com *.albacross.com *.privacytools.com.br *.linkedin.com *.googletagmanager.com www.gupy.io *.gupy.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net *.hubspot.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.cookielaw.org *.hubspotusercontent-na1.net *.hubspotusercontent40.net fonts.googleapis.com *.gupy.io *.hubspot.com cdn-uicons.flaticon.com *.privacytools.com.br www.gupy.io; img-src 'self' blob: 3299491.fs1.hubspotusercontent-na1.net perf-na1.hsforms.com track.hubspot.com www.gupy.io data: *; font-src 'self' fonts.gstatic.com *.hubspotusercontent-na1.net *.hubspotusercontent40.net www.gupy.io; connect-src 'self' blob: 'self' fs1.hubspotusercontent-na1.net cdn.cookielaw.org *.gupy.io data: gap: *; media-src *.hubspotusercontent-na1.net *.hubspot.com *.gupy.io www.gupy.io; frame-src gupy.com.br gupy.io www.youtube.com app.hubspot.com td.doubleclick.net www.facebook.com forms.hsforms.com; frame-ancestors 'self' gupy.com.br gupy.io *.uc.r.appspot.com googletagmanager.com; 2 frame-ancestors 'self' *.wsgc.com carectruiprd.wsgc.com oms.wsgc.com carectruiprd-dr.wsgc.com oms-dr.wsgc.com trn1-wcc.wsgc.com trn1-sterling.wsgc.com trn1-ccui.wsgc.com 2 upgrade-insecure-requests; frame-ancestors https://www.reutersconnect.com 2 frame-ancestors 'self' https://m.superonline.net; 2 frame-ancestors 'self' www.liligo.fr; 2 default-src 'self'; script-src 'self' 'unsafe-inline' www.gstatic.com www.google.com stats.epic.com; child-src embed-ssl.ted.com embed.ted.com e.issuu.com secure.quantserve.com sentry.issuu.com pingback.issuu.com www.youtube.com player.vimeo.com www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' www.google.com stats.epic.com; img-src 'self' data: stats.epic.com i.ytimg.com media.epic.com media.epic.com epicshare.blob.core.windows.net media.epic.com; 2 frame-ancestors view.publitas.com www.publitas.com app.spott.ai 2 frame-ancestors *.txstate.edu *.txst.edu *.tsus.edu *.tjctc.org; 2 frame-ancestors 'self' cdn.adkaora.space 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ajax.aspnetcdn.com https://consent.cookiebot.com https://visualisation.polimapper.co.uk https://consentcdn.cookiebot.com https://www.youtube.com https://app.five9.eu https://*.cloudfront.net https://connect.facebook.net https://sc-static.net https://*.redditstatic.com https://static.ads-twitter.com https://js.adsrvr.org https://*.snapchat.com https://settings.luckyorange.net https://*.luckyorange.net https://cdn.luckyorange.com;object-src 'none';style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;img-src 'self' data: https://www.googletagmanager.com https://*.googlesyndication.com https://img.youtube.com https://imgsct.cookiebot.com https://2673654.fls.doubleclick.net https://*.twitter.com https://t.co https://*.doubleclick.net https://*.reddit.net https://*.reddit.com https://adservice.google.com;frame-src 'self' https://*.snapchat.com https://insight.adsrvr.org https://www.youtube.com https://consentcdn.cookiebot.com https://2673654.fls.doubleclick.net https://ad.doubleclick.net https://visualisation.polimapper.co.uk https://td.doubleclick.net https://img.youtube.com https://app.five9.eu https://match.adsrvr.org https://app.sli.do https://auth.slido.com https://app.powerbi.com;font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://maxcdn.bootstrapcdn.com;connect-src 'self' https://*.snapchat.com https://settings.luckyorange.net https://*.luckyorange.net https://cdn.luckyorange.com https://upload.luckyorange.net wss://*.luckyorange.net https://*.reddit.com https://*.redditstatic.com https://*.googleapis.com https://*.google-analytics.com https://ad.doubleclick.net https://*.doubleclick.net https://insight.adsrvr.org https://match.adsrvr.org https://consentcdn.cookiebot.com 2 default-src 'self' *.amazonaws.com *.getunleash.io *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.liadm.com *.list-manage.com *.plausible.io *.youtube.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.analytics.google.com *.calendly.com *.clarity.ms *.clearbitjs.com *.clearbitscripts.com *.getunleash.io *.google-analytics.com *.google.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.net *.hubspot.com *.liadm.com *.lfeeder.com *.youtube.com cdn-cookieyes.com d3pkntwtp2ukl5.cloudfront.net googleads.g.doubleclick.net ipapi.co js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net optimize.google.com plausible.io snap.licdn.com static.ads-twitter.com static.hsappstatic.net static.reo.dev tracker.ub-analytics.com tracking-api.g2.com unpkg.com vercel.live; style-src 'report-sample' 'self' 'unsafe-inline' *.calendly.com *.getunleash.io *.googletagmanager.com *.hubspot.com fonts.googleapis.com optimize.google.com vercel.live; object-src 'none'; base-uri 'self'; connect-src 'self' *.algolia.net *.algolianet.com *.amazonaws.com *.analytics.google.com *.clarity.ms *.clearbit.com *.cookieyes.com *.getunleash.io *.github.com *.google-analytics.com *.googleadservices.com *.google.com *.google.pl *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.hscollectedforms.net *.hsforms.com *.hubspot.com *.liadm.com *.linkedin.com *.oribi.io *.pusher.com *.unleash-hosted.com *.usbrowserspeed.com alocdn.com api.hubapi.com api.reo.dev cdn-cookieyes.com calendly.com forms.hubspot.com google.com googleads.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com ipapi.co js.hs-banner.com plausible.io pro.ip-api.com stats.g.doubleclick.net tracking-api.g2.com wss://*.hotjar.com; font-src 'self' data: *.hubspot.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; frame-src *.doubleclick.net *.google.com *.googletagmanager.com *.hotjar.com *.hsforms.com *.hsforms.net *.hubspot.com *.youtube.com app.hubspot.com calendly.com meetings.hubspot.com optimize.google.com vercel.live; frame-ancestors 'self' *.google.com *.hubspot.com; img-src 'self' data: *.analytics.google.com *.bing.com *.calendly.com *.clarity.ms *.doubleclick.net *.getunleash.io *.githubusercontent.com *.google-analytics.com *.google.com *.google.de *.google.no *.google.pl *.googletagmanager.com *.hotjar.com *.hsforms.com *.hsforms.net *.hubspot.com *.lfeeder.com *.linkedin.com *.youtube.com *.ytimg.com analytics.twitter.com cdn-cookieyes.com optimize.google.com t.co track.hubspot.com; worker-src 'none' 2 frame-src https://*.farnell.com https://*.element14.com https://*.newark.com 2 frame-ancestors 'self' https://lex.admin.lbr.cloud 2 frame-ancestors 'self' btprt.dj snip.ly 2 frame-ancestors 'none'; base-uri 'self'; default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.6sc.co/ https://px.ads.linkedin.com/ https://*.superops.ai https://ddwl4m2hdecbv.cloudfront.net/b/4N210H5MK46Z/4N210H5MK46Z.js.gz https://cdn.popt.in/ https://px.ads.linkedin.com/ https://r2.leadsy.ai/ https://scripts.clarity.ms/ https://static.ads-twitter.com/ https://static.elfsight.com https://*.licdn.com https://www.youtube.com/ https://*.elfsight.com https://*.liadm.com/ https://hcaptcha.com https://*.captiwate.com https://cdn.vector.co https://*.optimonk.com/ https://*.hcaptcha.com https://*.salesloft.com/ https://cdn.dreamdata.cloud/ https://s3-us-west-2.amazonaws.com/ https://bat.bing.com/ https://*.partnerstack.com/ https://*.getwarmly.com/ https://*.vwo.com https://*.visualwebsiteoptimizer.com https://js.zi-scripts.com/zi-tag.js https://*.smartlook.com https://*.smartlook.cloud https://web-sdk.smartlook.com https://static.zohocdn.com https://cdn-in.pagesense.io/ https://unpkg.com/ *.mouseflow.com https://load.sumo.com https://tracking.g2crowd.com https://app.revenuehero.io/ https://js.hsforms.net/forms/v2.js https://revenuehero.io/ http://fast.wistia.com/ https://fast.wistia.net/ https://cdn.cookielaw.org/ https://www.clarity.ms https://cdn.mouseflow.com https://cookiehub.net https://dash.cookiehub.com https://app.factors.ai/ https://js.na.chilipiper.com/ https://widgets.openli.com/ https://secure.copy9loom.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://optimize.google.com https://static.hsappstatic.net https://meetings.hubspot.com https://cdn.jsdelivr.net https://lambdaapi.superopsbeta.com/ https://lambdaapi.superopsalpha.com/ https://lambdaapi.superops.ai/ https://widget.intercom.io https://js.hs-banner.com https://www.google.com/ https://js.hscollectedforms.net/ https://js.hsadspixel.net/ https://fast.wistia.com/ https://fast.wistia.com/ https://js.hs-analytics.net/ https://js.intercomcdn.com/ https://script.crazyegg.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ http://script.crazyegg.com/ http://www.googletagmanager.com https://www.google-analytics.com http://www.googleadservices.com https://www.redditstatic.com/ http://js.hs-scripts.com/ https://js.intercomcdn.com/ https://www.google.com https://www.gstatic.com https://js.hsforms.net https://forms.hsforms.com https://connect.facebook.net *.crazyegg.com; style-src 'self' 'unsafe-inline' https://*.vwo.com https://api.fontshare.com https://db.onlinewebfonts.com https://*.optimonk.com/ https://cookiehub.net https://dash.cookiehub.com https://optimize.google.com https://js.na.chilipiper.com/ https://fonts.googleapis.com/; object-src 'none'; form-action 'self' data: https://lambdaapi.superops.ai https://superops-intercom-search.netlify.app https://superopsalpha-html-page.netlify.app https://lambdaapi.superopsalpha.com https://canny.io https://intercom.help https://forms.hsforms.com https://forms.hsforms.com https://intercom.help/; font-src 'self' data: https://cdn.fontshare.com https://fonts.intercomcdn.com/ https://db.onlinewebfonts.com https://cdn.fontshare.com https://fonts.gstatic.com https://js.intercomcdn.com/ https://*.captiwate.com; connect-src 'self' data: https://api-us-west-2.hygraph.com/ https://*.superops.ai https://api.bettermode.com/ https://ws.zoominfo.com/ https://*.wistia.com/ https://ipv6.6sc.co/ https://img.youtube.com https://tracking-api.g2.com https://*.superopsalpha.com/ https://*.superops.com/ https://epsilon.6sense.com/ https://capig.datah04.com https://px.ads.linkedin.com/ https://www.facebook.com/ https://www.google.com/ https://static.elfsight.com https://fast.wistia.net/ https://*.elfsight.com https://shared-us-west-2-assets-delivery-1b85646.s3.us-west-2.amazonaws.com/ https://*.salesloft.com/ wss://ws.captiwate.com wss://ws.captiwate.com https://*.captiwate.com https://us-west-2.graphassets.com/ https://us-west-2.cdn.hygraph.com/ https://us-west-2.graphassets.com https://*.optimonk.com/ https://*.superops.com/ https://*.vector.co wss://ws.hotjar.com/ https://*.hotjar.io/ https://tracking.g2crowd.com/ https://cdn.dreamdata.cloud/ https://*.ip-api.com/ https://partnerlinks.io/ https://api.ipregistry.co/ https://grsm.io/ https://*.reddit.com/ https://www.redditstatic.com/ https://www.google.co.in/ https://bat.bing.com/ https://*.getwarmly.com/ https://usserv.superopsalpha.com https://euserv.superopsalpha.com https://*.superalpha.com https://*.vwo.com https://*.visualwebsiteoptimizer.com https://usserv.superops.ai https://euserv.superops.ai https://*.superops.ai https://js.zi-scripts.com/ https://*.smartlook.com https://*.smartlook.cloud https://pagesense-collect.zoho.in https://unpkg.com/ *.revenuehero.io http://fast.wistia.com/ https://uploads.intercomcdn.com https://o2.mouseflow.com https://api.revenuehero.io https://revenuehero.io/ https://media.graphassets.com https://geolocation.onetrust.com/ https://cookies-data.onetrust.io/ *.google-analytics.com *.analytics.google.com https://cdn.cookielaw.org/ *.clarity.ms https://canny.io https://*.algolianet.com https://*.algolia.net https://api-us-west-2.graphcms.com https://consent.cookiehub.net https://app.openli.com https://tracking.chilipiper.com/ https://api.chilipiper.com/ https://api.na.chilipiper.com/ https://widgets.openli.com https://api.factors.ai https://in.hotjar.com https://embedwistia-a.akamaihd.net/ https://ws10.hotjar.com/ https://www.google-analytics.com https://optimize.google.com https://tracking.crazyegg.com/ https://lambdaapi.superopsbeta.com/ https://lambdaapi.superopsalpha.com/ https://lambdaapi.superops.ai/ https://api-msp.superops.ai https://serv.superopsbeta.com https://serv.superopsalpha.com https://api.hsforms.com https://api.hubapi.com/ https://script.crazyegg.com/ https://stats.g.doubleclick.net/ https://forms.hubspot.com/ https://embed-fastly.wistia.com/ https://api.ipstack.com/ https://distillery.wistia.com/ http://pipedream.wistia.com/ https://fg8vvsvnieiv3ej16jby.litix.io https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://hubspot-forms-static-embed.s3.amazonaws.com https://analytics.google.com https://forms.hsforms.com *.crazyegg.com; img-src 'self' blob: data: https://api-us-west-2.hygraph.com/ https://*.superops.ai https://px.ads.linkedin.com/ https://*.superopsalpha.com/ https://*.superops.com/ https://*.superops.ai/ https://img.youtube.com https://*.ytimg.com https://analytics.twitter.com https://t.co https://*.elfsight.com/ https://files.elfsightcdn.com/ https://*.6sc.co/ https://bat.bing.com/ https://*.captiwate.com https://us-west-2.graphassets.com/ https://us-west-2.graphassets.com https://*.optimonk.com/ https://*.visualwebsiteoptimizer.com https://embed-ssl.wistia.com/ https://revenuehero.io/ https://optanon.blob.core.windows.net/ *.google-analytics.com *.analytics.google.com https://cdn.cookielaw.org/ https://assets.superopsbeta.com https://media.graphassets.com *.clarity.ms https://media.graphcms.com https://js.na.chilipiper.com/ https://embedwistia-a.akamaihd.net/ https://www.googletagmanager.com https://www.gstatic.com https://www.google.com/ https://www.google.co.in/ https://static.intercomassets.com https://alb.reddit.com https://www.google-analytics.com/ https://forms.hsforms.com/ https://track.hubspot.com/ https://embed-fastly.wistia.com/ https://fast.wistia.com/ https://www.facebook.com https://downloads.intercomcdn.com/ https://js.intercomcdn.com/ https://ct.capterra.com *.crazyegg.com; frame-src 'self' *.schedulehero.io https://static.elfsight.com https://*.superops.ai https://newassets.hcaptcha.com/ https://www.googletagmanager.com/ https://*.elfsight.com https://*.captiwate.com https://online.fliphtml5.com https://superops.storylane.io/ https://*.optimonk.com/ https://rive.app https://superops.trainn.co https://*.vwo.com https://td.doubleclick.net https://revenuehero.io/ https://api.revenuehero.io/ *clarity.ms https://giphy.com https://superops.na.chilipiper.com/ https://vars.hotjar.com https://fonts.gstatic.com https://splineanim.netlify.app/ https://optimize.google.com https://meetings.hubspot.com https://www.google.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://share.transistor.fm/ https://forms.hsforms.com https://intercom.help/ https://intercom-sheets.com/; manifest-src 'self' data: https://assets.superopsbeta.com https://us-west-2.graphassets.com/ https://us-west-2.graphassets.com https://media.graphassets.com https://media.graphcms.com/; media-src 'self' blob: data: https://api-us-west-2.hygraph.com/ https://media.graphassets.com https://widget.captiwate.com/ https://widget.captiwate.com/ https://us-west-2.graphassets.com/ https://us-west-2.graphassets.com https://media.graphcms.com https://embed-fastly.wistia.com/ https://js.intercomcdn.com/; report-uri https://60d28bd9a22e18d4f42faf2b.endpoint.csper.io/; worker-src 'self' blob:;; prefetch-src 'self'; 2 default-src *.nic.ch *.nic.li *.switch.ch; style-src 'unsafe-inline' *.nic.ch *.nic.li *.switch.ch; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nic.ch *.nic.li *.switch.ch; img-src data: *.nic.ch *.nic.li *.switch.ch; object-src 'none'; form-action 'self' *.nic.ch *.nic.li *.switch.ch *.eduid.ch export.highcharts.com; font-src data: *.nic.ch *.nic.li *.switch.ch; frame-ancestors *.nic.ch *.nic.li *.switch.ch; frame-src * 2 frame-ancestors localhost:* 2 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.youtube.com https://www.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com *.fontawesome.com use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.cloudfront.net *.ngpvan.com *.everyaction.com *.research.net *.tickcounter.com *.smassets.net *.rdmobile.com *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net https://code.jquery.com *.photoshelter.com *.jquery.com blob: cdnjs.cloudflare.com fe.sitedataprocessing.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com www.googletagmanager.com use.fontawesome.com *.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.photoshelter.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com *.twimg.com data: blob: novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.google-analytics.com https://www.googletagmanager.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com twitter.com *.twitter.com use.fontawesome.com *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co *.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.everyaction.com *.tickcounter.com *.rdmobile.com *.vimeo.com picsum.photos *.picsum.photos s3.amazonaws.com voicesofaps.gv-one.com *.photoshelter.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com use.typekit.net *.crazyegg.com *.hotjar.com *.everyaction.com *.tickcounter.com *.rdmobile.com; frame-src 'self' *.facebook.com novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net *.photoshelter.com *.googletagmanager.com web-chat.nativechat.com; connect-src *.google-analytics.com *.informz.net polo.feathr.co *.crazyegg.com *.doubleclick.net *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.fontawesome.com *.photoshelter.com *.googletagmanager.com fe.sitedataprocessing.com 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: www.youtube.com fast.wistia.net *.vimeo.com voicesofaps.gv-one.com *.photoshelter.com; child-src 'self' blob: web-chat.nativechat.com 2 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'self' *.usask.ca https: data: blob:; media-src 'self' *.usask.ca https: blob:; font-src 'self' *.usask.ca https: data:; worker-src 'self' *.usask.ca https: blob:; frame-ancestors self *.usask.ca; 2 style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com https://*.moin.ai; object-src 'self'; script-src 'self' https://app.guestoo.de https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud https://*.moin.ai 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud https://*.moin.ai; frame-src 'self' https://app.guestoo.de https://my.visme.co 2 default-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.barclays.co.uk https://*.uk.barclays; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tags.tiqcdn.com https://collect.tealiumiq.com https://gateway.answerscloud.com https://s.go-mpulse.net https://www.media.barclays.co.uk https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://api.travelex.net https://resources.barclays.co.uk https://barclaysbankplc.tt.omtrdc.net https://barclaysbankplc.demdex.net https://cm.everesttech.net https://dpm.demdex.net https://*.siteintercept.qualtrics.com https://btttag.com https://*.btttag.com https://cdn.decibelinsight.net https://collection.decibelinsight.net https://widget.decibelinsight.net https://portal.decibel.com https://v6-eu.api.decibel.com https://api.decibel.com https://d063-248-eu-frankfurt-1.api.decibel.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://snap.licdn.com https://analytics.tiktok.com https://connect.facebook.net https://www.recaptcha.net https://rum.hlx.page https://cdn-ukwest.onetrust.com blob:; style-src 'self' 'unsafe-inline' https://www.media.barclays.co.uk https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://cdn-ukwest.onetrust.com; object-src 'self'; worker-src 'self' blob:; child-src https://demo.barclays.co.uk https://edigitalsurvey.com https://www.google.com https://www.media.barclays.co.uk https://barclaysbankplc.demdex.net https://cm.everesttech.net https://dpm.demdex.net https://*.siteintercept.qualtrics.com https://www.recaptcha.net blob:; frame-src 'self' https://demo.barclays.co.uk https://5452834.fls.doubleclick.net https://3460779.fls.doubleclick.net https://edigitalsurvey.com https://www.google.com https://www.media.barclays.co.uk https://barclaysbankplc.demdex.net https://cm.everesttech.net https://dpm.demdex.net https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://td.doubleclick.net https://www.recaptcha.net; img-src 'self' data: https://demo.barclays.co.uk https://px4.ads.linkedin.com https://analytics.tiktok.com https://3460779.fls.doubleclick.net https://collect.tealiumiq.com https://cdnjs.cloudflare.com https://adservice.google.co.uk https://ad.doubleclick.net https://adservice.google.com https://googleads.g.doubleclick.net https://googleads4.g.doubleclick.net https://smetrics.barclays.co.uk https://www.facebook.com https://www.google.co.uk https://www.google.com https://maps.googleapis.com https://maps.google.com https://www.google.fr https://adservice.google.fr https://www.google.de https://www.google.es https://adservice.google.es https://www.google.nl https://www.google.se https://www.google.co.id https://www.google.co.il https://www.google.be https://www.google.sk https://www.google.co.nz https://www.google.co.za https://www.google.com.sg https://www.google.pt https://www.google.ca https://www.google.cz https://www.google.com.cy https://www.google.com.au https://adservice.google.com.au https://www.google.mk https://www.google.je https://adservice.google.je https://www.google.co.ug https://www.google.com.hk https://www.google.ro https://www.google.bg https://www.google.im https://www.google.co.ao https://www.google.ie https://adservice.google.ie https://www.google.com.ng https://www.google.it https://adservice.google.it https://www.google.lt https://www.google.ae https://www.google.gr https://www.google.com.mx https://www.google.hu https://www.google.ch https://www.google.ru https://www.google.com.eg https://www.google.com.pk https://www.google.com.bh https://www.google.pl https://adservice.google.pl https://www.google.co.in https://www.gstatic.com https://www.google-analytics.com https://www.google.lu https://www.google.co.jp https://www.google.com.tr https://adservice.google.co.il https://adservice.google.co.zw https://adservice.google.com.sa https://adservice.google.ae https://adservice.google.pt https://www.google.com.my https://adservice.google.nl https://www.google.gg https://adservice.google.be https://adservice.google.cz https://www.google.co.th https://adservice.google.de https://www.google.com.gh https://www.google.com.sa https://www.google.ge https://www.google.com.br https://www.google.com.tw https://www.google.dk https://www.google.com.ph https://adservice.google.co.za https://www.google.lv https://adservice.google.gg https://adservice.google.ca https://www.google.at https://www.google.rs https://www.google.com.mt https://adservice.google.com.hk https://www.google.no https://www.google.com.qa https://www.google.co.ke https://www.barclays.co.uk https://adservice.google.gr https://www.google.fi https://adservice.google.co.jp https://adservice.google.co.in https://www.google.com.vc https://www.google.lk https://adservice.google.ch https://www.google.com.ua https://www.google.az https://www.google.by https://www.google.com.kw https://adservice.google.com.sg https://adservice.google.im https://adservice.google.no https://www.google.co.zw https://www.google.mu https://www.google.com.vn https://adservice.google.com.br https://adservice.google.lv https://adservice.google.com.kw https://adservice.google.com.tr https://www.google.co.kr https://adservice.google.az https://adservice.google.hu https://adservice.google.co.th https://www.google.cm https://www.google.mw https://www.google.com.ar https://www.google.co.ma https://www.google.com.gi https://www.google.co.tz https://www.google.com.om https://www.google.com.af https://adservice.google.lt https://adservice.google.co.nz https://www.google.tt https://www.google.ms https://adservice.google.ro https://www.google.dz https://adservice.google.com.my https://www.google.com.pe https://www.google.com.jm https://www.google.com.sl https://adservice.google.com.cy https://adservice.google.se https://www.google.com.ec https://www.google.hr https://www.google.al https://adservice.google.ru https://www.google.co.mz https://adservice.google.com.ng https://www.google.com.et https://www.google.com.bn https://www.google.sh https://www.google.com.pa https://www.google.ci https://www.google.cl https://adservice.google.bg https://www.google.co.ve https://www.google.bs https://www.google.com.ag https://www.google.hn https://adservice.google.hn https://www.google.iq https://www.google.so https://www.google.com.np https://maps.gstatic.com https://www.media.barclays.co.uk https://5452834.fls.doubleclick.net https://dev.day.com https://pixel.quantserve.com https://bclays-ads.aimatch.com https://barclaysbankplc.demdex.net https://cm.everesttech.net https://dpm.demdex.net https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://pagead2.googlesyndication.com https://ade.googlesyndication.com https://px.ads.linkedin.com https://connect.facebook.net https://www.recaptcha.net https://sasaimatch.uk.barclays https://cdn-ukwest.onetrust.com; connect-src 'self' https://formsdss-v3.uk.barclays https://bclays-ads.aimatch.com https://search.barclays.co.uk https://collect.tealiumiq.com https://*.akamaihd.net https://*.akstat.io https://c.go-mpulse.net https://www.media.barclays.co.uk https://device.4seeresults.com https://dpm.demdex.net https://barclaysbankplc.tt.omtrdc.net https://smetrics.barclays.co.uk https://*.siteintercept.qualtrics.com https://maps.googleapis.com https://btttag.com https://*.btttag.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://widget.decibelinsight.net https://portal.decibel.com https://v6-eu.api.decibel.com https://api.decibel.com https://d063-248-eu-frankfurt-1.api.decibel.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://px.ads.linkedin.com https://analytics.tiktok.com https://px4.ads.linkedin.com https://www.recaptcha.net https://sasaimatch.uk.barclays https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://barclays-bx-privacy.my.onetrust.com; font-src 'self' data: https://fonts.gstatic.com https://www.media.barclays.co.uk; manifest-src 'self'; media-src 'self' https://demo.barclays.co.uk https://www.media.barclays.co.uk; 2 frame-src 'self' bat.bing.com *.blackbaudhosting.com *.blackbaud.com blackbaud.com *.doubleclick.net embed.tawk.to www.facebook.com connect.facebook.net *.hotjar.com cdn.jsdelivr.net *.kaltura.com snap.licdn.com www.podbean.com sc-static.net *.snapchat.com www.youtube-nocookie.com www.youtube.com discoveruni.gov.uk widget.discoveruni.gov.uk *.google.com libraryhelp.shef.ac.uk theaccessplatform.com tappage.theaccessplatform.com www.googletagmanager.com www.findaphd.com player.vimeo.com app.geckoform.com roundme.com *.wondavr.com wvr.li api3-eu.libcal.com *.shef.ac.uk my.matterport.com universityofsheffield.my.site.com universityofsheffield.my.salesforce-scrt.com sky.blackbaudcdn.net https://www.sheffield.ac.uk app.cloudpano.com; object-src 'self' discoveruni.gov.uk; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.blackbaud.com *.onetrust.com *.bing.com *.blackbaudhosting.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.kaltura.com *.shef.ac.uk *.sheffield.ac.uk *.snapchat.com *.theaccessplatform.com theaccessplatform.com *.twitter.com ajax.googleapis.com analytics.tiktok.com app.geckoform.com bat.bing.com blackbaud.com connect.facebook.net discoveruni.gov.uk embed.geckochat.io embed.tawk.to libraryhelp.shef.ac.uk player.vimeo.com sc-static.net snap.licdn.com static.ads-twitter.com static.cloudflareinsights.com widget.discoveruni.gov.uk www.facebook.com www.findaphd.com www.google.co.uk *.google.com google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.podbean.com www.youtube-nocookie.com www.youtube.com *.newrelic.com *.ttl.ai universityofsheffield.my.site.com sheffield.libcal.com sky.blackbaudcdn.net https://api.mapbox.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.sheffield.ac.uk *.theaccessplatform.com bbox.blackbaudhosting.com payments.blackbaud.com embed.geckochat.io fonts.geckoform.com fonts.googleapis.com www.findaphd.com www.googletagmanager.com www.gstatic.com *.ttl.ai universityofsheffield.my.site.com universityofsheffield.my.salesforce-scrt.com sky.blackbaudcdn.net https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' search.sheffield.ac.uk; frame-ancestors 'self' universityofsheffield.my.site.com 2 default-src 'self'; connect-src 'self' https://mautic.texthelp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ blob: https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://babm.texthelp.com https://*.prismic.io https://*.cdn.prismic.io https://api.ipdata.co https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://prismic-io.s3.amazonaws.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com/ https://analytics.twitter.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://my.jst.ai/ https://aly.jst.ai/ https://to.go.saleswingsapp.com/ https://tr.snapchat.com https://tr6.snapchat.com/p https://texthelp.tfaforms.net https://analytics.formassembly.com; script-src 'self' https://mautic.texthelp.com https://mautic-staging.texthelp.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://wikisum.texthelp.com https://apis.google.com https://widget.intercom.io https://js.intercomcdn.com https://app.intercom.io https://analytics.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.buzzsprout.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/ https://bat.bing.com/ https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://tr.snapchat.com/config/ https://sc-static.net https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.umd.js https://cdn.jst.ai/ https://my.jst.ai/ https://aly.jst.ai/ https://texthelp.tfaforms.net https://s.saleswingsapp.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com 'unsafe-inline' https://www.browsealoud.com https://plus.browsealoud.com https://optimize.google.com https://cdn.jsdelivr.net/npm/@fancyapps/ui@5.0/dist/fancybox/fancybox.css https://cdn.jst.ai/ https://texthelp.tfaforms.net https://www.tfaforms.com; img-src 'self' https://webworx.texthelp.com/assets/img/ data: https://images.prismic.io/texthelp-website-proof https://*.prismic.io https://mautic.texthelp.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ https://www.google.co.uk/ads/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://www.browsealoud.com https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://plus.browsealoud.com https://upload.wikimedia.org https://prismic-io.s3.amazonaws.com https://i.ytimg.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://optimize.google.com https://script.hotjar.com https://analytics.twitter.com https://t.co/1/i/ https://bat.bing.com/action/ https://bat.bing.com/actionp/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://px.ads.linkedin.com https://tr.snapchat.com/ https://graphics.jst.ai/ ; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; media-src 'self' blob: https://*.speechstream.net https://js.intercomcdn.com https://*.prismic.io https://js.driftt.com/; font-src 'self' https://webworx.texthelp.com/ https://*.typekit.net https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com https://js.intercomcdn.com https://fonts.gstatic.com https://script.hotjar.com; object-src 'none'; form-action 'self' https://intercom.help https://api-iam.intercom.io https://mautic.texthelp.com https://mautic-staging.texthelp.com https://www.facebook.com https://*.speechstream.net https://texthelp.tfaforms.net https://event.on24.com https://www.n2y.com/ https://www.everway.com; frame-src https://www.googletagmanager.com https://td.doubleclick.net https://www.youtube.com https://mautic-staging.texthelp.com https://mautic.texthelp.com https://docs.google.com https://www.buzzsprout.com https://content.googleapis.com/ https://optimize.google.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://form.typeform.com/ https://www.facebook.com/ https://js.driftt.com https://widget.drift.com https://tr.snapchat.com/ https://lookerstudio.google.com/ https://calendar.google.com/ https://cdn.jst.ai/; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests 2 default-src https: data:; script-src https: *.amplitude.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src *; 2 default-src 'self'; connect-src 'self' *.hamburg.de *.contentflow.net www.etracker.de *.dataport.de sgx.geodatenzentrum.de sg.geodatenzentrum.de www.captcha.eu *.stage.bio hamburg.netzwerk-iq.de; script-src 'self' blob: *.stage.bio app.cituro.com www.youtube.com *.hamburg.de www.happymo.re hamburgde.happymo.re eyeable.hamburg.de www.eye-able-cdn.com code.etracker.com www.etracker.de *.contentflow.net iason.hamburg.de *.dataport.de www.captcha.eu hamburg.netzwerk-iq.de 'unsafe-inline'; style-src 'self' *.hamburg.de code.etracker.com www.etracker.de www.happymo.re hamburgde.happymo.re eyeable.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de app.cituro.com hamburg.netzwerk-iq.de 'unsafe-inline'; img-src 'self' code.etracker.com www.etracker.de www.happymo.re hamburgde.happymo.re eyeable.hamburg.de static.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de *.stage.bio hamburg.netzwerk-iq.de www.captcha.eu geodienste.hamburg.de data:; font-src 'self' code.etracker.com www.etracker.de eyeable.hamburg.de www.eye-able-cdn.com *.contentflow.net iason.hamburg.de cdn.cituro.com; frame-src *; frame-ancestors hamburg.de *.hamburg.de; media-src 'self' blob: contentflow: *.stage.bio 2 frame-ancestors *.reviews.co.uk *.reviews.io 2 object-src 'none';frame-ancestors https://*.neogov.com https://*.neogov.net https://*.neoed.com https://*.neogov.ca https://*.neoed.net https://*.powerdms.com https://*.agency360.com https://*.schooljobs.com https://*.governmentjobs.com 2 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' 'unsafe-inline' blob: data: *.contentful.com *.ctfassets.net web.ccpgamescdn.com; base-uri 'self'; object-src 'self' ctfassets.net https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.amazon-adsystem.com *.clarity.ms *.google.com *.googlesyndication.com *.linksynergy.com *.redditstatic.com *.twitch.tv *.twitter.com *.yahoo.co.jp *.zdassets.com *.zendesk.com analytics.tiktok.com b92.yahoo.co.jp ccpcommunity.zendesk.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com ethn.io google.com google.co.jp google.co.uk google.co.za google.de graphql.contentful.com hello.myfonts.net https://bat.bing.com https://cdn.taboola.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/cBaCB1PHCwXVd4yY/delighted.js https://googleads.g.doubleclick.net https://player.idomoo.com https://s.yimg.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://tagmanager.google.com https://widget-mediator.zopim.com https://www.artfut.com https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://maps.googleapis.com mc.yandex.com mc.yandex.ru paperform.co recaptcha.net s.yimg.jp s.ytimg.jp s.ytimg.com static.ads-twitter.com tpc.googlesyndication.com web.ccpgamescdn.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.cn www.gstatic.com www.youtube.com yastatic.net yimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net https://tagmanager.google.com optimize.google.com web.ccpgamescdn.com; connect-src 'self' *.amazon-adsystem.com *.clarity.ms *.cloudapp.azure.com *.extccp.com *.eveonline.com *.evetech.net *.google.com *.launchdarkly.com *.linksynergy.com *.taboola.com *.testeveonline.com *.yahoo.co.jp *.zdassets.com *.zendesk.com analytics.tiktok.com api.ccpgames.com b92.yahoo.co.jp cb2dzccayg.execute-api.eu-west-1.amazonaws.com ccp-gap-export.ew.r.appspot.com ccp-recruitmentservice-dev.azurewebsites.net ccpcommunity.zendesk.com consentcdn.cookiebot.com ethn.io graphql.contentful.com google.is google.com google.co.jp google.co.uk google.co.za google.de http://localhost:3274 https://bat.bing.com https://ccp-gap-export.ew.r.appspot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://login.microsoftonline.com https://login.windows.net https://peerserver.westus.cloudapp.azure.com https://s.yimg.com https://s.ytimg.com https://s3.amazonaws.com images.ctfassets.net j62tyvg8r3.execute-api.eu-west-1.amazonaws.com mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz s.yimg.jp sentry.io signup.ccpeveweb.com stats.g.doubleclick.net umip1v3tqb.execute-api.eu-west-1.amazonaws.com w778zk1gu3.execute-api.eu-west-1.amazonaws.com web.delighted.com wss://peerserver.westus.cloudapp.azure.com wss://*.cloudapp.azure.com wss://widget-mediator.zopim.com www.facebook.com www.google-analytics.com www.google.com www.google.co.kr www.googleadservices.com yo2vtgum73.execute-api.eu-west-1.amazonaws.com localhost:3274; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com hello.myfonts.net web.ccpgamescdn.com; img-src 'self' https: data: blob: *.amazon-adsystem.com *.ctfassets.net *.reddit.com www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' *.ctfassets.net *.doubleclick.net *.paperform.co *.twitch.tv challonge.com *.challonge.com cdn.knightlab.com consentcdn.cookiebot.com https://recaptcha.net https://www.facebook.com optimize.google.com mc.yandex.com mc.yandex.ru tpc.googlesyndication.com videos.ctfassets.net webvisor.com www.google.com www.googletagmanager.com www.ostlon.com www.youtube.com open.spotify.com; frame-ancestors 'self' http://webvisor.com app.contentful.com; report-uri https://ccpgames.report-uri.com/r/t/csp/enforce; 2 img-src * data:; font-src * data:; connect-src * data:; media-src * data: blob:; object-src *; frame-ancestors 'self' https://advancedmd-hub.knowledgeowl.com https://static-100.advancedmd.com https://static-999.advancedmd.com; 2 frame-ancestors 'self' https://*.elisa.ee https://entitlement1.ses.elisa.ee:10076; 2 frame-ancestors 'self' https://*.ccma.cat https://*.3cat.cat; 2 style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src *; 2 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' *.cdnpandadoc.com http: data:; connect-src 'self' http:; font-src 'self' 'unsafe-inline' data: http:; media-src 'self' blob: https:; frame-ancestors 'self' app.hubspot.com 2 default-src 'self' *.website-files.com scribehow.com twitter.com ads-twitter.com *.finsweet.com *.intellimize.co *.intellimizeio.com g.tenor.com *.doubleclick.net stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.vimeo.com ipinfo.io *.leandata.com cdn.jsdelivr.net *.bigmarker.com redditstatic.com pixel.byspotify.com *.website-files.com *.bing.com jobs.ashbyhq.com *.finsweet.com *.intellimize.co *.intellimizeio.com cdnjs.cloudflare.com scribe.involve.me *.ubembed.com *.google.com *.launchnotes.io *.sentry-cdn.com *.outbrain.com embed.typeform.com js.stripe.com *.profitwell.com profitwell.com *.scribehow.com scribehow.com assets.customer.io *.clickagy.com connect.facebook.net assets.calendly.com *.google-analytics.com *.googletagmanager.com snap.licdn.com *.googleanalytics.com *.ads-twitter.com *.twitter.com *.googleadservices.com *.flagsmith.com cdn.rollbar.com bam.nr-data.net bam-cell.nr-data.net analytics.tiktok.com *.googleoptimize.com ws.zoominfo.com *.googletagmanager.com connect.facebook.net bat.bing.com ajax.googleapis.com *.website-files.com cdn.jsdelivr.net *.mxpnl.com connect.facebook.net *.cloudfront.net js.intercomcdn.com *.googleoptimize.com *.googletagmanager.com maps.googleapis.com challenges.cloudflare.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.google.com *.bigmarker.com *.website-files.com embed.typeform.com assets.calendly.com fonts.googleapis.com cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' *.leandata.com hooks.zapier.com videsigns-staging.co.uk *.tiktokw.us *.bigmarker.com *.website-files.com *.pangle-ads.com app.launchnotes.io *.finsweet.com *.intellimize.co *.intellimizeio.com *.ads.linkedin.com *.ubembed.com *.cloudimg.io *.profitwell.com profitwell.com *.scribehow-dev.com *.scribehow-stage.com *.scribehow.com scribehow.com *.google-analytics.com *.customer.io api-js.mixpanel.com *.calendly.com facebook.com *.s3-accelerate.amazonaws.com *.s3.us-east-2.amazonaws.com *.google.com o385127.ingest.sentry.io *.flagsmith.com api.rollbar.com bam.nr-data.net bam-cell.nr-data.net *.clickagy.com g.tenor.com ws.zoominfo.com *.analytics.google.com *.googletagmanager.com *.facebook.com analytics.tiktok.com api-js.mixpanel.com bat.bing.com stats.g.doubleclick.net challenges.cloudflare.com *.s3.amazonaws.com; font-src 'self' data: *.leandata.com *.google.com *.bigmarker.com assets.launchnotes.io/fonts/ *.webflow.com fonts.gstatic.com *.website-files.com; frame-src 'self' *.leandata.com *.googletagmanager.com *.google.com *.ubembed.com jobs.ashbyhq.com *.finsweet.com *.intellimize.co *.intellimizeio.com cdn.embedly.com *.launchnotes.io player.vimeo.com platform.twitter.com embed.typeform.com form.typeform.com scribe.involve.me calendly.com *.clickagy.com js.stripe.com scribehow.com *.scribehow.com app.gong.io *.app.gong.io *.loom.com *.facebook.com *.youtube.com td.doubleclick.net challenges.cloudflare.com googletagmanager.com; frame-ancestors 'self' *.scribehow.com scribehow.com; img-src 'self' data: media.tenor.com blob: content: cdnjs.cloudflare.com *.website-files.com *.leandata.com t.co *.scribehow.com *.google.com *.profitwell.com *.finsweet.com *.intellimize.co *.intellimizeio.com *.bing.com tr.outbrain.com *.s3.amazonaws.com track.customer.io scribehow.com *.s3-accelerate.amazonaws.com *.s3.us-east-2.amazonaws.com *.googleusercontent.com *.google-analytics.com *.googletagmanager.com *.google.by assets.calendly.com *.clickagy.com *.facebook.com id.rlcdn.com *.ads.linkedin.com p.adsymptotic.com api.faviconkit.com *.gstatic.com twemoji.maxcdn.com *.googletagmanager.com gravatar.com image-service.scribehow.com *.googletagmanager.com pixel-sync.sitescout.com sync.crwdcntrl.net stags.bluekai.com *.agkn.com dpm.demdex.net us-u.openx.net idsync.rlcdn.com id.rlcdn.com analytics.twitter.com bat.bing.com *.google.rs *.linkedin.com; manifest-src 'self'; media-src 'self' *.website-files.com *.s3.us-east-2.amazonaws.com; worker-src 'self' blob:; child-src blob:; report-to https://68ff7b91542230bb732f6fcd.endpoint.csper.io?v=0; 2 default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://cdn.jsdelivr.net/ https://www.google-analytics.com https://www.googletagmanager.com https://matomo.ria.ee/ https://search.service.eu-live.vportal.ee/v1/search/ria https://search.service.eu-live.vportal.ee/v1/globalsearch/total https://form.service.eu-live.vportal.ee/v1/ https://search.service.eu-live.vportal.ee/v1/events/ria https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee; img-src 'self' data: *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://matomo.ria.ee https://www.google-analytics.com https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://matomo.ria.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com https://matomo.ria.ee/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://matomo.ria.ee static.cludflareinsaights.com https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com https://use.fontawesome.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com https://use.fontawesome.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self'; upgrade-insecure-requests 2 frame-ancestors 'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com *.sas.com https://www.post.ch/cross-domain-bridge.html 2 frame-ancestors 'self' https://*.chilipiper.com https://app.contentful.com *.saucelabs.com:8000 *.saucelabs.com *.saucelabs.net; 2 frame-ancestors https://*.builder.io https://builder.io http://localhost:1234 2 frame-ancestors 'self' https://addeventinc.github.io/; 2 frame-ancestors 'self' https://www.conservativereview.com/ 2 default-src 'self'; connect-src 'self' *.aptrinsic.com; font-src 'self' fonts.gstatic.com; frame-ancestors 'self' *.emplifi.io; frame-src 'self' mailto: www.youtube.com; img-src * data:; script-src 'unsafe-eval' 'self'; script-src-attr 'unsafe-inline' 'self'; script-src-elem 'unsafe-inline' 'self' *.aptrinsic.com; style-src-attr 'unsafe-inline' 'self'; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com code.getmdl.io 2 frame-ancestors 'none'; report-uri https://shoptetwww.report-uri.com/r/t/csp/enforce; report-to default 2 default-src 'self' 'unsafe-inline'; frame-ancestors 'none';object-src 'none'; 2 base-uri 'self'; frame-ancestors 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://direct.betterstack.com https://errors.betterstack.com https://warehouse.betterstack.com; connect-src 'self' betterstack.com uptime.betterstack.com telemetry.betterstack.com direct.betterstack.com errors.betterstack.com warehouse.betterstack.com wss://betterstack.com wss://uptime.betterstack.com wss://telemetry.betterstack.com wss://direct.betterstack.com wss://errors.betterstack.com wss://warehouse.betterstack.com betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com betterstack-organization-logos.s3.us-west-002.backblazeb2.com betterstack-team-logos.s3.us-west-002.backblazeb2.com betterstack-user-avatars.s3.us-west-002.backblazeb2.com *.okta.com *.sentry.io https://api.stripe.com https://chat-assets.frontapp.com https://chat.frontapp.com https://us-west-1-chat-server.frontapp.com https://us-west-2-chat-server.frontapp.com https://eu-west-1-chat-server.frontapp.com wss://front-us-realtime.ably.io wss://front-eu-realtime.ably.io https://chat-webhook.frontapp.com *.bugsnag.com https://*.browser-intake-datadoghq.com https://internet-up.ably-realtime.com www.google.com www.google.ca www.google.co.uk www.google.de www.google.fr www.google.es www.google.it www.google.nl www.google.jp www.google.au www.google.ru www.google.br www.google.in www.google.cn www.google.sg www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.id www.google.com.il www.google.com.in www.google.com.jp www.google.com.kr www.google.com.mx www.google.com.my www.google.com.nz www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.za *.google-analytics.com www.google-analytics.com *.doubleclick.net www.google.com/pagead/ www.google.com/ccm/collect adservice.google.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com/tr https://www.facebook.com/tr/ ads.linkedin.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://plausible.io bat.bing.com bat.bing.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://t.betterstack.com https://upload.imagedelivery.net *.betterstackdata.com; font-src 'self' betterstackcdn.com https://fonts.gstatic.com https://use.typekit.net https://chat-assets.frontapp.com; frame-src 'self' https://betterstack.com https://uptime.betterstack.com https://telemetry.betterstack.com https://direct.betterstack.com https://errors.betterstack.com https://warehouse.betterstack.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://www.facebook.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com newsletter.betterstack.com betterstack.substack.com www.loom.com; form-action *; style-src 'report-sample' 'self' 'unsafe-inline' betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com https://fonts.googleapis.com blob:; script-src 'report-sample' 'self' 'unsafe-eval' betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.js.stripe.com https://js.stripe.com https://chat-assets.frontapp.com *.google-analytics.com www.google-analytics.com *.doubleclick.net www.google.com/pagead/ www.google.com/ccm/collect adservice.google.com www.googleadservices.com www.googletagmanager.com googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com/tr https://www.facebook.com/tr/ ads.linkedin.com *.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com https://plausible.io bat.bing.com bat.bing.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://t.betterstack.com 'nonce-96cd9986b86b3e5cdfc72050a9f474ec'; worker-src 'report-sample' 'self' blob: betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com; img-src 'self' blob: data: betterstackcdn.com cdnjs.betterstack.com cdnjs.betterstackcdn.com www.gravatar.com ui-avatars.com https://*.wp.com/ui-avatars.com/api/ betterstack-organization-logos.s3.us-west-002.backblazeb2.com betterstack-team-logos.s3.us-west-002.backblazeb2.com betterstack-user-avatars.s3.us-west-002.backblazeb2.com https://imagedelivery.net https://imagedelivery.betterstackcdn.com https://betterstack.com/cdn-cgi/image/ https://betterstackcdn.com/cdn-cgi/image/ https://chat.frontapp.com https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://nibbler.frontapp.com www.google.com www.google.ca www.google.co.uk www.google.de www.google.fr www.google.es www.google.it www.google.nl www.google.jp www.google.au www.google.ru www.google.br www.google.in www.google.cn www.google.sg www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.br www.google.com.co www.google.com.eg www.google.com.hk www.google.com.id www.google.com.il www.google.com.in www.google.com.jp www.google.com.kr www.google.com.mx www.google.com.my www.google.com.nz www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.za *.google-analytics.com *.doubleclick.net www.google.com google.com https://alb.reddit.com linkedin.com *.linkedin.com bat.bing.com bat.bing.net https://www.facebook.com www.googletagmanager.com https://t.co/i/ https://t.co/1/ https://analytics.twitter.com cdn.loom.com; default-src 'self' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.gstatic.com https://www.chevron.com https://*.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://*.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://*.doubleclick.net https://chevroncorp.gcs-web.com https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://static.doubleclick.net https://www.executiveinterviews.com https://www.googleadservices.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://*.linkedin.com https://analytics.twitter.com https://www.facebook.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://*.us-east-2.amazonaws.com https://service.force.com https://*.salesforce.com https://*.force.com https://*.salesforceliveagent.com https://code.jquery.com https://img.youtube.com https://www.youtube-nocookie.com https://www.linkedin.com https://*.adsymptotic.com https://*.doubleclick.net https://fonts.googleapis.com https://optimize.google.com https://178-uxe-734.mktoresp.com https://script.crazyegg.com https://static.chartbeat.com https://ping.chartbeat.net https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://www.googleoptimize.com https://*.parsely.com https://cdn.linkedin.oribi.io https://*.force.com https://*.my.salesforce-sites.com https://cdn.fonts.net https://analytics.tiktok.com https://i.ytimg.com https://*.nextdoor.com https://go.chevron.email https://acrobatservices.adobe.com https://viewlicense.adobe.io https://sc-static.net https://*.snapchat.com/ https://*.adsrvr.org https://*.googlesyndication.com https://*.google.com https://*.googleapis.com https://get.geojs.io; upgrade-insecure-requests; block-all-mixed-content; 2 default-src 'self'; script-src 'self' img.exaly.com exaly.com static.cloudflareinsights.com pagead2.googlesyndication.com 'nonce-dQw4w9WgXcQWwWwq' 'sha256-qgfrQOR_2si229nQ6Uv2i2s3TKa8zwzQnwfQj366y5E='; style-src 'self' exaly.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' exaly.com img.exaly.com; connect-src 'self' img.exaly.com exaly.com fonts.googleapis.com 2 default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.akamaihd.net *.google.com *.twitter.com *.demdex.net *.d41.co *.cxense.com pactsafe.io *.simpli.fi *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com *.youtube.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.dotomi.com blob: *.flixsyndication.net data.g2.com *.g2crowd.com *.adobe.com *.spexlive.net *.gstatic.com *.turnto.com *.licdn.com *.hs-scripts.com *.ispot.tv *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.zemanta.com *.botframework.com *.administrateweblink.com *.stripe.com *.pactsafe.io *.peerspot.com *.sketchfab.com *.quantummetric.com *.fiservapps.com *.quora.com sierra.chat *.algorecs.com *.cimulate.ai *.officeperceptioninstinct.com *.oktapreview.com *.okta.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.googleapis.com *.amazonaws.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.spexlive.net *.turnto.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.stackadapt.com *.administrateweblink.com *.stripe.com *.sketchfab.com *.quantummetric.com sierra.chat;img-src 'self' *.cdw.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.akamaihd.net *.google.com *.demdex.net *.cxense.com *.googletagmanager.com *.googletagservices.com *.ytimg.com *.youtube.com *.amazonaws.com *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.everesttech.net *.bluecore.com *.prod.bidr.io cdn.optimizely.com p.adsymptotic.com um.simpli.fi data: *.dotomi.com *.flixsyndication.net liveintent.com *.adobe.com *.sc.omtrdc.net *.spexlive.net *.windows.net *.turnto.com *.edgecastcdn.net *.licdn.com *.ispot.tv *.hsforms.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.zemanta.com *.pactsafe.io *.administratehq.com *.peerspot.com *.sketchfab.com *.quora.com sierra.chat *.officeperceptioninstinct.com *.oktapreview.com *.okta.com *.hubspotusercontent-na1.net;frame-src 'self' *.cdw.com *.qualtrics.com *.needle.com *.liadm.com *.doubleclick.net *.google.com *.twitter.com *.demdex.net *.cxense.com *.googletagmanager.com *.googletagservices.com *.youtube.com *.facebook.com *.rlcdn.com *.cloudfront.net *.cdwemail.com www.emjcd.com *.dotomi.com *.kingston.com *.flixsyndication.net *.adobe.com *.spexlive.net *.swcontentsyndication.com *.cisco.com *.exct.net *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net *.se.com *.administrateweblink.com *.stripe.com *.sketchfab.com *.quantummetric.com *.fiservapps.com *.microsoft.com;font-src * data:;connect-src 'self' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.akamaihd.net *.google.com *.demdex.net *.d41.co *.cxense.com *.googletagmanager.com *.googletagservices.com *.go-mpulse.net *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.cdnbasket.net *.akstat.io data.g2.com *.g2crowd.com *.adobe.com *.spexlive.net *.turnto.com *.ispot.tv *.hubapi.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.stackadapt.com *.botframework.com wss://*.botframework.com *.administrateweblink.com *.pactsafe.io *.administratehq.com *.sketchfab.com *.quantummetric.com sierra.chat *.algorecs.com *.cimulate.ai wss://*.cimulate.ai p11.techlab-cdn.com;object-src 'self' *.cdw.com *.scene7.com;media-src 'self' *.cdw.com *.youtube.com blob: *.flixsyndication.net *.spexlive.net *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob: *.quantummetric.com *.cimulate.ai; 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2 frame-ancestors 'none'; width=device-width,initial-scale=1,shrink-to-fit=no 2 frame-src 'self' blob: 'self' https://www.google.com.ua https://secure.wayforpay.com https://www.facebook.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.ukrnames.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://apis.google.com https://accounts.google.com https://www.google.com https://embed.tawk.to https://cdn.datatables.net https://play.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: 'self' https://www.ukrnames.com https://secure.wayforpay.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://cdn.datatables.net https://embed.tawk.to https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://play.google.com; style-src 'self' 'unsafe-inline' https://secure.wayforpay.com https://embed.tawk.to https://cdn.datatables.net https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' data: https://embed.tawk.to https://fonts.gstatic.com; img-src 'self' data: https://*.amazonaws.com https://embed.tawk.to https://cdn.datatables.net https://cdn.ukrnames.ua https://bg.ukrnames.com https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.es https://www.google.fr https://www.google.nl https://www.google.kz https://www.google.by https://www.google.de https://www.google.pl https://www.google.ae https://www.google.md https://www.google.ca https://www.google.com.ua https://www.google.com.tr https://www.google.co.uk https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com blob: 'self' https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com; connect-src blob: 'self' wss://www.ukrnames.com wss://*.tawk.to https://www.facebook.com https://secure.wayforpay.com https://*.tawk.to https://analytics.google.com https://stats.g.doubleclick.net 2 default-src 'self' https://*.wistia.com https://*.wistia.net https://*.crazyegg.com https://*.qualified.com https://*.qualified-preview.com https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: https:; connect-src 'self' https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net https://*.crazyegg.com https://ws.zoominfo.com https://*.qualified.com https://*.qualified-preview.com wss://*.qualified.com wss://*.qualified-preview.com https://vercel.live wss://ws-us3.pusher.com https: wss:; img-src 'self' data: https://images.ctfassets.net/st43jm402pmo/ https://videos.ctfassets.net/st43jm402pmo/ https://*.wistia.com https://*.wistia.net https://*.crazyegg.com https://*.qualified.com https://*.qualified-preview.com https://vercel.live https://vercel.com data: blob:; font-src 'self' data: https://*.wistia.com https://vercel.live https://assets.vercel.com https: data:; frame-src 'self' https://fast.wistia.com https://fast.wistia.net https://*.qualified.com https://*.qualified-preview.com https://vercel.live https:; child-src https://*.qualified.com https://*.qualified-preview.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://videos.ctfassets.net/st43jm402pmo/ mediastream: https://*.qualified.com https://*.qualified-preview.com; script-src 'self' https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.crazyegg.com https://js.zi-scripts.com https://jws-assets.zoominfo.com https://*.qualified.com https://*.qualified-preview.com https://go.ripple.com https://vercel.live https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://*.qualified.com https://*.qualified-preview.com https://vercel.live https:; object-src 'none'; frame-ancestors https://app.contentful.com https://*.qualified.com https://*.qualified-preview.com 2 connect-src 'self' ws: wss: https://*.optimizely.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com https://cms.comptia.org https://www.comptia.org https://www.google.com.br https://geolocation.onetrust.com https://privacyportal.onetrust.com https://c.az.contentsquare.net https://chatapps-us.netomi.com https://*.chatplus.jp https://ak.sail-horizon.com https://d1igp3oop3iho5.cloudfront.net https://js.zi-scripts.com https://api.sail-personalize.com https://px.ads.linkedin.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://analytics.tiktok.com https://ws.zoominfo.com https://cdn.segment.com https://api.segment.io https://*.hotjar.io https://*.cmp.optimizely.com https://*.google.com https://*.googlesyndication.com https://sso.comptia.org https://*.contentsquare.net https://k-us1.az.contentsquare.net https://stats.g.doubleclick.net https://analytics-ipv6.tiktokw.us https://api.sail-track.com https://*.zaius.com https://www.facebook.com; default-src 'self'; font-src 'self' data: https://chatapps-us.netomi.com https://*.chatplus.jp https://use.typekit.net https://fonts.gstatic.com; frame-ancestors 'self' https://cms.comptia.org https://*.optimizely.com; frame-src https://www.comptia.org https://cms.comptia.org https://*.optimizely.com https://forms.comptia.org https://www.youtube.com https://player.vimeo.com https://production-comptiawebsite.azurewebsites.net https://www.verse.com https://www.googletagmanager.com https://www.google.com https://*.chatplus.jp; img-src data: https://www.comptia.org https://images.cmp.optimizely.com https://cdn.cookielaw.org https://c.az.contentsquare.net https://www.facebook.com https://a.usea01.idio.episerver.net https://px.ads.linkedin.com https://api.zaius.com https://px4.ads.linkedin.com https://www.googletagmanager.com https://aistudio-cdata.s3.amazonaws.com https://www.googletagmanager.com https://cms.comptia.org https://*.google.com.br https://optanon.blob.core.windows.net https://*.netomi.com https://*.chatplus.jp https://*.optimizely.com https://images4.cmp.optimizely.com https://*.cmp.optimizely.com https://www.google.ca https://www.linkedin.com https://img.convertflow.co https://uploads.convertflow.co https://media.sailthru.com; media-src 'self' https://i.ytimg.com https://*.chatplus.jp; script-src 'self' https://*.optimizely.com https://*.googleapis.com https://cdn.cookielaw.org https://chatapps-us.netomi.com https://*.chatplus.jp https://www.google-analytics.com https://www.googletagmanager.com https://cms.comptia.org https://www.comptia.org https://code.jquery.com https://unpkg.com https://va.vercel-scripts.com https://player.vimeo.com https://www.youtube.com https://t.contentsquare.net https://connect.facebook.net https://snap.licdn.com https://ak.sail-horizon.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://cdn.wootric.com https://s.usea01.idio.episerver.net https://chatapps-us.netomi.com https://*.chatplus.jp https://d1igp3oop3iho5.cloudfront.net https://js.zi-scripts.com https://chatapps-us.netomi.com https://api.sail-personalize.com https://js.zi-scripts.com https://*.zaius.com https://cdn.segment.com https://*.hotjar.com https://*.convertflow.co https://*.convertflow.com https://api.sail-track.com https://www.google.com https://www.gstatic.com 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline' https://www.comptia.org https://cms.comptia.org https://chatapps-us.netomi.com https://*.chatplus.jp https://*.googleapis.com https://use.typekit.net https://p.typekit.net; base-uri 'none'; 2 frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu *.providence.org provcustomerservicedev.crm.dynamics.com provcustomerserviceuat.crm.dynamics.com provcustomerservice.crm.dynamics.com ; 2 default-src data: https:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src data: https: 'unsafe-inline'; object-src 'self' blob:; img-src data: blob: https:; 2 sandbox; default-src 'unsafe-inline' data:; script-src 'none' 2 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://vorschau.computerbild.de https://rendering.computerbild.de 2 base-uri 'none'; font-src 'self' data: fonts.gstatic.com; form-action https://api.daad.de validator.w3.org export.highcharts.com; frame-ancestors https://portal.daad.de https://*.daad.com http://*.daad.com; img-src data: blob: *; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.daad.de www.youtube.com www.google.com www.google-analytics.com *.googletagmanager.com static.doubleclick.net cdn.jsdelivr.net ajax.googleapis.com; default-src 'self'; connect-src 'self' https://api.daad.de *.daad.com *.daad.de *.doubleclick.net www.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlevideo.com europe.directline.botframework.com wss://europe.directline.botframework.com export.highcharts.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com *.daad.com *.daad.de newsletter.alumniportal-deutschland.org ablok-portal-next.azurewebsites.net; media-src https://api.daad.de *.daad.com *.daad.de *.googlevideos.com www.youtube-nocookie.com; 2 connect-src 'self' data: *.analytics.google.com distillery.pixlee.co *.clarity.ms *.cloudflare.com *.g.doubleclick.net *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googletagmanager.com *.heidelpay.com *.liebherr.com *.liebherr.i *.paypal.com *.siteintercept.qualtrics.com *.usercentrics.eu maps.googleapis.com places.googleapis.com mapsresources-pa.googleapis.com stats.g.doubleclick.net www.google.com www.google.de *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.kameleoon.net bat.bing.com bat.bing.net googleadservices.com; default-src 'self'; font-src 'self' data: *.bing.com *.clarity.ms *.cloudflare.com *.gstatic.com *.heidelpay.com *.liebherr.com *.liebherr.i *.zencdn.net; frame-src 'self' *.cloudflare.com *.google.com *.heidelpay.com *.hpcgw.net *.kameleoon.com *.liebherr.com *.liebherr.i *.usercentrics.eu *.youtube-nocookie.com *.doubleclick.net www.youtube.com *.googletagmanager.com; frame-ancestors *.liebherr.com *.kameleoon.com; img-src 'self' data: blob: *.analytics.google.com *.googleadservices.com *.azurewebsites.net *.cloudflare.com *.doubleclick.net *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.googleapis.com *.googletagmanager.com *.gstatic.com *.heidelpay.com *.kameleoon.io *.kameleoon.eu *.kameleoon.com *.liebherr.com *.liebherr.i *.paypal.com *.siteintercept.qualtrics.com *.usercentrics.eu *.ytimg.com googleads.g.doubleclick.net siteintercept.qualtrics.com bat.bing.com static.pxlecdn.com; media-src 'self' *.cloudflare.com *.liebherr.i *.liebherr.com static.pxlecdn.com static.pixlee.com; object-src 'self' *.cloudflare.com *.liebherr.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.heidelpay.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.liebherr.com *.liebherr.i *.paypal.com *.paypalobjects.com *.siteintercept.qualtrics.com *.usercentrics.eu *.youtube-nocookies.com *.youtube.com *.zencdn.net aframe.io bat.bing.com bing.com c.evidon.com cdn.jsdelivr.net googleads.g.doubleclick.net s.ytimg.com siteintercept.qualtrics.com siteseal.quovadisglobal.com *.googleadservices.com googleadservices.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.google.com *.gstatic.com *.kameleoon.com *.liebherr.com *.liebherr.i *.zencdn.net fonts.googleapis.com; worker-src blob:; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:;connect-src 'self' https://eb2.3lift.com https://*.omnitagjs.com https:;media-src data: blob: https:;upgrade-insecure-requests 2 frame-ancestors 'self' https://*.uk.pri.o2.com 2 default-src 'self' data: https:;base-uri 'self' https:;font-src 'self' https: data:;form-action 'self' https:;frame-ancestors https://cue.wanews.com.au 'self';img-src 'self' data: https:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;report-to csp-violations;report-uri https://7news.com.au/csp-report;connect-src 'self' https: data: wss:;frame-src 'self' https: data: blob:;media-src 'self' data: blob: https:;worker-src 'self' https: data: blob:;child-src 'self' https: blob: 2 frame-ancestors 'self' *.bonhams.com 2 frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com https://*.fashionmag.biz https://fashionmag.biz https://fashionnetworkevents.com https://*.fashionnetworkevents.com 2 default-src 'none'; base-uri 'self'; manifest-src 'self'; font-src 'self' data: https://*.polo-static.com https://fonts.gstatic.com; img-src 'self' https://support.poloniex.com data: blob: https://*.polo-static.com https://static.poloniex.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://d21y75miwcfqoq.cloudfront.net/5d308ddf https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://dn-staticdown.qbox.me https://report.woodpeckerlog.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.hbfile.net https://i.ytimg.com https://d1x7dwosqaosdj.cloudfront.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' https://*.polo-static.com https://*.poloniex.com wss://*.poloniex.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://poloniex.zendesk.com wss://*.zopim.com https://report.woodpeckerlog.com https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://dn-staticdown.qbox.me https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://s3.ap-northeast-1.amazonaws.com; frame-src 'self' blob: polo: https://docs.google.com https://td.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.polo-static.com https://pixel.mediamathrdrt.com https://scripts.mediamathrdrt.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://dn-staticdown.qbox.me https://*.googletagmanager.com https://tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.polo-static.com https://*.geetest.com https://*.geevisit.com https://*.gsensebot.com https://dn-staticdown.qbox.me https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://poloniex.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; worker-src 'self' blob: https://*.polo-static.com; form-action https://checkout.simplexcc.com; media-src 'self' blob: https://*.polo-static.com; child-src 'self' blob: polo: https://docs.google.com https://td.doubleclick.net https://*.polo-static.com; report-uri /frontend-api/skynet/csp-uri; report-to skynet 2 frame-ancestors 'self' games.mail.ru *.vk.com vk.com ok.ru *.ok.ru odnoklassniki.ru store.my.games vkplay.ru *.vkplay.ru 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com code.jquery.com *.pinterest.com *.pinimg.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com connect.facebook.net *.adsrvr.org facebook.com cdn.pdst.fm px.adentifi.com kds-pixel.kargo.com data.adxcel-ec2.com secure.adnxs.com trkn.us cdnssl.clicktale.net w3.org snap.licdn.com dc.ads.linkedin.com *.googletagmanager.com websitevisitorleads.com *.twitter.com t.co sc-static.net *.evgnet.com *.cookielaw.org static.ads-twitter.com *.google-analytics.com assets.sitescdn.net *.vimeocdn.com dev.visualwebsiteoptimizer.com *.tctm.co *.qualtrics.com vimeo.com *.vimeo.com *.newrelic.com *.bing.com googleads.g.doubleclick.net *.clarity.ms *.tiktok.com *.snapchat.com everfi-next.net fpjscdn.net *.fpjs.io fresnel.vimeocdn.com f.vimeocdn.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleadservices.com *.byspotify.com cdn.evgnet.com *.visualwebsiteoptimizer.com googletagmanager.com *.virtualearth.net cdn.ckeditor.com *.google.com *.evergage.com code.jquery.com *.pinterest.com *.pinimg.com; frame-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com dev.visualwebsiteoptimizer.com *.googletagmanager.com *.pinterest.com; frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca iaa-api-gateway.apps.edwardjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; child-src 'self' blob: *.vimeo.com *.doubleclick.net *.clicktale.net *.adsrvr.org *.edwardjones.com *.edwardjones.ca accountaccess.edwardjones.com accountaccess.edwardjones.ca iaa-api-gateway.apps.edwardjones.com onlineaccess.edwardjones.com iaaweb.edwardjones.com *.tctm.co *.w3.org *.vimeocdn.com *.qualtrics.com *.everfi-next.net *.snapchat.com *.amazon-adsystem.com *.facebook.com 2 frame-ancestors 'self' aemauthor.barclaycardus.com www.aviatormastercard.com www.emiratesskywardscards.com www.hawaiianbohcard.com www.myluxurycard.com www.hawaiiancreditcard.com www.jetbluemastercard.com www.pricelinerewardsvisa.com www.breezeairwaysvisa.com www.barclaycardus.com gap.barclaysus.com oldnavy.barclaysus.com athleta.barclaysus.com bananarepublic.barclaysus.com staging-www.barclaycardus.com prod-test-www.barclaycardus.com prod-pi-www.barclaycardus.com prod-cn-www.barclaycardus.com; 2 frame-ancestors self https://*.asianetnews.com https://*.asianetnews.co http://*.annpl.org https://*.asianetnews.org https://jionews.com https://jionewsdev1.jio.ril.com 2 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' strict-dynamic https: http: blob: data: *.osano.com *.braintreegateway.com;img-src * data: *.activeprospect.com;object-src 'none';base-uri 'none';style-src 'self' 'unsafe-inline' *.jsdelivr.net *.typekit.net *.braintreegateway.com; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: https: 'unsafe-inline'; 2 frame-ancestors 'self' https://mgmt-prod-gcp.keurig.com; 2 frame-ancestors 'self' *.anthem.com; 2 default-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; upgrade-insecure-requests; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://tasks.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://assignments.edu.cloud.microsoft https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft https://res-sdf.cdn.office.net https://res.cdn.office.net https://mesh.public.onecdn.static.microsoft https://mesh.df.onecdn.static.microsoft https://m365.cloud.microsoft https://sbrprodprv.www.office.com https://scuprodprv.www.office.com https://fa000000174.resources.office.net https://outlook.office.com https://planner.cloud.microsoft; base-uri 'none'; manifest-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; script-src 'self' 'unsafe-eval' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://*.office.net https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net 'sha256-VCkGe6AeV2B4vV7flXt9Dkkp04wMc8zq7faHdRwhOx0=' 'sha256-Wmg7miLkEVn5v393z4Ch7lbKnpNnLZhnVOk/iJN1miE='; style-src 'self' 'unsafe-inline' 'report-sample' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft blob: data: https://*.office.com https://*.office.net https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://*.svc.ms https://login.live.com https://storage.live.com https://az495088.vo.msecnd.net; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://whiteboard.svc.cloud.microsoft/sync wss://whiteboard.svc.cloud.dev.microsoft/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://int.augloop.svc.cloud.dev.microsoft wss://*.int.augloop.svc.cloud.dev.microsoft wss://*.augloop-int.officeppe.com wss://augloop-int.officeppe.com wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; frame-src 'self' https://*; form-action 'self' https://*; worker-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; media-src 'self' https://whiteboard.cloud.dev.microsoft https://whiteboard.cloud.microsoft; object-src 'none'; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stats.spdns.de; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' data: https://ssl.gstatic.com/ https://stats.spdns.de https://status.securepoint.de; media-src 'none'; frame-src https://stats.spdns.de/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; connect-src 'self' https://*.checkdns.spdyn.de/ https://*.checkcat.spdyn.de/; font-src 'self' https://fonts.gstatic.com 2 frame-ancestors 'self' *.eur.nl 2 frame-ancestors 'self' https://mychart-np.et1288.epichosted.com https://internal.my.lablue.com https://mychart-np.et1288.epichosted.com https://my.lablue.com; 2 default-src * data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src blob: https: 2 frame-ancestors 'self' https://cryptofingers.com https://coinspector.pl https://gamepost.io https://b2b-partner-space.emcd.io https://www.thedailypulse.net/ 2 frame-src 'self' https://*.takemobi.io https://*.ada.support https://*.yimg.com https://*.sandbox.my.site.com https://*.adalyser.com https://*.redditstatic.com https://*.reddit.com https://www.googletagmanager.com https://pcl.satmetrix.com https://*.adsrvr.org https://*.edkt.io https://*.adnxs.com https://*.omniture.com https://*.teads.tv https://*.everesttech.net https://*.everestjs.net https://fledge.teads.tv https://*.adentifi.com https://*.linkedin.com https://*.licdn.com https://*.sojern.com https://*.videoamp.com https://awin1.com https://dwin1.com https://*.adobe.com https://*.niceincontact.com https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://analytics.analytics-egain.com https://princesscruises.egain.cloud https://surfly-us.com https://princess.qualtrics.com https://sr.rlcdn.com https://www.facebook.com https://assets.adobedtm.com https://cdn.appdynamics.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://carnivalbrands.demdex.net https://servedby.flashtalking.com https://www.youtube.com https://*.princess.com https://*.ocean.com https://*.pinterest.com https://*.td.doubleclick.net https://*.tpc.googlesyndication.com https://publish-p107522-e1006297.adobeaemcloud.com https://td.doubleclick.net https://tpc.googlesyndication.com https://*.optimizely.com https://*.fullstory.com https://*.paypal.com; frame-ancestors 'self' https://*.princess.com https://*.polarres.com https://*.clubprincess.com https://*.medallionclassmarket.com https://*.princesspromotions.com https://*.ocean.com https://*.niceincontact.com https://*.adobeaemcloud.com https://*.optimizely.com https://*.fullstory.com https://*.yimg.com https://*.demandware.net https://runtime.commercecloud.com https://*.ada.support; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.boomtrain.com https://c1.rfihub.net https://live.rezync.com https://assets.adobedtm.com https://bat.bing.com https://bat.bing-int.com https://kit.fontawesome.com players.brightcove.net vjs.zencdn.net https://www.buzzsprout.com https://static.zohocdn.com https://sdk.ceros.com https://labs.ceros.com https://trk.techtarget.com https://connect.facebook.net https://creative-services.ceros.com https://www.googleadservices.com https://connect.facebook.net https://eloquatracking.iqvia.com https://script.hotjar.com https://img03.en25.com https://static.hotjar.com https://snap.licdn.com https://edge.fullstory.com https://www.clickcease.com https://cdn.pagesense.io https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://dev.visualwebsiteoptimizer.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://kit.fontawesome.com https://players.brightcove.net https://ajax.googleapis.com https://static.cloud.coveo.com https://tag.demandbase.com https://cookie-cdn.cookiepro.com https://www.google.com https://www.gstatic.com https://view.ceros.com; img-src 'self' blob: data: https://i.liadm.com https://live.rezync.com https://bat.bing.com https://s.gravatar.com https://www.google.pl https://www.linkedin.com players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.brightcovecdn.com https://i.ibb.co https://ad.doubleclick.net https://www.google.co.in https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://attr.ml-api.io https://secure.adnxs.com https://www.google-analytics.com https://www.facebook.com https://attr.ml-api.ios https://secure.adnxs.com https://s.ml-attr.com https://eloquatracking.iqvia.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://id.rlcdn.com https://cookie-cdn.cookiepro.com https://www.iqvia.com https://*.wp.com/cdn.auth0.com https://px.ads.linkedin.com https://segments.company-target.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com players.brightcove.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://geolocation.onetrust.com https://report.clarity.ms https://events.api.boomtrain.com https://people.api.boomtrain.com https://unpkg.com https://bat.bing.com https://bat.bing-int.com https://region1.analytics.google.com *.boltdns.net players.brightcove.net edge.api.brightcove.com *.akamaihd.net *.brightcovecdn.com https://region1.google-analytics.com https://metrics.hotjar.io https://stats.g.doubleclick.net https://analytics.google.com https://ibc-flow.techtarget.com https://vc.hotjar.io https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://pagesense-collect.zoho.com https://edge.fullstory.com https://rs.fullstory.com https://www.google-analytics.com https://td.doubleclick.net https://www.google.com https://bcbolt446c5271-a.akamaihd.net https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://manifest.prod.boltdns.net https://ka-f.fontawesome.com https://edge.api.brightcove.com https://cookie-cdn.cookiepro.com https://api.company-target.com https://pagead2.googlesyndication.com; font-src 'self' 'unsafe-inline' https://kit.fontawesome.com players.brightcove.net https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://ka-f.fontawesome.com data:; worker-src 'self' 'unsafe-inline' blob:; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; frame-src 'self' https://a.rfihub.com https://20874701p.rfihub.com players.brightcove.net https://www.buzzsprout.com https://view.ceros.com https://11057559.fls.doubleclick.net https://www.facebook.com https://td.doubleclick.net https://s.company-target.com https://www.google.com https://view.ceros.com https://www.googletagmanager.com; upgrade-insecure-requests; 2 frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net *.helpdocsite.com teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com teams.cloud.microsoft outlook.cloud.microsoft m365.cloud.microsoft app.hubspot.com app-eu1.hubspot.com *.canva.com; 2 frame-ancestors 'self' www.ellipsizdss.com keysight.lookbookhq.com keysight.pathfactory.com next.brella.io online-events.keysight.com *.keysight.com *.keysight.com.cn 2 frame-ancestors 'self' *.ais.th, font-src 'self' *.ais.th fonts.gstatic.com *.blob.core.windows.net *.cdc.ais.th maxcdn.bootstrapcdn.com data: 2 default-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com csxd.exclaimer.net csxd.exclaimer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com t.contentsquare.net app.contentsquare.com; worker-src 'self' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com; img-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com *.contentsquare.net data: blob:; font-src 'self' a.storyblok.com maxcdn.bootstrapcdn.com fast.wistia.com data:; media-src 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com data: blob:; object-src 'none'; frame-ancestors 'self' exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com; connect-src 'self' https://www.gstatic.com/ exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com *.contentsquare.net *.litix.io blob: data:; child-src 'self' blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com; style-src 'self' 'unsafe-inline' data: blob: exclaimer.com *.exclaimer.com *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com *.mutinycdn.com *.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk *.pardot.com ws.zoominfo.com zoominfo.com ingesteer.services-prod.nsvcs.net www.google.ca *.chilipiper.com *.webloader.smooch.io *.smooch.io s.ad.smaato.net api.exchangerate-api.com *.zi-scripts.com *.lkqd.net pippio.com *.sentry-cdn.com chat.onmaven.app bat.bing.net *.bing.com bat.bing-int.com *.sopro.io cdn.us.heap-api.com c.us.heap-api.com *.heapanalytics.com *.contentsquare.net *.contentsquare.com *.auryc.com *.azurewebsites.net *.6sc.co *.adnxs.com *.salesloft.com *.6sense.com *.greenhouse.io *.hs-scripts.com *.hs-analytics.net *.adsrvr.org *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.au play.goconsensus.com; 2 frame-ancestors 'self' preview.cxtools.walmart.com wallet.walmart.com www.walmart.com; report-uri https://csp.walmart.com/c/r/gl 2 default-src 'none'; connect-src *; font-src * data: about:; frame-src *; img-src * data: about:; media-src 'self' www.l3harris.com; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'strict-dynamic' 'nonce--szKuCeKlNRcz7i_iF7dkw'; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'strict-dynamic' 'nonce--szKuCeKlNRcz7i_iF7dkw'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.wescam.info www.googletagmanager.com cdn.userway.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; report-uri https://www.l3harris.com/system/reporting/csp; report-to csp; trusted-types * 'allow-duplicates'; require-trusted-types-for 'script' 2 worker-src 'self' https:; 2 default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae rum.hlx.page bat.bing.com *.amazon-adsystem.com s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com snap.licdn.com *.recaptcha.net s.yimg.com *.askus.hsbc.co.uk *.appspot.com tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.twitter.com t.co *.walkme.com *.omguk.com *.adsrvr.org pixel.everesttech.net liveperson.com *.contentsquare.com *.qualtrics.com *.quantserve.com *.outbrain.com *.taboola.com *.google-analytics.com www.google.com www.gstatic.cn *.hsbc.com.cn *.isstprod.hsbc.com.cn *.akamaihd.net *.tt.omtrdc.net c-hsbc.lytics.io; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com *.liveperson.net *.lpsnmedia.net; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net *.mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com *.brightcove.com cdn-assets-prod.s3.amazonaws.com www.isstukdev.hsbc.co.uk www.mcmdev.hsbc.co.uk www.mcmperf.hsbc.co.uk www.isstukuat.hsbc.co.uk www.isstuk.hsbc.co.uk *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com stream-dev.data.hsbc.com *.akamaihd.net px.ads.linkedin.com *.hsbc.co.uk *.qualtrics.com *.amazonaws.com *.we-stats.com *.hsbc.com wss://*.hsbc.com *.onfido.com *.appspot.com *.facebook.com tt.omtrdc.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.contentsquare.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net code.jquery.com *.isstprod.hsbc.com.cn *.eu.v2.customers.biocatch.com analytics-ipv6.tiktokw.us www.googleadservices.com *.lpsnmedia.net; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com *.online-metrix.net *.hsbc.com.hk *.walkme.com liveperson.com *.qualtrics.com tags.tiqcdn.com *.hsbc.co.uk *.facebook.com *.recaptcha.net bid.g.doubleclick.net cdntm.hsbc.co.uk *.akamaihd.net *.ibosscloud.com m.hbeu.dxp1.preprod.eu.dynp.cloud1.vv1865.com; frame-ancestors 'self' www.hsbc.co.uk *.liveperson.net *.hsbc.co.uk; font-src 'self' data: *.hsbc.com.hk *.gstatic.com fonts.gstatic.com *.cloudfront.net at.alicdn.com cdn.jsdelivr.net *.avast.com *.alicdn.com fonts.googleapis.com *.hsbc.co.uk; worker-src 'self' blob: tags.tiqcdn.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net *.liveperson.net *.optimizely.com *.walkme.com c-hsbc.lytics.io *.lpsnmedia.net; object-src 'self' blob: players.brightcove.net; child-src 'self' *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com blob: tags.tiqcdn.com; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net *.lpsnmedia.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://sync.ecal.com https://display.ecal.net https://assets.calendly.com https://cdn.pagesense.io https://crm.zoho.com https://js.intercomcdn.com https://platform.twitter.com https://static.zohocdn.com https://widget.intercom.io https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://display.ecal.net https://sync.ecal.com https://fonts.googleapis.com https://static.zohocdn.com https://webfonts.zoho.com https://assets.calendly.com; img-src 'self' data: https://display.ecal.net https://js.intercomcdn.com https://secure.gravatar.com https://static.intercomassets.com https://downloads.intercomcdn.com https://static.zohocdn.com https://syndication.twitter.com https://slack-imgs.com https://zohopagesense.nimbuspop.com https://www.google.com https://www.google.com.au https://www.googleadservices.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com https://static.zohocdn.com https://platform.twitter.com; connect-src 'self' https://api-iam.intercom.io https://ipapi.co https://pagesense-collect.zoho.com wss://nexus-websocket-a.intercom.io https://www.google.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' blob: https://platform.twitter.com https://sync.ecal.com https://display.ecal.net https://www.google.com https://calendly.com https://www.googletagmanager.com; frame-ancestors 'self' https://www.google.com/ https://www.recaptcha.net/; object-src 'none'; base-uri 'self'; media-src 'self' https://js.intercomcdn.com; 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://anniversaire-lidl-fr.speedi.org https://*.criteo.net https://*.adyen.com https://*.demoup.com https://www.dwin1.com https://*.lidl.fr data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://anniversaire-lidl-fr.speedi.org https://*.adyen.com https://*.demoup.com https://*.lidl.fr https://lidl-cavautlecoup.fr https://marcel-lidl-develop-sb6brz.laravel.cloud; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adnxs.com https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.rubiconproject.com https://*.taboola.com https://*.teads.tv https://lantern.roeye.com https://*.lidl.fr data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.criteo.net https://*.adyen.com https://*.demoup.com https://lantern.roeyecdn.com https://www.dwin1.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' *.servicetitan.com; 2 frame-ancestors 'self' https://smart-insights.flix360.com https://internal-insights.flix360.com 2 base-uri 'self'; default-src 'none'; img-src 'self' https: data: blob:; worker-src 'self' https: data: blob:; media-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; frame-src https:; frame-ancestors 'none'; connect-src 'self' https: blob: data: ws:; font-src 'self' data:; manifest-src 'self' 2 object-src none 2 upgrade-insecure-requests; frame-ancestors 'self' https://customer.norwegian.com 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; 2 script-src 'unsafe-eval' 'unsafe-inline' 'self' *.corp *.santanderbank.com *.openbank.us *.tealiumiq.com *.smarterhq.io *.optimizely.com *.optimizely-static.com *.googletagmanager.com *.tiqcdn.com *.teads.tv *.facebook.net *.online-metrix.net *.pinimg.com *.santandersandi.com *.cloudfront.net *.cloudflare.com *.google.com *.gstatic.com *.amazonaws.com *.amazon-adsystem.com *.ipredictive.com blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.isbank.com.tr *.google.com *.google.com.tr *.efilli.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.yandex.ru *.taboola.com *.intisbank *.uatisbank *.dmzisbank *.taboola.com *.signfordeaf.com *.youtube.com *.facebook.net *.facebook.com *.adform.net *.googleapis.com *.gstatic.com *.webservice.foreks.com *.maxiweb.isbank.com.tr data:; frame-src 'self' maxiweb.isbank.com.tr webservice.foreks.com www.youtube.com *.dataroid.com appconnect.isbank.com.tr connect-cdn.isbank.com.tr; child-src 'self' *.dataroid.com appconnect.isbank.com.tr connect-cdn.isbank.com.tr 2 img-src 'self' data: *.insurance188.com brace.video.qq.com *.ebay.com *.salesforce.com *.ebay.cn myun-hw-s3.myun.tv *.myun.tv static.mudu.tv www.google-analytics.com *.salesforce.com *.force.com btrace.video.qq.com vm.gtimg.cn vpic.video.qq.com *.force.com rcgi.video.qq.com isdspeed.qq.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://ingestion.webanalytics.italia.it; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://cercaportale.salute.gov.it https://api.salute.gov.it https://ingestion.webanalytics.italia.it; frame-src 'self' https://www.youtube-nocookie.com 2 default-src 'self' wss://*.cyberstock.com.my wss://*.maybank2u.com.my *.maybank2u.com.my *.maybank.com *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.useinsider.com https://perfectsencollector.com *.google.com https://analytics.google.com *.googleapis.com *.googletagmanager.com https://*.maybankheart.com https://analytics.twitter.com https://s.yimg.com https://analytics.tiktok.com https://c.clarity.ms https://k.clarity.ms https://n.clarity.ms https://v.clarity.ms https://s.clarity.ms https://p.clarity.ms; object-src *.maybank2u.com.my; style-src 'self' 'unsafe-inline' *.googleapis.com https://livechat.maybank2u.com.my *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com https://livechat.maybank2u.com.my; font-src *.gstatic.com *.maybank2u.com.my *.google.com *.mobiletrade.powerbroking2u.com.my; script-src 'self' *.maybank2u.com.my *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.mbww.com *.useinsider.com https://connect.facebook.net *.googleadservices.com *.google.com *.gstatic.com *.cyberstock.com.my https://analytics.tiktok.com https://bat.bing.com https://www.clarity.ms https://s.yimg.com https://analytics.twitter.com https://static.ads-twitter.com; frame-src 'self' *.maybank2u.com.my *.useinsider.com https://unity.cadreon.com *.doubleclick.net *.youtube.com *.google.com *.mobiletrade.powerbroking2u.com.my *.cyberstock.com.my https://search-prod.maybanksandbox.com; img-src 'self' data: blob: *.maybank2u.com.my https://emerchant.maybank2u.com.my:8443 *.google-analytics.com *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google.com.my https://www.google.com.sg https://www.google.co.in https://www.google.co.id https://www.facebook.com/tr/ *.useinsider.com www.maybank.com *.gstatic.com *.googleapis.com http://dbv47yu57n5vf.cloudfront.net https://perfectsencollector.com *.amazonaws.com *.oto.my *.googletagmanager.com *.youtube.com https://t.co https://analytics.twitter.com https://sp.analytics.yahoo.com https://bat.bing.com https://c.clarity.ms https://c.bing.com 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://lidl-latuaopinioneconta.it https://lidl-fatturaelettronica.it https://*.lidl.it data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://lidl-latuaopinioneconta.it https://lidl-fatturaelettronica.it https://www.lidl-latuaopinioneconta.it https://*.lidl.it; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.it data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' https://products.bestreviews.com/ https://www.channel4000.com/ https://kdvr.com/ https://kfor.com/ https://fox2now.com/ https://fox5sandiego.com/ https://ktla.com/ https://fox40.com/ https://fox4kc.com/ https://wgntv.com/ https://fox8.com/ https://khon2.com/ https://klfy.com/ https://kron4.com/ https://krqe.com/ https://wavy.com/ https://wfla.com/ https://wivb.com/ https://wkrg.com/ https://wkrn.com/ https://woodtv.com/ https://wwlp.com/ https://channel4000.com/ https://koin.com/ https://wreg.com/ https://wric.com/ https://fox59.com/ https://wspa.com/ https://wgno.com/ https://myfox8.com/ https://nbc4i.com/ https://kxan.com/ https://wtnh.com/ https://stage.nxstrib.com/ https://nxs-staging.go-vip.net/ https://wate.com/ https://wkbn.com/ https://cbs17.com/ https://wpri.com/ https://wsav.com/ https://whnt.com/ https://who13.com/ https://abc27.com/ https://cbs42.com/ https://wjhl.com/ https://cw33.com/ https://cw39.com/ https://localdvm.com/watch-dcw50/ https://wgnradio.com/ https://phl17.com/ https://cbs4indy.com/ https://borderreport.com/ https://everythinglubbock.com/ https://myhighplains.com/ https://nxsttv-stage.go-vip.net/ https://nxstrib-com-staging.go-vip.net/ https://myarklamiss.com/ https://kark.com/ https://siouxlandproud.com/ https://keloland.com/ https://easttexasmatters.com/ https://texomashomepage.com/ https://kget.com/ https://yourbigsky.com/ https://8newsnow.com/ https://mysterywire.com/ https://fox16.com/ https://conchovalleyhomepage.com/ https://yourbasin.com/ https://nwahomepage.com/ https://ozarksfirst.com/ https://westernslopenow.com/ https://yourcentralvalley.com/ https://fourstateshomepage.com/ https://ksnt.com/ https://ksn.com/ https://bigcountryhomepage.com/ https://arklatexhomepage.com/ https://ktsm.com/ https://abc4.com/ https://valleycentral.com/ https://kxnet.com/ https://fox21news.com/ https://fox44news.com/ https://wane.com/ https://binghamtonhomepage.com/ https://wboy.com/ https://pahomepage.com/ https://wbtw.com/ https://counton2.com/ https://wcia.com/ https://wdhn.com/ https://wdtn.com/ https://localdvm.com/ https://tristatehomepage.com/ https://mytwintiers.com/ https://mychamplainvalley.com/ https://wearegreenbay.com/ https://wfxrtv.com/ https://cnyhomepage.com/ https://ourquadcities.com/ https://wjtv.com/pine-belt-news/ https://wjbf.com/ https://yourerie.com/ https://upmatters.com/ https://wjtv.com/ https://fox46.com/ https://wiproud.com/ https://wlns.com/ https://mypanhandle.com/ https://centralillinoisproud.com/ https://foxlexington.com/ https://wnct.com/ https://cenlanow.com/ https://wowktv.com/ https://wvillustrated.com// https://mystateline.com/ https://wrbl.com/ https://rochesterfirst.com/ https://localsyr.com/ https://wearecentralpa.com/ https://news10.com/ https://wtrf.com/ https://mywabashvalley.com/ https://brproud.com/ https://wvnstv.com/ https://informnny.com/ https://wytv.com/ https://pix11.com/ https://www.snntv.com/ https://www.wavy.com/ https://cw33.com/ https://www.dcnewsnow.com/ https://www.ketk.com/ https://www.ktalnews.com/ https://www.qcnews.com/ https://fox56news.com/ https://www.wtaj.com/ https://www.newsnationnow.com/ https://thehill.com/; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob: data:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 2 frame-ancestors 'self' https://statistics.uni-saarland.de; 2 frame-ancestors 'self' https://*.emerson.com https://*.emerson.cn https://*.emerson.co.jp https://*.emerson.kr https://*.ariba.com https://*.tradecentric.com https://mypunchoutsite.com https://*.coupahost.com https://*.determine.com https://*.gep.com https://emerson.pathfactory.com https://*.jaggaer.com https://*.sciquest.com https://*sp24.phitr.com https://*sp15.phibred.com 2 default-src 'self' 'strict-dynamic' https://*.sheypoor.com http://*.sheypoor.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mailerlite.com https://*.hotjar.com https://*.gstatic.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://cdn.yektanet.com https://www.clarity.ms ; connect-src * ; media-src 'self' https://sheypoorvod.arvanvod.ir https://*.goftino.com blob: ; object-src 'none' ; img-src blob: https://*.sheypoor.com http://*.sheypoor.com https://www.googletagmanager.com https://*.googleapis.com https://www.google.co.uk https://*.gstatic.com https://www.google.com https://www.google.com.tr https://www.google-analytics.com https://*.clarity.ms https://sheypoorvod.arvanvod.ir https://c.bing.com https://cdn.tapture.ir https://cdn.adivery.com data: https://*.goftino.com ; style-src 'self' 'unsafe-inline' https://*.sheypoor.com http://*.sheypoor.com https://*.googleapis.com https://*.mailerlite.com https://*.goftino.com ; font-src 'self' https://*.sheypoor.com http://*.sheypoor.com https://*.gstatic.com data: https://*.goftino.com ; manifest-src 'self' https://*.sheypoor.com http://*.sheypoor.com https://*.goftino.com ; frame-src https://cdn.sheypoor.com https://player.arvancloud.ir https://ua.yektanet.com https://assets.mailerlite.com https://td.doubleclick.net https://www.aparat.com https://*.goftino.com; worker-src blob: https://*.sheypoor.com http://*.sheypoor.com https://*.goftino.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.mailerlite.com https://*.hotjar.com https://*.gstatic.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://cdn.yektanet.com https://www.clarity.ms https://matomo.mielse.com https://shypr.ir https://*.goftino.com; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' http://alteryx.lookbookhq.com https://alteryx.lookbookhq.com http://alteryx.pathfactory.com https://alteryx.pathfactory.com https://int.bender.rocks https://ayx-sandbox.bender.rocks https://flexo.bender.rocks https://fry.bender.rocks https://perf.bender.rocks https://aml.bender.rocks https://au1.alteryxcloud.com https://eu1.alteryxcloud.com https://preprod.alteryxcloud.com https://us1.alteryxcloud.com https://app.optimizely.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com *.buzzsprout.com *.visualwebsiteoptimizer.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob: https://s.saleswingsapp.com/ https://cdn.c212.net/ https://c212.net https://pixel.mathtag.com/ *.zoominfo.com *.clickagy.com *.6sc.co https://client-registry.mutinycdn.com/ https://js.zi-scripts.com https://bat.bing.com https://www.clarity.ms https://js.adsrvr.org *.niceincontact.com *.marketo.net; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.zoominfo.com data: *.niceincontact.com; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.niceincontact.com *.stackadapt.com; img-src * data: blob:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com https://pixel.mathtag.com/ https://insight.adsrvr.org/ *.niceincontact.com *.arcade.software; media-src 'self' *.googleapis.com webtest2.geotab.com webtest3.geotab.com *.niceincontact.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 2 default-src 'none'; connect-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://www.google-analytics.com/ https://*.facebook.com/ https://geolocation.onetrust.com/ https://fpf.org/ https://www.cloudflare.com/ https://vimeo.com/ https://log.cookieyes.com/; font-src 'self' data: https://cdnjs.cloudflare.com/ https://*.google.com/ https://*.typekit.net/ https://fonts.gstatic.com/; img-src 'self' data: https://*.gravatar.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.google.com/ https://www.google-analytics.com/ https://fpf.org/ https://img.youtube.com/ https://i.vimeocdn.com/ https://cdn-cookieyes.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://*.twitter.com/ https://*.google.com/ https://*.facebook.com https://*.youtube.com https://*.eventbrite.com/ https://player.vimeo.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://*.gstatic.com/ https://*.google.com/ https://*.typekit.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.twitter.com/ https://*.gstatic.com/ https://*.google.com/ https://*.eventbrite.com/ https://*.youtube.com/ https://fpf.org/ https://player.vimeo.com/ https://*.vimeocdn.com/ https://cdn-cookieyes.com/ https://*.cookieyes.com/; worker-src 'self' https://*.youtube.com/ https://*.vimeo.com/ blob:; block-all-mixed-content; 2 object-src 'self'; base-uri 'self'; frame-ancestors 'self' x-sign.benq.com x-sign.benq.eu www.benq.com www.benq.eu zowie.benq.com zowie.benq.eu; 2 frame-ancestors 'self' https://my.wealthsimple.com 2 frame-ancestors https://*.kennesaw.edu; 2 frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metricka.yandex.com https://metricka.yandex.ru https://metricka.yandex.by https://metricka.yandex.com https://metricka.yandex.tr http://metricka.yandex.com http://metricka.yandex.ru http://metricka.yandex.by http://metricka.yandex.com http://metricka.yandex.tr https://metrika.yandex.com https://metrika.yandex.ru 2 frame-ancestors 'self' *.ibm.com ; child-src blob: * 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: cid:; connect-src https: wss:; worker-src 'self' blob: ; child-src 'self' https: blob: ; 2 frame-ancestors 'self' https://areaxt.com https://staging.areaxt.com 2 frame-ancestors *.peugeot.ba *.citroen.ba *.fiat-bih.ba fiat-bih.ba *.olx.com olx.ba 2 frame-ancestors 'self', upgrade-insecure-requests 2 child-src *.hsforms.com; connect-src 'self' *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.hs-banner.com *.hsforms.com *.hubapi.com *.hubspot.com *.ip-api.com *.liadm.com *.vector.co analytics.ahrefs.com api.claydar.com api.cr-relay.com app.clearbit.com app.navattic.com cdn.athenahq.ai cdn.jsdelivr.net/npm/swiper@11/ cdn.linkedin.oribi.io cdn.prod.website-files.com conversions-config.reddit.com hubspot-forms-static-embed.s3.amazonaws.com joinamply.github.io/amply-motion/dist/index.js.map js.hscta.net material-site.cdn.prismic.io pagead2.googlesyndication.com pixel-config.reddit.com px.ads.linkedin.com static.hsappstatic.net unpkg.com/@rive-app/ www.redditstatic.com; default-src 'self'; font-src 'self' assets.website-files.com cdn.prod.website-files.com data: uploads-ssl.webflow.com; frame-src 'self' *.hs-sites.com *.hsforms.com *.hsforms.net *.hubspot.com *.liadm.com capture.navattic.com cdn.embedly.com demo.arcade.software material-site.prismic.io open.spotify.com player.vimeo.com td.doubleclick.net www.googletagmanager.com www.vimeo.com www.youtube.com; img-src 'self' *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.hsforms.com *.hsforms.net *.hubspot.com *.liadm.com alb.reddit.com blob: cdn.prod.website-files.com d3e54v103j8qbb.cloudfront.net/img/ data: google.com googleads.g.doubleclick.net i.vimeocdn.com i.ytimg.com images.prismic.io js.hscta.net material-site.cdn.prismic.io/material-site/ no-cache.hubspot.com pagead2.googlesyndication.com prismic-io.s3.amazonaws.com/material-site/ px.ads.linkedin.com px4.ads.linkedin.com www.google.com www.linkedin.com; media-src 'self' cdn.prod.website-files.com material-site.cdn.prismic.io; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' *.googletagmanager.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsforms.com *.hsforms.net *.hubspot.com *.liadm.com *.usemessages.com *.vector.co analytics.ahrefs.com cdn.athenahq.ai cdn.claydar.com cdn.cr-relay.com cdn.jsdelivr.net/npm/@deltaclan/superform@2/ cdn.jsdelivr.net/npm/@finsweet/ cdn.jsdelivr.net/npm/swiper@11/ cdn.prod.website-files.com cdnjs.cloudflare.com/ajax/libs/ d3e54v103j8qbb.cloudfront.net/js/ joinamply.github.io/amply-motion/dist/index.js js.hscta.net js.navattic.com material.security/pageload.js player.vimeo.com prismic.io px.ads.linkedin.com snap.licdn.com static.cdn.prismic.io static.claydar.com tag.clearbitscripts.com unpkg.com/@rive-app/ www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com x.clearbitjs.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net/npm/swiper@11/ cdn.prod.website-files.com joinamply.github.io/amply-motion/styles.css 2 frame-ancestors 'self' https://prod.sitecore.seismic.com https://resources.seismic.com; 2 default-src 'self' in.hotjar.com s3-eu-west-1.amazonaws.com s7g10.scene7.com static-jmpovh.hyperlab.pl maps.googleapis.com analytics.tiktok.com popups.landingi.com stats.landingi.com region1.google-analytics.com vc.hotjar.io lightboxes.landingi.com tagmanager.landingi.io app.push-ad.com www.google-analytics.com geolocation.onetrust.com stats.g.doubleclick.net api3.push-ad.com ct.pinterest.com app2.push-api.pl track.push-ad.com cdn.cookielaw.org static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net tr.snapchat.com dmp.push-api.pl ams.creativecdn.com jmp-privacy.my.onetrust.com cdn.jsdelivr.net tr6.snapchat.com *.crazyegg.com cdn.biedronka.cloud; script-src 'self' data: http: https: 'unsafe-inline' 'unsafe-eval' s7g10.scene7.com cdn-jmpovh.hyperlab.pl static-jmpovh.hyperlab.pl maps.googleapis.com code.jquery.com www.youtube.com lf16-tiktok-web.ttwstatic.com www.tiktok.com s3-eu-west-1.amazonaws.com stats.landingi.com old.assets-landingi.com assetslp.link popups.landingi.com scripts.assets-landingi.com ucarecdn.com script.hotjar.com app.push-ad.com analytics.tiktok.com acdn.adnxs.com code.createjs.com static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl connect.facebook.net www.googletagmanager.com biedronka.push-ad.com myao.adocean.pl cdn.cookielaw.org www.google.com www.gstatic.com www.google-analytics.com s.pinimg.com static.hotjar.com googleads.g.doubleclick.net sc-static.net tr.snapchat.com landingistats.com tags.creativecdn.com ams.creativecdn.com ssl.p.jwpcdn.com cdn.jsdelivr.net sf16-website-login.neutral.ttwstatic.com *.crazyegg.com; style-src 'self' 'unsafe-inline' s7g10.scene7.com static-jmpovh.hyperlab.pl p.typekit.net use.typekit.net lf16-tiktok-web.ttwstatic.com s3-eu-west-1.amazonaws.com styles.assets-landingi.com api3.push-ad.com app2.push-api.pl app.push-ad.com static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl fonts.googleapis.com www.googletagmanager.com *.crazyegg.com; font-src 'self' data: static-jmpovh.hyperlab.pl use.typekit.net s3-eu-west-1.amazonaws.com styles.assets-landingi.com fonts.assets-landingi.com static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl fonts.gstatic.com; img-src 'self' data: http: https: cdn.biedronka.pl s7g10.scene7.com cdn-jmpovh.hyperlab.pl static-jmpovh.hyperlab.pl maps.googleapis.com maps.gstatic.com pl-gmtdmp.mookie1.com icons.assets-landingi.com www.facebook.com ib.adnxs.com cdn.lugc.link images.assets-landingi.com s3-eu-west-1.amazonaws.com app.push-api.pl www.google-analytics.com www.google.pl www.google.com ct.pinterest.com static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl secure.adnxs.com cdn2-wwwbiedronkapl-dev-php56.hyperlab.pl cdn.biedronka.pl cdn2.biedronka.pl cdn.cookielaw.org www.googletagmanager.com *.crazyegg.com; frame-src 'self' data: http: https: www.tiktok.com www.youtube.com landingipopups.com creativecdn.com ct.pinterest.com biedronka.push-ad.com www.google.com tr.snapchat.com td.doubleclick.net ams.creativecdn.com www.instagram.com *.crazyegg.com www.googletagmanager.com; connect-src 'self' data: http: https: wss: *.crazyegg.com ws.hotjar.com; worker-src 'self' data: http: https: blob: *.crazyegg.com; 2 default-src 'self' https://static.eurostar.com https://www.eurostar.com; frame-ancestors 'self' https://cms.eurostar.com https://eurostar.moment.tech https://onboard.eurostar.com; child-src blob: 'self' https://*.doubleclick.net https://ams.creativecdn.com https://api.prod.eurostar.com https://checkoutshopper-test.adyen.com https://console-d2-eus-v3.conductrics.com https://d6tizftlrpuof.cloudfront.net https://insight.adsrvr.org https://match.adsrvr.org https://static.eurostar.com https://www.facebook.com https://www.google.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube-nocookie.com https://www.youtube.com https://campaigns.lucky-cycle.com; connect-src 'self' https://*.awswaf.com https://*.contentsquare.net https://*.doubleclick.net https://*.eurostar.com https://*.launchdarkly.com https://1wyn2xo2.apicdn.sanity.io https://adservice.google.com https://analytics.google.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://api.kommunicate.io https://api.musement.com https://api.privacy-center.org https://api.usabilla.com https://ams.creativecdn.com https://bat.bing.com https://bat.bing.net https://beacon.speedcurve.com https://bots.applozic.com https://bots.kommunicate.io https://cdn.kommunicate.io https://cdn.speedcurve.com https://chat.kommunicate.io https://checkoutshopper-live.adyen.com https://cognito-idp.eu-west-1.amazonaws.com https://collect.tealiumiq.com https://collect-eu-west-1.tealiumiq.com https://eus-events.conductrics.com https://faro-collector-prod-eu-west-0.grafana.net https://fonts.googleapis.com https://insight.adsrvr.org https://k-aeu1.contentsquare.net https://labs.observepoint.com https://lux.speedcurve.com https://maps.googleapis.com https://o1269418.ingest.sentry.io https://pagead2.googlesyndication.com https://r.contentsquare.net https://region1.analytics.google.com https://region1.google-analytics.com https://sdk.privacy-center.org https://t.co https://www.bing.com https://www.facebook.com https://www.googleadservices.com https://www.google.be https://www.google.co.uk https://www.google.com https://www.google.de https://www.google.fr https://www.google.nl https://www.google-analytics.com https://www.paypal.com wss://socket.applozic.com:80 wss://socket5.applozic.com wss://socket5.kommunicate.io; font-src 'self' data: https://content.eurostar.com https://d6tizftlrpuof.cloudfront.net https://fonts.gstatic.com https://static.eurostar.com https://appdown.pstatic.net; img-src 'self' data: https://*.contentsquare.net https://*.doubleclick.net https://*.tealiumiq.com https://1wyn2xo2.apicdn.sanity.io https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://analytics.tiktok.com https://bat.bing.com https://bat.bing.net https://cdn.sanity.io https://cdn.speedcurve.com https://chatbot.eurostar.com https://checkoutshopper-live.adyen.com https://d6tizftlrpuof.cloudfront.net https://ib.adnxs.com https://images.ctfassets.net https://lux.speedcurve.com https://maps.googleapis.com https://maps.gstatic.com https://match.adsrvr.org https://images.musement.com https://packages-assets.eurostar.com https://packages.eurostar.com https://pixel.mediaiqdigital.com https://px.adnxs.com https://pxl.qccerttest.com https://region1.google-analytics.com https://s0.2mdn.net https://s3.amazonaws.com/kommunicate.s3/profile_pic/ https://sdk.privacy-center.org https://seal.digicert.com https://secure.adnxs.com https://static.eurostar.com https://t.co https://t.paypal.com https://tag.yieldoptimizer.com https://w.usabilla.com https://www.facebook.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.bg https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.co.cr https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.eg https://www.google.com.hk https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.pe https://www.google.com.pk https://www.google.com.pr https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gg https://www.google.gr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.lt https://www.google.lu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.se https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://statics.lucky-cycle.com; media-src data: https://cdn.kommunicate.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.awswaf.com https://*.doubleclick.net https://*.eurostar.com https://*.launchdarkly.com https://*.usabilla.com https://acdn.adnxs.com https://analytics.twitter.com https://apply.workable.com https://bat.bing.com https://cdn.applozic.com https://cdn.kommunicate.io https://connect.facebook.net https://console-d2-eus-v3.conductrics.com https://chatbot.eurostar.com https://eus.cdn-v3.conductrics.com https://js.time1.me https://labs.observepoint.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://s.yimg.com https://snap.licdn.com https://static.ads-twitter.com https://tag.yieldoptimizer.com https://tags.tiqcdn.com https://visitor-service.tealiumiq.com https://visitor-service-eu-west-1.tealiumiq.com https://widget.kommunicate.io https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.paypal.com https://statics.lucky-cycle.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.awswaf.com https://*.tealiumiq.com https://acdn.adnxs.com https://ad.doubleclick.net https://adservice.google.be https://adservice.google.com https://analytics.tiktok.com https://analytics.twitter.com https://api.usabilla.com https://app.contentsquare.com https://apply.workable.com https://bat.bing.com https://cdn.applozic.com https://cdn.kommunicate.io https://cdn.speedcurve.com https://cdn.tagcommander.com https://connect.facebook.net https://console-d2-eus-v3.conductrics.com https://chatbot.eurostar.com https://d2rhnzwg8g191b.cloudfront.net https://d6tizftlrpuof.cloudfront.net https://eus.cdn-v3.conductrics.com https://googleads.g.doubleclick.net https://hosted-scripts.eurostar.com https://js.adsrvr.org https://maps.googleapis.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://scripts.eurostar.com https://sdk.privacy-center.org https://secure-scripts.eurostar.com https://static.eurostar.com https://statics.lucky-cycle.com https://tags.creativecdn.com https://tags.tiqcdn.com https://w.usabilla.com https://widget.kommunicate.io https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.workable.com; style-src 'unsafe-inline' 'self' https://*.awswaf.com https://cdn.kommunicate.io https://d6tizftlrpuof.cloudfront.net https://fonts.googleapis.com https://www.gstatic.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' 'self' https://*.awswaf.com https://cdn.kommunicate.io https://d6tizftlrpuof.cloudfront.net https://fonts.googleapis.com https://www.gstatic.com; worker-src blob:; report-uri https://o1269418.ingest.sentry.io/api/4504559978545152/security/?sentry_key=c1b8b0d601d4479ca2508495c83b4e29&sentry_environment=www-prod 2 default-src 'self' 'unsafe-inline'; connect-src 'self' blob: *; font-src 'self' https://images.mutinycdn.com/ https://livestorm.imgix.net; frame-ancestors 'self' https://app.mutinyhq.com https://preview.mutinyhq.com; frame-src * data: *; img-src 'self' data: * blob: *; media-src 'self' blob: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *; 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://connect.facebook.net https://*.google-analytics.com https://stats.g.doubleclick.net https://*.analytics.google.com https://*.licdn.com https://*.linkedin.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com https://letscast.fm; img-src 'unsafe-inline' 'unsafe-eval' * data:; 2 default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.xsolla.com https://*.xsolla.net; style-src-elem 'self' 'unsafe-inline'; script-src 'self' www.googletagmanager.com https://*.xsolla.com https://*.xsolla.net https://js.stripe.com; connect-src 'self' https://api.gx.games https://stats.opr.gg https://sentry-relay.opera-api.com https://s3.eu-north-1.amazonaws.com/prod.cloudsaves/ https://play.gxc.gg https://play.gx.games https://bonus.gx.games https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.xsolla.com https://*.xsolla.net https://api.stripe.com; img-src 'self' data: blob: https://play.gxc.gg https://play.gx.games https://bonus.gx.games www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.xsolla.com https://*.xsolla.net; media-src https://play.gxc.gg https://play.gx.games https://bonus.gx.games; font-src 'self'; base-uri 'self'; manifest-src 'self'; frame-src https://play.gxc.gg https://play.gx.games https://bonus.gx.games https://*.xsolla.com https://*.xsolla.net https://js.stripe.com https://hooks.stripe.com 2 frame-ancestors 'self' www.landingpromo.it www.landing-promo.it 2 frame-ancestors 'self' https://tt.payloadcms.app; font-src https://discover.teamtailor.com https://www.teamtailor.com https://web.teamtailor.com https://fonts.intercomcdn.com *.netlify.app *.chromatic.com; 2 default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com *.hsadspixel.net *.hs-analytics.net https://js.hscta.net *.hubspot.com https://static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com https://feedback.hubapi.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://sdk.privacy-center.org https://load.insights.juspay.io https://insights.juspay.io *.stape.io https://snap.licdn.com https://connect.facebook.net https://tracking-api.g2.com *.g2.com https://app.factors.ai *.factors.ai; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://sdk.privacy-center.org https://www.googletagmanager.com https://fonts.googleapis.com; form-action 'self' crm.zoho.com api.social.juspay.in https://www.facebook.com; object-src 'none'; img-src 'self' data: crm.zoho.com https://dth95m2xtyv8v.cloudfront.net https://cdn.sanity.io https://track-eu1.hubspot.com https://js.hscta.net https://no-cache.hubspot.com *.hubspot.com *.hsforms.net *.hsforms.com https://sdk.privacy-center.org https://px.ads.linkedin.com https://www.facebook.com *.facebook.com *.g2.com https://analytics.google.com https://www.google.com https://www.google.co.in https://stats.doubleclick.net *.google.com *.google.co.in *.doubleclick.net https://fonts.gstatic.com https://www.googletagmanager.com; frame-src 'self' youtube.com www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.zohopublic.com/ https://sdk.privacy-center.org *.hubspot.com *.hs-sites.com *.hsforms.net *.hsforms.com *.stape.io https://www.googletagmanager.com https://insights.juspay.io https://www.facebook.com; frame-ancestors 'self'; connect-src 'self' api.social.juspay.in https://joinus.juspay.in/api/careerJobOpening https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://analytics.google.com https://stats.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://forms-eu1.hscollectedforms.net *.hubapi.com https://js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.sentry.io *.ingest.de.sentry.io https://sdk.privacy-center.org https://api.privacy-center.org https://load.insights.juspay.io https://insights.juspay.io *.stape.io https://px.ads.linkedin.com https://www.facebook.com https://tracking-api.g2.com *.factors.ai; child-src 'self' *.hsforms.com 2 frame-ancestors 'self' https://*.charlotte.edu https://*.uncc.edu https://uncc.instructure.com; frame-src 'self' blob: comgooglemaps: gsa: https://9572357.fls.doubleclick.net https://accounts.google.com https://airtable.com https://api.recollect.net https://apis.google.com https://app.smartsheet.com https://*.arcgis.com https://calculator.charlotte.edu https://calendar.google.com https://calendly.com https://canva.com https://cdnapisec.kaltura.com https://cdn.knightlab.com https://*.charlotte.edu https://datastudio.google.com https://datawrapper.dwcdn.net https://docs.google.com https://drive.google.com https://edabroad.h5p.com https://e.infogram.com https://e.issuu.com https://embed.podcasts.apple.com https://embed.styledcalendar.com https://flo.uri.sh https://forms.hsforms.com https://*.github.io https://*.hotjar.com https://*.hotjar.io https://lookerstudio.google.com https://maphub.net https://maps.google.com https://maps.mecklenburgcountync.gov https://mcmap.org https://m.facebook.com https://my.matterport.com https://platform.twitter.com https://player.vimeo.com https://public.tableau.com https://*.skedda.com https://*.spotify.com https://syndication.twitter.com https://*.uncc.edu https://uncc--full123.sandbox.my.site.com https://uncc-mps-training.s3.amazonaws.com https://uncc.my.salesforce-scrt.com https://uncc.my.site.com https://view-awesome-table.com https://vimeo.com https://vocalvideo.com https://web.facebook.com https://whova.com https://w.soundcloud.com https://www.buzzsprout.com https://www.canva.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.instagram.com https://www.theweather.com https://www.youtube.com https://www.youtube-nocookie.com https://youtu.be https://youtube.com 2 block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; default-src 'none'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; font-src 'self' data:; media-src data: about:; frame-src 'self' about: https:; object-src 'self' about: 2 default-src 'self' gso.amocrm.com gso.kommo.com; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://assets.calendly.com https://platform.twitter.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://my.hellobar.com https://www.google-analytics.com https://www.youtube.com 'sha256-qZJmHHAaUu28WoFKc0FVNpA5ikXzX0NBeqIpY0bQXIA=' 'sha256-V7US+zMwAMOPr/YqM4zVsHsKGl3xUiVIwhFUvnv87QE=' 'sha256-J8lzg3ubs2SO6PW9MmHWe1UzbBMwuiLWxN/otQCygyY=' 'sha256-eH5kMeUdc48DzHbZtubwbQ1dUOxSsKEw4nqHROB4O+g=' 'sha256-disSjv6Cqh2qc1///UXyReEByhnnMEGIa7VnqInfjls=' 'sha256-sejyC18/DnWxENEG0wtqHl60q8kck4ZIDJVPYZoFY2Y=' 'sha256-yHwihVYvV0uJwcx2/8gO6wxKSQKbIKgPrOhvJErN3Zs=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' https://ajax.googleapis.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com vk.com https://login.vk.com top-fwz1.mail.ru https://mc.yandex.ru https://yastatic.net https://cdn.userflow.com https://js.userflow.com https://*.clarity.ms https://*.convertexperiments.com 'nonce-e9af510aa1a2'; style-src 'self' https://fonts.googleapis.com 'strict-dynamic' 'unsafe-inline' https://unpkg.com https://assets.calendly.com https://cdn.jsdelivr.net q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com gso.amocrm.com gso.kommo.com connect.facebook.net https://cdn.userflow.com https://js.userflow.com; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.kommo.com chrome-extension://cfaicdlgblgdchnpdilihjmfnogpjakl chrome-extension://eaeaddaoioikiaokcmjfeghddidmmfhc; worker-src blob:; object-src 'none'; font-src 'self' data: q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://fonts.gstatic.com; img-src 'self' data: blob: https://*.kommo.com https://*.amocrm.com https://seal.godaddy.com https://px.ads.linkedin.com https://partnersus.s3.amazonaws.com https://partnersus-test.s3.eu-west-1.amazonaws.com https://amocrm.com https://kommo.com https://giphy.com https://*.giphy.com https://pbs.twimg.com https://i.ytimg.com https://www.statista.com https://syndication.twitter.com https://bat.bing.com https://s3-eu-west-1.amazonaws.com q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://i.postimg.cc https://widgets.amocrm.com https://widgets.kommo.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://vk.com https://mc.yandex.ru https://yastatic.net https://mc.yandex.md https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/ https://*.clarity.ms https://c.bing.com; media-src 'self' q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/; frame-src 'self' www.facebook.com socialplugin.facebook.net www.googletagmanager.com forms.amocrm.com forms.kommo.com calendly.com platform.twitter.com d562488024744908ac9e9fa9d3112067.pages.ubembed.com giphy.com td.doubleclick.net https://app.supademo.com/ piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com button.kommo.com button.amocrm.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://vk.com https://mc.yandex.ru https://*.clarity.ms; connect-src 'self' https://*.kommo.com https://cdn.linkedin.oribi.io https://connect.ok.ru https://appbroker.amocrm-dev.com https://appbroker.amostage.com https://appbroker.amocrm.com https://pagead2.googlesyndication.com gso.amocrm.com gso.kommo.com lc-en.amocrm.com lc-en.kommo.com https://pro.ip-api.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.facebook.com https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.md https://cdn.userflow.com https://e.userflow.com https://js.userflow.com wss://e.userflow.com https://sales-demo-calendly.amostage.com https://sales-demo-calendly.kommo.com https://*.clarity.ms https://c.bing.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.signals.convertexperiments.com; base-uri 'self'; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.lidl.pl https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://cloud.news.lidl.pl https://criteo.com https://csr.onet.pl https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://ec.monplat-cdn.com https://facebook.com https://fonts.gstatic.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pixel.wp.pl https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://utiqcontent.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net https://utiq.mno.link https://mobile-token.telekom.de https://tmi.vodafone.de https://o2de.mno.link data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.lidl.pl https://*.online-metrix.net https://*.tradedoubler.com https://*.vrxs.de https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://balancechecks.tx-gate.com https://cloud.news.lidl.pl https://criteo.com https://csr.onet.pl https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net https://utiq.mno.link; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.assets.lidl https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.lidl-shop.cz https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.lidl.pl https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.smartclip.net https://*.stickyadstv.com https://*.taboola.com https://*.tradedoubler.com https://*.twiago.com https://*.xplosion.de https://*.yahoo.com https://*.yieldlab.net https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://cloud.news.lidl.pl https://content.odj.cloud https://contextual.media.net https://criteo-sync.teads.tv https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://i.liadm.com https://im9.cz https://imedia.cz https://lh3.googleusercontent.com https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://lidl.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://match.sharethrough.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pixel.wp.pl https://play-lh.googleusercontent.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://sync.outbrain.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://translate.google.com https://twiago.com https://visitor.omnitagjs.com https://utiqcontent.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval' https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://cloud.news.lidl.pl https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.lidl.pl https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://adservice.google.de https://advertising.com https://awin1.com https://cloud.news.lidl.pl https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://ec.monplat-cdn.com https://facebook.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pixel.wp.pl https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net https://frontend.prod.utiq-aws.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline' https://*.criteo.net https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.lidl-shop.cz https://*.lidl-shop.pl https://*.lidl-sklep.pl https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://cloud.news.lidl.pl https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.pl https://lidl-sklep.pl https://ligadx.com https://ligatus.com https://login.dognet.pl https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 default-src 'self' static-cdn.mackeeper.com static-cdn.sz.mackeeper.com;frame-ancestors 'self' *.cleverbridge.com;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com *.criteo.com *.googletagmanager.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.googletagmanager.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com https://files.clario.co https://c.clarity.ms https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.shopperapproved.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com *.criteo.net *.criteo.com https://www.dwin1.com http://www.youtube.com/player_api https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com https://files.clario.co *.clarity.ms *.googleoptimize.com *.sentry-cdn.com *.shopperapproved.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.google.com *.googletagmanager.com http://mackeeper.com https://mackeeper.com *.shopperapproved.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com *.shopperapproved.com;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com http://rp.liadm.com https://rp.liadm.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.clarity.ms https://sentry.cloudmccloud.com https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.googleadservices.com *.sentry-cdn.com *.trustpilot.com 2 frame-ancestors self https://*.starz.com 2 frame-ancestors 'self' https://statshub.sportradar.com 2 default-src 'self' *.materialdesignicons.com *.azurefd.net *.jsdelivr.net *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.opticsinfobase.org *.boltdns.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org *.3playmedia.com s3.amazonaws.com https://challenges.cloudflare.com/turnstile/ https://unpkg.com *.jsdelivr.net *.cvent.com cdn.mxpnl.com *.mixpanel.com *.zoom.us code.jquery.com *.doubleclick.net *.ampproject.org *.googleapis.com *.googlesyndication.com *.google-analytics.com www.googleadservices.com *.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net *.simpli.fi *.licdn.com *.knightlab.com https://kit.fontawesome.com *.stackadapt.com consent.studio *.adtrafficquality.google widgets.muster.com https://*.adp.com *.redditstatic.com connect.facebook.net *.perfdrive.com blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' data: *; connect-src 'self' cdn.opticsinfobase.org *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.3playmedia.com *.cloudfront.net *.osa.org wss://*.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com https://*.zoom.us wss://*.zoom.us https://*.linkedin.com https://*.fontawesome.com *.algolia.net *.algolianet.com insights.algolia.io *.stackadapt.com *.optica.org *.adtrafficquality.google consent.studio https://*.adp.com *.jsdelivr.net *.facebook.com *.reddit.com *.redditstatic.com blob:; media-src 'self' *.osa.org *.talkjs.com *.zoom.us *.boltdns.net *.akamaihd.net *.brightcovecdn.com *.cf.brightcove.com blob:; object-src 'self' *.azurefd.net cdn.opticsinfobase.org cdn.materialdesignicons.com *.cloudfront.net *.googlesyndication.com *.blob.core.windows.net https://*.zoom.us; frame-src 'self' *.azurefd.net *.brightcove.net *.cloudfront.net *.blob.core.windows.net *.osa.org cdn.opticsinfobase.org *.frontiersinoptics.com *.google.com *.googlesyndication.com *.youtube.com https://challenges.cloudflare.com/ https://*.doubleclick.net www.googletagmanager.com *.adtrafficquality.google https://mstr.app; frame-ancestors 'self' *.osa.org *.optica.org *.frontiersinoptics.com 2 img-src 'self' secure.gravatar.com img-hub.ru ps.w.org img.freepik.com www.acint.net data:; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.cz https://*.heureka.group https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://c.imedia.cz https://c.seznam.cz https://casalemedia.com https://*.dotomi.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://*.emjcd.com https://etracker.de https://facebook.com https://fonts.gstatic.com https://h.seznam.cz https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://*.kdukvh.com https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://*.mczbf.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.seznam.cz https://www.youtube-nocookie.com https://yahoo.com https://yieldlab.net data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.heureka.cz https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.vrxs.de https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://frame.mapy.cz https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://mapy.cz https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.youtube-nocookie.com https://yahoo.com https://yieldlab.net; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.assets.lidl https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.heureka.cz https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.openx.net https://*.pubmatic.com https://*.stickyadstv.com https://*.taboola.com https://*.tradedoubler.com https://*.twiago.com https://*.xplosion.de https://*.yahoo.com https://*.yieldlab.net https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://awin1.com https://c.imedia.cz https://c.seznam.cz https://casalemedia.com https://*.dotomi.com https://content.odj.cloud https://contextual.media.net https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://*.emjcd.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://*.kdukvh.com https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://lidl.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://match.sharethrough.com https://*.mczbf.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://play-lh.googleusercontent.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://sync.outbrain.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://translate.google.com https://twiago.com https://visitor.omnitagjs.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.seznam.cz https://yahoo.com https://yieldlab.net data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval' https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.heureka.cz https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' https://localhost https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.cz https://*.heureka.group https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://c.imedia.cz https://c.seznam.cz https://casalemedia.com https://*.dotomi.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://*.mczbf.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://www.seznam.cz https://yahoo.com https://yieldlab.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline' https://*.criteo.net https://*.doubleclick.net https://*.fitanalytics.com https://*.glami.cz https://*.heureka.cz https://*.lidl-shop.cz https://*.lidl.cz https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://casalemedia.com https://criteo.com https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://glami.cz https://hlserve.com https://ih.adscale.de https://im9.cz https://imedia.cz https://liadm.com https://lidl-shop.com https://lidl-shop.cz https://ligadx.com https://ligatus.com https://login.dognet.cz https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://smartadserver.com https://smartclip.net https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://teads.tv https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com https://*.mczbf.com; 2 frame-ancestors https://app.contentstack.com/ 2 frame-ancestors 'self' https://*.amboss.com https://*.medicuja.de https://*.labamboss.com https://*.miamed.de 2 default-src 'self'; connect-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://px.ads.linkedin.com https://assets.adobedtm.com https://safgtechnologies.demdex.net https://cdn2.gbqofs.com https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://live.cloud.api.corebridgefinancial.com https://uat.cloud.api.corebridgefinancial.com https://my.valic.com https://edge.api.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://metrics.brightcove.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://pdfgen.dmp.corebridgefinancial.com https://pdfgen-prod.dmp.corebridgefinancial.com https://americangenerallife.us-5.evergage.com https://fonts.googleapis.com https://fonts.gstatic.com https://corebridgefinancial.onlineprospectus.net https://reporting.mobular.net https://apis.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net https://streams-edge.web.sundaysky.com https://www.facebook.com https://adobedc.demdex.net https://edge.adobedc.net https://www.google.com https://dmp.uat.connector.corebridgefinancial.com https://dmp.live.connector.corebridgefinancial.com https://viewlicense.adobe.io https://cloud.rs.corebridgefinancial.com https://cloud.life.corebridgefinancial.com https://siteintercept.qualtrics.com https://cloud.ir.corebridgefinancial.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://alb.reddit.com https://www.corebridgefinancial.com https://ad.doubleclick.net https://insight.adsrvr.org; script-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://assets.corebridgefinancial.com https://cdn.gbqofs.com https://players.brightcove.net https://assets.map.brightcove.com https://map.brightcove.com https://platform.twitter.com https://aig.onlineprospectus.net https://corebridgefinancial.onlineprospectus.net https://valic.onlineprospectus.net https://play.sundaysky.com https://americangenerallife.us-5.evergage.com https://unpkg.com https://acrobatservices.adobe.com https://znbd5u06jodgh7tkj-crbg.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.redditstatic.com https://www.corebridgefinancial.com https://js.adsrvr.org https://zn6fiam0gry5fx5r0-crbg.siteintercept.qualtrics.com 'unsafe-inline' 'unsafe-eval' blob:; style-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://fonts.googleapis.com https://americangenerallife.us-5.evergage.com https://www.corebridgefinancial.com 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; frame-src 'self' https://safgtechnologies.demdex.net https://www.google.com https://platform.twitter.com https://players.brightcove.net https://14505161.fls.doubleclick.net https://td.doubleclick.net https://cbf.instech-app.com https://view.ceros.com https://acrobatservices.adobe.com https://player.vimeo.com https://hackerone.com https://www.corebridgefinancial.com https://insight.adsrvr.org https://match.adsrvr.org https://www.facebook.com; img-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://dpm.demdex.net https://safgtechnologiesdev1cbf.112.2o7.net https://www.linkedin.com https://www.facebook.com https://assets.corebridgefinancial.com https://metrics.brightcove.com https://map.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://hdr.sundaysky.com https://d21o24qxwf7uku.cloudfront.net https://play.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net https://ad.doubleclick.net https://alb.reddit.com https://www.corebridgefinancial.com https://www.googletagmanager.com https://insight.adsrvr.org data:; media-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://bcbolt446c5271-a.akamaihd.net https://streams-edge.web.sundaysky.com https://www.corebridgefinancial.com blob:; font-src 'self' https://fonts.gstatic.com https://americangenerallife.us-5.evergage.com https://www.corebridgefinancial.com data:; 2 default-src 'self' *.mypurecloud.ie *.cloudflare.com *.cookiebot.com *.doubleclick.net *.hotjar.com *.hotjar.io *.licdn.com *.googletagmanager.com *.google.com *.google.lt *.google.ie *.gstatic.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.linkedin.com *.youtube.com *.jsdelivr.net *.tellq.io *.typekit.net *.wufoo.com *.trueengage.com *.github.io unpkg.com 'unsafe-inline' 'unsafe-eval' data: ws:; object-src 'none'; report-uri https://cspaudit.balt.net/_/csp-report; 2 frame-ancestors 'self' https://*.procaresoftware.com; 2 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://blueimp.github.io *.youtube.com *.jquery.com *.toast.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com https://snap.licdn.com *.linkedin.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.toast.com *.linkedin.com *.googleapis.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com; img-src 'self' *.linkedin.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com *.lh.pl *.ytimg.com *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com data: *.google.pl *.google.com *.google-analytics.com *.facebook.com; font-src 'self' *.gstatic.com; 2 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none' 2 base-uri 'none'; img-src * data: blob:; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; media-src blob: https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://shs-components.infopark.io https://*.siemens-healthineers.com https://preview-cdn.scrvt.com/; worker-src blob: https://*.siemens-healthineers.com; script-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://api.scrivito.com https://assets.scrivito.com https://*.siemens.com https://static.siemens-healthineers.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu/ https://tools.adlytics.net https://charts3.equitystory.com/ https://irpages2.eqs.com/ https://shs-components.infopark.io https://players.brightcove.net https://vjs.zencdn.net https://siemenshealthcare.postclickmarketing.com https://ionfiles.scribblecdn.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com https://www.adobetag.com https://static.adlytics.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://img.en25.com/i/elqCfg.min.js https://cdns.gigya.com http://*.kampyle.com http://*.medallia.eu; frame-ancestors 'self' https://*.scrivito.com https://gather.town; object-src 'none'; block-all-mixed-content 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; frame-src 'self' https:; media-src 'self' https:; connect-src 'self' https:; 2 report-uri https://mon16-normal-useast5.tiktokv.us/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&p=3gowaGDMPYNRL5_Rs6oDe&v=11; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-row.net *.tiktok-usts.com *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokglobalshop.us *.tiktokmusic.me *.tiktokshop.com *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com api.music.apple.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com interactives.ap.org media.ticketmaster.eu newassets.hcaptcha.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com static.captchami.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com tx41v.arkoselabs.com unpkg.com vimeo.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: http://localhost:* https://localhost:* wss://im-ws.tiktok.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.arkoselabs.com *.billetlugen.dk *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.entradas.com *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.giphy.com *.goofy-cdn.com *.goofy.app *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopay.eu *.pipopayment.com *.pipopayment.eu *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tenor.com *.tiktok-usts.com *.tiktok.com/passport/ *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.us *.tiktokglobalshopv.us *.tiktokmusic.me *.tiktokshops.us *.tiktokstaticb.com *.tiktokus.info *.tiktokv-us.com *.tiktokv.us *.tiktokw.eu/passport/ *.tiktokw.us *.topbuzzcdn.com *.ttcdn-us.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.us.tiktok.com *.us.tiktokv.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com affiliate-us.tiktok.com analytics.tiktok.com api.music.apple.com code.jquery.com effecthouse.tiktok.com facebook.com google.com i.ticketweb.com im-api.tiktok.com im-image.tiktokv.com im-ws.tiktok.com image-va.tiktok.com images.universe.com interactives.ap.org livecenter.tiktok.com login-eu.www.tiktok.com login-no1a.www.tiktok.com login-row.www.tiktok.com login-us.www.tiktok.com media.ticketmaster.eu newassets.hcaptcha.com newsroom.tiktok.com p0-pu-private-useast8.tiktok.com play.itunes.apple.com res.cloudinary.com s1.ticketm.net scm-us.tiktok.com seller-us.tiktok.com shop.tiktok.com starling-i18n.tiktokv.com/check_and_get_text/ starling-sg.tiktokv.com/check_and_get_text/ starling-va.tiktokv.com/check_and_get_text/ static-label.frontgatetickets.com static.captchami.com support.tiktok.com t.co t.tiktok.com tikitoks.com tiktok.captchami.com tiktokfollowersfree.com tv.tiktok.com tx41v.arkoselabs.com unpkg.com us.tiktok.com v16-webapp-prime.tiktok.com v16-webapp.tiktok.com v19-webapp-prime.tiktok.com vas-alisg16.tiktokv.com vas-maliva16.tiktokv.com vas-useast2a.tiktokv.com vas-va.tiktokv.com vcs-sg.tiktokv.com vcs-va.byteoversea.com vcs-va.tiktokv.com verification-i18n.tiktok.com verification-sg.tiktok.com verification-va.byteoversea.com verification-va.tiktok.com verification.tiktokw.eu verification16-normal-no1a.tiktokw.eu verify-sg.byteoversea.com video-tcs-sg.tiktok.com video-tcs-va.tiktok.com vimeo.com web-i18n.tiktok.com/passport/ web-sg.tiktok.com/passport/ web-va.tiktok.com/passport/ webapp-sg.tiktok.com webapp-va.tiktok.com www.tiktok.com; script-src 'inline-speculation-rules' 'report-sample' 'unsafe-eval' *.tiktokcdn-us.com apis.google.com billshark-cdn.s3.amazonaws.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net interactives.ap.org js-cdn.music.apple.com/musickit/v3/musickit.js js.braintreegateway.com js.hcaptcha.com js.hsforms.net recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/bric-captcha-ttweb/core-captcha/ static.captchami.com tiktok.captchami.com tx41v.arkoselabs.com unpkg.com vimeo.com www.facebook.net www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com; worker-src www.tiktok.com/business/sw.js www.tiktok.com/creator/worker/ www.tiktok.com/embed/sw.js www.tiktok.com/firebase-messaging-sw.js www.tiktok.com/help/sw.js www.tiktok.com/legal/report/verification/uploader-oversea-crc32.js www.tiktok.com/live/creator-networks/pdf.worker.min.js www.tiktok.com/live/static/player-worker/ www.tiktok.com/risk-appeal-ocr/BlinkCardWasmSDK.worker.min.js www.tiktok.com/series/worker/ www.tiktok.com/sw.js www.tiktok.com/tiktokstudio/static/worker/ www.tiktok.com/tiktokstudio/sw.js www.tiktok.com/web-static-js/ www.tiktok.com/webapp-desktop/static/worker/ 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; font-src 'self' www.mozilla.org; base-uri 'none'; connect-src 'self' https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; object-src 'none'; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; form-action 'self' https://abdri3ttkb.execute-api.us-east-2.amazonaws.com https://accounts.firefox.com/ https://basket.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; style-src 'self' 'unsafe-inline' www.mozilla.org; default-src 'self' *.mozilla.org; frame-ancestors 'none'; upgrade-insecure-requests 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; upgrade-insecure-requests; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://dpm.demdex.net https://s.ytimg.com https://secure.adnxs.com https://go.ucg.datafront.co https://bs.serving-sys.com https://secure-ds.serving-sys.com https://bs.serving-sys.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.youtube-nocookie.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.youtube.com https://connect.facebook.net https://dpm.demdex.net https://s.ytimg.com https://secure.adnxs.com https://go.ucg.datafront.co https://bs.serving-sys.com https://secure-ds.serving-sys.com https://bs.serving-sys.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.youtube-nocookie.com ; frame-src 'self' https://www.google.com https://unicreditgroup.demdex.net https://maps.google.it https://player.vimeo.com https://1c-ir.mdgms.com https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com https://digitalmagazines.unicredit.eu https://iframes-uc.webfg.com https://www.youtube-nocookie.com ; connect-src 'self' https://datacloud-eu-central-1.tealiumiq.com https://datacloud.tealiumiq.com https://dpm.demdex.net https://dpm.demdex.net/id https://sucmetrics.unicreditgroup.eu https://unicreditgroup.eu.ssl.d2.sc.omtrdc.net https://www.youtube.com https://www.bing.com https://www.youtube-nocookie.com ; img-src 'self' data: https://sucmetrics.unicreditgroup.eu https://dpm.demdex.net https://img.youtube.com https://i1.ytimg.com https://i.ytimg.com https://image-store.slidesharecdn.com https://cm.everesttech.net https://pbs.twimg.com https://1c-ir.mdgms.com https://www.gstatic.com https://uconnect.tealiumiq.com https://secure.adnxs.com https://go.ucg.datafront.co http://www.unicreditgroup.eu https://platform.twitter.com https://syndication.twitter.com https://abs.twimg.com https://ton.twimg.com https://www.facebook.com ; font-src 'self' data: https://fonts.gstatic.com ; style-src 'self' 'unsafe-inline' https://content.unicredit.it https://it-assets.ucgstatic.eu https://content.ucgstatic.eu https://platform.twitter.com https://ton.twimg.com ; style-src-elem 'self' 'unsafe-inline' https://content.unicredit.it https://it-assets.ucgstatic.eu https://content.ucgstatic.eu https://platform.twitter.com https://ton.twimg.com ; frame-ancestors 'self' ; object-src 'none' ; form-action 'self' ; 2 default-src 'none';script-src 'self' 'unsafe-inline' https://apps.usw2.pure.cloud/messenger/messenger.min.js https://api-cdn.usw2.pure.cloud/ https://api64.ipify.org/ https://apps.usw2.pure.cloud/ https://static.registration.bluehost.com/ https://js.stripe.com https://ct.pinterest.com https://api.livechatinc.com https://formstack.com https://pi.pardot.com https://info.anchor.com.au https://widget.trustpilot.com https://www.googletagmanager.com https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com https://www.googleadservices.com https://s.adroll.com https://static.ads-twitter.com https://s.pinimg.com https://s.yimg.com https://static.getclicky.com https://sys.greechat.com https://analytics.formstack.com https://d.adroll.mgr.consensu.org https://cdn.livechatinc.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://secure.livechatinc.com https://d.adroll.com https://digitalpacificgroup.formstack.com https://static.formstack.com https://hostopia.bamboohr.com https://f.vimeocdn.com https://in.getclicky.com; img-src 'self' https://sp.analytics.yahoo.com https://analytics.twitter.com https://www.google.co.in https://pixel.prfct.co https://image2.pubmatic.com https://cm.g.doubleclick.net https://x.adroll.com https://mlvgk8mdrlmi.i.optimole.com https://secure.gravatar.com https://t.co https://www.google-analytics.com https://ct.pinterest.com https://www.facebook.com https://syndication.twitter.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.au https://d.adroll.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://eb2.3lift.com https://x.bidswitch.net https://sync.taboola.com https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://match.adsrvr.org https://rc.rlcdn.com https://csyn-r.cxense.com https://seg.sharethis.com https://resources.bamboohr.com https://crucialau.activehosted.com data: 'unsafe-inline';style-src 'self' 'unsafe-inline' https://static.formstack.com https://hostopia.bamboohr.com;font-src 'self' https://static.formstack.com https://themes.googleusercontent.com data: 'unsafe-inline'; frame-src 'self' https://apps.usw2.pure.cloud/ https://js.stripe.com https://ct.pinterest.com https://x.adroll.com https://td.doubleclick.net https://widget.trustpilot.com https://platform.twitter.com https://www.facebook.com https://secure.livechatinc.com https://player.vimeo.com https://www.youtube.com; connect-src 'self' https://api.usw2.pure.cloud/ wss://webmessaging.usw2.pure.cloud/ https://api64.ipify.org/ https://api-cdn.usw2.pure.cloud/ https://d.adroll.com https://analytics.google.com https://digitalpacificgroup.formstack.com https://www.google-analytics.com https://s.yimg.com https://ct.pinterest.com https://hostopia.bamboohr.com; media-src https://cdn.livechatinc.com; 2 frame-ancestors 'self' *.cox.net *.cox.com dcv2stg.wpengine.com discovercoxonline.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.quantserve.com https://*.quantcount.com https://tsdtocl.com https://google.com/pagead/form-data/1071727046 https://privacyportal.onetrust.com https://edge.adobedc.net https://cm.everesttech.net https://google.com/ccm/form-data/1071727046 https://onsemi.demdex.net https://geolocation.onetrust.com https://i.liadm.com/s/66627 https://trc.taboola.com/sg/liveintent/1/um https://cdn.cookielaw.org https://assets.adobedtm.com https://adobedc.demdex.net https://dpm.demdex.net https://data.enablementadobe.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://s.yimg.com https://static.lightning.force.com https://onsemineworg.my.salesforce.com https://service.force.com https://d.la2-c1-ia5.salesforceliveagent.com https://c.la2-c1-ia5.salesforceliveagent.com https://onsemineworg.my.site.com https://c1.sfdcstatic.com https://www.gstatic.cn https://www.recaptcha.net https://onsemineworg.my.salesforce.com https://onsemineworg.my.site.com https://d.la2-c1-ia5.salesforceliveagent.com https://service.force.com https://c1.sfdcstatic.com https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.marketodesigner.com https://*.mktoweb.com https://*.experience.adobe.com https://*.adobe.net https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.zencdn.net https://*.akamaihd.net https://*.cloud.coveo.com https://*.org.coveo.com https://*.ytimg.com https://go.onsemi.com https://*.kc-usercontent.com https://app.kontent.ai blob: data: https://cdn.linkedin.oribi.io https://767-faw-709.mktoutil.com https://sp.analytics.yahoo.com https://*.analytics.google.com https://analytics.google.com https://*.cdn.office.net https://insight.adsrvr.org https://js.adsrvr.org https://*.6sc.co https://j.6sc.co https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://*.6sense.com https://*.inmoment.com https://googleapis.com https://gstatic.com https://*.qualtrics.com https://*.contentsquare.net https://*.hotjar.io https://cx.onsemi.com 2 frame-src *; frame-ancestors 'self' https://*.eventscloud.com; 2 default-src 'self' *.icons8.com *.hotjar.com data: *.doubleclick.net *.wistia.net *.euronext.com *.youtube.com *.google.com *.onetrust.com *.cookielaw.org *.google.fr; child-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.docs.google.com *.googletagmanager.com *.wistia.com *.wistia.net blob:; connect-src 'self' *.cookielaw.org *.google-analytics.com *.freshworks.com *.mapbox.com *.euronext.com *.hotjar.com *.hotjar.io ws.hotjar.com ws: *.onetrust.com *.wistia.net *.wistia.com *.doubleclick.net www.googleadservices.com *.googleapis.com *.g.doubleclick.net *.google.com *.google.fr *.freshdesk.com *.linkedin.com *.companywebcast.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' *.euronext.com maxcdn.icons8.com *.doubleclick.net *.google.com fonts.gstatic.com embed.tawk.to data: *.hotjar.com *.wistia.net; frame-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.google.com *.wistia.com *.wistia.net *.companywebcast.com *.googletagmanager.com; img-src 'self' *.cookielaw.org *.ytimg.com *.w3.org data: *.euronext.com *.googletagmanager.com blob: *.globenewswire.com *.wistia.net *.wistia.com *.google-analytics.com www.googleadservices.com *.google.com *.google.fr *.linkedin.com *.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' blob: *.wistia.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org *.wistia.com *.youtube.com *.wistia.net *.licdn.com *.companywebcast.com api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io mdbootstrap.com platform.twitter.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.icons8.com *.freshworks.com *.gstatic.com *.ytimg.com *.ggpht.com *.wistia.com *.euronext.com *.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.knightlab.com https://cdnjs.cloudflare.com maxcdn.icons8.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' *.euronext.com; report-uri https://www.euronext.com/en/report-uri/enforce 2 frame-src 'self' *.youtube.com *.youtube-nocookie.com youtu.be https://www.googletagmanager.com player.vimeo.com tradetracker.jobs.personio.com; 2 child-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://apps.rokt.com https://sgtm.lookfantastic.com https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://*.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com https://s1.thcdn.com https://d2d7do8qaecbru.cloudfront.net https://tpc.googlesyndication.com https://api.bam-x.com https://www.awin1.com blob: https://gum.criteo.com https://www.pinterest.com https://www.pinterest.co.uk https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://maybelline-uk.beauty-campaigns.com https://qlic.it https://*.abtasty.com https://ct.pinterest.com https://ams.creativecdn.com https://tr.snapchat.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.provenance.org https://*.bazaarvoice.com https://www.youtube.com/ https://uk.cdn-net.com/; connect-src 'self' https://t.lt02.net https://*.dynamicyield.eu https://api.stripe.com https://api-dev.pogodonate.com https://api.pogodonate.com https://app-dev.pogodonate.com https://app.pogodonate.com https://*.listrakbi.com https://*.listrak.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://obseu.seroundprince.com wss://*.ringcentral.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.baidu.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://mc.yandex.ru https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://ct.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.parcellab.com https://www.google.co.uk https://analytics.tiktok.com https://smct.co https://*.smct.co https://api.bam-x.com https://*.contentsquare.net https://tr.snapchat.com https://ampcid.google.com.tw https://ampcid.google.com.hk https://ampcid.google.cn https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.criteo.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.criteo.net https://*.obsess-vr.com https://di.rlcdn.com https://api.rlcdn.com https://t.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.abtasty.com https://*.modiface.com https://us-east4-modiface-production.cloudfunctions.net https://sgtm.lookfantastic.com https://ml-services-grpc-gateway-4mhosmzo.nw.gateway.dev https://ams.creativecdn.com https://tr6.snapchat.com https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://api.provenance.org https://www.provenance.org https://api.segment.io https://appsignal-endpoint.net https://*.ringcentral.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; default-src 'self' https://*.lpsnmedia.net https://*.bazaarvoice.com; font-src 'self' https://app-dev.pogodonate.com https://app.pogodonate.com data: https://cdn.listrakbi.com https://*.dynamicyield.com/ https://*.thcdn.com https://fonts.gstatic.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://static.thgcdn.cn data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com https://*.bazaarvoice.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://shadematching.modiface.com https://fonts.smct.co https://fonts.smct.io https://*.ringcentral.com; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://*.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.dynamicyield.eu https://pogodonate.s3.eu-west-2.amazonaws.com https://app-dev.pogodonate.com https://app.pogodonate.com https://*.dynamicyield.com/ https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https://www.googletagmanager.com https://unpkg.com/@provenance/ https://res.cloudinary.com https://www.provenance.org https://*.ringcentral.com https://*.bazaarvoice.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://static.thgcdn.cn https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://cdn.obsess-vr.com https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://*.lookfantastic.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; object-src 'self' https://*.thcdn.com https://www.youtube.com https://*.bazaarvoice.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.dynamicyield.eu https://*.js.stripe.com https://js.stripe.com data: https://*.listrakbi.com https://*.listrak.com https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://*.dynamicyield.com/ https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://s.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://*.liveperson.com https://tpc.googlesyndication.com https://static.narrativ.com https://*.obsess-vr.com https://static.goqubit.com https://*.qubit.com https://*.contentsquare.net https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://app.contentsquare.com https://cdn.pubnub.com https://assets.dekopay.com https://*.modiface.com blob: https://app-dev.pogodonate.com https://app.pogodonate.com https://*.abtasty.com https://tr.snapchat.com https://sgtm.lookfantastic.com https://tags.creativecdn.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://unpkg.com/@provenance/ https://consent.cookiebot.com https://www.provenance.org https://*.ringcentral.com https://*.bazaarvoice.com; style-src 'self' 'unsafe-inline' https://*.dynamicyield.eu https://*.js.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://cdn.listrakbi.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://*.shoplooks.com https://*.translate.naver.net https://*.googleapis.com https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net https://cdn.obsess-vr.com https://modules.obsess-vr.com https://*.abtasty.com https://*.gstatic.com https://cms-cdn.modiface.com https://fonts.googleapis.com https://fonts.smct.io https://*.ringcentral.com https://*.bazaarvoice.com; upgrade-insecure-requests; report-to csp-endpoint 2 base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://staging.qualityhealth.com https://qualityhealth.com https://www.qualityhealth.com https://pagemanager.sharecare.com https://www.sharecare.com; upgrade-insecure-requests ; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.facebook.com https://smetrics.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://privacyportal-na01.onetrust.com https://www.google.com https://googleads.g.doubleclick.net https://vjs.zencdn.net https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://about.sharecare.com https://cdnjs.cloudflare.com; default-src 'self'; font-src 'self' https://fonts.sharecare.com https://cdn.jsdelivr.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://use.typekit.net https://fonts.gstatic.com https://pagemanager.sharecare.com; frame-src *; img-src 'self' data: https://smetrics.sharecare.com https://sb.scorecardresearch.com https://www.google.com https://www.facebook.com https://cdn.jsdelivr.net https://connect.facebook.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://s.sharecare.com https://s3.amazonaws.com https://p.typekit.net https://cdn.tapnative.com https://tcp.googlesyndication.com https://www.medtargetsystem.com https://adservice.google.com https://cdn.ampproject.org https://*.doubleclick.net https://ad.doubleclick.net https://match.deepintent.com https://trc.lhmos.com https://*.googlesyndication.com https://secure.adnxs.com https://preferences.trustarc.com https://choices.trustarc.com https://track.customer.io https://cdn.cookielaw.org https://www.googletagmanager.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://about.sharecare.com; media-src *; object-src 'none'; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://assets.adobedtm.com https://use.typekit.net https://cdn.cookielaw.org https://s.sharecare.com https://preferences.truste.com https://sb.scorecardresearch.com https://www.googleadservices.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google.com https://pi.pardot.com https://www2.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googletagservices.com https://content.tapnative.com https://securepubads.g.doubleclick.net https://www.medtargetsystem.com https://adservice.google.com https://tcp.googlesyndication.com https://match.deepintent.com https://trc.lhmos.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://assets.customer.io https://ssl.google-analytics.com https://code.jquery.com https://privacyportal-na01.onetrust.com https://players.brightcove.net https://ajax.googleapis.com https://cdn.krxd.net https://vjs.zencdn.net https://edge.api.brightcove.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *; worker-src 'self' blob:; 2 default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com; worker-src * blob:; style-src * 'unsafe-inline'; 2 frame-ancestors 'self' https://lissaplay.com https://noalvodaroletaapp.com ; 2 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 2 frame-ancestors 'self' https://leidenuniv.libwizard.com https://library-tutorials.leidenuniv.nl https://brightspace.universiteitleiden.nl 2 frame-src *.pff.com www.facebook.com www.youtube.com *.safeframe.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.criteo.com *.google.com *.rubiconproject.com *.googleadservices.com *.yahoo.com 2 frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.daytondailynews.com https://editions.daytondailynews.com 2 frame-ancestors 'self' https://1984.demo-site.is; 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' https://fast.wistia.com https://wistia.com https://fast.wistia.net https://pi.pardot.com https://static.addtoany.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://unpkg.com https://bam-cell.nr-data.net https://hackerone.com https://www2.earlywarning.com https://ws.zoominfo.com https://earlywarning.wistia.com https://cdn.cookielaw.org https://snap.licdn.com https://www3.earlywarning.com https://js.zi-scripts.com https://img.en25.com https://code.jquery.com/ https://s2822078.t.eloqua.com https://translate.google.com https://www.youtube.com https://cdn.jsdelivr.net https://connect.facebook.net http://img.en25.com https://googleads.g.doubleclick.net; object-src 'none'; img-src https://mannatstudio.com/html/serenite/assets 'self' https://www.google-analytics.com https://px.ads.linkedin.com https://paze.com https://www.paze.com https://px4.ads.linkedin.com https://aorta.clickagy.com https://dpm.demdex.net https://cdn.cookielaw.org https://www.googletagmanager.com https://fonts.gstatic.com data: https://trck.www4.paze.com/ https://image.www4.earlywarning.com/ https://cdn.honey.io https://trck.www4.zellepay.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.co.za https://www.google.co.il https://www.google.co.ma https://www.google.com.au; media-src 'self' data https://embed-ssl.wistia.com https://earlywarning.wistia.com; frame-src 'self' https://www.google.com https://fast.wistia.com https://earlywarning.wistia.com https://static.addtoany.com https://hackerone.com https://anchor.fm https://www.youtube.com https://s2822078.t.eloqua.com https://www.googletagmanager.com; frame-ancestors 'self'; font-src 'self' https://maxcdn.bootstrapcdn.com data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.linkedin.oribi.io https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com/wa/ https://js.zi-scripts.com https://s2822078.t.eloqua.com https://px.ads.linkedin.com https://www.google.com https://www.googleadservices.com https://privacyportal.onetrust.com https://region1.google-analytics.com https://www.googletagmanager.com; report-uri /report-csp-violation 2 frame-ancestors 'self' *.3bb.co.th, font-src 'self' *.3bb.co.th *.ais.th fonts.gstatic.com *.blob.core.windows.net *.cdc.ais.th maxcdn.bootstrapcdn.com data: 2 default-src 'self' *.clarity.ms *.frizbit.com *.googleadservices.com *.securitytrfx.com *.sojern.com *.smartvel.com *.firebaseapp.com *.amazoncognito.com *.adobeaemcloud.com *.airtrfx.com *.everymundo.net; connect-src 'self' *.clarity.ms *.frizbit.com *.googleadservices.com *.googlesyndication.com www.googletagmanager.com *.securitytrfx.com *.sojern.com *.visualwebsiteoptimizer.com *.everymundo.net *.smartvel.com *.bing.com *.facebook.com *.facebook.net *.adobelogin.com booking.flytap.com *.experience.adobe.net *.doubleclick.net *.inside-graph.com *.google.com.br *.google.it *.google.pl *.google.fr *.google.de *.google.pt *.google.es *.onetrust.com *.cloudflare.com *.google-analytics.com *.adobeaemcloud.com *.adobe.com cdn.cookielaw.org *.experiencecloud.live *.googleapis.com *.google.com *.coremedia.cloud *.byside.com wss://wsa1.byside.com wss://eu-live.inside-graph.com *.firebaseapp.com *.airtrfx.com *.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clarity.ms *.googleadservices.com *.googlesyndication.com www.googletagmanager.com *.frizbit.com *.securitytrfx.com *.sojern.com *.everymundo.net *.smartvel.com *.bing.com *.youtube.com *.visualwebsiteoptimizer.com *.facebook.net *.adobe.io *.experience.adobe.net *.doubleclick.net *.inside-graph.com *.google.com.br *.google.it *.google.pl *.google.fr *.google.de *.google.pt *.google.es *.cloudflare.com booking.flytap.com *.onetrust.com cdn.cookielaw.org universal-editor-service.experiencecloud.live *.googleapis.com *.google.com *.coremedia.cloud *.byside.com *.firebaseapp.com *.cloudflareinsights.com *.googletagmanager.com *.airtrfx.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.clarity.ms *.googleadservices.com *.googlesyndication.com www.googletagmanager.com *.frizbit.com *.securitytrfx.com *.sojern.com *.affilitizer.com *.everymundo.net *.smartvel.com universal-editor-service.adobe.io *.visualwebsiteoptimizer.com *.facebook.com *.facebook.net fonts.googleapis.com *.experience.adobe.net *.inside-graph.com *.google.com.br *.google.it *.google.pl *.google.fr *.google.de *.google.pt *.google.es *.cloudflare.com *.googleapis.com *.google.com *.coremedia.cloud *.byside.com *.firebaseapp.com *.airtrfx.com; img-src 'self' blob: data: *.clarity.ms *.flytap.com *.googleadservices.com *.googlesyndication.com www.googletagmanager.com *.frizbit.com *.securitytrfx.com *.sojern.com *.affilitizer.com *.everymundo.net *.smartvel.com *.bing.com *.doubleclick.net *.ytimg.com *.visualwebsiteoptimizer.com *.facebook.com *.facebook.net *.google.com.br *.google.it *.google.pl *.google.fr *.google.de *.google.pt *.google.es *.experience.adobe.net *.inside-graph.com *.onetrust.com cdn.cookielaw.org *.cloudflare.com *.googletagmanager.com *.adobeaemcloud.com *.adobe.com *.experiencecloud.live *.googleapis.com *.google.com *.coremedia.cloud *.byside.com *.firebaseapp.com *.airtrfx.com; font-src 'self' *.clarity.ms *.googleadservices.com *.googlesyndication.com www.googletagmanager.com *.frizbit.com *.securitytrfx.com *.affilitizer.com fonts.gstatic.com *.sojern.com *.smartvel.com *.everymundo.net *.experience.adobe.net *.inside-graph.com *.cloudflare.com *.coremedia.cloud *.byside.com *.firebaseapp.com *.airtrfx.com data:; frame-src 'self' *.clarity.ms *.googleadservices.com *.googlesyndication.com www.googletagmanager.com *.frizbit.com *.securitytrfx.com *.sojern.com *.doubleclick.net *.everymundo.net *.experience.adobe.net *.inside-graph.com *.firebaseapp.com *.cloudflare.com *.youtube.com *.adobeaemcloud.com *.adobe.com *.experiencecloud.live; object-src 'none'; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; base-uri 'self' *.clarity.ms *.googleadservices.com *.frizbit.com *.securitytrfx.com *.sojern.com *.smartvel.com *.airtrfx.com; form-action 'self'; frame-ancestors 'self' *.clarity.ms *.adobeaemcloud.com *.adobe.com *.adobe.net *.experiencecloud.live *.amazoncognito.com; upgrade-insecure-requests; 2 default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' https: blob:; style-src 'self' 'unsafe-inline' https: data: 2 upgrade-insecure-requests; frame-ancestors 'self' https://app.ramp.com; report-uri https://ramp.report-uri.com/r/d/csp/enforce 2 frame-ancestors 'self' https://www.lexware.de 2 object-src 'self' https://hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://*.hs-banner.com/ https://*.hs-scripts.com/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hsadspixel.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://*.hs-analytics.net/ http://*.hs-scripts.com/ http://*.hsforms.net/ http://*.hsadspixel.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://player.vimeo.com/* https://d2t77mnxyo7adj.cloudfront.net/v1/c.js http://now.eloqua.com/visitor/ http://secure.p01.eloqua.com/visitor/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.bing.com/ https://*.hotjar.com/ https://*.facebook.net/ https://*.doubleclick.net/ https://*.hsadspixel.net/ https://*.hs-scripts.com/ https://*.clarity.ms/ data https://hightail.com/; frame-ancestors 'self' https://hightail.com; 2 frame-ancestors 'self' https://agcovirtualshowroom.com https://www.agcovirtualshowroom.com; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.steinberg.net *.usercentrics.eu *.personio.de *.personio.com *.googletagmanager.com fonts.googleapis.com *.soundcloud.com *.youtube-nocookie.com *.optimizely.com *.eu-central-1.compute.amazonaws.com *.onfastspring.com *.impactcdn.com *.twitch.tv *.twitchcdn.net; connect-src https: 'self' wss://ws.hotjar.com; img-src https: 'self' *.steinberg.net *.ytimg.com *.usercentrics.eu data:; font-src https: 'self' fonts.gstatic.com fonts.googleapis.com data:; 2 frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 2 img-src 'self' data: https:; frame-ancestors 'self'; form-action 'self' 2 default-src 'none'; img-src wtfismyip.com myip.wtf; script-src ipv4.wtfismyip.com wtfismyip.com myip.wtf ipv4.myip.wtf; style-src 'unsafe-inline' 2 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 2 frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ https://admin-cx.deco.page/ https://deco.chat https://admin.decocms.com https://decocms.com frame-ancestors *.emarsys.net; worker-src 'self' blob: 2 default-src 'self' *.sitefinity.com *.clarity.ms *.technolutions.net *.visualwebsiteoptimizer.com *.google.com *.radartoolkit.com *.exactlylabs.com *.youtube.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com *.google.com *.datatables.net *.googleadservices.com *.youtube.com https://dec.azureedge.net/ munchkin.marketo.net *.typekit.net *.googletagmanager.com *.cmich.edu *.cmuhealth.org *.azure-api.net sc-static.net *.monsido.com monsido.com diffuser-cdn.app-us1.com *.technolutions.net *.crazyegg.com *.app-us1.com trackcmp.net *.sitefinity.com *.snapchat.com *.doubleclick.net *.clarity.ms *.facebook.net *.bing.com ionfiles.scribblecdn.net *.msecnd.net *.youvisit.com *.simpli.fi *.tiktok.com *.visualwebsiteoptimizer.com *.syndetics.com *.librarything.com tgbwidget.com adp.eab.com my.go-cmich.org *.liveperson.net *.lpsnmedia.net app.vwo.com *.radartoolkit.com *.exactlylabs.com bot.ivy.ai *.instagram.com onstipe.com cdn.jsdelivr.net momentjs.com https://lf16-tiktok-web.tiktokcdn-us.com unpkg.com *.hepdata.com cmich.libcal.com *.adnxs.com *.licdn.com js.monitor.azure.com *.in.applicationinsights.azure.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com *.typekit.net *.cmich.edu *.cmuhealth.org *.datatables.net *.crazyegg.com *.technolutions.net *.googletagmanager.com *.librarything.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.radartoolkit.com *.exactlylabs.com my.go-cmich.org cdn.jsdelivr.net *.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com *.hepdata.com *.tiktokcdn.com https://lf16-tiktok-common.ttwstatic.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.cmich.edu googletagmanager.com *.googletagmanager.com monsido.com *.monsido.com *.clarity.ms cmich.edu *.cmuhealth.org *.typekit.net *.snapchat.com *.bing.com *.google.com *.crazyegg.com data.adxcel-ec2.com *.youvisit.com *.simpli.fi *.googleadservices.com *.doubleclick.net *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.pro-market.net *.stickyadstv.com *.pubmatic.com *.intentiq.com *.bfmio.com *.analytics.yahoo.com *.exelator.com *.bluekai.com *.rlcdn.com *.lijit.com *.crwdcntrl.net *.openx.net *.rubiconproject.com *.adnxs.com *.spotxchange.com *.librarything.com *.visualwebsiteoptimizer.com my.go-cmich.org *.lpsnmedia.net app.vwo.com chart.googleapis.com wingify-assets.s3.amazonaws.com ajeuwbhvhr.cloudimg.io ai1.ivy-cdn.com *.instagram.com www.buzzsprout.com img.youtube.com i.ytimg.com *.hepdata.com arttrk.com *.ads.linkedin.com *.linkedin.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.cmich.edu *.cmuhealth.org *.typekit.net bot.ivy.ai widget.tagembed.com *.hepdata.com https://sf16-website-login.neutral.ttwstatic.com; frame-src apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.cmich.edu *.cmuhealth.org *.twitter.com *.vimeo.com *.sitefinity.com *.facebook.com *.snapchat.com *.crazyegg.com *.doubleclick.net *.google.com *.panopto.com *.youvisit.com *.librarything.com tgbwidget.com cdn.yoshki.com e.issuu.com *.liveperson.net *.lpsnmedia.net yoshki.com app.vwo.com *.radartoolkit.com *.exactlylabs.com scribehow.com bot.ivy.ai *.instagram.com onstipe.com widget.tagembed.com *.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com *.youtube-nocookie.com *.matterport.com *.adsensecustomsearchads.com *.googletagmanager.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ www.youtube-nocookie.com player.vimeo.com/ w.soundcloud.com/ 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.google-analytics.com https://*.googleapis.com/ *.mktoresp.com *.googleapis.com *.withgoogle.com *.cmich.edu cmich.azure-api.net *.visualstudio.com *.googleanalyitcs.com googleanalytics.com *.google.com *.snapchat.com *.sitefinity.com *.doubleclick.net *.crazyegg.com *.clarity.ms *.facebook.net *.facebook.com *.technolutions.net analytics.tiktok.com my.go-cmich.org *.visualwebsiteoptimizer.com app.vwo.com *.radartoolkit.com *.exactlylabs.com *.eab.com *.hepdata.com cmich.libcal.com *.adnxs.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.cmich.edu *.cmuhealth.org *.lpsnmedia.net; child-src *.sitefinity.com *.cmich.edu cmich.azure-api.net blob: *.visualwebsiteoptimizer.com *.radartoolkit.com *.exactlylabs.com 'self' web-chat.nativechat.com; form-action 'self' *.cmich.edu cmich.azure-api.net *.sitefinity.com *.facebook.com *.exlibrisgroup.com *.snapchat.com *.radartoolkit.com *.exactlylabs.com; frame-ancestors 'self' *.youtube.com *.cmich.edu *.cmuhealth.org *.sitefinity.com *.twitter.com *.radartoolkit.com *.exactlylabs.com; object-src cmich.azure-api.net *.sitefinity.com *.crazyegg.com *.facebook.net *.cmich.edu *.technolutions.net *.visualwebsiteoptimizer.com *.radartoolkit.com *.exactlylabs.com 'self' 2 frame-ancestors https://docs.google.com https://*.googleusercontent.com; 2 frame-ancestors 'self' *.cloudera.com 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; media-src https: blob:; img-src https: data:; font-src https: data:; worker-src https: blob:; connect-src https: wss: 2 child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com *.qualified.com; default-src 'self' 'unsafe-inline' vitals.vercel-insights.com *.vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src *.qualified.com player.vimeo.com vars.hotjar.com www.facebook.com t.sharethis.com *.qualified.com *.company-target.com https://challenges.cloudflare.com https://wizlympics-website.vercel.app https://asteroids-website.vercel.app https://path-man-website.vercel.app *.navattic.com *.wiz.io forms.office.com docs.google.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com boards.greenhouse.io job-boards.greenhouse.io https://a26988130118.cdn.optimizely.com https://a26988130118.cdn-pci.optimizely.com hemsync.clickagy.com; worker-src 'self' blob:; connect-src 'self' vitals.vercel-insights.com *.qualified.com wss://*.qualified.com www.google-analytics.com analytics.google.com/g/collect *.vimeo.com vimeo.com *.ingest.sentry.io www.datocms-assets.com www.youtube.com legal.wiz.io *.algolia.net *.algolianet.com *.algolia.io *.company-target.com *.demandbase.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net ws://localhost:3000 https://logx.optimizely.com https://*.optimizely.com js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com tags.srv.stackadapt.com *.googleapis.com ctf.wiz-research.com staging-ctf.wiz-research.com api.cr-relay.com analytics.tiktok.com *.tiktokw.us *.mux.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.hotjar.com data:; img-src 'self' 'unsafe-eval' data: https: http: *.hotjar.com tags.srv.stackadapt.com https://ct.capterra.com; media-src 'self' https: blob: mediastream: *.qualified.com; object-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' va.vercel-scripts.com vitals.vercel-insights.com tagmanager.google.com apis.google.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com js.qualified.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net *.hotjar.com *.demandbase.com *.quora.com https://challenges.cloudflare.com tags.srv.stackadapt.com *.navattic.com bwa.marketplace.awsstatic.com cdn.cr-relay.com analytics.tiktok.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.youtube.com cdn.forms-content.sg-form.com boards.greenhouse.io job-boards.greenhouse.io cdn.bizible.com bat.bing.com cdn.cookielaw.org tracking.g2crowd.com static.hotjar.com script.hotjar.com *.sharethis.com a.clarity.ms/collect *.onetrust.com *.clarity.ms j.6sc.co snap.licdn.com *.redditstatic.com static.ads-twitter.com ws.zoominfo.com connect.facebook.net tkr.techtarget.com epsilon.6sense.com ipv6.6sc.co c.6sc.co ib.adbnxs.com trk.techtarget.com ib.adnxs.com munchkin.marketo.net 120-tfk-810.mktoutil.com 120-tfk-810.mktoresp.com secure.adnxs.com www.facebook.com cdn.linkedin.oribi.io epsilon-cloudfront.6sense.com tags.clickagy.com *.doubleclick.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com ws-assets.zoominfo.com js.zi-scripts.com tags.clickagy.com schedule.zoominfo.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.vimeocdn.com *.qualified.com *.hotjar.com tags.srv.stackadapt.com; form-action 'self' www.facebook.com; frame-ancestors 'self' https://partners.wiz.io https://www.wiz.io; 2 frame-ancestors https://*.phoenixcontact.com http://*.phoenixcontact.com https://*.phoenixcontact.com.cn http://*.phoenixcontact.com.cn https://phoenixcontact.custhelp.com https://*.jobcloud.ch https://*.jobs.ch https://*.jobup.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch/de https://topjobs.ch https://phoenix.enterprise.punchcommerce.de https://dev-phoenixcontact.one.punchcommerce.de https://*.phoenixcontact.coremedia.cloud https://*.wiredminds.de 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com https://fonts.bunny.net *.twilio.com *.contentsquare.net *.heapanalytics.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.sdiapi.com *.sdiapi.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.aurusepay.com *.auruspay.com h.online-metrix.net td.doubleclick.net *.sdiapi.com *.sdiapi.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com h.online-metrix.net *.google-analytics.com *.analytics.google.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org tracking.deepsearch.adlucent.com *.twilio.com *.zumiez.com blob: *.contentsquare.net *.heapanalytics.com *.crowdtwist.com *.online-metrix.net *.google.com *.googletagmanager.com *.doubleclick.net *.cookielaw.org scene7.zumiez.com scene7.zumiez.ca s7d1.scene7.com *.rfksrv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://rum.hlx.page *.avada.io https://cdn.ownid.com https://cdn.uat.ownid.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com h.online-metrix.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com tracking.deepsearch.adlucent.com *.twilio.com *.contentsquare.net *.contentsquare.com *.hotjar.com cdn.us.heap-api.com *.heapanalytics.com *.scarabresearch.com www.clarity.ms *.cookielaw.org *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.cloudfront.net *.rfksrv.com *.sdiapi.com *.sdiapi.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.typekit.net *.aurusepay.com *.auruspay.com *.heapanalytics.com 'self' 'unsafe-inline'; object-src *.twilio.com *.zumiez.com blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.twilio.com *.zumiez.com scene7.zumiez.com scene7.zumiez.ca 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io https://cdn.ownid.com/ https://*.server.ownid.com/ https://*.server.uat.ownid.com/ https://*.uat.ownid.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com ws: h.online-metrix.net *.google-analytics.com *.analytics.google.com *.twilio.com *.zumiez.com *.contentsquare.net *.heapanalytics.com c.us.heap-api.com *.aurusepay.com *.auruspay.com *.scarabresearch.com stats.g.doubleclick.net w.clarity.ms bam.nr-data.net *.cookielaw.org *.onetrust.com *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.sdiapi.com *.sdiapi.net *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: *.sdiapi.com *.sdiapi.net http: https: blob: 'self' 'unsafe-inline'; default-src *.zumiez.com blob: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self' https://layout-cms.fox5atlanta.com; 2 frame-ancestors 'self' https://kartra.com https://kartra.kartra.com https://app.kartra.com; 2 frame-ancestors 'self' https://*.toyota-europe.com https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2 frame-ancestors 'self' https://hub.bmc.com; 2 img-src 'self' *.1rx.io *.360yield.com *.3lift.com *.adnxs.com *.adsafety.net *.adsystem.com *.adxcel-ec2.com *.adyen.com *.afterpay.com *.agkn.com *.alchemer.eu *.amazon-adsystem.com *.awin1.com *.awinblackfriday.com *.bazaarvoice.com *.bidswitch.net *.bing.com *.bing.net *.bounceexchange.com *.casalemedia.com *.cash.app *.cdnwidget.com *.clarity.ms *.collect.igodigital.com *.commercecloud.salesforce.com *.contentsquare.net *.criteo.com *.delonghi.com *.delonghigroup.com *.demdex.net *.dmxleo.com *.doubleclick.net *.evergage.com *.evgnet.com *.facebook.com *.facebook.net *.feefo.com *.gigya.com *.google-analytics.com *.google.com *.google.it *.googleadservices.com *.googlesyndacation.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.gumgum.com *.heureka.cz *.hotjar.com *.imgstatic.eu *.kenwoodworld.com *.kform.it *.knowledgebase.co *.lightboxcdn.com *.mavenoid.com *.mavenoidfiles.com *.media-amazon.com *.media.net *.mediavine.com *.nutribullet.com *.onlive.site *.payments-amazon.com *.paypal.com *.postrelease.com *.profity.ch *.pubmatic.com *.quantserve.com *.roeye.com *.rubiconproject.com *.seadform.net *.seedtag.com *.seznam.cz *.smartadserver.com *.snapengage.com *.sovendus.com *.taboola.com *.tangoo.it *.tangooserver.com *.targeting.unrulymedia.com *.teads.tv *.threekit.com *.tkrconnector.com *.tradedoubler.com *.tremorhub.com *.trustarc.com *.try-snowplow.com *.veritone-ce.com *.wepowerconnections.com *.yahoo.co.jp *.yieldlab.net *.youtube.com *.zbozi.cz ad.doubleclick.net adnxs.com adsystem.com adxcel-ec2.com afterpay.com amazon-adsystem.com awinblackfriday.com bing.com bing.net blob: bounceexchange.com clarity.ms dam.braunhousehold.com dam.delonghi.com dam.kenwoodworld.com dam.nutribullet.com dmxleo.com doc-14-1k-sheets.googleusercontent.com doubleclick.net eu-images.contentstack.com facebook.net googleadservices.com googlesyndacation.com googletagmanager.com gumgum.com heureka.cz id5-sync.com imgstatic.eu lh3.ggpht.com maps.googleapis.com mavenoidfiles.com pm-delonghi-assets.com quantserve.com seznam.cz sgtm.delonghi.com sgtm.kenwoodworld.com sgtm.nutribullet.com static.hotjar.com stgt.braunhousehold.com sync.outbrain.com tangoo.it tkrconnector.com try-snowplow.com veritone-ce.com widgets.reevoo.com www.facebook.com www.paypalobjects.com www.snapengage.com yahoo.co.jp zbozi.cz data:;script-src 'self' 'unsafe-inline' *.abtasty.com *.ad-stir.com *.adform.net *.adition.com *.adnxs.com *.adsrvr.org *.adsystem.com *.adyen.com *.afterpay.com *.alchemer.eu *.alevco.de *.amazon-adsystem.com *.awin1.com *.bannercrowd.net *.bazaarvoice.com *.bestofluck.io *.bing.com *.bounceexchange.com *.bouncex.net *.casalemedia.com *.cash.app *.cdnbasket.net *.cdnwidget.com *.cfjump.com *.checkout.visa.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.cobrowse.io *.collect.igodigital.com *.contentsquare.net *.cookieless-data.com *.creativecdn.com *.criteo.com *.ctnsnet.com *.curalate.com *.delonghi.com *.delonghigroup.com *.doubleclick.net *.dwin1.com *.easydmp.net *.evergage.com *.evgnet.com *.facebook.com *.facebook.net *.flashtalking.com *.funnelytics.io *.getback.ch *.gigya.com *.go2sdk.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googleusercontent.com *.grmtech.net *.gstatic.com *.heureka.cz *.heureka.group *.heureka.sk *.hotjar.com *.im9.cz *.imedia.cz *.jsdelivr.net *.kenwoodworld.com *.klarna.com *.klarnaservices.com *.ladsp.com *.lightboxcdn.com *.logico3c.com *.marvellousmachine.net *.mastercard.com *.mavenoid.com *.mention-me.com *.noibu.com *.nutribullet.com *.onlive.site *.optimalpeople.fr *.ownid.com *.outbrain.com *.payments-amazon.com *.paypal.com *.pinimg.com *.pinterest.com *.pixeltracker.co *.profity.ch *.quantcount.com *.quantserve.com *.ratepay.com *.recaptcha.net *.retargeted.co *.roeyecdn.com *.sciencebehindecommerce.com *.seznam.cz *.snapengage.com *.sovendus.com *.sovopt.com *.tangoo.it *.tangooserver.com *.teads.tv *.the.sciencebehindecommerce.com *.threekit.com *.tiktok.com *.tkrconnector.com *.tradedoubler.com *.trkconnector.com *.trustarc.com *.try-snowplow.com *.trustpilot.com *.wknd.ai *.yahoo.co.jp *.yimg.jp *.youtube.com *.zbozi.cz *.zenaps.com ad-stir.com adsystem.com afterpay.com alevco.de api.feefo.com bestofluck.io blob: cfjump.com clarity.ms cloudfront.net cobrowse.io cookieless-data.com creativecdn.com ctnsnet.com doc-14-1k-sheets.googleusercontent.com doubleclick.net go2sdk.com google.com googleadservices.com googletagmanager.com grmtech.net heureka.group heureka.sk im9.cz kenwoodworld.com ladsp.com maps.googleapis.com marvellousmachine.net optimalpeople.fr outbrain.com pay.google.com pixeltracker.co pm-delonghi-assets.com quantserve.com retargeted.co sandbox-assets.secure.checkout.visa.com sandbox.src.mastercard.com stgt.braunhousehold.com sgtm.delonghi.com sgtm.kenwoodworld.com sgtm.nutribullet.com static-eu.payments-amazon.com static.hotjar.com storage.googleapis.com tangoo.it tkrconnector.com try-snowplow.com trustpilot.com view.ceros.com widgets.reevoo.com www.dwin1.com www.facebook.com www.sovopt.com x.klarnacdn.net yahoo.co.jp yimg.jp 'unsafe-eval' localhost:*;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https: http:;connect-src 'self' *.3kit.com *.abtasty.com *.adsrvr.org *.adsystem.com *.adyen.com *.alchemer.eu *.amazon-adsystem.com *.amazon.com *.awinblackfriday.com *.bannercrowd.net *.bazaarvoice.com *.bing.com *.bing.net *.cdnbasket.net *.clarity.ms *.collect.igodigital.com *.contentsquare.net *.contentstack.com *.conversionsapigateway.com *.creativecdn.com *.criteo.com *.delonghi.com *.delonghigroup.com *.doubleclick.net *.evergage.com *.evgnet.com *.facebook.com *.funnelytics.io *.funnelytics.workers.dev *.getback.ch *.gigya.com *.go2sdk.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.heureka.group *.hotjar.com *.kenwoodworld.com *.klarna.com *.klarnaevt.com *.klarnaservices.com *.ladsp.com *.lightboxcdn.com *.mavenoid.com *.mavenoidfiles.com *.mention-me.com *.nutribullet.com *.onlive.site *.optimy.ai *.optimy.app *.ownid.com *.paa-reporting-advertising.amazon *.pinterest.com *.quantcount.com *.quantserve.com *.reevoo.com *.run.app *.sandbox.paypal.com *.sciencebehindecommerce.com *.sentry.io *.seznam.cz *.snapengage.com *.sovendus.com *.teads.tv *.threekit.com *.tiktok.com *.tkrconnector.com *.trustarc.com *.trustpilot.com *.wepowerconnections.com *.yahoo.co.jp *.youtube.com adsrvr.org adsystem.com api.cquotient.com awinblackfriday.com bannercrowd.net clarity.ms cloud.news.delonghi.com cloud.news.nutribullet.com conversionsapigateway.com creativecdn.com doc-14-1k-sheets.googleusercontent.com doubleclick.net fb-conv-api-tracking.nutribullet.com go2sdk.com google-analytics.com google.com googleadservices.com googletagmanager.com heureka.group ladsp.com mavenoidfiles.com mention-me.com optimy.ai optimy.app pagead2.googlesyndication.com quantserve.com run.app sentry.io services.postcodeanywhere.co.uk seznam.cz stgt.braunhousehold.com sgtm.delonghi.com sgtm.kenwoodworld.com sgtm.nutribullet.com static.hotjar.com stg.api.bazaarvoice.com teads.tv tiktok.com tkrconnector.com trustarc.com trustpilot.com widgets.reevoo.com wss://*.mavenoid.com wss://*.twilio.com wss://optimy.app wss://twilio.com www.facebook.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com www.wepowerconnections.com yahoo.co.jp localhost:*;frame-src *;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self' localhost:*;object-src 'none' 2 default-src 'self'; connect-src https://devnull.perfops.net https://*.test.resolver.perfops.net https://test-perfops.wedos.delivery https://cdn.perftest.f5-cloud-demo.com https://test-perfops.blazingcdn.com https://eo-perfops4.qcloudteo.com https://eo-perfops6.qcloudteo.com https://perfops.cloudflareperf.com https://eo-perfops10.qcloudteo.com https://perf-test.sufycdn.com https://eo-perfops8.qcloudteo.com https://cdn.jsdelivr.net https://eo-perfops1.qcloudteo.com https://perf.qinglanbaseunicast.com https://d3888oxgux3fey.cloudfront.net https://eo-static-perfops.qcloudcdn.com https://cdn23602612.ahacdn.me https://rum.perfops.cdb.cdn.orange.com https://perfops.byte-test.com https://akamai-cdn.perfops.io https://eo-static-perfops1.qcloudcdn.com https://cdnperf.cachefly.net https://medianova-cdnperf.mncdn.com https://djlzvy5xcvhxt.cloudfront.net https://1596384882.rsc.cdn77.org https://d161f70cbh7kx6.cloudfront.net https://medianova-cdnvperf.mncdn.com https://cdnperf.vergecloud.com https://perfops.gcorelabs.com https://25748s.ha.azioncdn.net https://test-perfops.haproxy.com https://perfops.swiftycdn.net https://perfops2.byte-test.com https://eo-perfops5.qcloudteo.com https://ultrawaf.canary.scrubbingcenter.com https://eo-perfops9.qcloudteo.com https://cdnperf-rum.cdnetworks.net https://perfops.edge.run https://eo-perfops2.qcloudteo.com https://eo-static-perfops3.qcloudcdn.com https://ovh-cdn.perfops.io https://eo-perfops7.qcloudteo.com https://afdcdnperf-e8aeffg7frd0a3c0.z01.azurefd.net https://proxy.canary.scrubbingcenter.com https://perfops1.b-cdn.net https://perfops-bench.sos-ch-gva-2.exoscale-cdn.com https://eo-perfops3.qcloudteo.com https://perfops-static.freetls.fastly.net https://perfopsrumapi.akamaized.net https://test-perfops.ldgslb.com https://cpt96125.shopvoxpopulus.com https://perfopsrum.akamaized.net https://perfopsrum-eip.akamaized.net https://eo-static-perfops2.qcloudcdn.com https://perfops.test.edgekey.net https://test-perfops.idevops.suijinetworks.com https://cdnperf-rum.quantil.com https://rum.perfops.mdb.cdn.orange.com https://rum-cdn.perfops.net 'self'; img-src 'self' https://quickchart.io https://files.catbox.moe; media-src 'self' https://files.catbox.moe; style-src 'self' 'unsafe-inline'; script-src https://www.google.com https://www.gstatic.com https://cdn.perfops.net 'self' 'unsafe-inline'; frame-src https://www.google.com; 2 frame-ancestors 'self' https://*.infocert.it; 2 default-src * blob: ws: wss: gap://ready 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'unsafe-inline'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * 'self' data: blob: 'unsafe-inline'; frame-src * blob: intent:; child-src * blob: gap:; frame-ancestors *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; worker-src * blob: 'unsafe-inline'; 2 frame-ancestors 'self' *.virginmoney.com; 2 default-src 'self' https://koreascience.kr https://ocean.kisti.re.kr; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; object-src 'self' https://koreascience.kr https://ocean.kisti.re.kr; connect-src 'self' https://koreascience.kr https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://koreascience.kr https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://koreascience.kr https://ocean.kisti.re.kr https://www.google-analytics.com https://data.doi.or.kr data:; frame-src 'self' https://koreascience.kr https://ocean.kisti.re.kr https://data.doi.or.kr; frame-ancestors 'self' https://koreascience.kr https://ocean.kisti.re.kr https://www.koreanoncology.or.kr http://www.kjrs.or.kr http://kjrs.or.kr https://www.ksdt.kr https://ksdt.kr/ http://smarttourism.khu.ac.kr http://www.kstp.or.kr https://www.ksdb.org https://www.ejmsb.org https://www.ekjps.org https://www.kosfaj.org https://www.jkmood.org https://www.ejast.org https://www.ejast.org https://www.jksaa.org https://www.jkiees.org https://www.ekosfop.or.kr https://www.e-fas.org https://www.woodj.org https://www.eksss.org https://www.eksss.org https://www.eksss.org https://www.jkila.org https://www.jkila.org http://journal.rubber.or.kr http://journal.cg-korea.org http://journal.kfs21.or.kr http://old.kjrs.or.kr https://www.janss.kr https://www.snak.or.kr www.e-fppi.org http://journal.tribology.kr; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; 2 frame-ancestors 'self' support.azazie.com customerservice.azazie.com 2 frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com quantserv.com adnxs.com impactradius-event.com dgm-au.com everestjs.net everesttech.net yahoo.com xg4ken.com *.online-metrix.net *.uplift.com *.quantummetric.com api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com *.nagich.com cloudfront.net bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com abgnz.wufoo.com *.youtube-nocookie.com *.mypurecloud.com *.mypurecloud.com.au; 2 frame-ancestors 'self' https://anz.sharepoint.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.blacknut.com *.blacknut.net *.blacknutlemag.com *.blacknut.biz *.google-analytics.com *.googletagmanager.com *.youtube.com *.googleapis.com *.stripe.com data: *.jsdelivr.net *.facebook.com *.facebook.net *.doubleclick.net *.google.com *.google.fr *.gouv.fr js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net *.hubspot.com *.hubapi.com *.google.ie *.googleadservices.com *.metaffiliation.com api.mixpanel.com ipinfo.io freegeoip.net marketing-image-production.s3.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.usemessages.com u360.d-bi.fr analytics.google.com *.google.com *.google.ie *.clarity.ms clarity.microsoft.com *.gstatic.com *.firebaseio.com *.taboola.com *.adnxs.com *.affilae.com *.hs-banner.com *.blacknut.biz *.api.sanity.io *.sanity.build s3.eu-west-1.amazonaws.com blacknut-prod-images.b-cdn.net blacknut-prod-videos.b-cdn.net *.ads-twitter.com 2 default-src *.maaap.it *.ddev.site *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.huma-num.fr *.ingest.sentry.io *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline'; block-all-mixed-content; font-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; frame-src *.adform.net *.ausha.co *.calameo.com *.culture.fr *.culture.gouv.fr *.dailymotion.com *.ddev.site *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.soundcloud.com *.spotify.com *.tiktok.com *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org *.x.com http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' 'unsafe-inline'; img-src *.ddev.site *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.picsum.photos *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline'; script-src *.ddev.site *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline inte-std-mcc-lclo.rag-cloud.hosteur.com moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.ddev.site *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.tarteaucitron.io *.tiktok.com *.twitter.com *.wikimedia.org *.wikipedia.org *.x.com https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://tarteaucitron.io inline inte-std-mcc-lclo.rag-cloud.hosteur.com 'self' tarteaucitron.io 'unsafe-inline' 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com http://www.googleadservices.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maxcdn.bootstrapcdn.com https://cdn.gigya.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://cdns4.gigya.com https://cdns5.gigya.com https://accounts.gigya.com https://accounts.eu1.gigya.com https://signin.qa.nationalexpress.com https://cdn.synthetix.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://tag.yieldoptimizer.com https://connect.facebook.net https://bat.bing.com http://bat.bing.com https://*.vo.msecnd.net http://az416426.vo.msecnd.net https://prod.limitlesslivemessenger.com https://sc-static.net https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://platform.twitter.com https://widget.trustpilot.com https://cdn.syndication.twimg.com https://sn1.clicktripz.com js.hsforms.net https://eu.clicktripz.com http://uktc.fospha.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net/analytics/ https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://d2oh4tlt9mrke9.cloudfront.net https://d2qmp7jjpd79k7.cloudfront.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://ict.infinity-tracking.net/js/ https://script.infinity-tracking.com https://widgets.moovit.com https://widgets.moovit.com/wtp/en-gb/ https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://*.tiktok.com/ https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://secure.data-insight365.com/js/265823.js https://secure.data-insight365.com/Track/Capture.aspx https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://*.quantserve.com/ https://rules.quantcount.com https://edge.quantserve.com http://www.instagram.com https://cdn.weglot.com https://s.yimg.com/wi/ytc.js https://acdn.adnxs.com/dmp/up/pixie.js https://cdn.mookie1.com/containr.js https://*.abtasty.com blob: https://service.force.com https://*.my.salesforce.com https://*.salesforceliveagent.com/ https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://widget.tripgo.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com https://book.distribusion.com https://*.mouseflow.com/ https://*.salecycle.com https://d16fk4ms6rqz1v.cloudfront.net wss://ws.salecycle.com https://mymachine.salecycle.com:8080;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.synthetix.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://platform.twitter.com https://ton.twimg.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://use.typekit.net/hpe8ksj.css https://p.typekit.net/p.css https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.weglot.com https://*.abtasty.com https://service.force.com https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://widget.tripgo.com http://*.oracleinfinity.io/ https://dev.oathstudio.com https://book.distribusion.com https://*.mouseflow.com/;img-src 'self' https://*.google-analytics.com https://www.google.com https://www.google.co.uk https://cm.g.doubleclick.net https://ad.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://www.facebook.com https://bat.bing.com https://cdn.jsdelivr.net https://www.nationalexpress.com https://4ez2xrmccannwebprd1.blob.core.windows.net https://zwu74omccannwebqa1.blob.core.windows.net https://4ez2xrmccannwebprd1-secondary.blob.core.windows.net http://uktc.fospha.com data: https://forms.hubspot.com https://forms.hsforms.com https://track.hubspot.com https://t.co/i/ https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://analytics.twitter.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://signin.qa.nationalexpress.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://platform-cdn.sharethis.com https://l.sharethis.com https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms/ https://c.bing.com https://cdn-ukwest.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://widgets.moovit.com https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://a-tiles.locationiq.com https://b-tiles.locationiq.com https://c-tiles.locationiq.com https://secure.agile-company-365.com/265823.png blob: https://d1fd8aj8bhyfe9.cloudfront.net https://d3dh5c7rwzliwm.cloudfront.net https://pixel.quantserve.com https://cdn.weglot.com https://sp.analytics.yahoo.com https://*.abtasty.com https://resources.tripgo.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com https://*.mouseflow.com/ https://assets.sc-trc.com https://mymachine.salecycle.com:8080;frame-src 'self' https://routemap-embed.nationalexpress.com https://faq.nationalexpress.com https://cdns.eu1.gigya.com https://signin.qa.nationalexpress.com https://www.google.com https://*.fls.doubleclick.net https://www.google.com/recaptcha/ https://forms.gle https://docs.google.com https://td.doubleclick.net https://accounts.google.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://contactless.nxbus.com https://live.ekashu.com https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://nationalexpressportal.icasework.com https://national-express--bguat.my.salesforce.com https://webto.salesforce.com https://national-express.force.com https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://timetables-embed.nxbus.co.uk https://*.nationalexpress.com/%20 https://bustimetables-nx.utrackapps.com https://bustimetables-dev.utrackapps.com https://contactless.nxbus.com https://nxbusgateway.co.uk https://player.vimeo.com https://forms.hsforms.com https://tr.snapchat.com https://www.trustpilot.com https://c.sharethis.mgr.consensu.org https://widget.trustpilot.com https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://widgets.moovit.com https://moovitapp.com https://m.moovitapp.com https://appassets.mvtdev.com/mobile/ https://www.tiktok.com https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://www.loom.com http://www.instagram.com https://*.abtasty.com https://service.force.com https://*.my.salesforce.com https://*.flashtalking.com/ http://*.oracleinfinity.io/ https://dev.oathstudio.com https://*.mouseflow.com/ https://*.salecycle.com https://d16fk4ms6rqz1v.cloudfront.net wss://ws.salecycle.com https://mymachine.salecycle.com:8080;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://digitalcampaignsstorage.blob.core.windows.net https://use.typekit.net/af/ https://cdn.weglot.com https://*.abtasty.com data: https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://dev.oathstudio.com https://book.distribusion.com https://*.mouseflow.com/;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://docs.google.com https://*.analytics.google.com https://www.google.com https://dc.services.visualstudio.com https://bat.bing.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/plugins/customer_chat/ https://eu.clicktripz.com https://www.clicktripz.com https://prod.api.belimitless-app.io https://l.sharethis.com https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://signin.qa.nationalexpress.com https://signin.dev.nationalexpress.com https://signin.ptbook.nationalexpress.com https://signin.stable.nationalexpress.com https://signin.www.nationalexpress.com https://signin.nationalexpress.com https://holidays.nationalexpress.com https://packagesmetasearch.api.pro.logitravel.internal https://packagesmetasearch.api.external.logitravel.com https://packagesmetasearch-api-external.logitravel.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://oneyou-cms.nhswebsite.nhs.uk https://webto.salesforce.com https://api.hsforms.com https://login.salesforce.com https://thekingsferry.my.salesforce.com https://*.my.salesforce-scrt.com/ https://*.my.site.com/ https://ict.infinity-tracking.net https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://script.infinity-tracking.com https://qaapi.azure-api.net https://apinxbus.azure-api.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://nas.lon.infinity-tracking.net https://nexgen.ats.careers/api/ https://idx.liadm.com/idex/unknown/ https://pixel.quantcount.com https://cdn.weglot.com https://cdn-api-weglot.com https://s.yimg.com https://*.abtasty.com https://faq.nationalexpress.com https://api.tripgo.com https://api.geocode.earth http://*.oracleinfinity.io/ https://*.distribusion.com/ https://*.tiktok.com/ https://*.amazon-adsystem.com/ https://*.mouseflow.com/ https://*.salecycle.com https://d16fk4ms6rqz1v.cloudfront.net wss://ws.salecycle.com https://mymachine.salecycle.com:8080;frame-ancestors 'self' https://www.facebook.com 2 default-src 'self'; script-src 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://apis.google.com https://*.google-analytics.com https://kit.fontawesome.com https://cdn.insight.sitefinity.com https://js.monitor.azure.com https://*.marker.io https://*.youtube.com 'self' https://cdn.bc0a.com https://*.bazaarvoice.com https://*.monetate.net 'unsafe-eval' https://api.astutebot.com https://bot.emplifi.io https://cdn.listrakbi.com https://s1.listrakbi.com https://onescript-recscont.listrakbi.com https://bl.listrakbi.com https://at1.listrakbi.com https://www.googletagmanager.com https://cdn.cookielaw.org https://services.listrak.com https://static.addtoany.com/ https://*.likebtn.com https://*.ipstack.com https://*.pricespider.com https://*.mapbox.com https://mediacdn.espssl.com https://*.listrakbi.com onescript-recscont.listrakbi.com https://*.crayola.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://api.ipregistry.co; connect-src https://maps.googleapis.com https://*.fontawesome.com https://dc.services.visualstudio.com https://api.insight.sitefinity.com https://*.marker.io https://s3.eu-west-1.amazonaws.com/marker.sessions.prod https://*.youtube.com 'self' https://*.bc0a.com https://*.bazaarvoice.com https://api.astutebot.com https://bot.emplifi.io https://bl.listrakbi.com https://www.google-analytics.com https://services.listrak.com https://cdn.cookielaw.org http://localhost.com in-v3.mailjet.com http://*.googleapis.com https://i.ytimg.com https://*.pricespider.com wss://*.pricespider.com https://*.mapbox.com https://*.ipstack.com blob: https://*.listrakbi.com https://*.google-analytics.com https://geolocation.onetrust.com https://www.google.com/ccm/collect https://analytics.google.com/g/collect https://*.crayola.com https://ad.doubleclick.net https://www.facebook.com https://youtube.com https://api.ipregistry.co https://api.ipify.org; font-src data: https://fonts.gstatic.com https://*.fontawesome.com 'self' https://*.bazaarvoice.com https://*.monetate.net https://w.likebtn.com https://*.pricespider.com https://mediacdn.espssl.com; img-src data: https://*.likebtn.com https://maps.gstatic.com https://maps.googleapis.com https://*.bazaarvoice.com https://*.monetate.net https://www.googletagmanager.com https://i.ytimg.com https://*.pricespider.com https://*.googletagmanager.com https://mediacdn.espssl.com https://s1.listrakbi.com https://cdn.cookielaw.org https://www.facebook.com 'self'; frame-src https://*.youtube.com https://*.marker.io https://*.bazaarvoice.com https://bot.emplifi.io https://api.astutebot.com https://bl.listrakbi.com https://services.listrak.com https://static.addtoany.com https://*.juicer.io/ https://*.listrakbi.com https://*.crayola.com https://www.googletagmanager.com https://astutebot.com https://*.monetate.net https://*.doubleclick.net; style-src 'unsafe-inline' https://*.likebtn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.fontawesome.com https://*.bazaarvoice.com https://*.monetate.net https://cdn.listrakbi.com https://bl.listrakbi.com https://*.pricespider.com https://*.mapbox.com https://*.googletagmanager.com https://*.listrakbi.com https://*.jquery.com 'self'; worker-src blob: 'self'; media-src 'self' 2 child-src blob:;connect-src 'self' https://api.welcometothejungle.com wss://api.welcometothejungle.com sp.welcometothejungle.com https://alerts.welcometothejungle.com https://employerbrand.welcometothejungle.com wss://realtime.getbeamer.com *.algolianet.com *.algolia.net *.algolia.io *.facebook.com *.sentry.io accounts.google.com app.getwisp.co backend.getbeamer.com www.google-analytics.com vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ip2c.org autocomplete.search.hereapi.com lookup.search.hereapi.com revgeocode.search.hereapi.com geocode.search.hereapi.com *.batch.com *.axept.io *.contentsquare.net http://cypress.preprod.wttj.tech/zafoh2ie/ae3 api.maze.co prompts.maze.co region1.analytics.google.com stats.g.doubleclick.net data.debugbear.com www.google.com/recaptcha/ www.gstatic.com;default-src 'none';font-src cdn.welcometothejungle.com cdn.welcometothejungle.com cdn.welcome-ui.com cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com *.axept.io snippet.maze.co;form-action 'self' www.facebook.com;frame-ancestors none;frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.youtube-nocookie.com www.dailymotion.com geo.dailymotion.com www.facebook.com connect.facebook.net w.soundcloud.com optimize.google.com app.getbeamer.com push.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com vars.hotjar.com *.axept.io form.typeform.com www.google.com;img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com static.hotjar.com *.axept.io *.contentsquare.net dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com snippet.maze.co;media-src cdn.welcometothejungle.com;script-src 'unsafe-inline' cdn.welcometothejungle.com platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com www.youtube-nocookie.com *.ytimg.com app.getwisp.co optimize.google.com app.getbeamer.com realtime.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com *.axept.io cdn.goldenbees.fr tag.goldenbees.fr t.contentsquare.net app.contentsquare.com embed.typeform.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/ snippet.maze.co acdn.adnxs.com cdn.debugbear.com data.debugbear.com;style-src 'unsafe-inline' cdn.welcometothejungle.com tagmanager.google.com fonts.googleapis.com optimize.google.com accounts.google.com app.getbeamer.com *.axept.io embed.typeform.com snippet.maze.co static.hotjar.com script.hotjar.com assets-cdn.maze.co;upgrade-insecure-requests;worker-src 'self' blob: 2 default-src 'self' https://horizon-api.www.myprotein.com https://*.rlcdn.com/; child-src 'self' https://pagead2.googlesyndication.com/* https://g.ezoic.net/ https://sgtm.myprotein.com/ https://ams.creativecdn.com https://*.ringcentral.com https://*.cloudfront.net https://*.smct.io/ https://*.rlcdn.com/ https://ct.pinterest.com/ https://*.listrakbi.com/ https://www.googletagmanager.com https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.youtube.com https://youtu.be/ https://www.zenaps.com https://www.instagram.com https://ln-rules.rewardstyle.com https://www.shoplooks.com https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://player.vimeo.com https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://t.lt02.net https://*.dynamicyield.eu/ https://www.googleadservices.com https://*.dynamicyield.com/ *.ezodn.com *.id-mx.com *.yahoo.com *.ad.gt id-sync.com *.crwdcntrl.net *.adsrvr.org *.rubiconproject.org *.adnxs.com onetag-sys.com *.googlesyndication.com *.adtrafficquality.google https://g.ezoic.net/ https://*.seroundprince.com/ https://ams.creativecdn.com wss://*.ringcentral.com https://*.ringcentral.com https://*.amazonaws.com/ https://*.smct.io https://*.snapchat.com/ https://*.rlcdn.com/ https://*.contentsquare.net https://click.prod.mplat-ppcprotect.com https://*.listrakbi.com/ https://*.listrak.com https://www.wepowerconnections.com/ https://analytics.tiktok.com/ https://s.pinimg.com/ https://horizon-api.www.myprotein.com https://*.clarity.ms/ https://static.criteo.net/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://*.baidu.com https://connect.facebook.net https://*.parcellab.com https://www.shoplooks.com https://www.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://sgtm.myprotein.com; font-src 'self' data: font-src https://cdn.listrakbi.com https://*.dynamicyield.com/ https://*.smct.io/ https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.com https://m.myprotein.com https://checkout.myprotein.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.dynamicyield.com/ https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com https://youtu.be/; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.dynamicyield.com/ *.id5-sync.com id-sync.com https://www.ezojs.com/ https://go.ezodn.com/ https://g.ezoic.net/ https://*.seroundprince.com/ https://tags.creativecdn.com/ https://*.ringcentral.com/ https://*.smct.io https://smct.co/ https://*.smct.co/ https://ct.pinterest.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://*.contentsquare.net https://app.contentsquare.com https://*.listrak.com https://*.listrakbi.com/ https://s.pinimg.com/ https://*.thcdn.com https://lantern.roeyecdn.com/ https://www.hlserve.com/ https://static.criteo.net/ https://www.clarity.ms/ https://*.parcellab.com https://*.thehut.net https://rum-static.pingdom.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://youtu.be/ https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://remote.captcha.com https://ssl.bing.com https://script.hotjar.com https://ssl.google-analytics.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://tr.snapchat.com https://*.sciencebehindecommerce.com https://static.shoplooks.com https://static.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.com; frame-ancestors 'self' https://www.instagram.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.smct.io/ https://cdn.listrakbi.com/ https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com ; upgrade-insecure-requests; report-to report-endpoint 2 frame-ancestors 'self' https://*.uchealth.org 2 frame-ancestors 'self' http://120.35.30.219:8091 http://gzw.fujian.gov.cn https://gzw.fujian.gov.cn http://rst.fujian.gov.cn https://rst.fujian.gov.cn http://gat.fujian.gov.cn https://gat.fujian.gov.cn *.fujian.gov.cn https://ptgl.fujian.gov.cn:8088 http://zwfw.fujian.gov.cn:722 http://www.fujian.gov.cn https://www.fujian.gov.cn https://test.fujian.gov.cn http://test.fujian.gov.cn https://zwfw.fujian.gov.cn http://www.xm.gov.cn https://www.xm.gov.cn http://ptgl.fujian.gov.cn https://ptgl.fujian.gov.cn http://fujian.gov.cn https://fujian.gov.cn http://www.fujian.gov.cn https://www.fujian.gov.cn http://fj.gov.cn https://fj.gov.cn http://www.fj.gov.cn https://www.fj.gov.cn http://fgw.fujian.gov.cn https://fgw.fujian.gov.cn http://fgw.fj.gov.cn https://fgw.fj.gov.cn http://gxt.fujian.gov.cn https://gxt.fujian.gov.cn http://gxt.fj.gov.cn https://gxt.fj.gov.cn http://stream14.fjtv.net https://gat.fujian.gov.cn https://mzzjt.fujian.gov.cn https://rst.fujian.gov.cn https://zjt.fujian.gov.cn https://nynct.fujian.gov.cn https://lyj.fujian.gov.cn https://swt.fujian.gov.cn https://yjt.fujian.gov.cn https://www.ningde.gov.cn http://www.ningde.gov.cn http://lyj.fujian.gov.cn https://zwfw.fujian.gov.cn:1001 https://zwfw.fujian.gov.cn:9020 https://zwfw.fujian.gov.cn:722 2 frame-ancestors 'self' zesty.io *.zesty.io salvationarmy.mobile.zesty.io 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:; style-src 'self' 'unsafe-inline' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.genetec.com https://*.marketo.com https://static.cloudflareinsights.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; media-src 'self' https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.bloomreach.cloud https://*.genetec.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://youtu.be https://static.cloudflareinsights.com; frame-src 'self' https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://bid.g.doubleclick.net www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bloomreach.cloud https://*.doubleclick.net https://*.facebook.com https://*.genetec.com https://*.geneteccloud.com https://*.google.com https://*.livechatinc.com https://*.marketo.com https://*.podbean.com https://*.powerappsportals.com https://*.youtube.com https://static.addtoany.com https://oc-cdn-public.azureedge.net genetec.involve.me https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; img-src 'self' 'unsafe-inline' data: *; connect-src 'self' *; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bing.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.clarity.ms https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.net https://*.genetec.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.licdn.com https://*.livechatinc.com https://*.marketo.com https://*.marketo.net https://*.onetrust.com https://*.site24x7rum.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://ionfiles.scribblecdn.net https://v1.addthisedge.com https://youtu.be https://z.moatads.com https://static.cloudflareinsights.com https://static.addtoany.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://oc-cdn-public.azureedge.net https://www.redditstatic.com genetec.involve.me https://www.redditstatic.com ajax.googleapis.com https://maps.googleapis.com https://js.navattic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://k.clarity.ms https://www.google.ca https://www.google.com.pe https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.addthis.com https://*.bing.com https://*.bloomreach.cloud https://*.cdntwrk.com https://*.clarity.ms https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.facebook.net https://*.genetec.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.licdn.com https://*.livechatinc.com https://*.marketo.com https://*.marketo.net https://*.onetrust.com https://*.site24x7rum.com https://*.widencdn.net https://*.youtube.com https://genetec.widen.net https://ionfiles.scribblecdn.net https://v1.addthisedge.com https://youtu.be https://z.moatads.com https://static.cloudflareinsights.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; font-src 'self' 'unsafe-inline' data: https://k.clarity.ms https://www.google.ca https://www.google.com.pe www.gstatic.com fonts.gstatic.com optimize.google.com https://t.co https://analytics.twitter.com https://fonts.googleapis.com https://www.googletagmanager.com https://static.ads-twitter.com https://px.ads.linkedin.com https://www.googleoptimize.com https://*.cdntwrk.com https://*.genetec.com https://static.cloudflareinsights.com https://cdn.livechatinc.com https://oc-cdn-public.azureedge.net https://*.wrike.com https://*.navattic.com https://storage.googleapis.com; object-src 'none'; frame-ancestors 'self'; 2 font-src fonts.gstatic.com use.typekit.net *.omds.acidgreen.com.au *.explore.omsystem.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.omds.acidgreen.com.au *.explore.omsystem.com cl.s51.exct.net *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.sanity.studio 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.omds.acidgreen.com.au *.explore.omsystem.com *.zendesk.com *.adyen.com *.google.com/ instafeed.pixlee.co photos.pixlee.co *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io *.omds.acidgreen.com.au *.explore.omsystem.com explore.omsystem.com blob: *.getolympus.com *.akstat.io *.cookielaw.org *.ggpht.com https://www.magezon.com *.bing.com *.bing.net *.criteo.com *.doubleclick.net *.elfsightcdn.com *.facebook.com *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.igodigital.com *.mczbf.com *.olympus.eu *.omappapi.com *.pricespider.com google.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cf www.google.ch www.google.ci www.google.cl www.google.co.ao www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ge www.google.gg www.google.gl www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sr www.google.tn www.google.tt www.google.vu https://id5-sync.com *.quantserve.com alb.reddit.com *.linkedin.com https://tg.socdm.com https://cs.adingo.jp https://ads.stickyadstv.com https://idsync.rlcdn.com https://exchange.mediavine.com https://jadserve.postrelease.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://x.bidswitch.net https://ib.adnxs.com https://r.casalemedia.com https://ad.360yield.com https://contextual.media.net https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://aa.agkn.com https://ade.clmbtech.com https://sync.1rx.io https://a.twiago.com https://sync.targeting.unrulymedia.com *.zendesk.com *.adyen.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.pxlecdn.com *.pixlee.com *.cdninstagram.com *.sanity.io www.facebook.com *.magentosite.cloud shop.olympus.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com *.cash.app *.payments-amazon.com *.google.com *.paypal.com *.checkout.visa.com *.mastercard.com *.omds.acidgreen.com.au *.explore.omsystem.com *.go-mpulse.net *.newrelic.com *.cookielaw.org *.weglot.com *.pricespider.com cdnjs.cloudflare.com api.tiles.mapbox.com *.adobedtm.com *.bing.com *.criteo.com *.doubleclick.net *.elfsight.com *.facebook.net *.googleapis.com *.googletagmanager.com *.igodigital.com *.mczbf.com *.omappapi.com *.pixlee.com *.js-agent.newrelic.com *.bam.nr-data.net *.cardinalcommerce.com merchant-center-analytics.goog analytics.tiktok.com *.quantserve.com www.redditstatic.com https://trck.linkster.co https://unpkg.com snap.licdn.com *.tradedoubler.com *.zdassets.com *.zendesk.com *.adyen.com https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com/ *.marketo.com *.pxlecdn.com *.pixlee.co https://acsbapp.com https://*.acsbapp.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.omds.acidgreen.com.au *.explore.omsystem.com *.weglot.com *.fontawesome.com api.tiles.mapbox.com *.omappapi.com *.pricespider.com *.gstatic.com *.marketo.com assets.pixlee.com *.addthis.com *.moatads.com *.addthisedge.com maxcdn.bootstrapcdn.com *.scandiweb.dev unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googleapis.com *.gstatic.com *.scandiweb.dev *.omsystem.com https://cdn.pubble.io *.commondatastorage.googleapis.com *.sanity.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.omds.acidgreen.com.au *.explore.omsystem.com *.akamaihd.net *.akstat.io *.go-mpulse.net *.cookielaw.org *.weglot.com cdn-api-weglot.com *.bing.com *.bing.net *.criteo.com *.doubleclick.net *.elfsight.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.mczbf.com *.mapbox.com *.omappapi.com *.onetrust.com *.pricespider.com *.pixlee.com *.bam.nr-data.net *.js-agent.newrelic.com merchant-center-analytics.goog analytics.tiktok.com *.quantserve.com www.redditstatic.com conversions-config.reddit.com pixel-config.reddit.com *.linkedin.com rules.quantcount.com pixel.quantcount.com *.zdassets.com *.zendesk.com wss://pod-28-sunco-ws.zendesk.com https://olympus.registria.com *.adyen.com https://getolympus.registria.com https://maps.googleapis.com https://player.vimeo.com bam.nr-data.net *.marketo.com *.addthis.com https://acsbapp.com https://*.acsbapp.com www.facebook.com *.exct.net explore.omsystem.com *.cardinalcommerce.com apps.elfsight.com player.vimeo.com *.facebook.net *.merchant-center-analytics.goog api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://3706dfdc-3ec8-4812-add5-b403178623a6.sansec.watch/; report-to report-endpoint; 2 frame-ancestors https://*.gov.cn http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn http://www.ceirp.com:8888 http://183.64.111.243:28080 http://znwd.cqgxqzwzx.com:9090 http://mzj.cq12349.cn https://www.sczwfw.gov.cn https://cqjjqzwzx.cn https://ggfw.rlsbj.cq.gov.cn http://cq.12348.gov.cn/ http://gsxt.scjgj.cq.gov.cn/ 2 frame-ancestors 'self' https://*.abtasty.com; 2 default-src 'self' *.wartsila.com *.wistia.com https://t.wartsila.tiedosto.com https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com x.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com www.facebook.com https://innovatics.fi https://*.innovatics.fi cdn.cookielaw.org *.leadoo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://s.ytimg.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com *.curator.io https://www.youtube.com/iframe_api https://www.youtube.com/s/ *.twitter.com twitter.com https://static.ads-twitter.com https://dec.azureedge.net/ www.googletagmanager.com https://snap.licdn.com www.googleadservices.com https://code.jquery.com https://ajax.microsoft.com cdn.pardot.com https://serve.nrich.ai pi.pardot.com https://cdnjs.cloudflare.com https://tag.nrich.ai https://audience.nrich.ai https://j.nrich.ai *.doubleclick.net doubleclick.net https://app.interactiveads.ai *.wistia.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input kendo.cdn.telerik.com https://unpkg.com tools.euroland.com https://t.wartsila.tiedosto.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://go.pardot.com *.wartsila.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.imp.stackadapt.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://code.createjs.com/1.0.0/createjs.min.js https://*.linkedin.com https://*.cdn.bcebos.com js.sentry-cdn.com https://*.bc0a.com https://rum-static.pingdom.net fast.wistia.net *.raffle.ai 'self' cdn.ampproject.org web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js 'unsafe-inline'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com *.curator.io *.twitter.com twitter.com https://d35islomi5rx1v.cloudfront.net https://d20rdry57v9fzf.cloudfront.net docs.google.com *.wistia.com https://cdnjs.cloudflare.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://go.pardot.com pages.wartsila.digital fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://code.jquery.com https://res.leadoo.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://*.baidu.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src www.linkedin.com data: blob: android-webview-video-poster: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input fast.wistia.net *.wistia.com *.stackadapt.com sitefinity-videos-stage.s3.eu-west-1.amazonaws.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com https://*.linkedin.com https://mb.cision.com https://cdn.cookielaw.org https://tag.nrich.ai 'self' web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: themes.googleusercontent.com/static/fonts/inconsolata/v5/BjAYBlHtW3CJxDcjzrnZCIbN6UDyHWBl620a-IRfuBk.woff https://cdnjs.cloudflare.com https://app.powerbi.com https://curatorio.s3.amazonaws.com https://github.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://go.pardot.com fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com *.curator.io https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com https://res.leadoo.com *.stackadapt.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.wartsila.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com https://innovatics.fi https://*.innovatics.fi https://www.youtube.com https://*.google.com pages.wartsila.digital meltwater.fi https://s.company-target.com/ https://app.powerbi.com *.leadoo.com *.doubleclick.net doubleclick.net www.googletagmanager.com *.raffle.ai web-chat.nativechat.com forms.hsforms.com; connect-src data: accounts.google.com *.google-analytics.com *.curator.io https://serve.nrich.ai https://j.nrich.ai https://api.company-target.com google-analytics.com *.analytics.google.com analytics.google.com *.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embedwistia-a.akamaihd.net fast.wistia.net https://d20rdry57v9fzf.cloudfront.net https://t.wartsila.tiedosto.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://tag.nrich.ai https://match.prod.bidr.io *.twitter.com https://go.pardot.com pages.wartsila.digital https://*.hotjar.io *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://crmsrv.azurewebsites.net https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input www.facebook.com https://www.quandl.com *.pingdom.net wartsila.avaus.fi https://maps.googleapis.com https://sitefunc1.azurewebsites.net https://bot.leadoo.com https://iapi.leadoo.com https://anl.leadoo.com *.stackadapt.com https://innovatics.fi https://*.innovatics.fi risk.ipmeta.io segments.company-target.com cdn.cookielaw.org *.onetrust.com cdn.linkedin.oribi.io *.leadoo.com application/wasm googlesyndication.com *.googlesyndication.com *.doubleclick.net doubleclick.net https://*.google.com https://*.linkedin.com https://*.baidu.com https://*.safe.baidu.com https://*.bc0a.com *.raffle.ai 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://video-frt3-2.cdninstagram.com https://www.youtube.com https://embedwistia-a.akamaihd.net https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com fast.wistia.net sitefinity-videos-stage.s3.eu-west-1.amazonaws.com https://*.baidu.com; child-src *.twitter.com twitter.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://www.google.com pages.wartsila.digital https://snapwidget.com https://innovatics.fi https://*.innovatics.fi tools.euroland.com *.doubleclick.net doubleclick.net https://app.interactiveads.ai meltwater.fi www.linkedin.com *.wistia.com https://d20rdry57v9fzf.cloudfront.net https://t.wartsila.tiedosto.com t.co https://api.curator.io https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://go.pardot.com *.wartsila.com https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://www.quandl.com https://bot.leadoo.com cdn.linkedin.oribi.io cdn.cookielaw.org *.leadoo.com 'self' web-chat.nativechat.com 2 default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://web-assets.esetstatic.com https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; form-action 'self' https://enjoy.eset.com; frame-ancestors 'self'; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://td.doubleclick.net https://tpc.googlesyndication.com https://vars.hotjar.com https://www.buzzsprout.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.captcha.eset.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://media.giphy.com https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'self'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://embed.playbuzz.com https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.buzzsprout.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'self'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/reports; report-to csp-endpoint; 2 default-src 'self' *.blinkist.com *.blinkist.io; font-src 'self' use.typekit.net data: *; frame-src *; frame-ancestors 'self' *.blinkist.com *.optimizely.com https://*.hygraph.com; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' blob: *; connect-src *; img-src data: *; worker-src 'self' blob:; object-src 'none'; media-src * blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub9eac233acd1d4a5885c5b6095292de05&dd-evp-origin=content-security-policy&ddsource=csp-report 2 default-src 'self' my.gov.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com assets.adobedtm.com dynatrace.humanservices.gov.au; connect-src blob: 'self' adobedc.demdex.net docs.apigw.my.gov.au edge.adobedc.net *.my.gov.au my.gov.au mygov-dls-bff.apps.openshift-prod1-dca1.csda.gov.au mygov-dls-bff.apps.openshift-prod1-dcb1.csda.gov.au swift.csda.gov.au stats.g.doubleclick.net dynatrace.humanservices.gov.au *.dynamsoft.com https://127.0.0.1:* ws://127.0.0.1:* wss://127.0.0.1:* data: cdn.jsdelivr.net w3.org/svg/2000; img-src 'self' data: blob: stats.g.doubleclick.net swift.csda.gov.au; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'self' blob: swift.csda.gov.au; frame-src 'self' blob: bluey-webchat.azurewebsites.net my.gov.au *.my.gov.au swift.csda.gov.au www.youtube.com www.youtube-nocookie.com w.soundcloud.com servicesaustralia.vudoo.io 2 font-src *.klarnacdn.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnaevt.com *.link.com *.amazon.com *.fontawesome.com fonts.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ notifications.wisepops.com wisepops.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.clearpay.co.uk *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com dev.visualwebsiteoptimizer.com cdn-ukwest.onetrust.com *.brandalley.co.uk *.brandalley.fr *.mirakl.net *.google.co.uk *.google.com *.google.ie *.doubleclick.net *.facebook.com *.bing.com *.facebook.net *.cloudflareaccess.com fonts.gstatic.com www.emjcd.com cj.dotomi.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net *.bing.net *.afterpay.com *.clearpay.co.uk *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ d5yoctgpv4cpx.cloudfront.net dev.visualwebsiteoptimizer.com cdn-ukwest.onetrust.com *.mention-me.com code.jquery.com *.sentry-cdn.com *.klarnaservices.com osm.klarnaservices.com na-library.klarnaservices.com *.cloudflareinsights.com insights.algolia.io *.attn.tv *.bing.com *.pinimg.com *.facebook.net *.emjcd.com *.scarabresearch.com *.facebook.com *.pinterest.com cdn.cookielaw.org/ gtm.brandalley.co.uk *.mczbf.com *.sjwoe.com *.cj.com cdn.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net *.taggstar.com brand.brandalley.co.uk *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net cdn.rudderlabs.com *.googletagmanager.com tagmanager.google.com *.trustpilot.com *.plugins.emarsys.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net googletagmanager.com *.taggstar.com *.stripe.network *.stripecdn.com *.amazon.com *.afterpay.com/ *.squarecdn.com *.fontawesome.com tagmanager.google.com fonts.google.com *.trustpilot.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io d5yoctgpv4cpx.cloudfront.net p2iqhncxyh.execute-api.eu-central-1.amazonaws.com dev.visualwebsiteoptimizer.com *.onetrust.com *.mention-me.com static.mention-me.com *.trustpilot.com *.brandalley.fr *.brandalley.co.uk analytics-staging.brandalley.fr analytics-staging.brandalley.co.uk analytics.brandalley.fr analytics.brandalley.co.uk *.afterpay.com *.klarnaservices.com *.sentry.io *.doubleclick.net *.pinterest.com pagead2.googlesyndication.com events.attentivemobile.com *.attn.tv *.bing.com *.mczbf.com activity.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net *.bing.net *.taggstar.com *.rudderlabs.com brand.brandalley.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.rudderstack.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.scarabresearch.com *.eservice.emarsys.net api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://40871933-022f-46d7-b0d0-5308685527b1.sansec.watch/; report-to report-endpoint; 2 frame-ancestors 'self' app.ynab.com 2 default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' *.preview.kkn.zd.intranet.bund.de wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.wikimedia.org *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de *.preview.kkn.zd.intranet.bund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net userlike-cdn-umm.b-cdn.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2 default-src 'self' *.crazyegg.com *.northropgrumman.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net *.crazyegg.com jsv3.recruitics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com www.clarity.ms connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com cdn.cookielaw.org cookie-cdn.cookiepro.com www.redditstatic.com tag.demandbase.com www.google-analytics.com ngc.avature.net api-engage-us.sitecorecloud.io www.googletagmanager.com www.youtube.com x.com platform.twitter.com t.co tagmanager.google.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net *.crazyegg.com jsv3.recruitics.com www.google.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com www.redditstatic.com cse.google.com www.googleadservices.com googleads.g.doubleclick.net tag.demandbase.com www.google-analytics.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com ngc.avature.net www.googletagmanager.com code.jquery.com www.youtube.com x.com platform.twitter.com t.co; connect-src 'self' *.vercel.app *.northropgrumman.com *.onetrust.com *.crazyegg.com stats.g.doubleclick.net www.google-analytics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.google.com conversions-config.reddit.com www.redditstatic.com pixel-config.reddit.com www.googleapis.com rum.browser-intake-datadoghq.com api.company-target.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com ngc.avature.net vitals.vercel-insights.com x.com platform.twitter.com t.co api-engage-us.sitecorecloud.io discover.sitecorecloud.io/; base-uri 'self'; form-action 'self' login.microsoftonline.us; font-src 'self' 'unsafe-inline' *.vercel.app *.crazyegg.com ngc.avature.net use.typekit.net fonts.gstatic.com *.northropgrumman.com *.agencyq.site cdn.northrupgrumman.com data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.vercel.app *.northropgrumman.com *.onetrust.com *.crazyegg.com ngc.avature.net www.google.com use.typekit.net p.typekit.net fonts.googleapis.com; frame-src 'self' *.vercel.app *.doubleclick.net *.agencyq.site *.northropgrumman.com *.onetrust.com *.crazyegg.com portalstospace.com login.goservicepro.com jsv3.recruitics.com ngc.avature.net s.company-target.com td.doubleclick.net jsv3.recruitics.com www.portalstospace.com www.youtube.com x.com platform.twitter.com t.co w.soundcloud.com data: blob: www.googletagmanager.com; img-src 'self' data: * northropgrumman-sb1.dam.aprimo.com s1.sb.previews.aprimo.com s.gravatar.com *.crazyegg.com *.wp.com/cdn.auth0.com/avatars *.northropgrumman.com cdn.northropgrumman.com; media-src 'self' *.vercel.app *.agencyq.site *.northropgrumman.com *.onetrust.com *.crazyegg.com ngc.avature.net x.com platform.twitter.com t.co img.youtube.com data: cdn.northropgrumman.com; worker-src blob: *.crazyegg.com; 2 frame-ancestors 'self' *.winfuture.de; 2 object-src 'none'; script-src 'unsafe-eval' https://snap.licdn.com/ https://cdn.calibermind.com/ https://a.quora.com/ https://app.cdn.lookbookhq.com/ https://connect.facebook.net/ https://ct.capterra.com/ https://ga.clearbit.com/ https://js.adsrvr.org/ https://munchkin.brightfunnel.com/ https://munchkin.marketo.net/ https://static.ads-twitter.com/ 'unsafe-inline' http://schema.org https://*.cloudfront.net/ https://*.googletagmanager.com https://a.omappapi.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://cdn.abrankings.com https://cdn.abrankings.com/ https://cdn.cookielaw.org/ https://cdn.datatables.net/ https://cdn.jsdelivr.net/ https://cdn.onesignal.com/ https://cdnjs.cloudflare.com/ https://cloud.typography.com/ https://code.jquery.com/ https://collector-5527.tvsquared.com/ https://fonts.googleapis.com/ https://go.sentinelone.com/ https://googleads.g.doubleclick.net/ https://j.6sc.co/ https://js.maxmind.com/ https://js.qualified.com/ https://onesignal.com/ https://pixel-geo.prfct.co/ https://platform-api.sharethis.com/ https://platform.twitter.com/ https://pt.ispot.tv/ https://pubads.g.doubleclick.net/ https://px.spiceworks.com/ https://script.hotjar.com/ https://scripts.demandbase.com/ https://sentinelone.com https://ssl.google-analytics.com https://staging.s1preview.com/ https://static.hotjar.com/ https://tag.marinsm.com/ https://ws.qualified.com/ https://www.clickcease.com/ https://www.google-analytics.com https://www.google-analytics.com/ https://www.google.com/* https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/* https://www.redditstatic.com/ https://www.vantajs.com/ https://www.youtube.com/ https://yoast.com/ https://www.google.com/ https://qualified.com/ https://www.vantajs.com/ https://js.maxmind.com/ https://cdn.onesignal.com/ https://cdn.datatables.net/ https://platform-api.sharethis.com/ https://yoast.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/ https://js-agent.newrelic.com/ https://www.sentinelone.com/ https://boards.greenhouse.io/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ https://bam.nr-data.net/ https://cdn.linkedin.oribi.io/ https://fr.sentinelone.com/ https://it.sentinelone.com/ https://jp.sentinelone.com/ https://de.sentinelone.com/ https://it.sentinelone.com/ https://es.sentinelone.com/ https://nl.sentinelone.com/ https://kr.sentinelone.com/ https://www.google.it/ https://www.google.co.jp/ https://www.google.de/ https://ar.sentinelone.com/ https://www.google.es/ https://www.google.fr/ https://www.google.nl/ https://sonix.ai https://bam.nr-data.net/ https://docs.google.com/ https://apis.google.com/js/api.js/ https://accounts.google.com/ https://*.googleapis.com *.google.com https://*.gstatic.com https://sheets.googleapis.com/ https://tags.srv.stackadapt.com/events.js https://js.storylane.io/ https://qvdt3feo.com/ https://javascript.heeet.io/ https://api.brightfunnel.com https://a23gjzphzj.execute-api.us-east-1.amazonaws.com/ https://geolocation.onetrust.com/ https://js-agent.newrelic.com/ https://www.gstatic.com/ https://tag.demandbase.com/ https://cdnjs.com/libraries/Chart.js js.knock-ai.com https://www.clarity.ms https://js.zi-scripts.com/ https://ws.zoominfo.com/ https://tags.clickagy.com/ blob: https://ws-assets.zoominfo.com/ https://app.optimizely.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/ https://pagead2.googlesyndication.com/ https://cdn.intellimize.co/ https://mastodon.social/ https://embed.bsky.app/ https://js-agent.newrelic.com/ https://prod.impartner.live https://packages.prmcdn.io https://partners.sentinelone.com https://tracking-api.g2.com https://ob.roundprincemusic.com obs.roundprincemusic.com https://scripts.clarity.ms/0.8.23/clarity.js https://widgets.peerspot.com https://scripts.clarity.ms https://collector-53786.us.tvsquared.com https://c.amazon-adsystem.com; frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost https://a23gjzphzj.execute-api.us-east-1.amazonaws.com/ https://ws-assets.zoominfo.com/ https://partners.sentinelone.com; 2 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; style-src 'self' https: 'unsafe-inline' *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; font-src 'self' data: *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; connect-src 'self' *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; frame-src 'self' data: *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; frame-ancestors 'self' *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; object-src data: *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; media-src 'self' data: *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com; worker-src 'self' data: blob: *.ads-twitter.com *.adswizz.com *.amazonaws.com *.amazon-adsystem.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bucket.co *.byside.com *.capitalone.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.eu2.segmentapis.com *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jazztel.com *.jsdelivr.net *.krxd.net *.masmovil.com *.masmovil.es *.onetrust.com *.optimizely.com *.orange.es *.orsac.net *.paa-reporting-advertising.amazon *.pinterest.com *.pinimg.com *.quantummetric.com *.segment.com *.segment.io *.segmentapis.com *.speedtestcustom.com *.supplia.es *.tiktok.com *.treasuredata.com *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com t.co t.womtp.com ws.walmeric.com wss://*.byside.com d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com *.digitelts.com 2 default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 2 upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src 'self' blob:; default-src https: blob: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' undefined https://nmonpoendpoint.2cnt.net https://*.sentry.io https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* blob: undefined https://nmonpoendpoint.2cnt.net https://*.sentry.io https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.vimeocdn.com/ https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' undefined https://nmonpoendpoint.2cnt.net https://*.sentry.io https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://cdn.jotfor.ms https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: undefined https://nmonpoendpoint.2cnt.net https://*.sentry.io https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 2 frame-ancestors 'self' https://app.agilitycms.com https://*.agilitycms.com https://eight25-dev-ujet.vercel.app 2 frame-ancestors *.frankfurt-airport.com *.fraport.de https://fraportag.sharepoint.com https://external.airport.ai; 2 frame-ancestors 'self' https://layout-cms.fox5ny.com; 2 frame-ancestors 'self' engage.navan.com app.contentful.com app.navan.com 2 default-src 'self'; connect-src 'self' blob: *.token.awswaf.com https://api.prod.legislation.gov.au/ https://www.legislation.gov.au/; font-src 'self'; frame-src 'self' blob: https://www.legislation.gov.au/; img-src 'self' data: https://www.googletagmanager.com https://www.legislation.gov.au/; script-src 'self' 'unsafe-inline' *.token.awswaf.com https://www.googletagmanager.com https://www.legislation.gov.au/; style-src 'self' 'unsafe-inline' https://www.legislation.gov.au/; 2 default-src * 'unsafe-inline' 'unsafe-eval' blob:; frame-src *; img-src * data:; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'report-sample' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2 frame-ancestors 'self' https://*.olaelectric.com https://*.olacabs.com; 2 default-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; media-src 'self' https: data: blob:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://auth.privy.io https://rarible.com https://rarible.fun https://testnet.rarible.fun https://camp.rarible.fun https://beta-andre.rarible.fun https://beta-irina.rarible.fun https://beta-olga.rarible.fun https://beta-sigma.rarible.fun https://beta-shmeta.rarible.fun; child-src https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org https://www.crossmint.com; frame-src https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org https://www.crossmint.com https://challenges.cloudflare.com; connect-src 'self' blob: https://auth.privy.io wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org https://*.rpc.privy.systems https://explorer-api.walletconnect.com https:; worker-src 'self' blob:; manifest-src 'self' 2 frame-ancestors 'self'; upgrade-insecure-requests ; report-uri https://sentry.arkadiumhosted.com/api/2/security/?sentry_key=bcb574bf0e0200c8449ec5e88917387d 2 worker-src blob: *.uhhospitals.org; default-src 'self' *.uhhs.com data: 'unsafe-inline' 'unsafe-eval' *.uhhospitals.org http://uhlakforceapp04.uhhs.com:8070 *.typekit.net *.siteimproveanalytics.com siteimproveanalytics.com *.bing.com *.youtube.com *.invoca.net s.ytimg.com *.ytimg.com *.facebook.net *.invocacdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.facebook.com *.siteimproveanalytics.io *.doubleclick.net *.gstatic.com *.w3.com *.podbean.com *.ads-twitter.com *.twitter.com *.t.co t.co *.alphonso.tv *.calculatestuff.com calculatestuff.com doubleclick.net *.selfcare.info selfcare.info *.digitalmedia.hhs.gov api.digitalmedia.hhs.gov *.appcatalyst.com appcatalyst.com *.staywellsolutionsonline.com staywellsolutionsonline.com *.hhs.gov *.livestream.com livestream.com *.issuu.com issuu.com *.isu.pub isu.pub *.w3.org w3.org *.quantserve.com quantserve.com *.boxcloud.com boxcloud.com *.box.com box.com *.bananatag.com bananatag.com *.alpixtrack.com alpixtrack.com *.adxcel-ec2.com *.data.adxcel-ec2.com data.adxcel-ec2.com adxcel-ec2.com *.cancer.gov cancer.gov *.kramesstaywell.com kramesstaywell.com *.nextdoor.com nextdoor.com *.youtube-nocookie.com youtube-nocookie.com *.licdn.com licdn.com *.stackadapt.com stackadapt.com *.hepdata.com hepdata.com *.jsdelivr.net cdn.jsdelivr.net *.pinimg.com s.pinimg.com *.pinterest.com ct.pinterest.com *.googleoptimize.com *.domo.com domo.com *.marketingcloudapis.com marketingcloudapis.com *.epic.com *.vfpnext.com *.adobedtm.com *.adobedc.net https://adobedc.demdex.net http://edge.adobedc.net https://atlas.microsoft.com *.visualstudio.com atlas.min.js cdnapisec.kaltura.com https://uhhospitals.cdn-v3.conductrics.com https://sqs.us-east-2.amazonaws.com https://uhhospitals.conductrics.com; frame-ancestors 'self' *.uhhospitals.org *.uhhs.com; 2 script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' data: https://js.driftt.com https://widget.drift.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.google.com https://tagmanager.google.com https://www.googleoptimize.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://adservice.google.ca https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com https://hubspot.clearbit.com https://forms.hsforms.com https://client-registry.mutinycdn.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://client.mutinycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://tag.clearbitscripts.com https://j.6sc.co https://www.clickcease.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://script.hotjar.com https://reveal.clearbit.com https://x.clearbitjs.com https://snap.licdn.com https://tag.demandbase.com https://tribl.io https://hackerone.com https://www.clarity.ms https://k.clarity.ms https://js.chilipiper.com/marketing.js https://tracking.g2crowd.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://serve.nrich.ai https://tag.nrich.ai https://tag.unifyintent.com https://cdn.dreamdata.cloud https://js.partnerstack.com https://cdn.jsdelivr.net https://js-na1.hs-scripts.com https://rechargeapps.chilipiper.com/concierge-js/cjs/concierge.js https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://www.redditstatic.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.logr-ingest.com *.lr-ingest.io *.lrkt-in.com; font-src 'self' data:; connect-src 'self' preview.contentful.com *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.logr-ingest.com *.lr-ingest.com *.lr-ingest.io *.lrkt-in.com; img-src 'self' data: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *.lexialearningresources.com *.logr-ingest.com *.lr-ingest.io; worker-src 'self' blob:; frame-src 'self' mailto: *.lexiacore5.com *.mylexia.com *.lexialearning.com *.lexia-dev.com *.lexiapowerup.com *; 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: ajax.aspnetcdn.com www.gstatic.com s7.addthis.com assets.transparently.com ajax.googleapis.com www.google.com vjs.zencdn.net mychart.piedmont.org maps.googleapis.com ie7-js.googlecode.com apis.google.com maxcdn.bootstrapcdn.com cdn.kyruus.com z.moatads.com www.google-analytics.com siteimproveanalytics.com www.googletagmanager.com connect.facebook.net cdn.krxd.net d10lpsik1i8c69.cloudfront.net v1.addthisedge.com m.addthis.com guide.loyalhealth.com www.googleadservices.com piedmont.netmng.com secure-ds.serving-sys.com solutions.invocacdn.com *.krxd.net bs.serving-sys.com googleads.g.doubleclick.net js.adsrvr.org assets.pinterest.com log.pinterest.com *.elfsight.com code.jquery.com tagmanager.google.com bbox.blackbaudhosting.com *.wufoo.com *.invoca.net s.pinimg.com assets.sitescdn.net static.hotjar.com script.hotjar.com answers-embed.piedmont.com.pagescdn.com ads.nextdoor.com touchpoint-sdk.alida.com mychart.piedmont.org dexcareapi-piedmont.azureedge.net www.care.piedmont.org care.womp.it piedmont.womp.it www.youtube.com cdn.krxd.net *.doubleclick.net ratings.md cdn.perfdrive.com 2 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: frame-src 'self' mailto: tel: *.komen.org 2 frame-ancestors 'self' *.kanopy.com 2 default-src https: blob: 'unsafe-inline' https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com *.crazyegg.com https://mailtrack.me ; script-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://d1fc8wv8zag5ca.cloudfront.net https://*.hotjar.com https://cdn.jsdelivr.net/gh/snowplow https://connect.facebook.net https://www.googletagmanager.com https://*.cookiebot.com *.crazyegg.com https://analytics.tiktok.com https://mailtrack.me ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com https://d1ptrxl5bj7757.cloudfront.net https://analytics-v2.mailtrack.io https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://www.googletagmanager.com https://templates-images-dev.s3.eu-west-1.amazonaws.com https://templates-images-prod.s3.eu-west-1.amazonaws.com https://*.cookiebot.com *.crazyegg.com https://mailtrack.me https://mt-video-dev.s3.eu-west-1.amazonaws.com https://mt-video-prod.s3.eu-west-1.amazonaws.com ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com https://mailtrack.me ; worker-src blob: https://mailsuite.me https://mailsuite.com ; media-src 'self' data: blob: https://mailtrack.me https://mt-video-dev.s3.eu-west-1.amazonaws.com https://mt-video-prod.s3.eu-west-1.amazonaws.com ; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; frame-src https://* about: javascript:; frame-ancestors 'self' http://*.vegas.com https://*.vegas.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static-maps.yandex.ru https://assetsgarantibbva.com *.amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.hangikredi.com *.tiktok.com *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;media-src 'self' data: *.signfordeaf.com http://*.signfordeaf.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.api.useinsider.com https://*.useinsider.com;connect-src 'self' data: *.garantibbvayatirim.com.tr *.paa-reporting-advertising.amazon *.kaspersky-labs.com *.amazon-adsystem.com *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.assetsgarantibbva.com *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr *.highcharts.com *.tiktok.com ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.signfordeaf.com;worker-src 'self' *.kaspersky-labs.com *.assetsgarantibbva.com *.garantibbva.com.tr; script-src-elem 'self' 'unsafe-inline' *.amazon-adsystem.com *.tiktok.com *.hangikredi.com *.googleapis.com *.facebook *.kaspersky-labs.com *.googletagmanager.com *.dataroid.com *.efilli.com *.useinsider.com *.assetsgarantibbva.com *.garantibbva.com.tr; frame-src 'self' https://video.garanti.com.tr *.amazon-adsystem.com *.api.useinsider.com *.kaspersky-labs.com *.doubleclick.net *.efilli.com *.assetsgarantibbva.com *.garantibbva.com.tr; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.efilli.com *.api.useinsider.com *.doubleclick.net https://static-maps.yandex.ru *.assetsgaranti.com *.assetsgarantibbva.com https://assetsgarantibbva.com *.highcharts.com *.garantibbvayatirim.com.tr *.kaspersky-labs.com *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.dataroid.com *.kaspersky-labs.com *.googletagmanager.com *.efilli.com *.useinsider.com *.api.useinsider.com fonts.googleapis.com ajax.googleapis.com *.assetsgarantibbva.com *.garantibbva.com.tr;font-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.useinsider.com *.assetsgarantibbva.com *.garantibbva.com.tr *.api.useinsider.com fonts.go/ogleapis.com ajax.googleapis.com fonts.gstatic.com; 2 default-src 'none'; script-src 'self' 'unsafe-inline' code.etracker.com www.etracker.de default.signalize.com api.signalize.com; img-src 'self' data: api.signalize.com cdn.signalize.com i.ytimg.com; style-src 'self' 'unsafe-inline' api.signalize.com code.etracker.com; font-src 'self' data: api.signalize.com; connect-src 'self' www.etracker.de api.signalize.com; frame-src 'self' www.youtube-nocookie.com; form-action 'self'; base-uri 'self'; media-src 'self'; frame-ancestors https://newapp.etracker.com; 2 frame-ancestors https://tongji.baidu.com 2 frame-ancestors 'self' *.kiwify.com.br *.kiwify.com 2 frame-ancestors 'self' https://dbwas.service.deutschebahn.com 2 frame-src *.youtube.com *.youtu.be acl.gov youtu.be *.addtoany.com addtoany.com static.addtoany.com; frame-ancestors *.youtube.com *.youtu.be acl.gov youtu.be *.addtoany.com addtoany.com static.addtoany.com; child-src *.youtube.com *.youtu.be acl.gov youtu.be *.addtoany.com addtoany.com static.addtoany.com; report-uri /report-csp-violation 2 frame-ancestors 'self' https://www.google.com/; default-src https: 'unsafe-eval' 'unsafe-inline' 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https: blob:; connect-src 'self' https://www.googletagmanager.com/td https://forms.hsforms.com/embed/v3/form/47773105/bd083df7-866a-4415-8445-eaa39133a1c2/json https://hubspot-forms-static-embed.s3.amazonaws.com/prod/47773105/bd083df7-866a-4415-8445-eaa39133a1c2.json.gz https://static.hsappstatic.net/adsscriptloaderstatic/static-1.2642/bundles/pixels-release.js.map https://forms.hsforms.com/embed/v4/visitor/47773105/bd083df7-866a-4415-8445-eaa39133a1c2 https://www.google.com/ccm/form-data/936575551 https://forms.hsforms.com/embed/v4/visitor/47773105/bd083df7-866a-4415-8445-eaa39133a1c2 https://forms.hsforms.com/embed/v4/feature-control/47773105 https://static.hsappstatic.net/adsscriptloaderstatic/static-1.2627/bundles/pixels-release.js.map https://api.hubapi.com/hs-script-loader-public/v2/config/pixels-and-events/json https://forms.hsforms.com/embed/v4/render-definition/ssr/47773105/bd083df7-866a-4415-8445-eaa39133a1c2 https://aplo-evnt.com/api/v1/intent_pixel/track_request https://pro.ip-api.com/json/ https://api.vector.co/pixel/e3ff77ec-54a7-484a-8af6-5e7939d293bd/settings https://api.cr-relay.com/v1/site/1b5470ab-ea89-4dc9-9054-1c71779070ea/batch https://www.google.com/pagead/form-data/936575551 https://rp.liadm.com/j https://idx.liadm.com/idex/did-006l/any https://cdn.sitesearch360.com/v14/sitesearch360-v14.min.js.map https://static.hsappstatic.net/adsscriptloaderstatic/static-1.2498/bundles/pixels-release.js.map https://cdn.sitesearch360.com/v14/ss360-unibox-v14.chunk.f4c74eca30d264a93aa3.js.map https://cdn.sitesearch360.com/v14/ss360-styles-v14.chunk.8afa7fc4ce44fc8d4319.js.map https://api.cr-relay.com/v1/site/1b5470ab-ea89-4dc9-9054-1c71779070ea/batch https://pro.ip-api.com/json/ https://api.vector.co/pixel/li https://api.vector.co/pixel/e3ff77ec-54a7-484a-8af6-5e7939d293bd/visitor-activity https://cdn.cr-relay.com/v1/site/1b5470ab-ea89-4dc9-9054-1c71779070ea/signals.js https://api.vector.co/pixel/e3ff77ec-54a7-484a-8af6-5e7939d293bd/settings https://www.google.pl/ads/ga-audiences https://www.google.com/ads/ga-audiences https://api.vector.co/pixel/e3ff77ec-54a7-484a-8af6-5e7939d293bd/visitor https://api.hsforms.com https://bat.bing.net https://z.omappapi.com https://www.google-analytics.com https://tracking-api.g2.com https://aplo-evnt.com https://tracking-api.production.g2.com/attribution_tracking/conversions/assign https://api.factors.ai/sdk/event/update_properties https://api.factors.ai/sdk/event/track https://api.factors.ai/sdk/user/add_properties https://api.factors.ai/sdk/get_info https://www.google.com/ccm/collect https://forms.hscollectedforms.net/collected-forms/v1/config/json https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json https://api.identitymatrix.ai/tracking/collect https://a.omappapi.com/ https://bat.bing.com/ https://metrics.hotjar.io/ https://google.com/ccm/form-data/936575551 https://analytics.google.com https://pixel-config.reddit.com/pixels/t2_tc9ivusr/config https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_tc9ivusr_telemetry https://conversions-config.reddit.com/v1/pixel/error wss://ws.hotjar.com https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/wa/ https://content.hotjar.io https://vc.hotjar.io https://stats.g.doubleclick.net https://orders.resilio.com https://api-iam.intercom.io https://global.sitesearch360.com https://insights.sitesearch360.com https://ws.zoominfo.com https://google.com/pagead/form-data/936575551 https://tracking.g2crowd.com https://api.omappapi.com https://js.zi-scripts.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io; img-src 'self' https: data: 2 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/ https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net https://api.steampowered.com https://steamvideo-a.akamaihd.net https://video.st.dl.eccdnx.com https://vd.queniujq.cn https://video.cdn.steamchina.eccdnx.com https://video.cdn.queniuqe.com https://video.cdn.steamchina.queniuam.com https://*.storage.googleapis.com; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://checkout.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/; frame-ancestors 'none'; 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com https://*.netlify.app; img-src 'self' data: https://a-us.storyblok.com https://cdn.jwplayer.com https://prd.jwpltx.com https://ping-meta-prd.jwpltx.com https://assets-jpcust.jwpsrv.com https://www.googletagmanager.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'sha256-RmOHt8YQwKu/Tc/yB+HMnv3GRcmNkZj9iCJKm4zbB8Y=' 'sha256-Xr2mSKY3UjQeEGPvKl1d1dRGSUjjQQT0LuDyuoAxzrk=' 'sha256-EsK/FKB/rPQFWQ47TXo7tWJyrpx9/CIsX5KUdGlFdcg=' 'sha384-QDRkiFT02VdtcJ2Mj1OOdigcRvzgNZtkwVw9tX6Kzdvddrmu9yahv0dKrWTV8Xpw' 'sha384-hQJf1W9Lh/LovkvaZXfC0ZJ9LJW2T8+k4SfB6qYF3TfwFYMP1IDg6QE/AmnvLj0K' 'sha384-EKVLFt4+PP+b7wuJih3K84AL3dYJEkpnPvP9Vmsp+V/EQgDiuWWTxfsLGul1ceQC' 'sha384-oECZs8UpZGY5nyG+TyJuQMqgNVrPIhwXfKX0anoxm8e9RrhcxnIUfArx9qU8d+sg' 'sha384-reW362/lnuzNFy2KXVpNPZD+FmPG/UJH9yzkXX/pzMe+/rFQblH7tc7LUyu8ivBP' 'sha384-rNZYubfCJcN+B3cq9ZJY4amDDaAkeFSDKfLP7hGFK2xMT3eeU0E+S8KxlB8AYage' 'sha384-YsNKA9S98IIfS2xdMOUT4t/8ILPiFRaFfH5CAMk7i/ENl8iM7eM5j3CiLSVvf2wC' 'sha384-78uyLoLy+jdyYj8xMe6zAm/57FM6IdPA8zFs1gk3adz/7GnwW8gZA391vasOpksA' 'sha384-O8PfpySU54OQUAIXkPIGqJxMjvGA693iBcUTHczf54sPadKNq/71P8/BmN+AXVqE' 'sha384-Y7OfFQQEMfT5HS2gWd9PxsYlj10ooYgVOPEtQ/usgWeo7/aT/LqWAPP9tRF1Cr/v' 'sha384-5s3eRkYiCoiVyZBNIz62yU9YE+/VoMHvygFQnkKMcJs5kfeGLuD2NTs2XFe84Mew' 'sha384-+B5pw1O1CsdIeYVc+JfU58I/1qeIzecoGdcpfu6cMOBr4GJxlXWEhWd2M3uCfiOx' 'sha384-86PxgaJu81aLUafMOBN8/U0cu9+S9TinPge8j1N9jvfryBSYAmXv4cXuR3Jg4kWz' 'sha384-oADOATpRqs2Uuw6JKywaeJNemCnBcNeDUKMHAku7npZPkHTupWUNpkePhKzUQNlX' 'sha384-fz2GaxPEPX78x3fWwD7m2lro+kshrDEMdGtd0TGKXCNe4ph3sinin7JYTWWWk3YH' 'sha384-k6Cq5pR15o6msTl452yIyx/7tTjshz4nvQpAFRds23+LQGuAAU9mVEpWc5ximx2R' 'sha384-omBN8BQpfDajrdvURtjcbwgp8fLuU45n6iU3OgTzvZ03uDBfRHKmW+r9cXlybDDs' 'sha384-UO7E1MdbrqwBeJQVeMfYY5t+uleRRmvsFxNWJxo4H+WpFlI72FTmPu2l24JK/dit' 'sha384-/VhqZOKjtMnNpxUkAZZmXm7n5qp5DMkv5qcFWow+ecKfSXQujQveBD7x/OkVD+7T' 'sha384-pjGQsdmtVJmB+IQyWhCxlSienlzz9n1cOA2lTR5HahTr/bEaEDpZvnn+7b9iVuo6' 'sha384-cUKnRrkjrI3jMXfi55FA+kmASNHQoydl9TOBYhyOAVMcnPbWSbwLibCtclvp9GJM' 'sha384-9nWgNv8GGoA0SZJKlJvVfCCeY+wyJA+74M5kl3V9eeD398tBaxPVm6xCWBn1Quhw' 'sha384-hFBv9F6ZHbc/QlBTioQ5SLxj11j70EVGU7wSWdogdyZOnjAnnx3BJfr2RdjBIQBf' 'sha384-7PQyS9qTFCZR4HG6Xa+GpGPm9EbUTemv4e+De1lpDb9zF2K6tdNeaqpl122dYHH3' 'sha384-BCts+MOJsIDPcO6AQ81WDGuK0tXp7aHHcZvhGS5LyuckRyxTL2d5ZHp6F0CWizNR' 'sha384-emKAjU4WudZv0+ONwAMApKAkCJ/rRGFS2i4Ucqcka272wHoY243UeFkdNrKmBTE4' 'sha384-UwlrBpg2ReKwt2El4flzbWV2ZiDD2UFo5zmkJQZX0z8naaRtzXj+l8toOU8m/C88' 'sha384-bBJkjK1GirmrxSKMobCuQT5aMVAXniCG4eDsr5UtwZiKrq1BA6+XnpWokojT0Dal' 'sha384-I/phdWIEXsgjqdWCjWww95dDY011bFbUTU6YJjJ+P9QeUO9HgVb9zDUgzg7BfRwa' 'sha384-9+Qyk3F6+85/QJI1mNTnnETFMF+N+SQ8VfJ2B8q+bc72cuAiBur0yBBw1Q6Uqelj' 'sha384-J6bY9DPYzzy9tlz/UeWkNf/WfH0jmWKGDSFhsq/GV76DYAY+lf0CcYsWLw0EFtw6' 'sha384-GkfjsUqdmbpISWKYPEs5fErcEfB/zrP2pHQ95nfG5yS7/K3KxpeLFQQztS9CtgH6' 'sha384-EvwI30qimxYN0LzyWAJ0+4azh8Q3z2QRGC7YectZjBfFeMNKSDX5YJbQ/Tg6Qggt' 'sha384-/HPjNa3mShEqFu0XuG+Lc2/5nibKpOqc9o+A1rMOSkp4eJpEjmCZQAe/mCG10jlp' 'sha384-/sjOocMnKmQQnLj+Fkac+j5x26iutWRCOC49gqeVR5fU2r6dvEw3SxJefQdj+vO7' 'sha384-FQLBPaDsAQkZOmFDptwpmSsY/t8Vk/PmChVkgd8xKa0DuI3PoLimFMGuCXIE5Td4' 'sha384-DciZWdIubdKQoONZIyDwYiFlmQloT3gfumNDzx0Ur8h3bgnnrSlgmRXfza6tQAYD' 'sha384-Ca+XnPZba6Z4fsIjzATQASLctPeU1vZuFTclOXzgohCngdi14r3UjfG4dwQE3+EF' 'sha384-3OaTej2L19BbzH3NowSjlMY0c7e3icOTPRm6j0PHWsBr5HBUiaxkMN9Y8HmtN/5/' 'sha384-mEQ+RsUdNDMO9Wpr8zbYKwqvcrvTkyNXP6Yr5sf3PJtDBrp9397Wz+K6FsyRClsm' 'sha256-Gi/nYCICyD4LRGFj9MsNVvca6TNBdFh0D4/fdz2euRI='; upgrade-insecure-requests; frame-src 'self' *.wufoo.com app.netlify.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.adform.net 360yield.com *.doubleclick.net cdn.tiny.cloud adservice.google.com adservice.google.pl ahrefs.com analytics.tiktok.com apis.google.com app.usercentrics.eu bat.bing.com connect.facebook.net doubleclick.net emplocity.com *.facebook.com *.facebook.net fintech.pkobp.pl fonts.googleapis.com fonts.gstatic.com iko.pkobp.pl kredobank.com.ua ls.hit.gemius.pl m.emplobot.com maps.google.com maps.googleapis.com maps.gstatic.com media.pkobp.pl sr-dev.travatar.ai pkosr.travatar.ai pagead2.googlesyndication.com platform.twitter.com pro.hit.gemius.pl pko.salesmanago.com https://programpartnerski.pkobp.pl googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com www.google.com www.google.pl www.googleadservices.com www.googletagmanager.com www.gstatic.com www.mojafirma.pkobp.pl www.obligacjeskarbowe.pl www.pkobh.pl www.pkobp.pl www.pkofaktoring.pl www.pkofinance.se www.pkoleasing.pl www.pkopte.pl www.pkotfi.pl www.polecam.pkobp.pl www.wspieramyeksport.pl www.youtube.com www.youtube-nocookie.com www.zakup.obligacjeskarbowe.pl cdn.cookielaw.org; worker-src 'self' blob: https://www.pkobp.pl; report-uri /report-csp; 2 frame-ancestors 'self' *.telia.ee 2 default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org; connect-src wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.my.site.com *.my.salesforce-scrt.com *.salesforce.com 'self' *.disney.com *.go.com *.demdex.net adobedc.demdex.net edge.adobedc.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net www.googleadservices.com *.google.com pagead2.googlesyndication.com cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com insight.adsrvr.org; media-src blob: *.lpsnmedia.net *.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com; img-src * data: *.lpsnmedia.net *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.lpsnmedia.net *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.gam-apigw.wdprapps.disney.com *.twdc.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com tagmanager.google.com fonts.googleapis.com *.apptentive.com; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob:; font-src * data: fonts.gstatic.com; child-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:; worker-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.my.site.com *.my.salesforce-scrt.com *.salesforce.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com amazon-adsystem.com *.amazon-adsystem.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com pagead2.googlesyndication.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob: 2 frame-ancestors 'self' https://www.spikenow.com https://spikenow.com https://lp.spikenow.com 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self' epost.online.no; frame-ancestors 'self' *.telenor.no telenor.no; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: blob: 'unsafe-inline' telenor.no *.telenor.no; script-src 'self' telenor.no *.telenor.no https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; worker-src blob:; 2 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com webcache.googleusercontent.com 2 frame-ancestors https://*.brazzers.com 2 "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.bluemail.me bluemail.me; style-src 'self' 'unsafe-inline' 'unsafe-hashes' fonts.googleapis.com *.bluemail.me bluemail.me; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: www.google-analytics.com *.bluemail.me bluemail.me https://logos-typeapp.s3.amazonaws.com; connect-src 'self' www.google-analytics.com reg3.bluemailapp.com logos-typeapp.s3.amazonaws.com *.bluemail.me bluemail.me; frame-src 'self' *.bluemail.me bluemail.me; manifest-src 'self'; object-src 'none'; form-action 'self'; base-uri 'self';" always; 2 frame-ancestors 'self' https://layout-cms.foxla.com; 2 frame-ancestors 'self' https://info.thryv.com https://info.thryv.com.au https://info.thryv.ca https://info.thryv.co.nz https://www.thryv.com https://www.thryv.com.au https://www.thryv.ca https://www.thryv.co.nz 2 default-src 'none'; 2 frame-ancestors 'none'; default-src 'self' static.zdassets.com viabtc.zendesk.com *.zendesk.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net www.youtube-nocookie.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.zdassets.com res.wx.qq.com viabtc.zendesk.com www.google-analytics.com stats.g.doubleclick.net static.cloudflareinsights.com api.geetest.com api.geevisit.com monitor.geetest.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; style-src 'unsafe-inline' at.alicdn.com viabtc.zendesk.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; img-src i.ytimg.com www.google-analytics.com www.google.com *.aliyuncs.com *.alicdn.com viabtcconfig.oss-cn-shenzhen.aliyuncs.com viapoolconfig.oss-cn-hongkong.aliyuncs.com data: stats.g.doubleclick.net static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me event-verify-test.s3.ap-east-1.amazonaws.com s3.ap-east-1.amazonaws.com *.amazonaws.com viapoolconfig.s3.ap-east-1.amazonaws.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; font-src 'unsafe-inline' at.alicdn.com data: *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; connect-src viabtc.zendesk.com *.zendesk.com viabtc-help.zendesk.com *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net event-verify-test.s3.ap-east-1.amazonaws.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.viabtc.info:* viabtc.info:* *.viabtc.info viabtc.info; frame-src www.bilibili.com player.bilibili.com player.vimeo.com *.viabtc.com *.jumio.com www.youtube.com www.youtube-nocookie.com www.ixigua.com v.qq.com 2 frame-ancestors 'self' https://*.stanwith.me https://*.stan.store 2 frame-ancestors 'self' https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud https://*.sitecorehosted.com;frame-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.yoshki.com https://www.youtube.com https://w.soundcloud.com https://s.company-target.com https://players.brightcove.net https://vimeo.com/ https://comms.dlapiper.com https://communications.us.dlapiper.com https://inform.dlapiper.com https://inform-new.dlapiper.com https://nzcomms.dlapiper.com https://player.vimeo.com https://omny.fm https://e.infogram.com https://*.sitecorecloud.io;connect-src 'self' 'unsafe-inline' http://cdn.bc0a.com https://l.sharethis.com https://www.google.com https://ixfd2-api.bc0a.com https://www.facebook.com https://stats.g.doubleclick.net https://tag-logger.demandbase.com https://px.ads.linkedin.com https://api.company-target.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://c.go-mpulse.net https://dlapiper.containers.piwik.pro https://dlapiper.piwik.pro https://trial-eum-clienttons-s.akamaihd.net https://s.go-mpulse.net https://*.akstat.io https://*.go-mpulse.net https://trial-eum-clientnsv4-s.akamaihd.net https://*.akamaihd.net https://analytics.google.com https://www.google-analytics.com https://*.sitecorecloud.io;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://edge-platform.sitecorecloud.io;font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net http://cdn.bc0a.com https://cdn.bc0a.com https://buttons-config.sharethis.com https://cdn.cookielaw.org https://s.go-mpulse.net https://dlapiper.containers.piwik.pro https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://platform-api.sharethis.com https://js.hs-banner.com https://*.go-mpulse.net https://e.infogram.com https://tag.demandbase.com https://www.google-analytics.com https://snap.licdn.com https://connect.facebook.net https://siteimproveanalytics.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://*.sitecorecloud.io https://pages.sitecorecloud.io https://xmc-dlapiperukl0cbf-dlapiperba5d-devd44d.sitecorecloud.io https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://dla-piper.cnddtid.com;img-src 'self' 'unsafe-inline' data: https://cdn.cookielaw.org https://i.vimeocdn.com https://www.linkedin.com https://segments.company-target.com https://track.hubspot.com https://61281921.global.siteimproveanalytics.io https://l.sharethis.com https://*.akstat.io https://www.googletagmanager.com https://cdn.bfldr.com https://dlapiper.vuturevx.com https://dlapiper.vuture.net https://px.ads.linkedin.com https://id.rlcdn.com https://www.google-analytics.com https://www.facebook.com https://www.google.co.in https://*.sitecorecloud.io; 2 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; 2 frame-ancestors 'self' https://reviewtrackers.app.workramp.com https://inmoment.app.workramp.com https://academy.reviewtrackers.net https://www.reviewtrackers.com https://app.getreprise.com 2 frame-ancestors 'self' *.leonardo.com *.leonardocompany.com; 2 object-src 'none';base-uri 'self';script-src 'nonce-sN8CzwQGwspMkeCuQyM6jw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/honest_dns/1_0;frame-ancestors 'none' 2 default-src data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src data: https: 'unsafe-inline'; object-src 'self' blob:; img-src data: blob: https:; 2 script-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com blob: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.googletagmanager.com polyfill.io unpkg.com storage.googleapis.com *.google-analytics.com www.snapengage.com code.jquery.com cdn.jsdelivr.net api.mapbox.com cdn.skypack.dev d3js.org cse.google.com www.google.com maps.googleapis.com partner.talk.naver.com ssl.pstatic.net; font-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com data: fonts.gstatic.com cdnjs.cloudflare.com unpkg.com storage.googleapis.com; style-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com hosteduxprod.blob.core.windows.net www.google.com ssl.pstatic.net; img-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com https://* data:; connect-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com api.mapbox.com *.google-analytics.com cdn.jsdelivr.net www.snapengage.com ui.customsearch.ai maps.googleapis.com wss://cloudzoo.rhino3d.com; frame-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com www.google.com; frame-ancestors 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com self; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' wasm-eval cdnjs.cloudflare.com konicaminoltaus.b-cdn.net script.crazyegg.com www.googletagmanager.com; script-src-elem 'self' data: 'unsafe-inline' cdnjs.cloudflare.com konicaminoltaus.b-cdn.net www.googletagmanager.com script.crazyegg.com trans.xdtsmart.com 3001.scriptcdn.net api.wire.threatspike.com bat.bing.com blob: cdn.amplitude.com connect.facebook.net dap.digitalgov.gov extensionscontrol.com extmanagers.com infird.com sc-static.net secured-pixel.com speed.ilink-tk.com stapecdn.com static.ads-twitter.com www.google-analytics.com www.upsellit.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' ka-p.fontawesome.com kit.fontawesome.com konicaminoltaus.b-cdn.net; style-src-elem 'self' 'unsafe-inline' ka-p.fontawesome.com konicaminoltaus.b-cdn.net kit.fontawesome.com cdn.honey.io fonts.googleapis.com www.gstatic.com; style-src-attr 'unsafe-inline'; img-src 'self' data: kmbscontent.konicaminolta.us konicaminoltaus.b-cdn.net www.googletagmanager.com hm.baidu.com blob: cdn.honey.io analytics.twitter.com bat.bing.com fonts.gstatic.com s.w.org s3.amazonaws.com secure.gravatar.com t.co tagging.mkt.zappos.com translate.google.com www.gstatic.com; font-src 'self' data: ka-p.fontawesome.com at.alicdn.com cdn.scite.ai cdnjs.cloudflare.com fonts.gstatic.com konicaminoltaus.b-cdn.net migaku-public-data.migaku.com moz-extension ms-browser-extension static.zip.co svcs.tql.com; connect-src 'self' www.googletagmanager.com tracking.crazyegg.com assets-tracking.crazyegg.com script.crazyegg.com pagestates-tracking.crazyegg.com www.google-analytics.com kmbscontent.konicaminolta.us hm.baidu.com trans.xdtsmart.com konicaminoltaus.b-cdn.net region1.google-analytics.com api2.amplitude.com clientstream.launchdarkly.com overbridgenet.com sr-client-cfg.amplitude.com tagging.mkt.zappos.com www.google.com zjaasd.zappos.com; media-src 'self' data:; child-src blob:; frame-src www.googletagmanager.com; worker-src blob:; report-uri https://4cb6d1b88ad70041e7bad82563439f7d.report-uri.com/r/t/csp/enforce 2 report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com *.doubleclick.net pixel.mathtag.com n26.go2cloud.org www.googletagmanager.com *.youtube-nocookie.com youtube-nocookie.com boards.greenhouse.io;connect-src 'self' https://spc.n26.com * https://*.logs.datadoghq.eu;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com * *.greenhouse.io;media-src videos.contentful.com videos.ctfassets.net;object-src 'none';style-src 'unsafe-inline' 'self' tagmanager.google.com;script-src 'self' cdn.number26.de 'unsafe-inline' * connect.facebook.net *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com boards.greenhouse.io datadoghq.eu datadoghq-browser-agent.com cdn.cookielaw.org;worker-src 'self';default-src *;frame-ancestors app.contentful.com 'self' *.n26.com;frame-src *.n26.com www.googletagmanager.com *.doubleclick.net www.youtube-nocookie.com boards.greenhouse.io job-boards.greenhouse.io 2 frame-ancestors 'self' https://layout-cms.fox4news.com; 2 frame-ancestors 'self' https://my.marist.edu https://*.cloud1.marist.edu https://*.marist.edu 2 frame-ancestors 'self' https://support.phorest.com/ https://phorest1547654878.zendesk.com/ https://phorest.zendesk.com/ https://www.salonownersummit.com/host 2 frame-ancestors bosch-pt.com.au www.bosch-pt.com.au bosch-pt.co.nz www.bosch-pt.co.nz www.bosch-professional.jp bosch-professional.jp www.bosch-pt.co.kr bosch-pt.co.kr www.bosch-pt.co.in bosch-pt.co.in vn.bosch-pt.com th.bosch-pt.com www.bosch-pt.com.tw www.bosch-pt.com.hk www.bosch-pt.com.sg bosch-pt.com.sg www.bosch-pt.com.ph bosch-pt.com.ph www.bosch-pt.co.id bosch-pt.co.id www.bosch-pt.com.my bosch-pt.com.my bosch-officeon.com boschprofessionalworld.com staging.boschprofessionalworld.com staging-2.boschprofessionalworld.com theviewer.co *.kittelberger.net *.kittelberger.de *.bosch-professional.com; 2 block-all-mixed-content; frame-ancestors https://bigscoots.com https://portal.bigscoots.com/ https://www.bigscoots.com 2 script-src-attr 'self' *.seznam.cz *.szn.cz *.dszn.cz *.imedia.cz *.sdn.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' chat.firmy.cz *.sdn.cz *.hotjar.com *.mapy.cz *.mapy.com gacz.hit.gemius.pl scz.hit.gemius.pl https://www.googletagmanager.com/gtag/js *.adform.net *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleverify.com *.googletagservices.com *.im.cz *.imedia.cz *.pliing.com *.pubmatic.com *.smartlook.com *.smartlook.cloud *.post.cz *.seznam.cz *.szn.cz *.dszn.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net id5-sync.com/gm/v3 dis.criteo.com tracker.adnami.io script.adnami.io macro.adnami.io assets.adnami.io functions.adnami.io directive.adnami.io rmb.adnami.io;img-src 'self' blob: data: *.sdn.cz *.im.cz *.firmy.cz *.seznam.cz *.sbazar.cz *.szn.cz *.mapy.cz *.mapy.com *.kupi.cz *.post.cz *.google-analytics.com *.googletagmanager.com *.bstatic.com *.hotjar.com *.dszn.cz *.tenor.com;frame-ancestors 'self' *.sdn.cz *.firmy.cz *.hotjar.com *.dszn.cz;frame-src 'self' *.sdn.cz *.firmy.cz *.hotjar.com *.seznam.cz *.pubmatic.com *.adnxs.com *.gemius.pl *.apetee.com *.im.cz *.dszn.cz *.imedia.cz *.criteo.com;connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: *.firmy.cz *.hotjar.com *.hotjar.io *.seznam.cz *.szn.cz *.sdn.cz *.sznplayer.cz *.mapy.cz *.mapy.com *.post.cz *.google-analytics.com *.smartlook.cloud *.sklik.cz *.dszn.cz *.googleapis.com *.tenor.com *.bstatic.com id5-sync.com/gm/v3 *.imedia.cz;media-src 'self' blob: *.sdn.cz *.dszn.cz;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http://tpc.googlesyndication.com http://script.crazyegg.com/pages/scripts/0013/1464.js https://s-static.innovid.com http://www.lightboxcdn.com https://www.lightboxcdn.com http://api.lightboxcdn.com https://api.lightboxcdn.com; style-src 'self' 'unsafe-inline' https://s-static.innovid.com https://fonts.googleapis.com http://www.lightboxcdn.com https://www.lightboxcdn.com; img-src 'self' blob: data: https: http://www.google.com https://aetnavodglobaldev.112.2o7.net https://aetnavodglobal.112.2o7.net http://p1.parsely.com http://aepdaks3.aetndigital.com http://www.lightboxcdn.com https://www.lightboxcdn.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https: wss: http://p1.parsely.com/plogger; media-src 'self' blob: data: https:; object-src 'self' blob: data:; base-uri 'self'; form-action 'self'; worker-src 'self' blob:; frame-ancestors 'self' https://app.contentful.com https://www.google.com; frame-src 'self' https: http://ads.creative-serving.com http://imasdk.googleapis.com http://tpc.googlesyndication.com; ; 2 frame-ancestors 'self' https://layout-cms.fox9.com; 2 base-uri 'self' https://amli.sekindo.com; connect-src 'self' https: data: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; frame-src 'self' https: googleads.g.doubleclick.net error-report.com; img-src 'self' data: https:; media-src 'self' blob: gcdn.2mdn.net video.primis.tech; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: blob: www.google-analytics.com pagead2.googlesyndication.com cdn.perfops.net; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com content.quantcount.com live.primis.tech html-load.com; worker-src blob:; block-all-mixed-content; report-to https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e 2 connect-src 'self' data: blob: https://surveystats.hotjar.io https://*.hotjar.io https://*.clarity.ms https://l.getsitecontrol.com https://dash.getsitecontrol.com https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com *.getsitectrl.com https://api.chatchamp.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com https://fast-static.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si *.convertize.io pop1.getsitecontrol.com maps.googleapis.com *.etracker.de s.clcktrax.com *.analytics.google.com consent-api.service.consent.usercentrics.eu gcmatomo.gigaset.com https://fast.smarketer.de https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com api.bazaarvoice.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://googleads.g.doubleclick.net https://gigaset.freshdesk.com https://*.paypal.com https://www.paypal.com https://*.ads.linkedin.com https://google.com https://www.googleadservices.com https://challenges.cloudflare.com https://*.bazaarvoice.com https://*.cmp.usercentrics.eu https://*.google-analytics.com https://*.eye-able.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu https://pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google.com www.google.de https://www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com https://fast-static.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com https://mpsnare.iesnare.com gcmatomo.gigaset.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://*.etrusted.com https://*.fresworks.com https://*.gigaset.com https://*.paypal.com https://*.linkedin.com https://*.eye-able.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.cmp.usercentrics.eu https://*.googleadservices.com https://*.google-analytics.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com gcmatomo.gigaset.com https://fonts.gstatic.com https://apps.bazaarvoice.com; form-action 'self' https://www.facebook.com https://feldtest.gigaset.com https://security.gigaset.com https://service.gigaset.com https://api.bazaarvoice.com https://ct.pinterest.com https://gigaset-org.freshworks.com https://accounts-eu.freshworks.com; frame-ancestors 'self' www.gigaset.com *.etracker.com *.google.com; img-src 'self' 'report-sample' https://c.clarity.ms/c.gif https://c.bing.com https://dsum-sec.casalemedia.com https://script.hotjar.com https://smarttracking.defacto-x.net https://m2.getsitecontrol.com https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net *.advertising.com *.pubmatic.com *.3lift.com *.bidswitch.net *.outbrain.com *.openx.net *.convertize.io www.etracker.de uct.service.usercentrics.eu s.clcktrax.com photos-us.bazaarvoice.com gcmatomo.gigaset.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://fonts.gstatic.com contentorigin.bazaarvoice.com https://www.paypalobjects.com https://*.paypal.com https://t.paypal.com https://*.ads.linkedin.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.googleadservices.com https://*.google-analytics.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://*.clarity.ms https://s2.getsitecontrol.com https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com https://mpsnare.iesnare.com https://l.getsitecontrol.com/p7jz5lm4.js *.etracker.com *.etracker.de cdn.iamstudent.com s.clcktrax.com https://api.signalize.com/accounts/X3ssZWx/signalize.min.js *.analytics.google.com gcmatomo.gigaset.com https://fast-static.smarketer.de https://fast.smarketer.de https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://*.googletagmanager.com https://app.usercentrics.eu https://accounts-eu.freshworks.com https://service.gigaset.com https://gigaset-org.freshworks.com https://www.paypal.com https://pay.google.com https://www.sandbox.paypal.com https://x.klarnacdn.net https://www.gstatic.com https://challenges.cloudflare.com https://*.eye-able.com https://*.bazaarvoice.com https://web.cmp.usercentrics.eu https://*.google-analytics.com; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com gcmatomo.gigaset.com https://*.etrusted.com https://www.googletagmanager.com https://*.eye-able-cdn.com https://cdn.eye-able.com https://*.bazaarvoice.com https://*.google-analytics.com; child-src blob:; frame-src https://www.pinterest.de https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com www.pinterest.com gcmatomo.gigaset.com app.usercentrics.eu gigaset.my.salesforce-sites.com https://*.etrusted.com https://*.doubleclick.net https://*.reepay.com https://challenges.cloudflare.com https://*.cmp.usercentrics.eu https://*.google-analytics.com; 2 base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://www.facebook.com *.visualwebsiteoptimizer.com https://forms.hsforms.com; frame-ancestors 'self' http://cms.colombiahosting.com.co; img-src 'self' https: data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://stablechat.mysecurecloudhost.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; worker-src blob:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js https://ga.jspm.io/npm:es-module-shims@1.7.1/dist/es-module-shims.js https://kit.fontawesome.com/ https://kit.fontawesome.com/29b2028b7f.js https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js *.swmed.edu *.utsouthwestern.edu https://tagmanager.google.com https://www.googleadservices.com https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js *.taggbox.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://w.soundcloud.com/player/api.js https://siteimproveanalytics.com/js/siteanalyze_67564.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://www.youvisit.com/tour/Embed/js3 https://s.ytimg.com/yts/jsbin/www-widgetapi-vfldp9JMF/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflGYMLFw/www-widgetapi.js https://www.youvisit.com/SmartScript/latest/smartscript.js https://utsw.flintbox.com/embed.js https://utsw.flintbox.com/assets/iframe-container-5933c9a9de9740bee358da320c7bf82406da2e2f6e93843b06b4514c2030dfd9.js https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://js.adsrvr.org/ https://insight.adsrvr.org/track https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.swmed.edu *.utsouthwestern.edu https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io https://lm.serving-sys.com *.taggbox.com *.crazyegg.com *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect https://listgrowth.ctctcdn.com/v1/5626582cad2b3868b069a1d065b39fd3.json https://visitor2.constantcontact.com/api/v1/signup_forms/ https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.swmed.edu *.adsrvr.org https://app.powerbi.com/ *.utsouthwestern.edu https://app.truelook.com/ https://utsw.flintbox.com/ https://td.doubleclick.net *.taggbox.com https://forms.office.com/ *.hotjar.com https://www.youvisit.com https://cdn.youvisit.com https://w.soundcloud.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 2 default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; frame-ancestors 'self' https://*.ergo.com https://*.ergo.de https://www.slipcase.com https://marketplace.marsh.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.advantech.com *.advantech.com.cn static.zdassets.com static.hotjar.com cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com dev.visualwebsiteoptimizer.com js.hs-analytics.net script.hotjar.com www.google-analytics.com lpcdn.lpsnmedia.net dashboard.whoisvisiting.com snap.licdn.com va.v.liveperson.net connect.facebook.net accdn.lpsnmedia.net fast.wistia.com fast.wistia.net api.ipify.org www.google.com hm.baidu.com az416426.vo.msecnd.net player.polyv.net www.youtube.com www.clarity.ms kit.fontawesome.com cdn-cookieyes.com openfpcdn.io challenges.cloudflare.com app.vwo.com cdn.mouseflow.com js.sentry-cdn.com maps.google.com maps.googleapis.com browser.sentry-cdn.com api.map.baidu.com dlswbr.baidu.com maponline0.bdimg.com googleads.g.doubleclick.net www.googleadservices.com pi.pardot.com adv.my.site.com static.cloudflareinsights.com scripts.clarity.ms adv--staging.sandbox.my.site.com; img-src 'self' data: *.advantech.com *.advantech.com.cn campaign.advantech.online *.visualwebsiteoptimizer.com advantechfiles.blob.core.windows.net advdownload.blob.core.windows.net app.vwo.com c.bing.com c.clarity.ms cdn-cookieyes.com chart.googleapis.com dashboard.whoisvisiting.com dev.visualwebsiteoptimizer.com embed-ssl.wistia.com fast.wistia.com fonts.gstatic.com googleads.g.doubleclick.net hm.baidu.com img.videocc.net px.ads.linkedin.com www.facebook.com www.google-analytics.com www.google.com www.google.com.tw www.googleadservices.com www.googletagmanager.com www.linkedin.com maps.googleapis.com maps.gstatic.com api.map.baidu.com maponline0.bdimg.com maponline1.bdimg.com webmap0.bdimg.com miao.baidu.com fast.wistia.net; style-src 'self' 'unsafe-inline' *.advantech.com *.advantech.com.cn fonts.googleapis.com dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com api.map.baidu.com fast.wistia.com n.foxdsgn.com advantechfiles.blob.core.windows.net adv.my.site.com adv--staging.sandbox.my.site.com; font-src 'self' data: *.advantech.com *.advantech.com.cn fast.wistia.com fast.wistia.net fonts.gstatic.com script.hotjar.com ka-p.fontawesome.com; worker-src 'self' blob:; frame-ancestors 'self' *.advantech.com *.advantech.com.cn *.iotmart.com adv--iotmartdev.sandbox.my.site.com campaign.advantech.online ottlive.hinet.net www.google.com; object-src 'none'; 2 frame-ancestors trustseal.enamad.ir;; upgrade-insecure-requests 2 frame-ancestors 'self' https://layout-cms.fox5dc.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self' https://www.paypal.com; frame-ancestors 'self'; frame-src 'self' https://*.guardedhost.com https://*.omnis.com https://*.omnis.com:2222; img-src 'self' data: https://ssl.google-analytics.com https://www.paypalobjects.com https://*.guardedhost.com; connect-src 'self' wss://wssp.guardedhost.com; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https: https://paynow.pmnts-sandbox.io https://paynow.pmnts.io; 2 frame-ancestors none; report-uri /report-csp-violation 2 default-src 'self' *.orange.be *.google.es *.abtasty.com *.fontawesome.com *.typekit.net *.digitalchannels.technology cdn.jsdelivr.net *.cookielaw.org *.googletagmanager.com *.optimizegoogle.com *.optimize-google.com *.googleanalytics.com *.google-analytics.com *.newrelic.com *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.amazon-adsystem.com *.sprinklr.com brand-messenger.app.khoros.com *.khoros.com ssl://brandmessenger-ws.euw1.khoros.com:8883 proactive-chat-server-eu.prod.aws.lcloud.com messaging-auth-eu-west-1.prod.aws.lcloud.com *.ekoo.co *.supabase.co; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://script.hotjar.com https://connect.facebook.net https://www.googleadservices.com http//www.googleadservices.com https://static.hotjar.com https://trk.adbutter.net https://accounts.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com https://assets.pinterest.com https://widgets.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co; object-src 'self' *.mobistar.be *.orange.be *.netdna-ssl.com *.sprinklr.com *.ekoo.co *.supabase.co; style-src 'unsafe-inline' 'self' https://optimize.google.com https://fonts.googleapis.com *.mobistar.be *.cloudfront.net *.customersaas.com *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com cdn.jsdelivr.net *.typekit.net *.googletagmanager.com *.sprinklr.com *.ekoo.co *.supabase.co; img-src * blob: https://optimize.google.com *.orange.be https://www.facebook.com https://www.google.com https://www.google.es https://static.hotjar.com *.fls.doubleclick.net https://brand-messenger.app.khoros.com *.adnxs.com https://p1.zemanta.com https://aax-eu.amazon-adsystem.com https://www.google-analytics.com *.googletagmanager.com data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net https://i.pinimg.com https://log.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co; media-src 'self' data: *.mobistar.be *.orange.be *.netdna-ssl.com brand-messenger.app.khoros.com https://v.pinimg.com *.sprinklr.com *.ekoo.co *.supabase.co; frame-src 'self' https://optimize.google.com * emsecure.net *.orange.be https://assets.pinterest.com *.sprinklr.com *.ekoo.co *.supabase.co; font-src 'self' https://fonts.gstatic.com *.mobistar.be *.customersaas.com *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com *.typekit.net *.fontawesome.com *.sprinklr.com *.ekoo.co *.supabase.co *.contentsquare.net; connect-src 'self' *.googlesyndication.com *.gstatic.com w998baawd3-dsn.algolia.net uq5v1rcrhz-dsn.algolia.net *.algolianet.com insights.algolia.io *.cloudfront.net *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com wss://*.sprinklr.com *.sprinklr.com wss://*.khoros.com wss://*.khorostech.com *.eshop.orange.be *.orange.be *.digitalchannels.technology *.mousestats.com secure.comparecycle.com *.abtasty.com *.contentsquare.net *.smooch.io *.slgnt.eu *.google-analytics.com *.prod.aws.lcloud.com *.typekit.net cdn.jsdelivr.net *.nr-data.net cdnjs.cloudflare.com *.google.com *.google.es *.google.be *.fontawesome.com *.cookielaw.org *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.newrelic.com wss://*.hotjar.com *.googletagmanager.com *.ipify.org px.ads.linkedin.com *.zemanta.com *.googleadservices.com *.facebook.net *.facebook.com *.hotjar.io *.amazon-adsystem.com browser-update.org *.googleapis.com *.tiqcdn.com *.teads.tv *.pinterest.com *.taboola.com *.clarity.ms *.gsitrix.com *.adensemble.com *.cookieless-data.com bbd-tag.de admaxium.com *.perfectaudiencertg.com *.netdna-ssl.com *.twitter.com *.bing.com *.pinimg.com *.licdn.com https://static.ads-twitter.com https://js.adsrvr.org https://img.netaffiliation.com https://files.qualifio.com *.khoros.com *.ekoo.co *.supabase.co *.outbrain.com *.paa-reporting-advertising.amazon *.bing.net loopwidget.com *.adsrvr.org; frame-ancestors 'self' https://mobile.kbc-group.com https://kbctouch.kbc.be https://cbctouch.cbc.be https://touch.kbcbrussels.be https://mobileyoungsterapp.kbc-group.com wss://*.sprinklr.com *.sprinklr.com; 2 form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org *.googletagmanager.com *.googleadservices.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com t.co adservice.google.com *.linkedin.com *.google-analytics.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com santander-privacy.my.onetrust.com; frame-ancestors 'self' *.santanderopenacademy.com *.googletagmanager.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com *.analytics.google.com *.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com *.omappapi.com *.vimeo.com *.santanderopenacademy.com *.onetrust.com *.tiktokw.us sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com *.universia.net universia.net *.googletagmanager.com *.santanderopenacademy.com *.vimeo.com doubleclick.net *.doubleclick.net; img-src 'self' data: *.santanderopenacademy.com *.santanderx.com dss.hybrid.ai su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es *.googletagmanager.com *.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es *.googlesyndication.com snapchat.com *.snapchat.com; manifest-src 'self'; media-src 'self' data: *.santanderopenacademy.com *.santanderx.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' emd.hybrid.ai *.hybrid.ai pixel.wp.pl *.santanderopenacademy.com www.google.com cdn.jsdelivr.net cdn.equalweb.com *.googleadservices.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com *.googletagmanager.com *.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com *.googlesyndication.com sc-static.net *.sc-static.net snapchat.com *.snapchat.com onetrust.com *.onetrust.com omtrdc.net *.omtrdc.net analytics.google.com *.google.com *.adoberesources.net adoberesources.net *.adobedc.net adobedc.net *.demdex.net demdex.net st.hybrid.ai; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com *.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; object-src 'self' https://boomi.com/wp-content/uploads/; base-uri 'self'; connect-src 'self' https: wss://*.qualified.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https:; img-src 'self' data: blob: https:; manifest-src 'self' https:; media-src 'self' blob: https:; worker-src 'self' blob: https:; 2 default-src 'self'; child-src 'self' blob:; connect-src 'self' *.twitter.com *.ads-twitter.com *.redditstatic.com *.reddit.com rgitsprdstorage.blob.core.windows.net *.clarity.ms unpkg.com cdn.jsdelivr.net *.6sense.com *.6sc.co assets.contentstack.io cdn.contentstack.io api.smartrecruiters.com *.coveo.com *.cvent.com *.g2crowd.com *.algolianet.com pubsub.googleapis.com ingest.insights.ninetailed.co cdn.bizible.com cdn.bizibly.com munchkin.marketo.net images.contentstack.io *.typekit.net ws.zoominfo.com *.luckyorange.com *.visitors.live js.zi-scripts.com settings.luckyorange.com *.google.com experience.ninetailed.co cdn.cookielaw.org *.akamaihd.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.google-analytics.com *.microstrategy.com *.strategy.com *.mktoutil.com *.calendly.com microstrategy.sharepoint.com *.omtrdc.net *.wistia.net *.wistia.com swb-pd-amecc5bkdjechdb2.z01.azurefd.net swb-pp-g9cmc2f9b2eaf8aw.z01.azurefd.net *.mktoresp.com platform.cloud.coveo.com wss:; font-src 'self' *.wistia.net *.microstrategy.com *.strategy.com *.typekit.net data: fonts.gstatic.com; frame-src 'self' form.typeform.com www.youtube-nocookie.com insight.adsrvr.org www.googletagmanager.com *.wistia.com *.wistia.net *.cvent.com *.demdex.net *.doubleclick.net *.microstrategy.com *.strategy.com *.youtube.com *.calendly.com calendly.com optimize.google.com; img-src 'self' blob: *.wistia.net *.reddit.com *.twitter.com t.co c.clarity.ms cdn.bizible.com cdn.bizibly.com *.6sense.com *.6sc.co cdn.cookielaw.org images.contentstack.io adservice.google.com rgitsprdstorage.blob.core.windows.net microstrategy.sharepoint.com *.cvent.com *.adsymptotic.com *.ads.linkedin.com *.akamaihd.net *.demdex.net *.doubleclick.net *.everesttech.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.microstrategy.com *.omtrdc.net *.wistia.com optimize.google.com data: static.cloud.coveo.com www.google.com; media-src 'self' *.akamaihd.net *.microstrategy.com *.strategy.com *.wistia.com blob: data: fast.wistia.net; object-src 'self'; script-src 'self' *.clarity.ms 'unsafe-inline' 'unsafe-eval' *.redditstatic.com *.twitter.com *.ads-twitter.com *.calendly.com *.6sense.com *.6sc.co *.wistia.net cdn.bizible.com cdn.bizibly.com tools.luckyorange.com js.adsrvr.org js.zi-scripts.com *.g2crowd.com js.sentry-cdn.com *.cvent.com *.mktoweb.com *.googleanalytics.com *.googleoptimize.com optimize.google.com *.akamaihd.net *.doubleclick.net *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.licdn.com *.marketo.net *.microstrategy.com *.strategy.com *.onetrust.com *.wistia.com blob: assets.adobedtm.com cdn.cookielaw.org *.coveo.com wcs.naver.net ws.zoominfo.com; style-src 'self' 'unsafe-inline' optimize.google.com fonts.googleapis.com *.microstrategy.com *.strategy.com *.typekit.net cdn.cookielaw.org static.cloud.coveo.com; worker-src 'self' 'unsafe-inline' blob: data:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://ipapi.co https://ajax.googleapis.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-src https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://ipapi.co; worker-src 'self' blob: https://hcaptcha.com https://*.hcaptcha.com; upgrade-insecure-requests; 2 frame-ancestors 'self' *.awsapps.nvidia.com *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com https://cms.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://cms.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://events.rainfocus.com https://docs.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://docs.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud; 2 frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https:;img-src https: data: 'self' maps.gstatic.com *.googleapis.com *.ggpht.com;style-src 'self' 'unsafe-inline' https:; 2 default-src *; img-src * 'self' data: https://*; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 2 default-src 'none'; worker-src 'self' blob: ; media-src https://s3-eu-west-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com 'self' blob: data: ; frame-src https://radix-downloads.s3.eu-west-1.amazonaws.com https://charts.mongodb.com *.bluesnap.com *.hotjar.com *.google.com https://visomdm.com/ ; connect-src https://api.descope.com https://visomdm.com wss://visomdm.com https://pro.ip-api.com *.hotjar.io *.glbth.com *.visomdm.com *.atvmanager.com *.teacherview.live https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com wss://*.glbth.com wss://*.visomdm.com wss://*.atvmanager.com wss://*.teacherview.live wss://*.hotjar.com wss://*.tawk.to wss://*.xirsys.com *.hotjar.com *.tawk.to 'self' ; font-src 'self' *.tawk.to *.gstatic.com ; img-src *.ggpht.com tawk.link blob: *.googleusercontent.com *.google.com https://*.gstatic.com https://*.mzstatic.com https://cdn.jsdelivr.net/emojione/ *.tawk.to https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com *.tile.openstreetmap.org data: 'self' ; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net/emojione/ *.googleapis.com https://embed.tawk.to/ ; script-src 'self' https://cdn.jsdelivr.net/emojione/ *.hotjar.com *.tawk.to *.openstreetmap.org *.google.com *.gstatic.com *.ip-api.com 'sha256-jxahBNaefKb7HUgrP6SFqod39I6KB1wnzxNv+Gahh2s=' 'sha256-mf7OlEdaUdLAGAIDqicGf/kRbd9P604n4ooz6WIWPZc=' 'sha256-YJ3eJPxdzm7qieW1lfM307T3jCkb8WIfRGJEnAE84p0=' https://itunes.apple.com/ ; frame-ancestors 'self' https://visomdm.com/ https://masonconsole.com 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://s.adroll.com https://connect.facebook.net https://d.adroll.com https://fast.wistia.com https://googleads.g.doubleclick.net https://ipv4.d.adroll.com https://js.driftt.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hubspot.com https://js.intercomcdn.com https://readme.com https://s.adroll.com https://snap.licdn.com https://track.hubspot.com https://widget.intercom.io https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.icomoon.io https://fonts.googleapis.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://readme.com; img-src 'self' * data:; font-src 'self' data: https://cdn.icomoon.io https://fonts.gstatic.com https://fonts.intercomcdn.com https://ka-p.fontawesome.com https://readme.com; worker-src 'self' blob:; connect-src 'self' https://analytics.google.com https://api-iam.intercom.io https://api.airtable.com https://api.hsforms.com https://api.hsforms.net https://api.hubapi.com https://api.lu.ma https://api.mapbox.com https://connect.facebook.net https://cta-service-cms2.hubspot.com https://dash.readme.com https://forms.hscollectedforms.net https://forms.hsforms.com https://google.com https://googleads.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://px.ads.linkedin.com https://sentry.io https://stats.g.doubleclick.net https://www.buzzsprout.com https://www.google-analytics.com https://www.google.com wss://nexus-websocket-a.intercom.io; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: * 2 frame-ancestors 'self' https://app.mutinyhq.com https://docs.google.com ajax.cloudflare.com cloudflareinsights.com 2 frame-ancestors 'self' https://layout-cms.fox32chicago.com; 2 frame-ancestors http://msdcxp.msp.int http://msdcxp.msp.de 2 frame-ancestors 'self' https://bechtle.com https://www.bechtle.com https://arp.nl https://prod.arp.nl https://www.arp.nl https://bechtle-clouds.com https://www.bechtle-clouds.com *.clouds.bechtle.de https://services.inmac.com 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;style-src-elem data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 2 default-src 'self'; media-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com; form-action 'self' *.cision.com; base-uri 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: google-analytics.com 2.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; font-src 'self' data: googletagmanager.com https://use.typekit.net fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com 'unsafe-inline' https: s7.addthis.com; connect-src 'self' 'unsafe-inline' https: http: www.googletagmanager.com www.google.com www.google-analytics.com www.*.google-analytics.com s7.addthis.com; frame-ancestors 'self'; manifest-src 'self'; 2 default-src 'self' https://*.e-i.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.e-i.com https://*.linkedin.com https://cdn.matomo.cloud https://cdn.tagcommander.com https://cmcic.matomo.cloud https://googleads.g.doubleclick.net https://platform.linkedin.com https://snap.licdn.com https://symposium.dashboard.data-driven.fr https://symposium.dashboard.test.data-driven.fr https://tag.aticdn.net https://tags.data-driven.fr https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.e-i.com; img-src 'self' blob: data: https://*.e-i.com https://*.linkedin.com https://ad.doubleclick.net https://conv.indeed.com/pagead/ https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://manager.tagcommander.com https://pubads.g.doubleclick.net https://www.google.com https://www.google.fr https://www.googletagmanager.com; font-src 'self' data: https://*.e-i.com; object-src 'none'; media-src 'self' blob: https://*.e-i.com; base-uri 'none'; form-action 'self' https://www.linkedin.com; frame-ancestors 'self'; child-src 'self' blob: https://*.e-i.com https://*.fls.doubleclick.net https://api.linkedin.com https://bid.g.doubleclick.net https://recaptcha.google.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://*.e-i.com https://*.googlesyndication.com https://*.linkedin.com https://ad.doubleclick.net https://adservice.google.com https://cmcic.matomo.cloud https://google.com https://googleads.g.doubleclick.net https://logs1412.xiti.com https://stats.g.doubleclick.net https://symposium.dashboard.data-driven.fr https://symposium.dashboard.test.data-driven.fr https://tags.data-driven.fr https://www.google.com https://www.googleadservices.com https://zkkwkzt.pa-cd.com; report-uri 2 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob:; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 2 default-src 'self' s.toursites.ru video.tophotels.ru video2.tophotels.ru *.tophotels.ru travelbooking.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru ; connect-src 'self' s.toursites.ru *.netlog.ru video.tophotels.ru video2.tophotels.ru travelbooking.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self'; font-src 'self' tophotels.ru s.toursites.ru hotelscheck.com.ru; img-src 'self' s.toursites.ru blob: data: *; media-src 'self' s.toursites.ru blob: video.tophotels.ru video2.tophotels.ru tophotels.ru *.tophotels.ru; frame-src 'self' s.toursites.ru *.tophotels.ru tophotels.ru *.tophotels.ru carsrent.ru *.carsrent.ru youtu.be youtube.com *.youtube.com google.com *.google.com gstatic.com *.gstatic.com *.vimeo.com vimeo.com *.dailymotion.com *.vk.com vk.com *.adriver.ru; script-src 'self' s.toursites.ru *.tophotels.ru tophotels.ru carsrent.ru *.carsrent.ru api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'self' s.toursites.ru carsrent.ru tophotels.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'self'; 2 frame-ancestors 'self' https://one.hu https://digi.hu https://salesweb.digi.hu; object-src 'self'; 2 base-uri 'self'; default-src 'self'; connect-src 'self' data: https://api.storyblok.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://logs1412.xiti.com https://px.ads.linkedin.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com; img-src 'self' data: https://a.storyblok.com https://cdn.cookielaw.org https://assets.kuehne-nagel.com https://logs1412.xiti.com https://px.ads.linkedin.com https://ipv6.6sc.co https://b.6sc.co https://www.googletagmanager.com https://ad.doubleclick.net https://adservice.google.com; frame-src * ; form-action 'self'; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; media-src 'self' https://a.storyblok.com https://recordingassets-store-prod-useast1-osdops.s3.amazonaws.com https://assets.kuehne-nagel.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://app.storyblok.com https://www.googletagmanager.com https://e.video-cdn.net https://cdn.cookielaw.org https://tag.aticdn.net https://snap.licdn.com https://j.6sc.co https://cdn.ablyft.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com; frame-ancestors 'self' https://app.storyblok.com; upgrade-insecure-requests; 2 child-src checkoutshopper-live.adyen.com 'self'; connect-src adservice.google.com ajax.googleapis.com analytics.google.com analytics.twitter.com api-js.mixpanel.com api.mixpanel.com apis.google.com arena.matific.com bam-cell.nr-data.net bam.nr-data.net beaconapi.helpscout.net cdn.linkedin.oribi.io chatapi.helpscout.net checkoutshopper-live.adyen.com code.jquery.com consentcdn.cookiebot.com d3hb14vkzrxvla.cloudfront.net d5c36hgmtufmn.cloudfront.net ekr.zdassets.com episode-fact.matific.com firebase.googleapis.com firebaseinstallations.googleapis.com firestore.googleapis.com fonts.googleapis.com googleads.g.doubleclick.net *.google-analytics.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms/ https://*.clarity.ms/collect https://customer-h8ynfrgd4l2k01xb.cloudflarestream.com https://embedwistia-a.akamaihd.net https://er0hbf77h9.execute-api.us-east-1.amazonaws.com/production/logVoiceOverEvent https://google.com/ https://google.com/ccm/form-data/ https://*.litix.io https://translate-pa.googleapis.com https://*.wistia.com https://www.cloudflare.com https://www.google.gr ljifg6p8cd.execute-api.us-east-1.amazonaws.com matific1084.zendesk.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu matific-generatedpdf-ca.s3.amazonaws.com matific-homepage-production.s3.amazonaws.com pagesense-collect.zoho.com.au pagesense.zoho.com.au/ pi.pardot.com polling.matific.com prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com px.ads.linkedin.com region1.analytics.google.com s147nglrj7.execute-api.us-east-1.amazonaws.com securetoken.googleapis.com 'self' *.sentry.io site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com stats.g.doubleclick.net *.sumologic.com t.co translate.googleapis.com wa.appsflyer.com wa.onelink.me widget.usersnap.com widget.usersnap.com/api/widget/xhrrpc/* wss://*.pusher.com wss://widget-mediator.zopim.com www.facebook.com www.google.ad www.googleadservices.com www.google.ae www.google.al www.googleapis.com www.google.az www.google.be www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.com www.google.com.ar www.google.com.au www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.om www.google.com.pe www.google.com.pr www.google.com.qa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.hn www.google.hr www.google.hu www.google.iq www.google.it www.google.jo www.google.kg www.google.li www.google.lu www.google.lv www.google.mn www.google.mv www.google.nl/ www.google.no www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.googletagmanager.com www.google.vg; default-src fonts.googleapis.com https://c.bing.com https://*.clarity.ms https://matific1084.zendesk.com https://*.wistia.com https://*.wistia.net https://*.zdassets.com https://*.zendesk.com https://zendesk-eu.my.sentry.io https://*.zopim.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu 'self' 'unsafe-inline' wss://matific1084.zendesk.com wss://*.zopim.com; font-src api.couponmate.com cdnjs.cloudflare.com d5c36hgmtufmn.cloudfront.net data: fonts.googleapis.com fonts.gstatic.com gateway.zscalerone.net heapanalytics.com https://beacon-v2.helpscout.net https://*.wistia.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu maxcdn.bootstrapcdn.com production-cdn-slatemathweb.s3.amazonaws.com 'self' stackpath.bootstrapcdn.com themes.googleusercontent.com use.fontawesome.com use.typekit.net; form-action *.3ds.modirum.com *.bluesnap.com data: lgn.edu.gov.il matific-admintools.auth.us-east-1.amazoncognito.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu 'self' staging-matific-admintools.auth.us-east-1.amazoncognito.com 'unsafe-eval' www.facebook.com; frame-ancestors *.matific.com 'self' www.instructure.com www.matific.com; frame-src * accounts.google.com app.smartsheet.com bid.g.doubleclick.net *.bluesnap.com challenges.cloudflare.com checkoutshopper-live.adyen.com consentcdn.cookiebot.com customer-h8ynfrgd4l2k01xb.cloudflarestream.com d5c36hgmtufmn.cloudfront.net gateway.zscalerone.net https://beacon-v2.helpscout.net https://*.cardinalcommerce.com https://fast.wistia.com https://fast.wistia.net live.adyen.com live-apse.adyen.com live-au.adyen.com live-us.adyen.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu matific-prod.firebaseapp.com pagesense.zoho.com.au pay.google.com policies.google.com prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com 'self' site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com tst.kaptcha.com 'unsafe-eval' us-east-1.quicksight.aws.amazon.com www.facebook.com www.google.com www.gstatic.com; img-src accounts.google.com *.analytics.google.com analytics.google.com analytics.twitter.com bam-cell.nr-data.net bam.nr-data.net blob: *.bluesnap.com c.bing.com code.jquery.com connect.facebook.net csi.gstatic.com cx.atdmt.com d33v4339jhl8k0.cloudfront.net d5c36hgmtufmn.cloudfront.net data: dev.visualwebsiteoptimizer.com files.readme.io gateway.zscalerone.net googleads.g.doubleclick.net *.google-analytics.com *.gstatic.com heapanalytics.com https://beacon-v2.helpscout.net https://c.clarity.ms/ https://c.clarity.ms/c.gif https://chatapi-prod.s3.amazonaws.com/ https://embedwistia-a.akamaihd.net https://*.gravatar.com https://matific1084.zendesk.com https://purecatamphetamine.github.io/country-flag-icons/ https://static.zdassets.com https://v2assets.zopim.io https://*.wistia.com https://*.wistia.net https://www.facebook.com/ https://www.facebook.com/tr/ https://www.google.ge imgsct.cookiebot.com matific-a.akamaihd.net *.matific.ca *.matific.co.il *.matific.com *.matific.eu p.adsymptotic.com pagesense-collect.zoho.com.au prod-static-web1.matific.com production-cdn-slatemathweb.s3.amazonaws.com p.typekit.net px4.ads.linkedin.com px.ads.linkedin.com resources.usersnap.com 'self' site1.matific.com site2.matific.com site3.matific.com ssl.kaptcha.com static1.matific.com static2.matific.com static3.matific.com static.ads-twitter.com stats.g.doubleclick.net t.co translate.googleapis.com translate.google.com tst.kaptcha.com 'unsafe-eval' 'unsafe-inline' web.facebook.com www.google.ad www.googleadservices.com www.google.ae www.google.al www.google.at www.google.az www.google.be www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.com www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.co www.google.com.cu www.google.com.do www.google.com.ec www.google.com.eg www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.kg www.google.kz www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.mn www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.googletagmanager.com www.google.tt www.google.vg www.google.vu www.kidsafeseal.com www.linkedin.com *.zendesk.com; media-src blob: data: https://beacon-v2.helpscout.net https://customer-h8ynfrgd4l2k01xb.cloudflarestream.com https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net *.matific.com 'unsafe-eval' *.zdassets.com; object-src https://beacon-v2.helpscout.net 'self' 'unsafe-eval' 'unsafe-inline'; script-src ajax.googleapis.com analytics.twitter.com apis.google.com appleid.cdn-apple.com bam-cell.nr-data.net bam.nr-data.net beacon-v2.helpscout.net blob: *.bluesnap.com cdn4.mxpnl.com cdn.heapanalytics.com cdnjs.cloudflare.com cdn.mxpnl.com challenges.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com firebase.googleapis.com firstore.googleapis.com gateway.zscalerone.net googleads.g.doubleclick.net *.google-analytics.com *.google.com heapanalytics.com https://appleid.cdn-apple.com https://*.cardinalcommerce.com https://*.clarity.ms https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://fast.wistia.com https://firebaseinstallations.googleapis.com https://src.litix.io https://*.wistia.com https://*.wistia.net https://www.recaptcha.net js-agent.newrelic.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu *.pagesense.io pi.pardot.com resources.usersnap.com 'self' snap.licdn.com static.ads-twitter.com static.zdassets.com static.zohocdn.com translate.googleapis.com translate.google.com 'unsafe-eval' 'unsafe-inline' use.typekit.net wa.appsflyer.com websdk.appsflyer.com widget.usersnap.com www.googleadservices.com www.google.al www.google.cn www.google.co.kr www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.na www.google.com.ng www.google.com.ni www.google.com.om www.google.com.sg www.google.co.zw www.google.dk www.google.es www.google.iq www.google.kg www.google.md www.google.mn www.google.mv www.google.rs www.google.se www.google.si www.google.sk www.googletagmanager.com www.gstatic.com; script-src-attr 'unsafe-inline'; script-src-elem ajax.googleapis.com analytics.twitter.com apis.google.com appleid.cdn-apple.com bam-cell.nr-data.net bam.nr-data.net beacon-v2.helpscout.net *.bluesnap.com cdn4.mxpnl.com cdn.heapanalytics.com cdnjs.cloudflare.com cdn.mxpnl.com challenges.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com connect.facebook.net consentcdn.cookiebot.com consent.cookiebot.com dev.visualwebsiteoptimizer.com fast.wistia.com googleads.g.doubleclick.net *.google-analytics.com googletagmanager.com heapanalytics.com https://*.cardinalcommerce.com https://*.clarity.ms https://fast.wistia.com https://firestore.googleapis.com js-agent.newrelic.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu pagesense-collect.zoho.com.au *.pagesense.io pagesense.zoho.com.au pay.google.com pi.pardot.com plus.google.com resources.usersnap.com 'self' *.sentry-cdn.com snap.licdn.com ssl.kaptcha.com static.ads-twitter.com static.zdassets.com static.zohocdn.com 'unsafe-inline' use.typekit.net wa.appsflyer.com websdk.appsflyer.com widget.usersnap.com www.googleadservices.com www.google.com www.googletagmanager.com www.gstatic.com; style-src blob: cdnjs.cloudflare.com checkoutshopper-live.adyen.com fonts.googleapis.com heapanalytics.com https://beacon-v2.helpscout.net https://fast.wistia.com https://www.gstatic.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu 'self' stackpath.bootstrapcdn.com translate.googleapis.com 'unsafe-eval' 'unsafe-inline' use.fontawesome.com; style-src-attr 'unsafe-inline'; style-src-elem apis.google.com cdnjs.cloudflare.com checkoutshopper-live.adyen.com code.jquery.com fonts.googleapis.com heapanalytics.com *.matific.ca *.matific.co.il *.matific.com *.matific.eu 'self' stackpath.bootstrapcdn.com 'unsafe-inline' use.fontawesome.com; worker-src blob: 'self'; report-uri https://matific.report-uri.com/r/d/csp/reportOnly; report-to default; 2 default-src 'self' *.googleapis.com cdnjs.cloudflare.com *.gdi-sh.de efi2.schleswig-holstein.de efi.schleswig-holstein.de phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de cdn.podigee.com phpefi.schleswig-holstein.de *.podigee-cdn.net *.kaltura.com landesportal-sh.dwebanalytics.de luftdaten.umweltbundesamt.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de *.schleswig-holstein.de *.gdi-sh.de cdnjs.cloudflare.com cdn.podigee.com *.podigee-cdn.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.de *.vimeo.com *.schleswig-holstein.de *.gdi-sh.de cdn.podigee.com *.podigee-cdn.net cdnjs.cloudflare.com landesportal-sh.dwebanalytics.de; object-src 'none' luftdaten.umweltbundesamt.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.youtube-nocookies.com youtu.be vimeo.com *.schleswig-holstein.de; frame-src *.google.com *.gstatic.com *.vimeo.com *.schleswig-holstein.de *.gdi-sh.de *.kaltura.com cdn.podigee.com *.podigee-cdn.net *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.openstreetmap.de *.openstreetmap.fr luftdaten.umweltbundesamt.de; img-src 'self' data: *.seminareonlinebuchen.de *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeocdn.com phpefi.schleswig-holstein.de *.openlayers.org *.openstreetmap.org *.openstreetmap.fr *.openstreetmap.de *.schleswig-holstein.de *.gdi-sh.de sgx.geodatenzentrum.de *.cdninstagram.com *.podigee-cdn.net *.fbcdn.net *.bootstrapcdn.com stamen-tiles-b.a.ssl.fastly.net stamen-tiles-c.a.ssl.fastly.net stamen-tiles-d.a.ssl.fastly.net stamen-tiles-a.a.ssl.fastly.net luftdaten.umweltbundesamt.de; worker-src blob: 'self'; frame-ancestors 'self' *.schleswig-holstein.de; font-src 'self' cdnjs.cloudflare.com *.gdi-sh.de maxcdn.bootstrapcdn.com; connect-src 'self' *.schleswig-holstein.de *.gdi-sh.de landesportal-sh.dwebanalytics.de; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com files.bizhub.sh cdnjs.cloudflare.com *.stripe.com *.compute.amazonaws.com iwsuibuilder-v21-develo.elasticbeanstalk.com recaptcha.net; connect-src 'self' api.locize.io *.stripe.com *.taxjar.com files.bizhub.sh www.google-analytics.com piwik.konicaminolta.eu bizhub.singles *.bizhub.singles develop.singles *.develop.singles 0a0243a9.green *.0a0243a9.green 0a0243a9.xyz *.0a0243a9.xyz 9a3420a0.xyz *.9a3420a0.xyz konicaminoltamarketplace.com *.konicaminoltamarketplace.com bizhubmarketplace.com *.bizhubmarketplace.com developmarketplace.com *.developmarketplace.com *.compute.amazonaws.com iwsuibuilder-v21-develo.elasticbeanstalk.com *.amazonaws.com; font-src 'self' files.bizhub.sh fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.aspnetcdn.com *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com files.bizhub.sh maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.aspnetcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io *.stripe.com cdn.polyfill.io www.google-analytics.com www.googletagmanager.com *.google.com www.gstatic.com cdnjs.cloudflare.com ajax.aspnetcdn.com piwik.konicaminolta.eu recaptcha.net; img-src 'self' data: files.bizhub.sh cdnjs.cloudflare.com s3.us-west-2.amazonaws.com www.google-analytics.com *.stripe.com *.stripecdn.com; frame-src 'self' *.stripe.com *.stripecdn.com recaptcha.net 2 frame-ancestors *.gallupatwork.com *.gallupatwork.au *.gallupatwork.sg *.gallupatwork.uk *.gallup.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://v3.lenna.ai https://connect.facebook.net https://www.google.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css https://v3.lenna.ai/chat/assets/index.css; img-src 'self' https: blob: data: https://www.facebook.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/ data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; media-src 'self' storage.cybiteam.id; connect-src 'self' https://cms.cybiteam.id https://api-crm.cybiteam.id https://cbn.speedtestcustom.com https://analytics.google.com https://www.googletagmanager.com https://www.google-analytics.com https://v3.lenna.ai https://app.lenna.ai https://cms.lenna.ai https://lenna.ai https://storage.cybiteam.id https://api.ipify.org https://connect.facebook.net https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/ https://socket.lenna.ai wss://socket.lenna.ai https://www.google.com; frame-src 'self' https://cbn.speedtestcustom.com https://www.googletagmanager.com https://td.doubleclick.net blob:; upgrade-insecure-requests; 2 default-src 'self'; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com https://*.hubspot.com https://*.typeform.com; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://static.hotjar.com https://script.hotjar.com https://*.hotjar.com https://*.hotjar.io https://script.crazyegg.com https://tag.clearbitscripts.com https://*.clearbit.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hubspot.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsadspixel.net https://*.hsappstatic.net https://*.cookie3.co https://*.cookie3.io https://cdn.markfi.xyz https://storage.googleapis.com https://vercel.live https://googleads.g.doubleclick.net https://www.googleadservices.com https://sdk.absolutelabs.app https://embed.typeform.com https://*.typeform.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://js.hubspot.com; font-src 'self' data: https://fonts.gstatic.com https://js.hubspot.com https://script.hotjar.com https://*.hotjar.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.com.mx https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tag.clearbitscripts.com https://*.clearbit.com https://js.hs-scripts.com https://js.hs-banner.com https://api.hsforms.com https://forms.hsforms.com https://api.hubspot.com https://api.hubapi.com https://track.hubspot.com https://*.hubspot.com https://*.hsforms.com https://*.hsappstatic.net https://forms.hscollectedforms.net https://*.cookie3.co https://*.cookie3.io https://cdn.markfi.xyz https://a.markfi.xyz https://sdk.absolutelabs.app https://be.explorer.rootstock.io https://backend.stats.rsk.co https://stats.g.doubleclick.net https://content.hotjar.io https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com wss://*.hotjar.com wss://be.explorer.rootstock.io wss://backend.stats.rsk.co https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://blockchain.info https://api.typeform.com https://*.typeform.com; img-src 'self' data: blob: https://*.google.com https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.pl https://*.google.pt https://*.google.nl https://*.google.be https://*.google.ca https://*.google.com.au https://*.google.com.br https://*.google.co.in https://*.google.co.jp https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://i.ytimg.com https://img.youtube.com https://*.youtube.com https://*.hotjar.com https://*.hotjar.io https://js.hs-banner.com https://track.hubspot.com https://*.hubspot.com https://forms.hsforms.com https://*.hsforms.com https://cdn.markfi.xyz https://rsk-cms.flywheelstaging.com https://rsk-cms.flywheelsites.com https://images.typeform.com https://*.typeform.com https://bunny-wp-pullzone-y5gelci48r.b-cdn.net https://*.b-cdn.net https://images.mirror-media.xyz https://*.mirror-media.xyz; media-src 'self' https://*.b-cdn.net; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://tagassistant.google.com https://vars.hotjar.com https://duh4wie7tww0.cloudfront.net https://forms.hsforms.com https://*.hsforms.com https://js.hsforms.net https://*.hubspot.com https://vercel.live https://td.doubleclick.net https://form.typeform.com https://*.typeform.com https://rootstock-goldensats-leaderboard.replit.app https://*.replit.app https://replit.com https://*.replit.com https://*.repl.co https://*.b-cdn.net; worker-src 'self' blob:; object-src 'none'; upgrade-insecure-requests 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.advantshop.net *.advantshop.by *.advantshop.com *.advantshop.kz *.advstatic.ru *.advant.shop www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net apis.google.com vk.com www.facebook.com connect.facebook.net platform.twitter.com cdn.syndication.twimg.com counter.rambler.ru cdn.jsdelivr.net ymetrica.com mc.yandex.ru yastatic.net api-maps.yandex.ru top-fwz1.mail.ru counter.yadro.ru top-abd.mail.ru *.jivosite.com *.chat2desk.com static.woopra.com www.woopra.com dadata.ru advantshop.disqus.com www.googletagmanager.com tagmanager.google.com ajax.googleapis.com advantschool.ru privacy-cs.mail.ru mc.webvisor.org telegram.org data:;worker-src 'self' blob:; 2 img-src https://syndication.twitter.com data: https://utmb-cdn.azureedge.net https://bbox.blackbaudhosting.com 'self' https://cdn.utmb.edu https://www.utmb.edu https://www.utmbhealth.com https://gsbs.utmb.edu https://utmbhealth.razuna.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.youtube.com https://marvel-b1-cdn.bc0a.com https://marvel-processor.bc0a.com https://67412.global.siteimproveanalytics.io https://curator-assets.b-cdn.net https://um.simpli.fi https://utmbstorage.blob.core.windows.net https://static.ctctcdn.com https://cdn.yoshki.com https://staticmap.concept3d.com https://public.tableau.com https://i.vimeocdn.com https://i.ytimg.com https://mcusercontent.com https://cdn.ymaws.com https://anesth.utmb.edu https://acrm.org https://www.aamc.org http://uwgalv.org https://acestoassets.org https://www.galvestonartscenter.org https://dim.mcusercontent.com https://www.ilo.org https://www.nlm.nih.gov https://cdn2.percipio.com http://www.galveston.com https://support.content.office.net https://images-na.ssl-images-amazon.com https://www.orangesmile.com https://www.abos.org https://i1.wp.com/wavelengthmedical.com https://i0.wp.com/wavelengthmedical.com https://www.dropbox.com https://www.facs.org https://serve.uberads.com https://www.nidcd.nih.gov https://www.medicaldiscoverynews.com https://img.photobucket.com https://uwgalv.org https://www.freewebs.com https://www.galveston.com https://api.tiles.virtualearth.net https://assets.section508.gov https://commons.wikimedia.org https://eep.io https://guynir1.files.wordpress.com https://insight.adsrvr.org https://liveutmb.sharepoint.com https://digitalasset.intuit.com https://downloads.mailchimp.com https://chat-us.libanswers.com https://media-cldnry.s-nbcnews.com https://log.pinterest.com https://payments.blackbaud.com https://platform-cdn.sharethis.com https://sync.sharethis.com https://www9.utmb.edu https://ad.doubleclick.net https://collector-12155.tvsquared.com https://www.google.com blob: https://apps.ideal-logic.com https://researchexperts.utmb.edu https://www.googletagmanager.com https://worldwind25.arc.nasa.gov https://unpkg.com; form-action 'self'; script-src https://utmb-cdn.azureedge.net https://www.youtube.com https://siteimproveanalytics.com https://meps.ahrq.gov https://fs22.formsite.com https://bat.bing.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://cdn.jsdelivr.net https://tag.brandcdn.com 'self' 'unsafe-inline' data: blob: https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.gstatic.com https://ajax.googleapis.com https://www.googleadservices.com https://cdn.utmb.edu https://www.utmb.edu https://www.utmbhealth.com https://doctors.utmbhealth.com https://search.utmb.edu https://utmb.hosted.panopto.com https://cdn.bc0a.com https://consents-cf.bc0a.com https://dsrportal-cdn.bc0a.com https://platform.twitter.com https://connect.facebook.net https://cdn.curator.io https://tag.simpli.fi https://tags.srv.stackadapt.com https://i.simpli.fi https://chimpstatic.com https://static.addtoany.com https://www.statcounter.com https://downloads.mailchimp.com https://mc.us14.list-manage.com https://api3.libcal.com https://askus.utmb.edu https://www.hcup-us.ahrq.gov https://www.icpsr.umich.edu https://cma.ahrq.gov https://embed.typeform.com https://ocrportal.hhs.gov https://mychart.utmb.edu https://platform-api.sharethis.com https://peopledirectory.uth.tmc.edu https://www.acs-education.com https://player.vimeo.com https://corporate.visa.com https://my.americanheart.org https://www.nlm.nih.gov https://secure.touchnet.net https://www.acponline.org https://webforms.utmb.edu https://dx.doi.org https://s7.addthis.com https://m.addthis.com https://api-public.addthis.com https://z.moatads.com https://cdn.credly.com https://www.swarminteractive.com https://assets.pinterest.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://uu.diva-portal.org https://s3.amazonaws.com https://www.heart.org https://cdn.yoshki.com https://www2.tsl.state.tx.us https://home.absurgery.org https://www.instagram.com https://cdn01.basis.net https://collector-12155.tvsquared.com https://static.hotjar.com https://180277.tctm.co https://script.hotjar.com https://adservices.brandcdn.com https://tools.cdc.gov https://www.cdc.gov https://public.tableau.com https://www.novitas-solutions.com https://www.imleagues.com https://www.medicaldiscoverynews.com https://az416426.vo.msecnd.net https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://code.highcharts.com https://code.jquery.com https://mb.moatads.com https://softchalkcloud.com https://www.audacy.com https://babe71tl.micpn.com https://liveutmb-my.sharepoint.com https://chat-us.libanswers.com https://buttons-config.sharethis.com https://grmychart.utmb.edu https://t.sharethis.com https://vwp1mychart01.utmb.edu https://utrgv.utmb.edu https://grutrgv.utmb.edu https://www9.utmb.edu https://googleads.g.doubleclick.net https://apps.ideal-logic.com https://api.allorigins.win https://webformstest.utmb.edu https://cdn.rlets.com https://worldwind.arc.nasa.gov https://unpkg.com 'unsafe-eval'; frame-ancestors 'self' https://www.utmbhealth.com https://www.utmb.edu https://www.today.com https://www.lightboxcdn.com https://www9.utmb.edu https://utmbhealth.com https://utmb.edu https://map.concept3d.com; connect-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.utmb.edu https://ixfd2-api.bc0a.com https://api.curator.io https://tags.srv.stackadapt.com https://c.statcounter.com https://api3.libcal.com https://listgrowth.ctctcdn.com https://login.microsoftonline.com https://mychart.utmb.edu https://liveutmb-my.sharepoint.com https://chat-us.libanswers.com https://www.today.com https://www.lightboxcdn.com https://l.sharethis.com https://payments.blackbaud.com https://bcp.crwdcntrl.net https://www9.utmb.edu https://analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://apps.ideal-logic.com https://api.allorigins.win https://ad.doubleclick.net https://utmb.edu https://www.utmbhealth.com https://utmbhealth.com https://worldwind26.arc.nasa.gov https://geojson-maps.kyd.au/json/world.geo.json https://utmb-cdn.azureedge.net; style-src https://utmb-cdn.azureedge.net https://bbox.blackbaudhosting.com 'self' 'unsafe-inline' data: https://cdn.utmb.edu https://fonts.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://www.utmb.edu https://www.utmbhealth.com https://cdn.curator.io https://tags.srv.stackadapt.com http://ffoodd.github.io https://use.fontawesome.com https://cdn-images.mailchimp.com https://webforms.utmb.edu https://maxcdn.bootstrapcdn.com https://static.ctctcdn.com https://mychart.utmb.edu https://cdn.datatables.net https://cdnjs.cloudflare.com https://code.jquery.com https://doctors.utmbhealth.com https://stackpath.bootstrapcdn.com https://downloads.mailchimp.com https://chat-us.libanswers.com https://grmychart.utmb.edu https://payments.blackbaud.com https://grutrgv.utmb.edu https://utrgv.utmb.edu https://www9.utmb.edu https://apps.ideal-logic.com 2 frame-ancestors https://*.storyblok.com; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.co.uk data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://www.needlefresh.co.uk https://*.lidl.co.uk; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.co.uk data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 default-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://noembed.com https://cdn.plyr.io https://*.privacyrequest.net https://privacyrequest.net https://*.fontawesome.com https://*.gstatic.com https://*.vimeo.com https://*.consentmanager.net https://*.performmedia.com https://*.wp.com https://*.google.com 'unsafe-eval' 'unsafe-inline'; 2 frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com www.drupal.org new.drupal.org; report-uri /report-csp-violation 2 frame-ancestors 'self' https://app.experiencewelcome.com/ 2 default-src 'none'; script-src 'self' *.b0e8.com *.bc0a.com blob: marvel-b2-cdn.bc0a.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com *.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com j.6sc.co bam.nr-data.net geolocation.onetrust.com *.google.com tpc.googlesyndication.com maps.googleapis.com www.gstatic.com js.hsforms.net *.hsforms.com *.pressganey.com *.cdntwrk.com www.googleoptimize.com connect.facebook.net js.hs-scripts.com js.usemessages.com js.hs-analytics.net js.hs-banner.com cdn.cookielaw.org *.wistia.com *.wistia.net src.litix.io fast.wistia.com *.googletagmanager.com info.pressganey.com js.hsleadflows.net cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com *.zoominfo.com js.hsadspixel.net subscriptions.smartrecruiters.com static.smartrecruiters.com www.smartrecruiters.com jobpal-sm.s3.amazonaws.com pressganey.com cdn.jsdelivr.net *.castos.com 675-zyq-542.mktoweb.com googleads.g.doubleclick.net *.marketo.net *.pathfactory.com *.googleadservices.com *.google.com *.google.com/pagead/form-data *.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com legal.pressganey.com static.smartrecruiters.com *.hsforms.com *.wistia.com *.cdntwrk.com *.googletagmanager.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com *.pressganey.com *.castos.com googleads.g.doubleclick.net *.pathfactory.com 'unsafe-inline'; frame-ancestors 'self' library.forsta.com resources.rioseo.com pressganey.com *.pathfactory.com; frame-src 'self' play.vidyard.com vars.hotjar.com tpc.googlesyndication.com td.doubleclick.net *.google.com *.pressganey.com www.googletagmanager.com survey.us.confirmit.com js.hsforms.net *.hsforms.com www.facebook.com app.livestorm.co *.hubspot.com pressganey-20208516.hs-sites.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com *.myworkdayjobs.com googleads.g.doubleclick.net *.pathfactory.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.hsforms.com www.facebook.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com googleads.g.doubleclick.net *.pathfactory.com; connect-src 'self' 'self' go.pressganey.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com www.google.com adservice.google.com *.googleapis.com *.googletagmanager.com *.googleapis.com maps.googleapis.com *.google.com *.6sc.co digitalfeedback.us.confirmit.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.hsforms.com *.cdntwrk.com js.hs-banner.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com www.facebook.com cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com ws.zoominfo.com api.hubapi.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io jobpal-sm.s3.amazonaws.com pressganey.com cdn.growthbook.io px.ads.linkedin.com *.castos.com googleads.g.doubleclick.net *.mktoresp.com *.pathfactory.com www.google.com/ccm/collect *.googleadservices.com; font-src 'self' data: fonts.gstatic.com *.cdntwrk.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com googleads.g.doubleclick.net *.pathfactory.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-fastly.wistia.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com googleads.g.doubleclick.net *.pathfactory.com; img-src https: data:; report-uri https://pressganey.report-uri.com/r/t/csp/enforce 2 img-src 'self' https://www.googletagmanager.com https://www.google.co.kr https://i.ytimg.com https://perf-na1.hsforms.com https://track.hubspot.com https://forms.hsforms.com https://admin.counterpointresearch.com https://test.counterpointresearch.com https://counterpointresearch.com https://display.counterpointresearch.com data:; 2 frame-ancestors 'self' https://ahunga.sharepoint.com https://mywallet.onewallet.one.nz/ https://netspeed.net.nz/ https://wirelessnation.co.nz/ https://koganmobile.co.nz/ https://www.one.nz/ 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.pttavm.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.segmentify.com https://*.useinsider.com https://*.debugbear.com https://*.criteo.com https://*.creativecdn.com https://cdnjs.cloudflare.com https://events.framer.com https://framerusercontent.com https://pttem.alo-tech.com https://*.clarity.ms https://analytics.tiktok.com https://*.yango.com https://*.adform.net https://*.taboola.com https://*.scarabresearch.com https://googleads.g.doubleclick.net https://sis.flix360.io https://media.flixsyndication.net https://static-assets.flix360.io https://media.flixcar.com https://*.admatic.com https://*.admatic.com.tr https://media.flixfacts.com;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://*.pttavm.com https://fonts.googleapis.com https://*.useinsider.com https://framerusercontent.com https://jsonplaceholder.typicode.com https://accounts.google.com https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com;style-src-elem * 'unsafe-inline';connect-src 'self' https://*.pttavm.com https://*.google.com https://*.google.com.tr https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.clarity.ms https://*.tiktok.us https://*.facebook.com https://*.facebook.net https://*.useinsider.com https://*.segmentify.com https://*.debugbear.com https://*.doubleclick.net https://*.creativecdn.com https://*.criteo.com https://*.taboola.com https://*.tiktok.com https://*.tiktokw.us https://*.flixcar.com https://analytics.pangle-ads.com https://measurement-api.criteo.com https://events.framer.com https://eu.asas.yango.com https://*.afftrck.com https://*.googleadservices.com https://*.yango.com;worker-src 'self' blob:;object-src 'none';base-uri 'self';manifest-src 'self';frame-src *;form-action *;default-src *;frame-ancestors 'self' https://*.pttavm.com;img-src * data: blob:;media-src * data: blob:;font-src 'self' https: data:;upgrade-insecure-requests 2 default-src 'self' *; base-uri 'self'; font-src 'self' https: data:; form-action http://*.enterprisedb.com http://enterprisedb.com http://enterprisedb.okta.com 'self'; frame-ancestors 'self'; img-src 'unsafe-inline' 'self' blob: data: *; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; script-src-attr 'unsafe-inline'; style-src 'unsafe-inline' 'self' *; upgrade-insecure-requests 2 frame-ancestors 'self' https://victorinox.studio.frontend.commercetools.com https://victorinox.my.site.com https://victorinox.lightning.force.com ; default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com https://*.cdn.imgeng.in; frame-src 'self' https: mailto: tel: assets.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com https://victorinox.my.site.com https://victorinox.lightning.force.com ; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com assets.bounceexchange.com; img-src 'self' data: https: https://api.qrserver.com *.abtasty.com *.amazonaws.com https://cdn.optimizely.com assets.bounceexchange.com events.bouncex.net https://*.cdn.imgeng.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx *.googlesyndication.com https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://applepay.cdn-apple.com https://contest.victorinox.com https://view.juneapp.com https://unpkg.com *.google-analytics.com *.netlify.app *.netlify.com https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com https://emea01.cluster.observability.cloud.sap:9999 https://victorinox-swiss-army.locally.com *.abtasty.com *.googleapis.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.affirm.com https://*.friendlycaptcha.com https://mpsnare.iesnare.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com https://storage.emersya.com https://io.fusedeck.net https://*.collect.igodigital.com tag.wknd.ai tag.bounceexchange.com assets.bounceexchange.com api.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com *.channelsight.com *.abtasty.com *.gstatic.com *.googleapis.com assets.bounceexchange.com; form-action 'self' https: api.bounceexchange.com; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.contentsquare.com *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com cdn.linkedin.oribi.io https://*.csftr.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com *.frontastic.rocks *.frontastic.live *.frontastic.io *.linkedin.com *.cloudflare.com *.adyen.com https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com *.youku.com https://emea01.cluster.observability.cloud.sap:9999 https://google.com/pay *.abtasty.com https://logx.optimizely.com https://*.optimizely.com https://*.affirm.com https://develop--b2cstore-victorinox.netlify.app https://*.friendlycaptcha.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net https://vxb2c-dev-fp-func001.azurewebsites.net; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com assets-static.victorinox.com *.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com *.abtasty.com *.gstatic.com *.googleapis.com https://*.ugc.bazaarvoice.com https://victorinox--uat.sandbox.my.site.com https://victorinox--uat.sandbox.lightning.force.com/ https://victorinox--uat.sandbox.my.salesforce-scrt.com https://victorinox.my.site.com https://victorinox.my.salesforce-scrt.com assets.bounceexchange.com; report-to csp-endpoint; 2 script-src blob: 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' * *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.flowplayer.org *.gstatic.com; img-src 'self' blob: data: *.interempresas.net *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.youtube.com *.gstatic.com *; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.gstatic.com *; object-src *.interempresas.net; media-src blob: * 2 frame-ancestors 'self' *.itslearning.com; upgrade-insecure-requests 2 default-src 'self' https://*.directupload.net https://*.directupload.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.directupload.net https://*.directupload.eu; img-src 'self' https://ssl.google-analytics.com data: https://*.directupload.net https://*.directupload.eu; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; frame-src 'self' https://www.google.com https://*.directupload.net https://*.directupload.eu; worker-src 'self'; frame-ancestors 'self'; connect-src 'self' https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net; 2 default-src https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 2 default-src *; style-src 'unsafe-inline' *; font-src 'self' data: blob: *; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src * data: blob:; media-src 'self' blob: * data: *; frame-src * webcompt: heybox: maxjia: 2 object-src 'self'; frame-src 'self' www.google.com cloud.hostingraja.in www.googletagmanager.com chat.hostingraja.in www.youtube.com https://widget.trustpilot.com https://securegw-stage.paytm.in/ https://secure.paytmpayments.com/ https://accounts.paytm.com/ paytm https://staticpg.paytm.in/ https://api.razorpay.com/ https://checkout.stripe.com/ https://td.doubleclick.net/ https://secure.paytmpayments.com/ https://clients.hostingraja.in/ https://consentcdn.cookiebot.com/ https://livechat.sgp1.whgi.net/ https://ml42.hostingraja.in/; 2 frame-ancestors 'self' *.optimizely.com 2 default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 2 frame-ancestors 'self'; default-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.rcrsv.io; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://dynacrems-stage.wp.pl https://challenges.cloudflare.com grid.grupawp.pl adssettings.google.com https://fpnpmcdn.net https://fpjscdn.net wpext.pl *.wpext.pl *.survicate.com *.survicate-cdn.com *.abtshield.com fpx.o2.pl *.doubleverify.com s1.adform.net track.adform.net rt.inistrack.net *.sensic.net system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl pocztanh.wpcdn.pl *.wpcdn.pl *.tradedoubler.com *.hit.gemius.pl *.salesmore.pl onapi.o2.pl *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.2mdn.net *.googleadservices.com d.rxthdr.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google-analytics.com *.moatads.com ib.adnxs.com adservice.google.pl adservice.google.com *.meetrics.net *.mxcdn.net *.criteo.com static.criteo.net imasdk.googleapis.com cdn.netsco.re 3p.ampproject.net *.payu.com *.doubleverify.com ho.novem.pl; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://dynacrems-stage.wp.pl adssettings.google.com *.survicate.com *.survicate-cdn.com pocztanh.wpcdn.pl s1.adform.net track.adform.net rt.inistrack.net system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl; img-src 'self' data: blob: *.wpcdna.pl https://dynacrems-stage.wp.pl res.cloudinary.com *.nsaudience.pl *.survicate.com events.mediarithmics.com s1.adform.net track.adform.net rt.inistrack.net *.exactag.com zasobygwp.pl zasoby.tlen.pl pl-gmtdmp.mookie1.com system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl rek.www.wp.pl *.wpimg.pl *.wpcdn.pl *.moatads.com *.tradedoubler.com ads.salesmore.pl *.doubleclick.net *.2mdn.net bs.serving-sys.com *.googlesyndication.com *.google.com delivery.way2traffic.com *.hit.gemius.pl t.qservz.com cdn.qservz.com beta.pocketads.pl ssl.google-analytics.com dmp.adform.net asa.allegro.pl ad.atdmt.com ads.businessclick.com/mailing/ *.meetrics.net *.mxcdn.net *.criteo.com *.criteo.net stags.bluekai.com www.ojrq.net/p/ secure-gl.imrworldwide.com www.facebook.com *.payu.com *.doubleverify.com ho.novem.pl; media-src 'self' v.wpimg.pl adv.wp.pl *.wpcdn.pl data:; child-src 'self' blob: *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net *.bing.com adexa.me googleads.g.doubleclick.net; frame-src 'self' blob: https://dynacrems-stage.wp.pl https://challenges.cloudflare.com adssettings.google.com *.survicate.com *.wpext.pl wpext.pl *.wpimg.pl *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl stg.wp.pl *.wpcdn.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net *.bing.com adexa.me www.google.com/recaptcha/ *.criteo.com googleads.g.doubleclick.net masscdn.com *.payu.com *.doubleverify.com ho.novem.pl gwp.typeform.com *.doubleclick.net *.googletagservices.com; font-src 'self' data: *.survicate.com *.survicate-cdn.com *.wpimg.pl *.wpcdn.pl; connect-src 'self' https://dynacrems-stage.wp.pl https://fpnpmcdn.net https://api.fpjs.io https://*.api.fpjs.io *.survicate.com *.abtshield.com fpx.o2.pl *.wpext.pl wpext.pl *.sensic.net *.hit.gemius.pl imppl.tradedoubler.com secure.espago.com wp.tv csi.gstatic.com *.criteo.com static.criteo.net bidder.criteo.com *.moatads.com *.meetrics.net wss://poczta.o2.pl wss://poczta.wp.pl system3secure.pl sentry-2-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpcdn.pl *.money.pl www.google.com pubs2-eu.creativecdn.com *.wpimg.pl profil.o2.pl *.netscore.eu/v2/api/adinfo/ ib.adnxs.com/ptv *.googlesyndication.com *.payu.com *.doubleverify.com ho.novem.pl *.doubleclick.net *.googletagservices.com grid.grupawp.pl; report-uri /csp-reports; manifest-src 'self' 'unsafe-eval' 2 default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com *.office365.com *.kuka.com *.kuka.cn *.mouseflow.com *.zscaler.net d2csxpduxe849s.cloudfront.net kuka-digital-sphere.pages.dev; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com *.cloudflare.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.kuka.com *.cloudflareinsights.com *.mouseflow.com *.zscaler.net *.youtube.com kuka-digital-sphere.pages.dev *.adroll.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.force.com *.kuka.com *.googletagmanager.com kuka-digital-sphere.pages.dev; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com *.office365.com *.mouseflow.com; connect-src 'self' data: ws: blob: *.googleadservices.com *.googlesyndication.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com *.office365.com *.kuka.com *.mouseflow.com *.convertwork.cn noembed.com *.google.com *.doubleclick.net *.linkedin.com; frame-ancestors 'self' https://kuka.presono.com *.kuka.com *.sandbox.my.site.com 2 frame-ancestors 'self' https://*.designcrowd.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.fbevents.js bat.bing.com *.facebook.net *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com; object-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.fontawesome.com *.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com www.googleadservices.com bat.bing.com *.cookiebot.com *.cookiebox.ro *.linkedin.com *.listafirme.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.listafirme.ro *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.ytimg.com *.facebook.com *.facebook.net; child-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gts.ro *.cookiebot.com bat.bing.com *.cloudflare.com *.linkedin.com *.googlesyndication.com *.googletagmanager.com *.google.com google.com www.googleadservices.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.fontawesome.com; font-src 'self' *.fontawesome.com *.cloudflare.com; 2 default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' blob: *; img-src * 'self' blob: data:; connect-src *; font-src *; frame-src *; object-src 'none'; base-uri 'self' https://static-2c.gitbook.com; form-action 'self' https://static-2c.gitbook.com *; frame-ancestors https: ; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de blob:; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de *.akamaized.net *.cloudfront.net *.vimeocdn.com vimeo.com data.w52.com data: blob:; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.webcast-eqs.com export.highcharts.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.vimeocdn.com vimeo.com data.w52.com blob: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io blob:; child-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com blob: data:; style-src 'self' 'unsafe-inline' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.eye-able.com *.eye-able-cdn.com; font-src 'self' data: *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pusher.com walls.io *.walls.io *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.vimeocdn.com vimeo.com *.youtube.com data.w52.com *.eye-able.com *.eye-able-cdn.com blob:; img-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.vimeocdn.com vimeo.com *.youtube.com *.ytimg.com *.eye-able.com *.eye-able-cdn.com data.w52.com data data:; object-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; connect-src 'self' ws: *.pusher.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.akamaized.net *.cloudfront.net *.vimeocdn.com vimeo.com data.w52.com blob:; frame-ancestors 'self' file://* social.cloud.tbintra.net *.daimlertruck.com *.mercedes-benz-trucks.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com 2 frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 2 frame-ancestors 'self' https://preview--link-curate-dash.lovable.app; 2 frame-ancestors 'self' https://*.nwea.org; 2 frame-ancestors 'self' tecnun.unav.edu www.isem.es 2 frame-ancestors 'self' *.lovecrafts.com 2 frame-src 'self' https://app.cofcsports.com https://google.com https://www.google.com https://*.snapchat.com https://*.adsrvr.org charleston.gpinsights.org https://td.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://googletagmanager.com https://go.pardot.com https://cofc.secure.force.com https://forms.charleston.edu https://forms.cofc.edu https://cofc-edu.my.salesforce-sites.com youtube.com *.youtube.com vimeo.com *.vimeo.com calendar.charleston.edu *.charleston.edu https://cofc.tfaforms.net www.imleagues.com imleagues.com *.k12insight.com k12insight.com cofc.edu *.cofc.edu cofc.zoom.us fm-cofc.maps.arcgis.com cougarconnect.cofc.edu outlook.office365.com *.arcgis.com teams.microsoft.com *.lightcastcc.com *.camstreamer.com *.buzzsprout.com buzzsprout.com; 2 frame-ancestors 'self' https://investors.sgx.com/ https://investors.qasgx.com/; default-src 'none'; connect-src 'self' https://api.sgx.com https://api2.sgx.com https://api3.sgx.com https://api.qasgx.com https://api3.qasgx.com https://api2.qasgx.com https://api-dev.qasgx.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; frame-src 'self' https://swtools.sgx.com/ https://t1.trkd-hs.com/ https://www.youtube-nocookie.com https://www.google.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com/; font-src 'self' https://api2.sgx.com https://api2.qasgx.com https://cdn.jsdelivr.net; img-src 'self' data: https://api2.sgx.com https://api2.qasgx.com https://i.ytimg.com https://www.google-analytics.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.googletagservices.com https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://tpc.googlesyndication.com; style-src 'self' 'unsafe-inline'; 2 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.aticdn.net cdn.askmonastudio.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com cdnjs.cloudflare.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com tour-eiffel.sa cdnjs.cloudflare.com; img-src https: data: http:; media-src https: data: blob: http:; frame-ancestors 'self'; child-src 'self' blob: *.askmonastudio.com *.google.com *.youtube.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.askmonastudio.com data:; report-uri /report-csp-violation 2 default-src 'self' files.virgool.io https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'self' countly.virgool.io; connect-src 'self' cdn.triboon.net *.arcaptcha.co *.arcaptcha.ir brandon.arcaptcha.co:1325 vod.virgool.io https://static.cloudflareinsights.com sentry.hamravesh.com files.virgool.io https://*.analytics.google.com https://*.google-analytics.com stats.vstat.ir cdn.iframe.ly https://open.iframe.ly iframely.com https://geoip-db.com https://sentry.virgool.io https://*.googletagmanager.com https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'self' countly.virgool.io pagead2.googlesyndication.com; font-src 'self' data: https://static.virgool.io https://files.virgool.io; img-src blob: data: https: 'self' *.arcaptcha.ir files.virgool.io https://*.google-analytics.com https://*.googletagmanager.com pagead2.googlesyndication.com; object-src 'self' virgool.io; media-src blob: 'self' vod.virgool.io https://open.iframe.ly cdn.virgool.io files.virgool.io iframely.com open.iframe.ly; script-src 'self' blob: https://virgool.io *.arcaptcha.co 'unsafe-inline' files.virgool.io https://*.googletagmanager.com cdn.iframe.ly https://open.iframe.ly iframely.com open.iframe.ly https://cdn.iframe.ly https://geoip-db.com https: 'self' 'unsafe-inline' manifest.json https://sentry.virgool.io 'self' countly.virgool.io pagead2.googlesyndication.com partner.googleadservices.com tpc.googlesyndication.com www.googletagservices.com; style-src 'unsafe-inline' data: https: 'self'; frame-src 'self' cdn.iframe.ly https://cdn.iframe.ly https://open.iframe.ly open.iframe.ly iframely.com googleads.g.doubleclick.net tpc.googlesyndication.com chromenull: https: webviewprogressproxy: ; worker-src blob: 'self'; manifest-src https://virgool.io/manifest.json; frame-ancestors 'self' pelikan.media;; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.abus.com https://www.youtube.com https://i.ytimg.com https://www.googletagmanager.com https://abus.containers.piwik.pro https://abus.piwik.pro https://*.google-analytics.com https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://service.excentos.com https://m.excentos.com https://image-scaler.excentos.com https://mycliplister.com https://*.mycliplister.com https://cdn.mycliplister.com https://letscast.fm https://*.letscast.fm https://*.hotjar.com https://*.hotjar.io https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://useruploads.vwo.io https://cdn.walls.io https://my.walls.io https://abus-privacy.my.onetrust.com https://api.friendlycaptcha.com https://*.go-mpulse.net https://abusbr.pi-asp.de data: blob: wss:; 2 frame-ancestors 'self' stvr.sk *.stvr.sk *.dev.stvr.sk stvr.org *.stvr.org 2 frame-ancestors 'self' https://*.jugendherberge.de https://piwik.jugendherberge.de 2 default-src 'self' *.kustomerapp.com *.iesnare.com *.bold.co *.segment.com *.segment.io *.amazonaws.com *.hotjar.com *.hotjar.io; script-src 'self' *.segmentstream.com *.clarity.ms *.bold.co *.segment.com *.segment.io *.amazonaws.com *.seondf.com *.google.com *.gstatic.com *.googletagmanager.com *.analytics.tiktok.com *.appboycdn.com *.websdk.appsflyer.com *.boost.ai *.doubleclick.net *.connect.facebook.net *.visualwebsiteoptimizer.com *.vwo.com *.j.northbeam.io *.maze.co *.googleapis.com *.hotjar.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.segmentstream.com *.csidetm.com *.tailwindcss.com *.vwo.com app.vwo.com *.deviceinf.com *.seonintelligence.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.northbeam.io *.doubleclick.net *.tiktok.com *.appsflyer.com *.googletagmanager.com *.connect.facebook.net *.kustomerapp.com *.auth0.com *.bold.co *.boost.ai *.visualwebsiteoptimizer.com *.segment.com *.segment.io *.maze.co *.appboycdn.com *.googleapis.com *.seondf.com *.google.com *.gstatic.com *.cloudflare.com *.jsdelivr.net *.iteratehq.com *.facebook.net *.kustomerapp.com *.shopifycdn.com *.hotjar.com 'unsafe-inline' ; style-src 'self' *.visualwebsiteoptimizer.com *.vwo.com *.auth0.com *.bold.co *.cloudflare.com fonts.googleapis.com *.googleapis.com *.jsdelivr.net *.iteratehq.com *.hotjar.com 'unsafe-inline'; style-src-elem 'self' *.visualwebsiteoptimizer.com *.vwo.com *.auth0.com *.bold.co *.cloudflare.com fonts.googleapis.com *.googleapis.com *.jsdelivr.net *.iteratehq.com 'unsafe-inline'; img-src 'self' * data: ;font-src * *.bold.co data:; connect-src 'self' data: *.segmentstream.com *.csidetm.com *.stytch.com *.seondnsresolve.com *.seondfresolver.com *.deviceinfresolver.com *.seonintelligence.com *.onelink.me *.appsflyer.com *.tiktok.com *.tiktokw.us *.pangle-ads.com *.doubleclick.net *.launchdarkly.com *.strich.io *.google.com *.pndsn.com *.bold.co https://bold.co *.segment.com *.segment.io *.amazonaws.com *.visualwebsiteoptimizer.com *.vwo.com *.boost.ai *.maze.co *.braze.eu *.googleapis.com *.seondf.com https://iteratehq.com *.sentry.io *.auth0.com *.kustomerapp.com *.shopifysvc.com *.boldcf.co https://boldcf.co https://www.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ;frame-src 'self' *.visualwebsiteoptimizer.com *.vwo.com *.doubleclick.net *.googletagmanager.com *.jumio.ai *.google.com *.auth0.com *.bold.co *.googleapis.com *.typeform.com *.youtube.com *.youtube-nocookie.com *.payzen.eu; worker-src 'self' blob:;media-src 'self' data: *.ctfassets.net; frame-ancestors 'self' https://bold.co https://web.bold.co https://www.bold.co 2 frame-ancestors 'self' *.ramtrucks.com; 2 default-src 'self' 'unsafe-inline' *; img-src 'self' * blob: data: cdnjs.cloudflare.com https://*.productfruits.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/r ecaptcha/ https://accounts.google.com/gsi/button https://*.productfruits.com https; font-src 'self' data: netdna.bootstrapcdn.com fonts.gstatic.com https:; style-src 'unsafe-inline' *; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.deepdyve.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://play.google.com/log https://accounts.google.com/gsi https://accounts.google.com/gsi/client https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://bant.io https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://beacon-v2.helpscout.net https://connect.facebook.net https://rum-static.pingdom.net https://assets.customer.io https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js https://platform.twitter.com/widgets.js https://sealserver.trustwave.com/seal.js https://static.cloudflareinsights.com/ 'unsafe-inline' https://code.tidio.co https://widget-v4.tidiochat.com https://*.productfruits.com https://cdn.mxpnl.com https://appsforoffice.microsoft.com https://ajax.googleapis.com https://www.clarity.ms https://scripts.clarity.ms; media-src 'unsafe-inline' code.tidio.co widget-v4.tidiochat.com blob:; connect-src 'unsafe-inline' sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https: wss:; worker-src 'self' blob:; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; connect-src * data:; media-src * blob:; worker-src 'self' blob:; font-src 'self' https://cdn.clinicalkey.com/ https://ssl.p.jwpcdn.com/ data:; 2 base-uri 'self';frame-ancestors 'self';object-src 'none' 2 form-action *.a1.hr *.tomato.com.hr *.corvus.hr *.paypal.com *.corvuspay.com; 2 frame-ancestors 'self' http://*.commonwealthu.edu https://*.commonwealthu.edu http://commonwealthu.prod.acquia-sites.com https://commonwealthu.prod.acquia-sites.com http://commonwealthustage.prod.acquia-sites.com https://commonwealthustage.prod.acquia-sites.com http://commonwealthudev.prod.acquia-sites.com https://commonwealthudev.prod.acquia-sites.com http://commonwealthura.prod.acquia-sites.com https://commonwealthura.prod.acquia-sites.com http://commonwealth.ddev.site https://commonwealth.ddev.site https://*.vimeo.com https://*.youtube.com https://bbox.blackbaudhosting.com; report-uri https://www.commonwealthu.edu/report-uri/enforce 2 base-uri 'self'; style-src 'self' 'unsafe-inline' *.ase-usw1-shared-prd.p.azurewebsites.net *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com *.twimg.com cdn.commonspirit.org cdn.cookielaw.org cookie-cdn.cookiepro.com fonts.googleapis.com gateway.foresee.com geolocation.onetrust.com privacyportal.onetrust.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.crazyegg.com *.dignityhealth.org *.evaliahealth.com *.evaliahealth.com *.everestjs.net *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.inquicker.com *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.mktoutil.com *.recaptcha.net/recaptcha/ *.recaptcha.net/recaptcha/ *.youtube.com adobedc.demdex.net ajax.googleapis.com ajax.microsoft.com assets.adobedtm.com assets.adobedtm.com bam-cell.nr-data.net bam.nr-data.net cdn.commonspirit.org cdn.commonspirit.org cdn.cookielaw.org cdn.jsdelivr.net/npm/twemoji@13 cdn1.commonspirit.org cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com cookie-cdn.cookiepro.com decodedigital.s3.amazonaws.com dignityhealth.hrm.healthgrades.com experience.adobe.com gateway.foresee.com geolocation.onetrust.com google-analytics.com googleads.g.doubleclick.net hipaa.jotform.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com platform.twitter.com privacyportal.onetrust.com s.yimg.com solutions.invocacdn.com support.doctorpodcasting.com/widget/easyXDM.js twemoji.maxcdn.com unpkg.com use.typekit.net www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com calendar.google.com commonspirit.demdex.net dignityhealth.hrm.healthgrades.com docasap.com identityspa.dignityhealth.org support.doctorpodcasting.com www.cognitoforms.com www.google.com www.google.com www.recaptcha.net; img-src 'self' *.agkn.com *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.stackadapt.com *.twimg.com *.vimeocdn.com *.youtube.com bam.nr-data.net cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: dpm.demdex.net i.ytimg.com login.commonspirit.org qvdt3feo.com s3.amazonaws.com s3.amazonaws.com/assets.gyant.com/ twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.crazyegg.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.inquicker.com *.mktoresp.com *.mktoutil.com *.mktoutil.com *.omtrdc.net adobedc.demdex.net ajax.microsoft.com analytics.google.com api.ipify.org app-w2-owrapi-prd.azurewebsites.net assets.adobedtm.com bam-cell.nr-data.net bam.nr-data.net cdn.commonspirit.org commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net device.4seeresults.com dpm.demdex.net fid.agkn.com fonts.googleapis.com google-analytics.com identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com pnapi.invoca.net readaloud.googleapis.com s.yimg.com s3.amazonaws.com/assets.gyant.com/ telemetry.commonspirit.org translate.googleapis.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org account.commonspirit.org analytics.foresee.com cdn1.commonspirit.org commonspirit.demdex.net identity-func.commonspirit.org login.commonspirit.org; font-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.gstatic.com *.slant.co cdn.jorfor.ms cdn1.commonspirit.org data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net www.commonspirit.org; 2 value 2 frame-ancestors 'self' *.mexc.me *.mexc.com *.mexceu.com *.mexc.kr *.mexc.co sensors.xiaoxiame.com *.365huo.xyz *.mexc.fm *.mexc.in *.mexc.us *.greentreeone.com *.gdiii.xyz *.mcaketech.com *.mexc.ae *.mexc.cl *.mexc.ee *.mexc.ge *.mexccex.com *.mexcsite.com *.mx-exchange.co *.winappnet.com *.weappnet.com *.getappnet.com *.cryptolinkapp.com *.mexc.io *.mexc.cc 2 frame-ancestors https://*.sanity.studio https://*.complex.com https://*.samsung-news.com 2 default-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; worker-src https: blob:; 2 frame-ancestors https://www.renault-group.com.cn 2 frame-ancestors 'self' https://planeetta.ladesk.com 2 default-src blob: https: data: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2 default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fleet.zone https://*.tallink.com https://*.adform.net https://*.bing.com https://*.clarity.ms http://*.crazyegg.com https://*.facebook.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.licdn.com https://*.noknok.ee http://*.typeform.com https://vercel.live; style-src 'self' 'unsafe-inline' https://*.fleet.zone https://*.tallink.com https://*.googleapis.com https://*.googletagmanager.com https://*.linkedin.com https://*.typeform.com; img-src 'self' blob: data: https://*.tallink.com https://*.bing.com https://*.chatlayer.ai https://*.cision.com https://*.clarity.ms https://*.cloudinary.com https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ee https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://*.seadform.net https://*.windows.net https://*.ytimg.com; font-src 'self' https://*.fleet.zone https://*.tallink.com https://*.gstatic.com; connect-src 'self' blob: data: https://*.fleet.zone https://*.fleet.zone:8443 https://*.tallink.com https://*.ably.io wss://*.ably.io https://*.ably-realtime.com wss://*.ably-realtime.com https://*.algolia.net https://*.bing.com https://*.bing.net https://*.chatlayer.ai https://*.clarity.ms https://*.cloudinary.com https://*.crazyegg.com https://*.demdex.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.linkedin.com https://*.noknok.ee https://*.reachmee.com https://*.rik.ee https://*.sentry.io https://*.typeform.com; manifest-src 'self'; frame-src 'self' https://*.fleet.zone https://*.tallink.com https://*.adform.net https://*.demdex.net https://*.facebook.com https://*.google.com https://infogram.com https://nasdaqbaltic.com https://*.noknok.ee https://*.typeform.com https://vercel.live https://*.youtube.com; frame-ancestors 'self' https://*.typeform.com; worker-src 'self' blob:; object-src 'self' data:; media-src 'self' blob: https://*.cloudinary.com https://*.googleapis.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.google-analytics.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://plausible.io https://js.hs-scripts.com https://js.hs-banner.com https://js.hsleadflows.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hsadspixel.net/fb.js https://googleads.g.doubleclick.net; frame-src https://consentcdn.cookiebot.com https://www.youtube.com https://td.doubleclick.net https://www.googletagmanager.com https://hub.n3mus.com https://n3mus.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://raw.githubusercontent.com https://cdn.sanity.io/images/76lym2dp/mb-production/ https://imgsct.cookiebot.com https://track.hubspot.com https://forms.hsforms.com https://avatars.githubusercontent.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://plausible.io; media-src 'self' https://cdn.sanity.io/files/76lym2dp/mb-production/; connect-src 'self' https://76lym2dp.api.sanity.io/ https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/subscan https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/hubspot/submitform https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hscollectedforms.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.hubapi.com https://forms.hubspot.com https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/hubspot/getform https://ecf0k54w4e.execute-api.us-east-1.amazonaws.com/dev/form/submit https://plausible.io; form-action 'self'; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; upgrade-insecure-requests 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amsoil.com *.amsoil.ca *.amsoilindustrial.com https://amsoilcontent.com https://www.amsoilcontent.com https://cdn.evgnet.com *.evergage.com https://amsoil.us-1.evergage.com https://analytics.amsoil.com https://analytics.amsoil.ca https://analytics.amsoilindustrial.com https://static.cloud.coveo.com https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net https://realtimeanalytics.yext.com https://cdnjs.cloudflare.com/ *.doubleclick.net https://snap.licdn.com https://bat.bing.com *.microsoft.com *.facebook.net *.facebook.com *.criteo.com *.criteo.net https://www.googletagmanager.com *.linkedin.com *.google.com https://www.googleoptimize.com *.hotjar.com *.bc0a.com *.brightedge.com cdn.b0e8.com device.clearsale.com.br https://www.paypalobjects.com *.paypal.com https://www.gstatic.com https://www.googleadservices.com *.wistia.com *.wistia.net https://az124611.vo.msecnd.net https://cookie-cdn.cookiepro.com https://cdn-us.clickdimensions.com cdn.attn.tv *.attentivemobile.com *.googlesyndication.com *.powerobjects.net *.zoominfo.com *.convertlanguage.com *.docusign.com https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://api.ipify.org https://appleid.cdn-apple.com https://*.trustarc.com *.niceincontact.com *.mountain.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://*.amazon-adsystem.com https://browser.sentry-cdn.com blob:; frame-src 'self' *.amsoil.com *.amsoil.ca https://amsoilcontent.com *.hotjar.com *.criteo.com *.criteo.net *.docusign.net *.docusign.com *.facebook.com *.google.com *.paypal.com *.doubleclick.net *.powerobjects.net *.googlesyndication.com *.wistia.com *.wistia.net creatives.attn.tv https://challenges.cloudflare.com https://a25683390326.cdn.optimizely.com https://a25683390326.cdn-pci.optimizely.com *.niceincontact.com https://*.trustarc.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com; frame-ancestors 'self' https://sapcc.amsoil.com; report-uri /csp-report 2 default-src 'self' fl.ru *.fl.ru static.fl.ru production-flru.website.yandexcloud.net *.mail.ru *.yandex.ru; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: *.fl.ru static.fl.ru production-flru.website.yandexcloud.net *.acstat.com artfut.com www.artut.com counter.rambler.ru mc.yandex.ru *.mail.ru *.tns-counter.ru; img-src data: blob: *; media-src *.fl.ru *.usedesk.ru static.fl.ru production-flru.website.yandexcloud.net; style-src 'unsafe-inline' 'unsafe-eval' blob: https: 'self' *.fl.ru static.fl.ru production-flru.website.yandexcloud.net; font-src 'self' data: blob: https: fonts.gstatic.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' *.fl.ru static.fl.ru smartcaptcha.yandexcloud.net yookassa.ru production-flru.website.yandexcloud.net *.hcaptcha.com *.soundcloud.com direct.yandex.ru mc.yandex.ru *.yandex.md yastatic.net *.typeform.com *.adriver.ru rutube.ru *.rutube.ru *.vimeo.com youtube.com *.youtube.com; child-src fl.ru *.fl.ru static.fl.ru; connect-src 'self' *.fl.ru fl.ru fl.ru:* *.fl.ru:* ws://fl.ru:* wss://fl.ru:* ws://*.fl.ru:* wss://*.fl.ru:* static.fl.ru ws://*.usedesk.ru *.usedesk.ru *.hcaptcha.com *.popmechanic.ru *.mradx.net *.mail.ru vk.com *.vk.com *.adriver.ru *.acstat.com static.fl.ru *.mail.ru wss://mc.yandex.ru *.yandex.ru yandex.ru ymetrica1.com; 2 default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com *.analytics.google.com *.google.com *.google-analytics.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.investisdigital.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.cloudflareinsights.com cloudflareinsights.com *.google.com *.google-analytics.com ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.analytics.google.com *.google.com *.google-analytics.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com *.rekai.se static.ws.apsis.one *.ws.apsis.one *.aspis.one static.ws.apsis.one *.contentsquare.net; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com *.static.ws.apsis.one static.ws.apsis.one; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com *.linkedin.com *.rekai.se audience.ws.apsis.one *.contentsquare.net; report-uri /report-csp-violation; upgrade-insecure-requests 2 frame-ancestors 'self' https://support.turbovpn.com 2 default-src 'self' *.adobe.io *.omtrdc.net www.facebook.com www.google-analytics.com; frame-src 'self' https://www.googletagmanager.com/ https://acrobatservices.adobe.com/ https://tools.eurolandir.com/ https://gamma.euroland.com/ https://www.youtube.com/ https://wavedw.santandergroup.net/ https://td.doubleclick.net/ https://documentservices.adobe.com https://open.spotify.com https://www.tiktok.com/ https://tr.snapchat.com *.google.com *.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/ ; media-src 'self' https://waveplayer01.santandergroup.net https://www.santander.com; img-src 'self' https://bat.bing.net/ https://cdn.cookielaw.org https://adservice.google.com https://*.inspiringbenefits.com https://*.linkedin.com https://abs.twimg.com https://analytics.twitter.com https://bat.bing.com https://dev.day.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.es *.omtrdc.net data: w3.org/svg/2000 https://*.clarity.ms https://dummyimage.com https://www.santander.com https://*.bing.com; script-src 'self' https://tools.euroland.com/ https://tools.eurolandir.com/ https://acrobatservices.adobe.com/ https://qvdt3feo.com/ https://sf16-website-login.neutral.ttwstatic.com/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_v1.0.11.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.js track.adform.net 'unsafe-inline' 'unsafe-eval' https://tr.snapchat.com cdn-dev.wdesk.org cdn-prod.wdesk.com sc-static.net platform.instagram.com documentservices.adobe.com www.googletagmanager.com maps.googleapis.com gruposantand-stage.adobemsbasic.com gruposantand-prod.adobemsbasic.com geolocation.onetrust.com cdn.cookielaw.org tbcdn.talentbrew.com player.vimeo.com www.youtube.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net fonts.gstatic.com www.google-analytics.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com www.adobe.io tag.oniad.com sstats.adobe.com documentcloud.adobe.com p13n.adobe.io viewlicense.adobe.io use.typekit.net santander.com www.santander.com gruposantand-prod.adobemsbasic.com static-exp1.licdn.com bat.bing.com stackadapt.com srv.stackadapt.com tags.srv.stackadapt.com syndication.twitter.com cdn.syndication.twimg.com licdn.com www.linkedin.com www.omtrdc.net www.instagram.com platform.twitter.com tbcdn.talentbrew.com maps.googleapis.com player.vimeo.com www.google.com www.google.es www.google-analytics.com www.gstatic.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net www.youtube.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com r3---sn-h5q7dne6.googlevideo.com ikuna.s3.amazonaws.com assets.adobedtm.com www.googletagmanager.com static.ads-twitter.com snap.licdn.com connect.facebook.net analytics.twitter.com https://www.googleadservices.com googleads.g.doubleclick.net https://accdn.lpsnmedia.net/api/account/52492817/configuration/setting/accountproperties/ https://assets.adobedtm.com/fdfbb5376673/978974bd73e8/launch-a4fb25bd3770.min.js sc-static.net/scevent.min.js https://bat.bing.com/bat.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10781141842/ https://lpcdn.lpsnmedia.net/le_unified_window/10.17.0.8-release_5442/ui-framework.js https://lptag.liveperson.net/tag/tag.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://tags.srv.stackadapt.com/events.js https://tags.tiqcdn.com/utag/santander/corporate-main-aem/prod/utag.js https://www.clarity.ms/tag/b84z53kzvw https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www.clarity.ms https://www.go-mpulse.net https://www.google-analytics.com; style-src tbcdn.talentbrew.com 'self' 'unsafe-inline' https://sf16-website-login.neutral.ttwstatic.com/ https://lf16-tiktok-web.ttwstatic.com/ https://platform.twitter.com https://tags.srv.stackadapt.com https://ton.twimg.com https://tags.srv.stackadapt.com/sa.css; connect-src 'self' https://bat.bing.net/ https://www.google.com https://cdn-prod.wdesk.com/ https://googleads.g.doubleclick.net/pagead/landing https://www.google.com/pagead/landing https://region1.google-analytics.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io/partner/3624849/domain/ https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://cdn.cookielaw.org https://bat.bing.com https://collect.tealiumiq.com *.omtrdc.net https://region1.analytics.google.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://viewlicense.adobe.io https://www.clarity.ms https://*.clarity.ms https://www.google-analytics.com https://www.google.es https://www.facebook.com/tr/ https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://tr.snapchat.com/p data:; font-src 'self' data:; object-src 'self' https://8853727.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/; 2 default-src 'none'; frame-ancestors 'self' serato.sanity.studio; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://*.googletagmanager.com https://*.facebook.net https://connect.facebook.net https://*.app-us1.com https://analytics.tiktok.com https://*.hotjar.com https://*.zdassets.com https://serato.zendesk.com https://*.iubenda.com https://insights.serato.com; font-src 'self' https://fast.fonts.net https://static.serato.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://static.serato.com https://*.hotjar.com https://*.iubenda.com; img-src 'self' data: https://*.cdn.sera.to https://cdn.sanity.io https://static.serato.com https://serato.com https://bat.bing.com https://*.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.facebook.com https://*.hotjar.com https://serato.zendesk.com https://*.iubenda.com https://insights.serato.com; connect-src 'self' https://*.serato.com https://*.sanity.io https://serato-limited.breezy.hr/json https://gtm-p9hq86n-mgfkm.uc.r.appspot.com https://analytics.google.com https://www.google-analytics.com https://bat.bing.com https://*.facebook.net https://connect.facebook.net https://*.app-us1.com https://analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.zdassets.com https://serato.zendesk.com wss://serato.zendesk.com https://*.iubenda.com https://insights.serato.com; media-src 'self' https://static.serato.com https://*.cdn.sera.to https://cdn.sanity.io; frame-src 'self' https://youtube.com https://www.youtube.com https://w.soundcloud.com https://embed.music.apple.com https://gtm-p9hq86n-mgfkm.uc.r.appspot.com https://*.iubenda.com https://insights.serato.com 2 frame-ancestors 'self' https://www.bing.com https://www.google.com https://*.search.yahoo.com https://www.naver.com https://www.baidu.com 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: data: wss:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' *; 2 frame-ancestors 'self' https://layout-cms.fox29.com; 2 default-src 'self' https:; connect-src https: wss:; font-src 'self' https: data:; frame-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline' 2 default-src 'self' https://pretix.eu https://static.pretix.cloud; script-src 'self' 'sha256-+tmFggeXIPOAC2UgcQ3LW/gPHTkwyWg3/D6FOJ5BHGo=' 'unsafe-eval' https://matomo.rami.io https://pretix.eu https://static.pretix.cloud https://support.rami.io; object-src 'none'; frame-src 'self' https://matomo.rami.io https://pretix.eu https://static.pretix.cloud https://support.rami.io https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' data: https://cdn.pretix.cloud https://pretix.eu https://static.pretix.cloud https://support.rami.io; connect-src 'self' https://cdn.pretix.cloud https://matomo.rami.io https://pretix.eu https://static.pretix.cloud https://support.rami.io ws://support.rami.io; img-src 'self' data: https://cdn.pretix.cloud https://matomo.rami.io https://pretix.eu https://static.pretix.cloud https://support.rami.io; font-src 'self' https://pretix.eu https://static.pretix.cloud; media-src 'self' data: https://cdn.pretix.cloud https://pretix.eu https://static.pretix.cloud; form-action 'self' https: https://pretix.eu 2 base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.botschool.ai https://api.botschool.ai wss://api.botschool.ai wss://api.ng.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud wss://*.engagement.coremedia.cloud https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://cloudflarestream.com https://*.creativecdn.com https://*.evergage.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.hcaptcha.com https://in.hotjar.com https://*.inmobi.com https://*.inside-graph.com wss://*.inside-graph.com https://*.qualifio.com https://*.qualifioapp.com https://*.qualtrics.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://visit-server.inmobi-choice.io https://*.weglot.io https://*.clarity.ms https://*.doubleclick.net https://quantcast.mgr.consensu.org https://*.quantcast.mgr.consensu.org https://*.userway.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt https://analytics-ipv6.tiktokw.us; default-src 'self'; font-src 'self' data: https://*.meo.pt https://cdnjs.cloudflare.com https://*.evergage.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net; form-action 'self' https://*.meo.pt https://*.engagement.coremedia.cloud https://*.byside.com https://www.facebook.com https://connect.facebook.net; frame-ancestors 'self' https://en.meo.pt https://sapo.pt https://hp2025.bk.sapo.pt https://cinema.sapo.pt https://mag.sapo.pt https://preview.sapo.pt https://hp2025.staging.sapo.pt https://tv.sapo.pt https://www.sapo.pt; frame-src 'self' https://*.meo.pt https://youtu.be https://*.engagement.coremedia.cloud https://stags.bluekai.com https://*.byside.com https://*.creativecdn.com https://www.facebook.com https://*.figma.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.hcaptcha.com https://vars.hotjar.com https://*.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.youtube.com https://*.smark.io https://*.meo.velocidi.io https://*.brightcove.net https://*.doubleclick.net https://*.userway.org https://qualifio.sapo.pt https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' blob: data: https://*.meo.pt; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://tags.bkrtx.com https://*.byside.com https://cdnjs.cloudflare.com https://*.creativecdn.com https://*.evergage.com https://cdn.evgnet.com https://*.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.hcaptcha.com https://*.hotjar.com https://*.inmobi.com https://*.inside-graph.com https://*.qualifio.com https://*.qualifioapp.com https://*.qualtrics.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://p.smrk.io https://*.meo.velocidi.io https://u.heatmap.it https://*.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://quantcast.mgr.consensu.org https://*.userway.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://*.engagement.coremedia.cloud https://s3.amazonaws.com https://*.byside.com https://*.evergage.com https://use.fontawesome.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://cdn.weglot.com https://fast.fonts.net https://*.userway.org https://selo.confio.pt; worker-src 'self' blob:; object-src 'none' 2 frame-ancestors 'self' https://www-buickgmcanzures-com-mx.wpsegment15.proj.wpx.gm.com https://www.buickgmcanzures.com.mx https://www.chevroletjilotepec.com.mx https://www.chevroletamericasmotors.com.mx https://www.chevroletsanjuandelrio.com.mx https://www.chevroletcalidadsanjeronimo.com.mx https://www-chevroletamericasmotors-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletamericasmotors-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletsanjuandelrio-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletcalidadsanjeronimo-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://z1.le.liveperson.net https://www-chevroletherrerazac-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletherrerazac-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletherrerazac.com.mx https://www-chevroletcentrohistorico-com-mx.wpsegment15.proj.wpx.gm.com https://www-chevroletcentrohistorico-com-mx.wpsegment15.prd2.wpx.gm.com https://www.chevroletcentrohistorico.com.mx https://www-chevroletconstituyentes-com-mx.wpsegment15.prd1.wpx.gm.com https://www-chevroletconstituyentes-com-mx.wpsegment15.proj.wpx.gm.com https://www.chevroletconstituyentes.com.mx http://www.chevroletcentrohistorico.com https://www.chevrolet.com.co https://www.chevroletsf.com.co https://www-chevrolet-com-co.prd1a.wpx.gm.com/plan-siempre-chevrolet https://www-buickgmccadillacloscabos-com-mx.proj.wpx.gm.com/ https://www-buickgmccadillacloscabos-com-mx.prd1.wpx.gm.com/ https://www.buickgmccadillacloscabos.com.mx/ https://www-chevroleteltreboluniversidad-com-mx.proj.wpx.gm.com/ https://www-chevroleteltreboluniversidad-com-mx.prd1.wpx.gm.com/ https://www.chevroleteltreboluniversidad.com.mx/ https://www-buickgmccuautla-com-mx.proj.wpx.gm.com/ https://www-buickgmccuautla-com-mx.prd1.wpx.gm.com/ https://www.buickgmccuautla.com.mx/ *.fidev.bet fidev.bet *.jsitor.com jsitor.com gmfinancial.everfi-next.net *.gmfinancial.com gmfinancial.com; 2 default-src 'self' https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.stg.drchrono.dev/api/3/security/?sentry_key=214b3d414c5b49fda88012161318b1d1&sentry_environment=headers 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' app.koofr.net; navigate-to 'self' app.koofr.net; 2 base-uri *; font-src * data:; form-action *; frame-ancestors *; img-src * data: blob:; object-src *; script-src-attr 'none'; style-src * https: 'unsafe-inline'; upgrade-insecure-requests; 2 default-src 'self' https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://matomo.ovgu.de/; connect-src https://vtdnntts-eu.readspeaker.com/cgi-bin/vtapi4/8a5329cbccf8907da3d36aa9009fcaf0.flv https://app-eu.readspeaker.com/cgi-bin/rsent?logid=4717&ver=3.2.5_rev1125-wr *.ovgu.de; img-src 'self' *.ovgu.de data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.ovgu.de/; object-src 'none'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.ovgu.de *.uni-magdeburg.de; frame-src https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://www.google.com/maps/ *.ovgu.de *.uni-magdeburg.de; upgrade-insecure-requests 2 default-src 'self'; img-src data: 'self' https://media.home.bargains https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookielaw.org https://*.facebook.com https://*.clarity.ms; style-src 'self' 'nonce-8Jhw1Lzp' 'sha256-ND6iXW1aHR5g8r/LihFfVXNCyOKpEA+yocHMpZEXexw=' 'nonce-9dj7hsk2' https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; script-src 'self' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-58kCxrZMl/eGrC3RTZz3GdbVVWE7J0AIn2DvVm+5jjM=' 'nonce-8Jhw1Lzp' https://js.stripe.com https://tagmanager.google.com https://*.googletagmanager.com https://*.clarity.ms https://*.cookielaw.org https://*.facebook.net https://analytics.ahrefs.com; frame-ancestors 'none'; frame-src https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://*.clarity.ms https://*.cookielaw.org https://*.onetrust.com https://*.cookie-script.com https://o4504927879692288.ingest.sentry.io https://analytics.ahrefs.com; 2 default-src 'self' *.google-analytics.com fonts.gstatic.com 'unsafe-inline' pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdn.cookielaw.org 'unsafe-eval' *.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.licdn.com static.ads-twitter.com platform.twitter.com *.visualwebsiteoptimizer.com *.mktoresp.com bid.g.doubleclick.net *.omappapi.com *.globalpaymentsintegrated.com *.ads.linkedin.com *.twitter.com *.google.com ws.zoominfo.com px.ads.linkedin.com; font-src 'self' fonts.gstatic.com *.dataweavers.io; frame-ancestors 'none'; img-src 'self' *.adsymptotic.com *.dataweavers.io *.visualwebsiteoptimizer.com app.vwo.com *.google-analytics.com static.ads-twitter.com platform.twitter.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' t.co www.facebook.com px.ads.linkedin.com www.google.com www.google.com.au *.twitter.com *.linkedin.com data: www.google.co.in gateway.zscloud.net; script-src-elem 'self' www.googletagmanager.com static.ads-twitter.com platform.twitter.com *.licdn.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com 'unsafe-inline' *.google-analytics.com cdn.cookielaw.org *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.dataweavers.io 'unsafe-eval' www.googleadservices.com munchkin.marketo.net analytics.twitter.com ws.zoominfo.com *.omappapi.com *.globalpaymentsintegrated.com gateway.zscloud.net; style-src-elem 'self' *.dataweavers.io 'unsafe-inline' *.omappapi.com; worker-src 'self' px.ads.linkedin.com blob:; 2 default-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net ws://socket.spacehey.com wss://socket.spacehey.com; script-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; style-src 'unsafe-inline' 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; img-src data: 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; frame-src https:; connect-src https: ws://socket.spacehey.com wss://socket.spacehey.com; form-action https:; object-src 'none'; 2 default-src 'self' data:; connect-src 'self' piwik.itzbund.de cldf-wzw-od.r53.cdn.tv1.eu; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtu.be *.ytimg.com *.vimeo.com *.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com youtube.com *.youtu.be youtu.be *.vimeo.com *.aktion-mensch.de *.materna.de *.cdninstagram.com *.youtube-nocookie.com *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtu.be *.vimeo.com *.twitter.com *.instagram.com *.cdninstagram.com *.youtube-nocookie.com *.3qsdn.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtu.be *.twitter.com *.cdninstagram.com *.youtube-nocookie.com *.ytimg.com *.openstreetmap.org; frame-ancestors 'self'; upgrade-insecure-requests; 2 default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: *; child-src blob: ; 2 font-src 'self' data: https://*.cipd.org https://*.hotjar.com https://*.typekit.net https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.cipd.org https://*.typekit.net https://cdn.jsdelivr.net https://cipd.my.site.com https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com https://p.typekit.net https://use.typekit.net https://web-sdk-eu.aptrinsic.com https://www.googletagmanager.com/debug/badge.css; style-src 'unsafe-inline' https://*.cipd.co.uk https://*.cipd.org https://*.hotjar.com https://*.typekit.net https://cipd.my.site.com https://fonts.googleapis.com/ https://googletagmanager.com https://tagmanager.google.com; script-src-attr 'unsafe-eval' 'unsafe-inline' https://cipd.my.site.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.collect.igodigital.com https://*.eventbrite.co.uk https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.idio.episerver.net https://*.infogram.com https://*.onetrust.com https://*.optimizely.com https://*.youtube.com https://7227074.collect.igodigital.com https://auth.cipd.co.uk https://bat.bing.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com/ https://cipd.my.site.com https://code.jquery.com/ https://common.optimizely.com https://connect.facebook.net https://e.infogram.com https://infogram.com https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com https://metrics.responsetap.com https://s3.amazonaws.com https://siteimproveanalytics.com https://snap.licdn.com https://static-ssl.responsetap.com https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://zingtree.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.infogram.com https://cipd.my.site.com https://e.infogram.com https://googleads.g.doubleclick.net https://googletagmanager.com https://pagead2.googlesyndication.com https://tagmanager.google.com https://www.facebook.com https://www.facebook.com/tr https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com; style-src-attr 'unsafe-inline'; frame-src 'self' https://*.acast.com/ https://*.eventbrite.co.uk https://*.optimizely.com https://*.siteimprove.com https://cipd.my.site.com https://dashboard.find.episerver.net https://e.infogram.com https://infogram.com https://td.doubleclick.net https://w.soundcloud.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com https://zingtree.com; img-src 'self' data: https://*.ads.linkedin.com https://*.analytics.google.com https://*.cipd.co.uk https://*.cipd.org https://*.evbuc.com https://*.eventbrite.co.uk https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.global.siteimproveanalytics.io https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.idio.episerver.net https://*.linkedin.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://cdn-ukwest.onetrust.com https://fonts.gstatic.com/s/i/googlematerialicons/label_off/v6/gm_grey-48dp/1x/gm_label_off_gm_grey_48dp.png https://fonts.gstatic.com/s/i/googlematerialicons/more/v6/gm_blue-48dp/1x/gm_more_gm_blue_48dp.png https://google.com https://googleads.g.doubleclick.net https://googletagmanager.com https://i.ytimg.com https://nova.collect.igodigital.com https://optimizely-public-design-assets.s3.amazonaws.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://region1.google-analytics.com https://ssl.gstatic.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com www.googletagmanager.com; connect-src 'self' http://10.43.17.25:15871 https://*.ads.linkedin.com https://*.analytics.google.com https://*.cipd.co.uk https://*.cipd.org https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.optimizely.com https://*.services.visualstudio.com https://*.siteimprove.com https://1752680588.rsc.cdn77.org https://ad.doubleclick.net https://cdn-ukwest.onetrust.com https://cdn.linkedin.oribi.io https://cipd.my.salesforce-scrt.com https://esp-eu.aptrinsic.com https://geolocation.onetrust.com https://google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googleadservices.com wss://*.hotjar.com www.google.com www.googletagmanager.com; default-src 'self' 'unsafe-eval' https://*.acast.com/ https://*.cipd.co.uk https://*.cipd.org https://*.idio.episerver.net https://auth.cipd.co.uk https://p.typekit.net https://use.typekit.net; form-action 'self'; 2 object-src 'none'; base-uri 'none'; default-src https://isnic.is https://www.isnic.is/; style-src https://isnic.is https://www.isnic.is/; font-src https://isnic.is https://www.isnic.is/; script-src https://isnic.is https://www.isnic.is/; img-src https://isnic.is https://www.isnic.is/ https://www.rix.is; connect-src https://isnic.is https://www.isnic.is/; frame-ancestors 'none'; report-uri /default/csp; 2 default-src 'self' blob: *.aman-d8.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com cloud.typography.com *.sojern.com 'unsafe-inline' 'unsafe-eval'; worker-src blob: *.aman.com *.rudderlabs.com; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.brightcove.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.googleadservices.com impactradius-event.com utt.impactcdn.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com *.recaptcha.net *.google.com logs-01.loggly.com ojrq.net *.zencdn.net *.thehotelsnetwork.com *.google-analytics.com https://d2wy8f7a9ursnm.cloudfront.net/v6/bugsnag.min.js *.analytics.google.com s.yimg.jp snap.licdn.com connect.facebook.net d.line-scdn.net p.relay-t.io js.sentry-cdn.com *.yahoo.co.jp *.clarity.ms bat.bing.com cdn.linkedin.oribi.io https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/intlTelInput-jquery.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/js/utils.js fxgate.baidu.com secure-hotel-tracker.com newbooking.azds.com *.cinnox.cn https://*.googletagmanager.com aman-d8.my127.site browser.sentry-cdn.com *.visualwebsiteoptimizer.com app.vwo.com https://acsbapp.com https://accesswidget-log-receiver.acsbapp.com https://global.localizecdn.com https://js.appboycdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js.adsrvr.org https://*.cloudflare.com https://*.metrics.brightcove.com api.mapbox.com js-agent.newrelic.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com *.sojern.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cloud.typography.com *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com *.thehotelsnetwork.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css newbooking.azds.com cdnjs.cloudflare.com *.cinnox.cn *.aman-d8.my127.site *.visualwebsiteoptimizer.com app.vwo.com https://use.fontawesome.com api.mapbox.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com; img-src 'self' data: about: *.brightcove.net *.brightcove.com *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com *.boltdns.net *.google-analytics.com *.onetrust.com *.thehotelsnetwork.com https://www.google.com https://www.google.com.uk https://www.google.co.uk https://px.ads.linkedin.com https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/img/flags.png bat.bing.com tr.line.me ad.doubleclick.net doubleclick.net www.facebook.com *.clarity.ms newbooking.azds.com dbmajt85xhr99.cloudfront.net controlcenter-p1.synxis.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.bing.com *.linkedin.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.aman-d8.my127.site *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com appboy-images.com braze-images.com cdn.braze.eu https://ade.googlesyndication.com *.mapbox.com https://*.cloudflare.com api.mapbox.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com; media-src 'self' blob: *.buyatab.com *.aman.com *.akamaihd.net *.boltdns.net *.aman-d8.my127.site *.brightcovecdn.com *.media.brightcove.com *.cf.brightcove.com; frame-src *; frame-ancestors 'self'; child-src *; font-src 'self' data: *.typekit.net *.aman.com *.gstatic.com *.cinnox.com *.thehotelsnetwork.com newbooking.azds.com dbmajt85xhr99.cloudfront.net d1t1qzzb2zwrre.cloudfront.net *.cinnox.cn *.aman-d8.my127.site https://use.fontawesome.com; connect-src 'self' *.aman.com *.boltdns.net *.thehotelsnetwork.com *.quantummetric.com *.akamaihd.net *.doubleclick.net *.google-analytics.com *.nr-data.net ws: 'unsafe-eval' *.googleapis.com *.onetrust.com *.synxis.com *.cinnox.com impactradius-event.com utt.impactcdn.com *.brightcove.com ojrq.net logs-01.loggly.com amanresorts.pxf.io sessions.bugsnag.com p.relay-t.io cdn.linkedin.oribi.io pagead2.googlesyndication.com *.clarity.ms newbooking.azds.com *.analytics.google.com *.cinnox.cn https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.aman-d8.my127.site px.ads.linkedin.com am.yahoo.co.jp *.visualwebsiteoptimizer.com app.vwo.com https://cdn.acsbapp.com/config/stage.www.aman.com/config.json https://cdn.acsbapp.com/cache/app/wildcards.json https://sdk.iad-01.braze.com https://sdk.fra-02.braze.eu https://www.facebook.com *.mapbox.com p.typekit.net use.typekit.net fastly-signed-eu-west-1-prod.brightcovecdn.com *.brightcovecdn.com insight.adsrvr.org bat.bing.com apm.yahoo.co.jp https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com *.sojern.com; upgrade-insecure-requests 2 frame-ancestors 'self' https://microapps.google.com/ 2 font-src 'self' 2 default-src 'self' data: blob: ws: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.sentry.io *.facebook.com *.facebook.net *.everesttech.net *.hotjar.com *.cloudflare.com *.bing.com *.arcot.com *.ondemand.com *.fontawesome.com *.auth0.com *.creditmutuel.fr *.bioz.com *.vwr.com *.lfeeder.com *.leadfeeder.com *.doubleclick.net *.avantorsciences.com *.avantorsciences.cn *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.worldpay.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.chatlayer.ai *.sinch.com *.ably-realtime.com *.ably.io *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.everesttech.net *.cloudflare.com *.bing.com *.avantorsciences.com *.avantorsciences.cn *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.vwr.com *.lfeeder.com *.leadfeeder.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.everesttech.net *.cloudflare.com *.bing.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.sinch.com *.ably-realtime.com *.ably.io *.chatlayer.ai *.sentry.io *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.lfeeder.com *.leadfeeder.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.worldpay.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.everesttech.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.avantorsciences.cn *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://api.brightfunnel.com http://api.brightfunnel.com api.brightfunnel.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://ws.zoominfo.com http://ws.zoominfo.com ws.zoominfo.com https://c.ltmsphrcl.net http://c.ltmsphrcl.net c.ltmsphrcl.net https://data.stbuttons.click http://data.stbuttons.click data.stbuttons.click https://dev.visualwebsiteoptimizer.com http://dev.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com http://px.ads.linkedin.com px.ads.linkedin.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://tag-logger.demandbase.com http://tag-logger.demandbase.com tag-logger.demandbase.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://www.google.de http://www.google.de www.google.de https://www.google.es http://www.google.es www.google.es https://www.google.mw http://www.google.mw www.google.mw https://www.google.pt http://www.google.pt www.google.pt https://www.google.tn http://www.google.tn www.google.tn https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://analytics.google.com http://analytics.google.com analytics.google.com https://www.convertcalculator.com http://www.convertcalculator.com www.convertcalculator.com https://get663.com http://get663.com get663.com https://bat.bing.com http://bat.bing.com bat.bing.com https://overbridgenet.com http://overbridgenet.com overbridgenet.com https://adtonus.com http://adtonus.com adtonus.com https://code.jquery.com http://code.jquery.com code.jquery.com https://rbtds.net http://rbtds.net rbtds.net https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://translate-pa.googleapis.com http://translate-pa.googleapis.com translate-pa.googleapis.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://sentry.io http://sentry.io sentry.io https://*.clarity.ms http://*.clarity.ms *.clarity.ms https://api.company-target.com http://api.company-target.com api.company-target.com https://segments.company-target.com http://segments.company-target.com segments.company-target.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net https://pouch-global-font-assets.s3.eu-central-1.amazonaws.com http://pouch-global-font-assets.s3.eu-central-1.amazonaws.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com https://at.alicdn.com http://at.alicdn.com at.alicdn.com https://static.hsappstatic.net http://static.hsappstatic.net static.hsappstatic.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'self'; frame-src 'self' https://*.youtube.com http://*.youtube.com *.youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://gateway.zscloud.net http://gateway.zscloud.net gateway.zscloud.net https://*.spotify.com http://*.spotify.com *.spotify.com https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://*.bilibili.com http://*.bilibili.com *.bilibili.com https://gateway.zscaler.net http://gateway.zscaler.net gateway.zscaler.net https://gateway.zscalerthree.net http://gateway.zscalerthree.net gateway.zscalerthree.net https://w.soundcloud.com http://w.soundcloud.com w.soundcloud.com https://indd.adobe.com http://indd.adobe.com indd.adobe.com https://interfaces.zapier.com http://interfaces.zapier.com interfaces.zapier.com https://zapbot-12acdb.zapier.app http://zapbot-12acdb.zapier.app zapbot-12acdb.zapier.app https://s.company-target.com http://s.company-target.com s.company-target.com; img-src 'self' https://* http://* * blob: data:; media-src 'self' https://youtube.com http://youtube.com youtube.com https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://download-video-ak.vimeocdn.com http://download-video-ak.vimeocdn.com download-video-ak.vimeocdn.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.brightfunnel.com http://*.brightfunnel.com *.brightfunnel.com https://*.newrelic.com http://*.newrelic.com *.newrelic.com https://*.terminus.com http://*.terminus.com *.terminus.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.getsmartcontent.com http://*.getsmartcontent.com *.getsmartcontent.com https://img.en25.com http://img.en25.com img.en25.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://up.pixel.ad http://up.pixel.ad up.pixel.ad https://ws-assets.zoominfo.com http://ws-assets.zoominfo.com ws-assets.zoominfo.com https://tag.demandbase.com http://tag.demandbase.com tag.demandbase.com https://*.convertcalculator.co http://*.convertcalculator.co *.convertcalculator.co https://www.youtube.com http://www.youtube.com www.youtube.com https://data1.yutrec.com http://data1.yutrec.com data1.yutrec.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com cdnjs.cloudflare.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://dev.visualwebsiteoptimizer.com http://dev.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com https://www.convertcalculator.com http://www.convertcalculator.com www.convertcalculator.com https://pagead2.googlesyndication.com http://pagead2.googlesyndication.com pagead2.googlesyndication.com https://get663.com http://get663.com get663.com https://sc-static.net http://sc-static.net sc-static.net https://3001.scriptcdn.net http://3001.scriptcdn.net 3001.scriptcdn.net https://cdn.adnwif.smt.docomo.ne.jp http://cdn.adnwif.smt.docomo.ne.jp cdn.adnwif.smt.docomo.ne.jp https://checkout-api.worldshopping.jp http://checkout-api.worldshopping.jp checkout-api.worldshopping.jp https://s.pinimg.com http://s.pinimg.com s.pinimg.com https://s.yimg.jp http://s.yimg.jp s.yimg.jp https://static.ads-twitter.com http://static.ads-twitter.com static.ads-twitter.com https://www.clarity.ms http://www.clarity.ms www.clarity.ms https://infird.com http://infird.com infird.com https://abfc-extension.com http://abfc-extension.com abfc-extension.com https://apis.google.com http://apis.google.com apis.google.com https://app.convertcalculator.co http://app.convertcalculator.co app.convertcalculator.co https://scripts.convertcalculator.com http://scripts.convertcalculator.com scripts.convertcalculator.com https://interfaces.zapier.com http://interfaces.zapier.com interfaces.zapier.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://www.gstatic.com http://www.gstatic.com www.gstatic.com https://cdn.scite.ai http://cdn.scite.ai cdn.scite.ai 'unsafe-inline'; worker-src blob: 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.ipeye.com.tr ipeye.com.tr ipglaz.kz https://www.ipglaz.kz https://www.ipeye.by ipeye.by https://smartcaptcha.yandexcloud.net https://www.google.com https://www.gstatic.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.yandex.ru mc.yandex.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net *.roistat.com tech.rtb.mts.ru qoopler.ru use.fontawesome.com app.diagrams.net viewer.diagrams.net; font-src 'self' https://www.ipeye.com.tr ipeye.com.tr ipglaz.kz https://www.ipglaz.kz https://www.ipeye.by ipeye.by https://www.ipeye.ru yastatic.net; frame-src 'self' https://www.ipeye.com.tr ipeye.com.tr ipglaz.kz https://www.ipglaz.kz https://www.ipeye.by ipeye.by ipeye.ru docs.google.com https://www.youtube.com https://www.youtube-nocookie.com/ mc.yandex.ru mc.yandex.com https://www.google.com https://smartcaptcha.yandexcloud.net; img-src 'self' data: i.ytimg.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net yandex.ru mc.yandex.ru mc.yandex.com https://www.ipeye.com.tr ipeye.com.tr ipglaz.kz https://www.ipglaz.kz https://www.ipeye.by ipeye.by; 2 frame-ancestors https://*.zscalertwo.net *.sick.com *.sickcn.net *.sickcn.com *.crm4.dynamics.com cdn.appdynamics.com; 2 default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 'wasm-unsafe-eval'; worker-src blob:; child-src blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https: blob:; media-src 'self' video.tesa.com *.youtube.com *.zohocdn.com static.zdassets.com; connect-src 'self' https: blob: wss://*.hotjar.com wss://*.zohopublic.eu wss://*.zopim.com; frame-ancestors 'none' 2 frame-ancestors 'self' https://*.swansea.ac.uk https://*.swan.ac.uk https://app.myday.cloud myday://app.myday.cloud https://swanseauni.myday.cloud https://swansea-uk.libwizard.com; 2 base-uri 'none'; default-src 'self' data: https: wss: 'unsafe-inline'; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://www.googletagmanager.com https://widget.netigate.se https://widget-api.netigate.se https://widgetapi-stage.netigate.se https://netigate.se https://devwidgetstatic.z6.web.core.windows.net; frame-src 'self' https://cdn.cookielaw.org https://www.google-analytics.com https://www.youtube-nocookie.com/ https://www.youtube.com/ https://s20.video-stream-hosting.de https://start.video-stream-hosting.de https://*.frcapi.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com https://cdn.cookielaw.org 2 frame-ancestors http://webvisor.com; 2 default-src 'none'; img-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; connect-src 'self'; script-src 'self' 2 default-src 'self' *.joinsmarty.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googlesyndication.com *.stripe.com *.trustpilot.com *.facebook.net *.facebook.com *.pinimg.com *.bing.com *.pinterest.com *.stripe.network *.clarity.ms cdn.ywxi.net *.gstatic.com *.trustedsite.com *.transactiongateway.com cdn.sitesasset.com smrty.s3.us-west-1.amazonaws.com smrty.s3.us-west-2.amazonaws.com smrty-qa.s3.us-west-1.amazonaws.com smrty-qa.s3.us-west-2.amazonaws.com smrty.s3-us-west-1.amazonaws.com smrty.s3-us-west-2.amazonaws.com smrty-qa.s3-us-west-1.amazonaws.com smrty-qa.s3-us-west-2.amazonaws.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.ladesk.com *.doubleclick.net *.shareasale.com *.shopify.com assets-global.website-files.com *.impact.com *.cloudfront.net *.awin.net *.awin.com *.bravodeal.com *.bravo-savings-network.com *.jquery.com *.digitaloceanspaces.com data: blob: 'unsafe-inline' 'unsafe-eval' *.amazon.com *.barcodelookup.com *.cookiepro.com *.here.com *.hereapi.com *.google.co.in *.ssl-images-amazon.com *.onetrust.com media.pepperjamnetwork.com *.sentry.io *.shipmentsfree.com *.gravitycybertech.com www.googletagmanager.com ad.doubleclick.net www.advconversion.com *.taboola.com post.adgatemedia.com bat.bing.com conversions.clickmeter.com liquidpch.go2cloud.org s.yimg.com servetrack.go2cloud.org trends.revcontent.com e9lak.endtrk.com klaymedia.servecvr.com events.pushtrack.co www.groovast.com trk.shophermedia.net go.shetrack.com amplify.outbrain.com rtb.mfadsrvr.com tracking.lifestylejournal.com www.googleadservices.com *.playgamesnow.org www.drcvr.com *.mediago.io s.pinimg.com secco.servecvr.com tracking.propelmedia.com appfocus.go2cloud.org wsdk.rokt.com r.financebuzz.com static.ads-twitter.com pubads.g.doubleclick.net pushpros.go2cloud.org *.liadm.com www.steadyhop.com securetracking.adsprotection.com www.tp88trk.com f.cstpersl.com t1.anytrack.io imtrk.go2cloud.org ad.propellerads.com www.imcounting.com serve.popads.net www.pbterra.com www.chant3rm1.com eng.trkcnv.com *.dergoodting.com *.cvrdomain.com traktum.com cdn1.decide.dev restersu.info *.zeeto.io *.pixelitooo.com *.conversionpx.com f.fluadv.com track.adspostx.com *.findshipmentsfree.com *.findsmartyplus.com *.free-shipments.com *.freeshipments.com *.freeshpmts.com *.getshipmentsfree.com *.getsmartrx.com *.getsmartyapp.com *.getsmartyoffers.com *.getsmartyplus.com *.getsmartysavings.com *.goshipmentsfree.com *.joinbeautyclub.com *.joinfansclub.com *.joinfreedelivery.com *.joinpetsclub.com *.joinsmartyplus.com *.lapost.com *.myshipmentsfree.com *.nocostshipping.com *.savewithsmarty.com *.savingsforthesavvy.com *.scour.com *.shipmentfree.com *.shipmentprotection.com *.shipmentsfreeclub.com *.shipmentsfreeinfo.com *.shipmentsfreenow.com *.shipmentsfreepro.com *.shipmentsfreezone.com *.smartyaffiliates.com *.smartycashback.com *.smartycoins.com *.smartyestsavings.com *.smartymoneysavings.com *.smartyplus.net *.smartyplusinfo.com *.smartyplusnow.com *.smartypluszone.com *.smartypremium.com *.travyclub.com *.try-smarty.com *.tryshipmentsfree.com *.trysmartyplus.com cdn.joinsmarty.com 2 default-src 'self'; object-src 'self' *.cdn.datatables.net cdn.datatables.net; connect-src 'self' *.mikrotik.com *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com chatwith.tools; style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com cdn.jsdelivr.net use.typekit.net www.mikrotik.com; img-src 'self' data: *.mikrotik.com *.mt.lv i.ytimg.com api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com; frame-src 'self' *.mikrotik.com *.mt.lv tiktube.com youtu.be youtube.com www.youtube.com www.google.com chatwith.tools; font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv; frame-ancestors 'self' *.mt.lv; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: 127.0.0.1 ironcladapp.com *.ironcladapp.com sync-transcend-cdn.com *.transcend-cdn.com *.sync-transcend-cdn.com transcend-cdn.com *.liadm.com *.usbrowserspeed.com *.ip-api.com *.getwarmly.com knotch.com *.knotch.com knotch-cdn.com *.knotch-cdn.com pactsafe.io *.pactsafe.io prod.impartner.live *.impartner.live packages.prmcdn.io pixel-config.reddit.com *.redditstatic.com *.prmcdn.io ironclad.partner-experience.com *.yoast.com *.algolianet.com *.algolia.net *.spotify.com *.storylane.io ironcladapp.com *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.mutinyhq.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.mutinycdn.com *.litix.io *.tryinteract.com *.knotch.it *.mindtickle.com *.cookielaw.org *.onetrust.com *.sayprimer.com *.ipapi.co ipapi.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: 127.0.0.1 *.ashbyhq.com https://tags.fullcontact.com *.remarketstats.com *.redditstatic.com *.liadm.com *.usbrowserspeed.com *.getwarmly.com *.amazonaws.com transcend-cdn.com www.knotch-cdn.com *.knotch-cdn.com yoast.com *.yoast.com prod.impartner.live *.impartner.live packages.prmcdn.io *.prmcdn.io *.spotify.com *.cloudfront.net *.pactsafe.io *.storylane.io ironcladapp.com *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.mindtickle.com *.cookielaw.org *.onetrust.com *.sayprimer.com *.ipapi.co ipapi.co; img-src 'self' blob: data: wss: files.bugherd.com www.bugherd.com *.addevent.com https://www.bugherd.com *.spotify.com alb.reddit.com pixel-config.reddit.com *.akamaihd.net *.cloudfront.net *.pactsafe.io ironcladapp.com *.storylane.io *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.knotch.it *.mindtickle.com *.cookielaw.org *.onetrust.com; font-src 'self' wss: blob: data: *.transcend.io *.lottiefiles.com *.mutinycdn.com ipinfo.io ironcladapp.com *.ironcladapp.com *.storylane.io *.wpengine.com *.wpenginepowered.com *.wistia.net *.wistia.com *.gstatic.com *.tryinteract.com fast.wistia.net *.mindtickle.com; media-src 'self' blob: data: wss: *.transcend.io ironcladapp.com *.ironcladapp.com *.wpengine.com ipinfo.io *.wpenginepowered.com *.storylane.io *.mutinycdn.com *.litix.io *.tryinteract.com *.wistia.com fast.wistia.net *.mindtickle.com *.cookielaw.org *.onetrust.com; frame-ancestors https://ironcladapp.wpenginepowered.com *.wistia.net *.ashbyhq.com *.wistia.com *.mindtickle.com *.cookielaw.org *.onetrust.com *.bugsnag.com *.ashbyhq.com; connect-src 'self' http://www.w3.org https://www.w3.org https://www.googletagmanager.com https://www.facebook.com https://bat.bing.com https://tracking-api.g2.com https://stats.g.doubleclick.net https://pagestates-tracking.crazyegg.com https://api.fullcontact.com https://assets-tracking.crazyegg.com https://idx.liadm.com https://www.redditstatic.com https://conversions-config.reddit.com https://528-qbh-821.mktoresp.com https://tracking.crazyegg.com https://rp.liadm.com https://script.crazyegg.com https://cdn.segment.com https://api.segment.io https://www.googleadservices.com https://pixel-config.reddit.com https://web-script.api.sayprimer.com https://www.google.com https://analytics.google.com https://ipinfo.io https://app.qualified.com wss://ws2.qualified.com https://px.ads.linkedin.com *.bugsnag.com *.ashbyhq.com *.cookielaw.org https://unpkg.com *.onetrust.com https://epsilon.6sense.com https://ipapi.co https://*.6sc.co https://j.6sc.co https://secure.adnxs.com *.mutinycdn.com *.mutinyhq.io *.google-analytics.com ; frame-src 'self' blob: *.ashbyhq.com https://quiz.tryinteract.com https://explore.ironcladapp.com https://*.ironcladhq.com https://ironclad.storylane.io https://fast.wistia.net https://www.google.com https://analytics.google.com https://ipinfo.io https://app.qualified.com wss://ws2.qualified.com https://px.ads.linkedin.com https://www.googletagmanager.com https://i.liadm.com https://accounts.google.com ; 2 default-src data: https: blob: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 2 default-src 'self' 'unsafe-inline' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.bundesfinanzministerium.de *.youtube.com https://medien.zoll.bund.de *.stage.bio; img-src 'self' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.bundesfinanzministerium.de *.openstreetmap.de data: *.stage.bio; script-src 'self' 'unsafe-inline' 'unsafe-eval' zollweb.preview.zoll.intranet.bund.de *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com *.stage.bio 2 frame-ancestors 'self' *.dastelefonbuch.de *.schatten.dastelefonbuch.de *.telefonbuch.de *.meinungsmeister.de 2 connect-src https://*.adtrafficquality.google https://www.adtrafficquality.google https://*.googlesyndication.com https://googlesyndication.com https://*.hotjar.io 'self' webpack: https://*.google.com https://region1.google-analytics.com https://www.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.clarity.ms https://*.cookiebot.com https://*.linkedin.com https://*.doubleclick.net https://*.facebook.com https://*.riba.org;frame-src https://*.adtrafficquality.google https://www.googleadservices.com/ https://*.doubleclick.net/ https://*.googlesyndication.com https://*.adtrafficquality.google/ https://www.ribacpd.com/ 'self' https://www.googletagmanager.com https://www.youtube.com https://consentcdn.cookiebot.com https://*.vimeo.com https://*.powerbi.com https://*.soundcloud.com https://*.canva.com https://*.wufoo.eu https://*.wufoo.com https://*.google.co.uk https://*.google.com https://*.office.com https://*.riba.org https://*.castr.com https://*.heyzine.com https://heyzine.com;img-src https://*.doubleclick.net https://*.googlesyndication.com https://www.google.com https://*.google.com https://*.adtrafficquality.google 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.cookiebot.com https://*.ytimg.com https://*.linkedin.com https://*.facebook.com https://*.clarity.ms https://*.bing.com https://connect.facebook.net https://www.google.md https://www.google.co.uk https://darkroom.ribaj.com https://*.t.co https://*.twitter.com https://t.co;media-src https://*.doubleclick.net https://*.googlesyndication.com https://www.google.com https://*.google.com https://*.adtrafficquality.google 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.cookiebot.com https://*.ytimg.com https://*.linkedin.com https://*.facebook.com https://*.clarity.ms https://*.bing.com https://connect.facebook.net https://www.google.md https://www.google.co.uk https://darkroom.ribaj.com https://*.t.co https://*.twitter.com https://t.co;script-src https://*.googlesyndication.com https://www.googlesyndication.com https://*.adtrafficquality.google https://securepubads.g.doubleclick.net/tag/js/gpt.js https://*.doubleclick.net https://*.vimeo.com https://*.getsitecontrol.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://www.googletagmanager.com https://*.cookiebot.com https://*.clarity.ms https://www.youtube.com https://www.google-analytics.com https://static.ads-twitter.com https://snap.licdn.com https://connect.facebook.net https://*.adform.net https://*.oastify.com;default-src 'self';font-src 'self' data: https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 2 frame-ancestors 'self' experience.adobe.com invescogroup.experiencecloud.adobe.com *.invesco.com *.invesco.net 2 frame-ancestors 'self' https://hullfilm360.com; 2 frame-ancestors https://engage.bruker.com https://tongji.baidu.com 'self'; object-src 'none'; 2 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:;; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 2 default-src 'self' *; script-src 'self' * 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' *; font-src 'self' * data:; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; base-uri 'self'; form-action 'self' *; report-to default 2 connect-src 'self' https://vimeo.com https://s7g10.scene7.com https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net *.swedbank.net https://dpm.demdex.net https://*.swedbank.se https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/ https://www.swedbank.se https://swedbank.se https://enklafondhjalpen.swedbank.se https://agent-locator.nina-nuance.com https://agent-fp.nina-nuance.com https://swedbank.dfs.investis.com https://agent-ha.nina-nuance.com https://report.swedbank.glassboxdigital.io http://storybook-sb-9031-acorn-ui.apps.scp-west-zone02-z01.swedbank.net https://maps.googleapis.com/ https://www.google.com/ app.swedbank.test app.swedbank.se online.swedbank.se 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src data: * ; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.azureedge.net https://*.dynamics.com; 2 upgrade-insecure-requests; frame-ancestors 'self' dotroll.com *.dotroll.com 2 frame-ancestors 'self' https://layout-cms.fox35orlando.com; 2 frame-ancestors 'self' dw.beyondtrustcloud.com dwspectrum.com; 2 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://vtm-test.cutm.nfrance.com/libraries/jstree/dist/jstree.min.js https://tmcsi.widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://tmcsi.pp-widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://www.google.com/recaptcha/api.js https://public.message-business.com/Javascript/form/MB_Form_JsApp.js https://stx-gravity-p1-widgets.quantum.secutix.com https://stx-gravity-p1-widgets.quantum.secutix.com/stx-widgets/v2/Widgets.js https://player.ausha.co/ausha-player.js cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://matomo-pp.cutm.nfrance.net matomo-pp.cutm.nfrance.net connect.facebook.net cdn.onesignal.com platform.twitter.com www.youtube.com www.recaptcha.net www.gstatic.com onesignal.com https://stx-gravity-p1-widgets.quantum.secutix.com https://player.ausha.co player.ausha.co cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://stx-gravity-p1-widgets.quantum.secutix.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://cdn.jsdelivr.net cdn.jsdelivr.net https://stx-gravity-p1-widgets.quantum.secutix.com; report-uri https://metropole.toulouse.fr/report-uri/enforce; report-to default 2 frame-ancestors 'self' https://*.autoalert.com https://service.force.com https://whatfix.com https://cdn.whatfix.com https://addons.whatfix.com https://events.whatfix.com https://videos.whatfix.com 2 frame-ancestors 'self' login.microsoftonline.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft 2 frame-ancestors 'self' https://teva.dev.amelia.com/ 2 frame-ancestors 'self' https://*.plugshare.com *.google-analytics.com *.analytics.google.com 2 frame-ancestors 'self' sosafeawareness.matomo.cloud https://sosafe.local *.sosafe-stage.de *.sosafe-dev.de *.sosafe.de *.sosafe-awareness.com *.sosafe-security.com *.sosafe-security-dev.com *.sosafe-security-stage.com; script-src 'unsafe-inline' 'unsafe-eval' blob: data: localhost localhost:3000 cdn.matomo.cloud sosafeawareness.matomo.cloud apis.google.com www.googletagmanager.com sosafe.local huficon.local *.sosafe-awareness.com sosafe-awareness.com www.google-analytics.com snap.licdn.com bat.bing.com px.ads.linkedin.com adservice.google.com *.doubleclick.net *.gravatar.com boards-api.greenhouse.io boards.eu.greenhouse.io js.hsforms.net *.hubspot.com play.google.com www.googleadservices.com *.hotjar.com *.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net *.hs-banner.com js.hsleadflows.net connect.facebook.net cdn.transifex.com *.wistia.com *.wistia.net *.requestmetrics.com humanfirewallconference.kinsta.cloud humanfirewallconference.com *.humanfirewallconference.com human-firewall-conference.com *.podigee-cdn.net *.cookiebot.com cookiebot.com *.reddit.com *.redditstatic.com *.clearbitscripts.com *.clearbitjs.com *.lfeeder.com *.g2crowd.com *.demandbase.com *.company-target.com *.buzzfufighter.com *.outbrain.com *.usemessages.com *.xingcdn.com *.xing.com *.sentry-cdn.com *.sosafe-security.com *.sosafe-security-dev.com *.sosafe-security-stage.com *.withflowersea.com *.clarity.ms *.posthog.com *.contentsquare.net *.googlesyndication.com *.google.com *.megaphone.fm 2 frame-ancestors https://*.ti.com https://*.ti.com.cn https://*.tij.co.jp; 2 frame-ancestors 'self' *.febas.de 2 frame-ancestors 'none'; report-uri https://prod-plk-csp-service.rbictg.com/csp; report-to csp-endpoint 2 connect-src 'self' https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com fndrsp.net fndrsp-checkout.net *.fundraiseup.com *.stripe.com *.paypal.com *.paypalobjects.com api.addressy.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googlesyndication.com https://google.com https://*.google.com https://*.google.co.uk https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net https://stats.g.doubleclick.net https://px.ads.linkedin.com https://bat.bing.com https://bat.bing.net https://*.clarity.ms https://cloudflareinsights.com https://cycling-uk-d9.cycle.travel https://cycling-uk-dev.cycle.travel https://tile.cycle.travel https://tile.geowiki.com https://geocoder.cycle.travel https://routing-uk.cycle.travel https://www.cyclestreets.net https://*.fontawesome.com https://monorail-edge.shopifysvc.com https://*.myshopify.com https://www.facebook.com https://*.svc.dynamics.com https://cyclinguk.maps.arcgis.com; font-src 'self' *.fundraiseup.com *.stripe.com https://fonts.gstatic.com https://*.fontawesome.com; frame-src 'self' *.fundraiseup.com *.stripe.com *.paypal.com pay.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com e.issuu.com https://www.google.com https://*.svc.dynamics.com https://cyclinguk.maps.arcgis.com; img-src 'self' data: https://www.cyclinguk.org https://cdn-ukwest.onetrust.com *.fundraiseup.com ucarecdn.com pay.google.com *.paypalobjects.com https://*.bing.com https://*.bing.net https://*.clarity.ms https://www.googletagmanager.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://google.com https://www.gstatic.com https://www.facebook.com https://px.ads.linkedin.com https://*.ytimg.com https://raster-eu.cycle.travel https://cycling-uk-d9.cycle.travel https://cycling-uk-dev.cycle.travel https://*.amazonaws.com https://tile.openstreetmap.org https://cdn.shopify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://use.typekit.net https://www.youtube.com https://cdn.fundraiseup.com *.fundraiseup.com *.stripe.com m.stripe.network pay.google.com *.paypal.com *.paypalobjects.com cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://unpkg.com https://use.fontawesome.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://script.hotjar.com https://*.azureedge.net https://*.googleadservices.com https://cdn-ukwest.onetrust.com https://www.youtube.com https://sdks.shopifycdn.com https://cdn.fundraiseup.com https://static.fundraiseup.com https://static.cloudflareinsights.com https://ajax.googleapis.com https://js.stripe.com https://pay.google.com https://ajax.aspnetcdn.com cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://unpkg.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://script.hotjar.com blob: https://cdn-ukwest.onetrust.com https://www.youtube.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://fonts.googleapis.com https://p.typekit.net https://www.youtube.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; frame-ancestors 'self' 2 base-uri 'self'; style-src 'self' 'unsafe-inline' https: ; default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; font-src 'self' data: https:; frame-src 'self' https:; img-src http: https: data:; manifest-src 'self'; media-src 'self' data: blob: https: *; worker-src 'none'; 2 default-src 'self'; img-src 'self' blob: data: https://vercel.live/ https://vercel.com https://api-frameworks.vercel.sh https://sockjs-mt1.pusher.com/ https://emoji.slack-edge.com/ https://vercel.fides-cdn.ethyca.com/ https://hebbkx1anhila5yf.public.blob.vercel-storage.com/ https://xurtccytrzafbfk3.public.blob.vercel-storage.com/ https://gvsmhepiuiax2e6y.public.blob.vercel-storage.com/ https://4o3mjgkuedjhm5we.public.blob.vercel-storage.com/ https://ss5vlswhqmiddtca.public.blob.vercel-storage.com/ https://7oslg1lqcbxvjpfm.public.blob.vercel-storage.com/ https://9z6zzmtcb9nt0fnu.public.blob.vercel-storage.com/ https://pdgvvgmkdvyeydso.public.blob.vercel-storage.com/ https://rzlr8f5n71kfl4us.public.blob.vercel-storage.com/ https://blobs.vusercontent.net; script-src 'self' blob: 'unsafe-inline' 'wasm-unsafe-eval' https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://va.vercel-scripts.com/v1/ https://js.stripe.com/ https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/ https://unpkg.com/react-scan/dist/auto.global.js https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://cdn.jsdelivr.net/npm/@huggingface/ *.cr-relay.com; style-src 'self' 'unsafe-inline' data: https://vercel.live/ https://vercel.fides-cdn.ethyca.com/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/; font-src 'self' https://fonts.gstatic.com https://vercel.live https://assets.vercel.com data: https://cdn.jsdelivr.net/npm/monaco-editor@0.43.0/; connect-src 'self' https://v0.dev https://v0.app https://vercel.live/ https://vercel.com https://*.pusher.com/ https://blob.vercel-storage.com https://*.blob.vercel-storage.com https://blobs.vusercontent.net wss://*.pusher.com/ https://fides-vercel.us.fides.ethyca.com/api/v1/ https://cdn-api.ethyca.com/location https://privacy-vercel.us.fides.ethyca.com/api/v1/ https://vercel.com/.well-known/otel/metrics https://*.sentry.io/api/ https://huggingface.co/onnx-community/ https://cas-bridge.xethub.hf.co/xet-bridge-us/ https://cdn.jsdelivr.net/npm/@huggingface/ *.cr-relay.com; frame-src 'self' http://localhost:* https://*.vusercontent.net/ https://*.lite.vusercontent.net/ https://generated.vusercontent.net/ https://*.vercel.run/ https://vercel.live/ https://vercel.com https://vercel.fides-cdn.ethyca.com/ https://js.stripe.com/; frame-ancestors 'self' https://notion.site https://embed.notion.co notion://www.notion.so https://www.notion.so https://notion.so https://*.notion.so notion://notion.so https://inflight.co https://*.inflight.co https://v0-git-shu-e7sf.vercel.sh; media-src 'self' https://hebbkx1anhila5yf.public.blob.vercel-storage.com/ https://xurtccytrzafbfk3.public.blob.vercel-storage.com/ https://pdgvvgmkdvyeydso.public.blob.vercel-storage.com/ https://rzlr8f5n71kfl4us.public.blob.vercel-storage.com/ https://blobs.vusercontent.net; report-uri /api/csp-report; 2 frame-ancestors 'self' my.impakt-360.com 2 frame-ancestors 'self' https://layout-cms.fox26houston.com; 2 default-src 'self' https: http:; base-uri 'self' *.cloudfront.net; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https: data:; frame-src 'self' https: data:; img-src 'self' data: blob: *.newrelic.com *.commercecloud.salesforce.com *.lumens.com *.signifyd.com *.online-metrix.net s7d1.scene7.com s7d5.scene7.com images.ctfassets.net storage.googleapis.com cdn.ywxi.net www.gstatic.com *.google.com *.paypal.com *.bing.com *.facebook.com *.everesttech.net *.omtrdc.net *.ydesigngroup.com *.listrakbi.com *.doubleclick.net *.liadm.com *.agkn.com *.rtactivate.com *.dtstmio.com *.cloudfront.net *.datasteam.io *.equalweb.com *.cookielaw.org *.googletagmanager.com *.demdex.net *.espssl.com *.powerreviews.com sdk.helloextend.com api.helloextend.com api-demo.helloextend.com *.cloudinary.com *.facebook.net *.clarity.ms *.modernimpact.com *.amazonaws.com *.adnxs.com *.ojrq.net; manifest-src 'self' https: http:; media-src 'self' https: http: data: blob:; object-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.online-metrix.net *.newrelic.com *.nr-data.net runtime.commercecloud.com *.googleapis.com *.lumens.com cdn.gladly.qa *.gladly.com *.smooch.io d1fc8wv8zag5ca.cloudfront.net cdnjs.cloudflare.com www.googlecommerce.com *.curalate.com *.google.com *.googletagmanager.com *.google-analytics.com js.cnnx.link *.paypal.com *.datasteam.io *.facebook.net *.impactradius-event.com *.pinimg.com *.googleadservices.com *.usabilla.com *.zi-scripts.com *.bing.com *.taboola.com *.adobedtm.com cnstrc.com *.cnstrc.com *.listrakbi.com *.omtrdc.net *.listrak.com *.equalweb.com tags.pw.adn.cloud www.paypalobjects.com *.stape.ma *.pinterest.com *.agkn.com *.zoominfo.com *.adn.cloud *.facebook.com *.cookielaw.org *.bing-int.com *.powerreviews.com sdk.helloextend.com api.helloextend.com api-demo.helloextend.com *.signifyd.com *.iesnare.com *.doubleclick.net *.gladly.chat *.clarity.ms *.kyc.red *.tintup.com *.publitas.com *.cquotient.com *.newrelic.com *.scene7.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' https: http:; style-src 'self' https: 'unsafe-inline'; connect-src 'self' runtime.commercecloud.com *.lumens.com *.signifyd.com *.newrelic.com *.nr-data.net cdn.gladly.qa *.gladly.com *.smooch.io d1fc8wv8zag5ca.cloudfront.net cdnjs.cloudflare.com www.googlecommerce.com *.google.com *.googletagmanager.com *.google-analytics.com js.cnnx.link *.paypal.com *.datasteam.io *.facebook.net *.impactradius-event.com *.pinimg.com *.googleadservices.com *.usabilla.com *.zi-scripts.com *.bing.com *.taboola.com *.adn.cloud *.demdex.net *.omtrdc.net *.doubleclick.net *.listrak.com *.cnstrc.com *.listrakbi.com *.mobify-storefront.com *.evyy.net *.impct.site *.pinterest.com *.stape.ma *.zoominfo.com *.equalweb.com *.facebook.com *.run.app *.cookielaw.org *.onetrust.com *.powerreviews.com sdk.helloextend.com api.helloextend.com api-demo.helloextend.com *.cloudinary.com *.gladly.chat wss://*.gladly.chat *.clarity.ms *.ydesigngroup.com; upgrade-insecure-requests 2 frame-ancestors 'self' *.translate.goog translate.google.com; 2 upgrade-insecure-requests; default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; media-src *; object-src *; frame-src *; 2 default-src 'self' *:8080 *.jschina.com.cn *.xhby.net *.xhbycm.net *.jsxc.gov.cn *.jntimes.cn *.dxscg.com.cn *.xcgbb.com *.jsthinktank.com *.jswyw.com *.zgjssw.gov.cn *.jsjc.gov.cn *.zeljng.com *.jscz.org.cn:30080 *.conac.cn *.cnzz.com *.weibo.com *.qq.com *.webterren.com *.baidu.com *.optimix.cn ta.trs.cn *.bdstatic.com *.aliyuncs.com *.qlogo.cn 'unsafe-inline' 'unsafe-eval' blob: data: 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.migros.com.tr exchange.mediavine.com e1.emxdgt.com *.analytics.yahoo.com sync.outbrain.com trends.revcontent.com match.sharethrough.com criteo-partners.tremorhub.com trends.revcontent.com tazedirekt.webinstats.com macro.webinstats.com *.facebook.com maps.googleapis.com https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googlesyndication.com https://*.googletagservices.com https://www.google-analytics.com www.googletagmanager.com https://tagmanager.google.com https://googletagmanager.com *.googleapis.com *.googleadservices.com https://*.masterpassturkiye.com https://challenges.cloudflare.com app.vwo.com *.visualwebsiteoptimizer.com https://js.go2sdk.com https://cdn.adjust.com https://sdk.adjust.com https://live.maytap.me https://creativecdn.com https://*.cloudfront.net https://tags.bkrtx.com https://static.criteo.net https://connect.facebook.net https://cdn.yapaytech.com https://cdnjs.cloudflare.com https://*.criteo.com *.doubleclick.net affiliate.migros.com.tr *.bluekai.com *.mncdn.com *.adform.net *.storyly.io cdn.jsdelivr.net https://digiavantaj.cake.aclz.net *.efilli.com https://analytics.tiktok.com *.cloudflareinsights.com https://browser-intake-datadoghq.eu https://assets.migrosone.com https://*.adtrafficquality.google https://media.flixcar.com/ https://cdn.mlink.com.tr https://analytics.pangle-ads.com ; connect-src 'self' analytics.google.com macro.webinstats.com tazedirekt.webinstats.com *.gstatic.com logs.browser-intake-datadoghq.eu *.adjust.com app.adjust.net.in app.adjust.world *.dahi.ai *.adrttt.com https://*.migrosone.com *.facebook.com www.google.com www.google.com.tr magaza-iphone.migros.com.tr *.rubiconproject.com *.m1grocery.com https://*.mlink.com.tr https://img.youtube.com https://documents.colendilabs.com https://*.googlesyndication.com https://*.googletagservices.com https://www.google-analytics.com www.googletagmanager.com https://tagmanager.google.com https://googletagmanager.com *.googleapis.com *.googleadservices.com https://*.masterpassturkiye.com https://challenges.cloudflare.com app.vwo.com *.visualwebsiteoptimizer.com https://js.go2sdk.com https://cdn.adjust.com https://sdk.adjust.com https://live.maytap.me https://creativecdn.com https://*.cloudfront.net https://tags.bkrtx.com https://static.criteo.net https://connect.facebook.net https://cdn.yapaytech.com https://cdnjs.cloudflare.com https://*.criteo.com *.doubleclick.net affiliate.migros.com.tr *.bluekai.com *.mncdn.com *.adform.net *.storyly.io cdn.jsdelivr.net https://digiavantaj.cake.aclz.net *.efilli.com https://analytics.tiktok.com *.cloudflareinsights.com https://browser-intake-datadoghq.eu https://assets.migrosone.com https://*.adtrafficquality.google https://media.flixcar.com/ https://cdn.mlink.com.tr https://analytics.pangle-ads.com ; font-src 'self' data: https://fonts.gstatic.com ; img-src data: blob: 'self' 'unsafe-inline' https://*.migrosone.com www.google.com www.google.com.tr maps.googleapis.com *.gstatic.com *.googleadservices.com *.visualwebsiteoptimizer.com *.facebook.com www.google-analytics.com *.googlesyndication.com img.youtube.com matching.ivitrack.com stags.bluekai.com x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com criteo-sync.teads.tv *.criteo.com eb2.3lift.com visitor.omnitagjs.com simage2.pubmatic.com *.ads.yieldmo.com *.doubleclick.net *.taboola.com cm.adform.net c1.adform.net *.casalemedia.com id5-sync.com ad.360yield.com jadserve.postrelease.com eb2.3lift.com x.bidswitch.net match.sharethrough.com jadserve.postrelease.com *.emxdgt.com ups.analytics.yahoo.com exchange.mediavine.com sync.outbrain.com trends.revcontent.com https://sync.1rx.io criteo-partners.tremorhub.com ad.yieldlab.net *.migros.com.tr magaza-iphone.migros.com.tr *.demdex.net *.krxd.net *.cloudfront.net *.thebrighttag.com *.semasio.net *.dmxleo.com https://googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://digiavantaj.cake.aclz.net https://documents.colendilabs.com https://uploads-ssl.webflow.com *.efilli.com https://analytics.tiktok.com *.adjust.com https://assets.migrosone.com https://*.adtrafficquality.google https://media.flixcar.com *.m1grocery.com https://*.mlink.com.tr ; frame-src https://*.youtube.com https://tr.rdrtr.com https://stags.bluekai.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.api.sociaplus.com https://*.webinstats.com https://sanalmarket.api.useinsider.com https://www.linkadoo.co https://linkadoo.co https://channelconnector.smartmessage-connect.com https://*.poltio.com https://*.googlesyndication.com https://console.googletagservices.com https://digiavantaj.cake.aclz.net https://creativecdn.com https://documents.colendilabs.com https://challenges.cloudflare.com https://cdnjs.cloudflare.com app.vwo.com *.visualwebsiteoptimizer.com https://*.adjust.com maps.googleapis.com *.adform.net https://wallet.moneypay.com.tr *.googleadservices.com *.facebook.com https://analytics.tiktok.com https://www.googletagmanager.com https://*.adtrafficquality.google https://media.flixcar.com ; frame-ancestors 'self' https://*.migros.com.tr ; style-src 'self' 'unsafe-inline' *.googlesyndication.com www.googletagservices.com www.googletagmanager.com fonts.googleapis.com *.visualwebsiteoptimizer.com maps.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://assets.migrosone.com ;manifest-src 'self' ; worker-src 'self' blob: ;object-src 'none' ; 2 frame-ancestors 'self' https://app.contentful.com https://courses.td.org; 2 frame-ancestors 'self' https://comscore.sharepoint.com https://*.skilljar.com https://*.basis.net; 2 default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' https://*.lcl.fr https://*.id.fr.cly; 2 default-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline'; frame-src https://civi.digitalcourage.de https://digitalcourage.video https://streaming.media.ccc.de; 2 frame-ancestors 'self' https://reown.sanity.studio https://*.walletconnect.com https://*.walletconnect.org https://*.reown.com https://widget.solflare.com/ 2 frame-ancestors 'self' https://*.quikr.com; frame-src 'self' https://*.doubleclick.net https://www.googletagmanager.com https://*.adtrafficquality.google https://*.safeframe.googlesyndication.com https://*.google.com https://www.youtube.com https://*.facebook.com https://www.googleadservices.com https://api.juspay.in https://sender.cleverwebserver.com https://*.clvrads.com https://console.googletagservices.com 2 base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self' *.webflow.com *.webflow.io *.jobleads.com; img-src 'self' https: data: blob:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' *.optimizely.com *.optimizely.io *.adyen.com; upgrade-insecure-requests; frame-src 'self' https: data:; child-src 'self' https: data: blob:; connect-src 'self' https: wss: *.optimizely.com *.optimizely.io *.adyen.com; worker-src 'self' blob: https:; 2 default-src 'self' https://*.stan.com.au; child-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube.com.au; connect-src 'self' blob: https://*.akamaihd.net https://*.analytics.google.com https://*.braintreegateway.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.au https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://ads.tiktok.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://analytics.pangle-ads.com https://api.ipify.org https://app.vwo.com https://ara.paa-reporting-advertising.amazon https://bat.bing.com https://c.amazon-adsystem.com https://conversions-config.reddit.com https://evnt.byspotify.com https://google.com https://ipv4.podscribe.com https://insight.adsrvr.org https://match.adsrvr.org https://moda-cdp-message-prd-7jirubb0.uc.gateway.dev https://pagead2.googlesyndication.com https://payments.braintree-api.com https://pixel-config.reddit.com https://pixel.tapad.com https://s.amazon-adsystem.com https://sink.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://verifi.podscribe.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.redditstatic.com; form-action 'self' https://*.stan.com.au https://www.facebook.com https://www.paypal.com; font-src 'self' data: https://www.stan.com.au https://fonts.gstatic.com; frame-ancestors none; frame-src 'self' https://*.amazon-adsystem.com https://*.paypal.com https://*.paypalobjects.com https://*.stripe.com https://*.visualwebsiteoptimizer.com https://4913904.fls.doubleclick.net https://app.vwo.com https://apps.rokt.com https://insight.adsrvr.org https://match.adsrvr.org https://servedby.flashtalking.com https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' blob: data: https://*.akamaihd.net https://*.analytics.google.com https://*.bing.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.au https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://ads.tiktok.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://ad.doubleclick.net https://ade.googlesyndication.com https://alb.reddit.com https://app.vwo.com https://chart.googleapis.com https://google.com https://googletagmanager.com https://i.ytimg.com https://pagead2.googlesyndication.com https://ssl.gstatic.com https://verifi.podscribe.com https://wingify-assets.s3.amazonaws.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.paypal.com https://*.paypalobjects.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://ads.tiktok.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://app.vwo.com https://apps.rokt.com https://bat.bing.com https://c.amazon-adsystem.com https://cdn.pdst.fm https://connect.facebook.net https://d34r8q7sht0t9k.cloudfront.net https://googletagmanager.com https://js.adsrvr.org https://pagead2.googlesyndication.com https://pixel.byspotify.com https://redditstatic.s3.amazonaws.com https://sdk.lifesight.io https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypalobjects.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.test.streamco.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://api.stan.com.au/features/v1/collect-csp; 2 frame-ancestors 'self' https://www.einpresswire.com https://www.milesight.cn https://m.milesight.cn https://console-develop-debug.milesight.com https://console-test.milesight.com https://console-stress.milesight.com https://console-pre.milesight.com https://console.milesight.com https://good360vr.com https://www.delmation.nl 2 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.ca *.interactivebrokers.com.hk *.interactivebrokers.hk *.interactivebrokers.ch *.interactivebrokers.eu *.interactivebrokers.ie *.interactivebrokers.lu *.interactivebrokers.hu *.interactivebrokers.com.sg *.ibkr.com.sg *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com IBKR.docebosaas.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.youtube.com *.clientam.ch *.clientam.com.hk *.go-mpulse.net *.akstat.io *.lynxbroker.com impact.interactivebrokers.com widgets.tipranks.com site.recognia.com *.portfolioanalyst.com portfolioanalyst.com www.portfolioanalyst.com www.interactivebrokers.com https://www.interactivebrokers.com/ ibkr.paxosclients.com worldtrader.hsbc.ae *.xstaging.tv *.ibkrcampus.com ibkrcampus.com www.ibkrguides.com *.greenwichcompliance.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nyi.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com www.youtube-nocookie.com; font-src 'self' data:; img-src 'self' pbs.twimg.com data:; media-src 'self' pb.twimg.com data:; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' 2 default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.hotjar.com *.hotjar.io code.jquery.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com rawgit.com *.googleapis.com tpc.googlesyndication.com www.youtube.com ad-log.dable.io pixel.mathtag.com td.doubleclick.net www.facebook.com www.google.com pagead2.googlesyndication.com 12327270.fls.doubleclick.net px.ads.linkedin.com www.google.com www.gstatic.com analytics.google.com analytics.tiktok.com www.google-analytics.com bat.bing.com www.facebook.com api.dable.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com s.yimg.com snap.licdn.com sp-api.dable.io static.ads-twitter.com static.dable.io track.omguk.com utt.impactcdn.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.qualtrics.com tools.ietf.org eqms.rhbgroup.com; frame-src 'self' *.qualtrics.com eqms.rhbgroup.com www.youtube-nocookie.com tpc.googlesyndication.com omny.fm assets.bwbx.io www.youtube.com www.google.com td.doubleclick.net *.fls.doubleclick.net pixel.mathtag.com; style-src 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; img-src * blob: data:; font-src 'self' * data:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.qualtrics.com tools.ietf.org eqms.rhbgroup.com transient-api-admin-lb.intranet.rhbgroup.com transientstg.rhbgroup.com www.google.com.sg fonts.googleapis.com stats.g.doubleclick.net pixel.mathtag.com td.doubleclick.net www.facebook.com www.google.com pagead2.googlesyndication.com 12327270.fls.doubleclick.net px.ads.linkedin.com www.google.com www.gstatic.com analytics.google.com analytics.tiktok.com www.google-analytics.com bat.bing.com www.facebook.com api.dable.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net pixel.mathtag.com s.yimg.com snap.licdn.com sp-api.dable.io static.ads-twitter.com static.dable.io track.omguk.com utt.impactcdn.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com maps.googleapis.com www.googleapis.com www.google.com.my cdn.linkedin.oribi.io; upgrade-insecure-requests; 2 default-src 'self' a.storyblok.com blob:; base-uri 'self'; form-action 'self' pages.scandit.com; frame-ancestors 'none'; connect-src 'self' cdn.jsdelivr.net a.storyblok.com edge.meilisearch.com newassets.hcaptcha.com data.hockeystack.com o420956.ingest.us.sentry.io app.id-scanning.com cdn.linkedin.oribi.io *.scandit.com analytics.google.com 605-exc-034.mktoutil.com vimeo.com www.google-analytics.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com c.ba.contentsquare.net 605-exc-034.mktoresp.com stats.g.doubleclick.net script.google.com bat.bing.com region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com www.google.com www.google.co.uk www.google.ch www.google.co.in www.google.co.jp www.google.pl www.google.ca www.google.de www.google.fr googleads.g.doubleclick.net/pagead/landing pagead2.googlesyndication.com adservice.google.com px.ads.linkedin.com conversions-config.reddit.com www.redditstatic.com wss://*.qualified.com pixel-config.reddit.com *.qualified.com www.googleadservices.com ds.cookiehub.net consent.cookiehub.net region-eu.cookiehub.net consent-eu.cookiehub.net cookiehub.net cdn.cookiehub.eu *.clarity.ms bat.bing.net cdn.plyr.io *.convertexperiments.com tags.srv.stackadapt.com; font-src 'self' data: fonts.gstatic.com boards.cdn.greenhouse.io; frame-src *.hcaptcha.com www.google.com open.spotify.com embed-standalone.spotify.com boards.greenhouse.io www.youtube.com *.scandit.com *.vimeo.com vimeo.com app-ab02.marketo.com www.googletagmanager.com bid.g.doubleclick.net td.doubleclick.net *.hotjar.com vc.hotjar.io *.qualified.com app.id-scanning.com id-service.scandit.com job-boards.greenhouse.io; img-src 'self' assets.scandit.com a.storyblok.com https: data: www.google-analytics.com www.googletagmanager.com chart.googleapis.com wingify-assets.s3.amazonaws.com *.qualified.com; manifest-src 'self'; media-src 'self' data: mediastream: assets.scandit.com a.storyblok.com download-video.akamaized.net vimeo.com *.vimeo.com *.vimeocdn.com vod-progressive.akamaized.net *.qualified.com; object-src *.scandit.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.hcaptcha.com s.yimg.jp *.scandit.com *.hotjar.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com tagmanager.google.com www.googletagmanager.com www.gstatic.com pagead2.googlesyndication.com www.google.com boards.greenhouse.io *.vimeo.com *.vimeocdn.com app-ab02.marketo.com cdn.jsdelivr.net unpkg.com cookiehub.net cdn.cookiehub.eu munchkin.marketo.net snap.licdn.com *.terminus.services bat.bing.com browser.sentry-cdn.com www.redditstatic.com js.qualified.com *.clarity.ms *.convertexperiments.com tags.srv.stackadapt.com qvdt3feo.com *.cloudfront.net *.oktopost.com okt.to open.spotify.com embed-cdn.spotifycdn.com; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' *.hcaptcha.com s.yimg.jp *.scandit.com *.hotjar.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com tagmanager.google.com www.googletagmanager.com www.gstatic.com pagead2.googlesyndication.com www.google.com boards.greenhouse.io *.vimeo.com *.vimeocdn.com app-ab02.marketo.com cdn.jsdelivr.net unpkg.com cookiehub.net cdn.cookiehub.eu munchkin.marketo.net snap.licdn.com *.terminus.services bat.bing.com browser.sentry-cdn.com www.redditstatic.com js.qualified.com *.clarity.ms *.convertexperiments.com tags.srv.stackadapt.com qvdt3feo.com *.cloudfront.net *.oktopost.com okt.to open.spotify.com embed-cdn.spotifycdn.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.scandit.com pages.scandit.com app-ab02.marketo.com tagmanager.google.com fonts.googleapis.com tagmanager.google.com fonts.googleapis.com www.googletagmanager.com s3.amazonaws.com cdn.jsdelivr.net cookiehub.net cdn.cookiehub.eu tags.srv.stackadapt.com *.qualified.com; worker-src 'self' unpkg.com blob:; child-src *.qualified.com; report-uri https://o420956.ingest.us.sentry.io/api/5379255/security/?sentry_key=af6864d0e14740c3a9ccff64bc1f0a5d; 2 default-src 'self'; base-uri 'self'; frame-ancestors 'self' https://www.zerobounce.net https://impact.com https://*.impact.com; form-action 'self' https://forms.hsforms.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://try.abtasty.com *.abtasty.com https://www.zerobounce.net https://ingest.promptwatch.com https://extension-api.zerobounce.net https://gtm.zerobounce.net https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.net https://bat.bing.com https://static.hsappstatic.net https://accounts.google.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdn.lgrckt-in.com https://global.oktacdn.com https://static.zdassets.com https://js.hs-scripts.com https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js-na1.hscollectedforms.net https://*.clarity.ms https://www.youtube.com https://hcaptcha.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://try.abtasty.com https://*.abtasty.com https://gtm.zerobounce.net https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.net https://bat.bing.com https://static.hsappstatic.net https://accounts.google.com https://apis.google.com https://www.google.com https://www.gstatic.com https://ingest.promptwatch.com https://cdn.lgrckt-in.com https://global.oktacdn.com https://static.zdassets.com https://js.hs-scripts.com http://js.hs-scripts.com https://js-na1.hs-scripts.com http://js-na1.hs-scripts.com https://js.hscollectedforms.net http://js.hscollectedforms.net https://js-na1.hscollectedforms.net http://js-na1.hscollectedforms.net https://*.clarity.ms https://scripts.clarity.ms https://js.usemessages.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hsforms.net http://js.hsforms.net https://snap.licdn.com https://www.zerobounce.net https://zerobounce.net https://web-vitals-script.leaderint.workers.dev; connect-src 'self' *.abtasty.com https://*.mixpanel.com https://api.mixpanel.com https://members-api.zerobounce.xyz https://global.oktacdn.com https://okta.zerobounce.net https://okta.zerobounce.xyz https://www.googleadservices.com https://static.hsappstatic.net https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://modules.zerobounce.net https://test-modules.zerobounce.net https://members-api.zerobounce.net https://test-members-api.zerobounce.net https://*.clarity.ms https://ingest.promptwatch.com https://bat.bing.net https://bat.bing.com https://www.zerobounce.net https://zerobounce.net https://extension-api.zerobounce.net https://www.zerobounce.net/blog https://ekr.zdassets.com https://stats.g.doubleclick.net https://stats.gdoubleclick.net https://www.google-analytics.com https://www.zbapis.net https://zerobounce.zendesk.com https://*.hubspot.com https://api.hubapi.com wss://widget-mediator.zopim.com https://accounts.google.com https://oauth2.googleapis.com https://gtm.zerobounce.net https://www.googletagmanager.com https://www.google.com https://r.lgrckt-in.com https://px.ads.linkedin.com https://rum-collector.leaderint.workers.dev; style-src 'self' 'unsafe-inline' *.abtasty.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net https://gc.kis.v2.scr.kaspersky-labs.com https://decision.etc4.com https://js-c.etc4.com https://accounts.google.com https://common-fonts.abtasty.com https://teddytor.abtasty.com; img-src 'self' data: *.abtasty.com https://zerobounce.net https://v2assets.zopim.io https://bat.bing.net https://bat.bing.com https://www.facebook.com https://www.google-analytics.com https://www.googleadservices.com https://*.google.com https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.at https://*.google.be https://*.google.com.bd https://*.google.bg https://*.google.com.bh https://*.google.com.bo https://*.google.com.br https://*.google.ca https://*.google.cl https://*.google.cn https://*.google.com.co https://*.google.co.in https://*.google.co.id https://*.google.co.jp https://*.google.co.kr https://*.google.com.mx https://*.google.co.nz https://*.google.com.ph https://*.google.pl https://*.google.ru https://*.google.com.sa https://*.google.com.sg https://*.google.co.th https://*.google.co.uk https://*.google.com.vn https://*.google.co.za https://*.google.ro https://www.googletagmanager.com https://googleads.g.doubleclick.net https://editor-assets.abtasty.com https: https://*.gravatar.com; font-src 'self' data: *.abtasty.com https://fonts.gstatic.com https://use.typekit.net https://common-fonts.abtasty.com https://teddytor.abtasty.com https://www.cdn-tinkoff.ru https://cdn.scite.ai https://account.affilitizer.com chrome-extension: moz-extension:; worker-src 'self' blob:; frame-src 'self' *.abtasty.com https://accounts.google.com https://bat.bing.net https://bat.bing.com https://app.hubspot.com https://gtm.zerobounce.net https://www.googletagmanager.com https://meetings.hubspot.com https://*.hubspot.com https://*.googletagmanager.com https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.youtube.com https://competitivecomparisons.capterra.com https://competitivecomparisons.getapp.com https://competitivecomparisons.softwareadvice.com https://www.trustpilot.com https://widget.trustpilot.com https://streamyard.com https://app.livestorm.co https://i.zerobounce.net https://datainsights-cdn.dm.aws.gartner.com https://feedback-pa.clients6.google.com https://forms.hsforms.com; report-uri https://zero.report-uri.com/r/t/csp/enforce; report-to default; 2 default-src 'self' osbasahpublisher-ac-europewest3.lfr.cloud ; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.usemessages.com js.ipredictive.com *.datadoghq-browser-agent.com *.hubspot.com s.yimg.jp analytics-js-cdn.liferay.com *.monsido.com ce.lijit.com *.clarity.ms view.ceros.com mc.yandex.ru www.gstatic.com www.google.com www.otis.com liferaydev.otis.com liferayqa.otis.com liferayuat.otis.com geolocation.onetrust.com googleads.g.doubleclick.net heyotis.appspot.com js.hsforms.net *.opendns.com survey.survicate.com forms.hsforms.com fm.ipinyou.com stats.ipinyou.com www2-heyotis.snapengage.com stm-cdn.cn.miaozhen.com www.googleadservices.com console.e-bot7.de fm.ipinyou.com surveys-static.survicate.com www.googletagmanager.com cdn.cookielaw.org bat.bing.com omuscmslfrpcdn03.azureedge.net storage.googleapis.com bat.bing.com connect.facebook.net heyotis.appspot.com j.6sc.co js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hs-adspixel.net js.hsadspixel.net js.hs-leadflows.net omuscmslfrpcdn03.azureedge.net secure.loki8lave.com snap.licdn.com storage.googleapis.com www.google-analytics.com hm.baidu.com mc.yandex.ru assets.adobedtm.com ; style-src 'self' 'unsafe-inline' *.survicate.com www.google.com www.otis.com liferaydev.otis.com liferayqa.otis.com liferayuat.otis.com fonts.googleapis.com omuscmslfrpcdn03.azureedge.net; object-src 'none'; base-uri 'self'; connect-src 'self' rum.browser-intake-datadoghq.com *.datadoghq-browser-agent.com *.hubspot.com static.hsappstatic.net osbasahpublisher-ac-europewest3.lfr.cloud cdn.linkedin.oribi.io idx.liadm.com surveys-static.survicate.com analytics.google.com *.clarity.ms geolocation.onetrust.com www.clarity.ms b.clarity.ms f.clarity.ms mc.yandex.ru console.e-bot7.de www.google.com www.facebook.com omuscmslfrpcdn03.azureedge.net www2-heyotis.snapengage.com privacyportal.onetrust.com www.otis.com liferaydev.otis.com liferayqa.otis.com liferayuat.otis.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com heyotis.appspot.com stm-collect.cn.miaozhen.com c.6sc.co respondent.survicate.com cdn.cookielaw.org api.hubapi.com bat.bing.com forms.hubspot.com secure.adnxs.com stats.g.doubleclick.net www.google-analytics.com pagead2.googlesyndication.com analytics-js-cdn.liferay.com ad.doubleclick.net ; font-src 'self' data: www.google.com www.otis.com liferaydev.otis.com liferayqa.otis.com liferayuat.otis.com *.survicate.com omuscmslfrpcdn03.azureedge.net fonts.gstatic.com; frame-src 'self' otis-summer-map.armstrong.space app.hubspot.com https://player.flipsnack.com https://*.zscalerthree.net www.googletagmanager.com td.doubleclick.net forms.monday.com ad.ipredictive.com forms.office.com service.otiselevator.com view.ceros.com mc.yandex.md players.brightcove.net console.e-bot7.de js.hsforms.net www.facebook.com www.google.com www.gstatic.com www.otis.com liferaydev.otis.com liferayqa.otis.com liferayuat.otis.com forms.hsforms.com *.fls.doubleclick.net ; img-src 'self' https: http: data: ; media-src 'self' www2-heyotis.snapengage.com www.google.com www.otis.com liferaydev.otis.com liferayqa.otis.com liferayuat.otis.com heyotis.appspot.com omuscmslfrpcdn03.azureedge.net ; worker-src 'self' blob: www.otis.com liferaydev.otis.com liferayqa.otis.com liferayuat.otis.com; 2 frame-ancestors *.seoclerk.com *.seoclerks.com *.listingdock.com *.codeclerks.com *.wordclerks.com *.pixelclerks.com; 2 frame-ancestors 'self' https://airmail.news https://*.airmail.news https://*.airmailmedia.com https://puzzlist.com https://*.puzzlist.com https://waffle.dev; 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *; 2 script-src 'strict-dynamic' 'nonce-07D1tRyHECfhr8nsoYIbJw==' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com https://*.demandbase.com https://*.stackadapt.com https://*.outbrain.com https://*.taboola.com https://*.clarity.ms https://*.bing.com https://*.segment.com https://*.segment.io https://*.zi-scripts.com https://*.zoominfo.com https://*.clickagy.com https://*.company-target.com https://*.avocet.io https://tsdtocl.com https://*.jsdelivr.net https://*.gstatic.com https://*.broadridge.com https://www-dev.broadridge.com https://www-stage.broadridge.com https://www-live.broadridge.com https://www.broadridge.com https://broadridge.com https://*.mouseflow.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://aorta.clickagy.com https://*.onetrust.com;style-src 'self' 'unsafe-inline' https: https://*.gstatic.com https://*.jsdelivr.net; frame-src 'self' https://*.vimeo.com https://*.youtube.com https://*.facebook.com https://*.linkedin.com https://*.instagram.com https://*.adsrvr.org https://*.google.com https://*.googletagmanager.com https://vimeo.com https://*.onetrust.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; frame-ancestors 'self'; form-action 'self' https:; img-src 'self' data: https://*.google.com https://*.google.co.in https://*.google.nl https://*.google.co.uk https://*.google.ca https://*.google.com.au https://*.google.co.nz https://*.google.co.za https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.pt https://*.google.pl https://*.google.ru https://*.google.com.br https://*.google.com.mx https://*.google.com.ar https://*.google.cl https://*.google.co.jp https://*.google.com.sg https://*.google.co.kr https://*.google.com.hk https://*.google.com.tw https://*.google.com.tr https://*.google.ae https://*.gstatic.com https://*.vimeocdn.com https://*.vimeo.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://*.linkedin.com https://*.rlcdn.com https://*.facebook.com https://*.instagram.com https://*.youtube.com https://*.crownpeak.net https://*.broadridge-ir.com https://*.broadridge.com https://www-dev.broadridge.com https://www-stage.broadridge.com https://www-live.broadridge.com https://www.broadridge.com https://broadridge.com https://*.crownpeak.com https://*.sitescout.com https://*.openx.net https://*.bing.com https://*.clickagy.com https://*.demdex.net https://cm.g.doubleclick.net https://*.typekit.net https://*.agkn.com https://searchg2.crownpeak.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net;font-src 'self' data: https://*.google.com https://*.google.co.in https://*.google.nl https://*.google.co.uk https://*.google.ca https://*.google.com.au https://*.google.co.nz https://*.google.co.za https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.pt https://*.google.pl https://*.google.ru https://*.google.com.br https://*.google.com.mx https://*.google.com.ar https://*.google.cl https://*.google.co.jp https://*.google.com.sg https://*.google.co.kr https://*.google.com.hk https://*.google.com.tw https://*.google.com.tr https://*.google.ae https://*.gstatic.com https://*.vimeocdn.com https://*.vimeo.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://*.linkedin.com https://*.rlcdn.com https://*.facebook.com https://*.instagram.com https://*.youtube.com https://*.crownpeak.net https://*.broadridge-ir.com https://*.broadridge.com https://www-dev.broadridge.com https://www-stage.broadridge.com https://www-live.broadridge.com https://www.broadridge.com https://broadridge.com https://*.crownpeak.com https://*.sitescout.com https://*.openx.net https://*.bing.com https://*.clickagy.com https://*.demdex.net https://cm.g.doubleclick.net https://*.typekit.net https://*.agkn.com https://searchg2.crownpeak.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net;connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.facebook.com https://*.linkedin.com https://*.segment.com https://*.segment.io https://*.clarity.ms https://*.bing.com https://*.crownpeak.net https://*.crownpeak.com https://*.adsrvr.org https://*.sitescout.com https://*.openx.net https://*.broadridge-ir.com https://*.broadridge.com https://www-dev.broadridge.com https://www-stage.broadridge.com https://www-live.broadridge.com https://www.broadridge.com https://broadridge.com https://*.cookielaw.org https://*.onetrust.com https://*.zi-scripts.com https://*.google.com https://*.zoominfo.com https://www.google.com https://ws.zoominfo.com https://*.clickagy.com https://*.demdex.net https://cm.g.doubleclick.net https://*.agkn.com https://searchg2.crownpeak.net https://*.vimeo.com https://vimeo.com https://www.googleadservices.com https://googleads.g.doubleclick.net; object-src 'none'; base-uri 'none'; report-to api/csp-reports; 2 frame-ancestors 'self' *.tabby.ai *.tabby.dev 2 upgrade-insecure-requests; object-src https://www.datocms-assets.com; block-all-mixed-content; frame-ancestors 'self' https://plugins-cdn.datocms.com; 2 frame-ancestors 'self' https://*.erblotse.de https://*.eye-able.com https://*.johanniter.de https://*.kameleoon.com https://*.outbrain.com https://app.supademo.com https://www.4juh.de; 2 default-src 'self'; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' aplo-evnt.com px.ads.linkedin.com *.google.com *.doubleclick.net; font-src 'self' *.gstatic.com data:; frame-src 'self' *.netsuite.com *.google.com *.googletagmanager.com; img-src 'self' data: px.ads.linkedin.com *.google.com.mx *.googletagmanager.com; manifest-src 'self'; media-src 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apollo.io snap.licdn.com *.google.com *.googletagmanager.com *.gstatic.com *.google.com.mx data: blob: cdn.jsdelivr.net *.linkedin.com aplo-evnt.com; 2 default-src 'self'; style-src 'self' *.algolia.io/ https://forms.office.com/ *.adobe.io/ *.mikmak.ai/ *.swaven.com/ *.aptaclub.com/ https://sibforms.com/ *.q4web.com/ *.adobe.com/ *.unpkg.com/ https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.googletagmanager.com/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline'; script-src 'self' *.algolia.io/ https://forms.office.com/ *.adobe.io/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://sibforms.com/forms/end-form/build/main.js https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ https://js-agent.newrelic.com/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.github.io/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.seg.js/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mikmak.ai/ *.mathtag.com/ *.ads-twitter.com/ *.clevy.io/ *.tiktok.com/ https://sc-static.net/ *.hypemarks.com/ *.licdn.com/ *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.pinterest.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.google.com.mx/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.ytimg.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ data: *.digital4danone.com/ *.clevy.io/ *.digital4danone.com.cn/ https://t.co/ *.hypemarks.com/ *.linkedin.com/ *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.mikmak.ai/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/ *.youtube.com/; frame-src 'self' *.algolia.io/ https://forms.office.com/ *.aptaclub.com/ *.googletagmanager.com/ *.adobe.io/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.tintup.com/ *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.mikmak.ai/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/ *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/ *.hypemarks.com/; connect-src 'self' *.algolia.io/ https://forms.office.com/ *.sibforms.com/ *.adobe.io/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ https://bam.eu01.nr-data.net/ *.google.com/ *.jsdelivr.net/ *.algolia.net/ *.googletagmanager.com/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.scene7.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ *.weezevent.com/ https://yourdriversfordanonebenelux.com/ *.snapchat.com/ *.mathtag.com/ *.tiktok.com/ *.clevy.io/ *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.mikmak.ai/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/; font-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.googletagmanager.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ https://assets.brevo.com/ *.jsdelivr.net/ *.algolia.net/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.mikmak.ai/ *.swaven.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/; media-src 'self' *.algolia.io/ *.adobe.io/ https://forms.office.com/ *.aptaclub.com/ *.q4web.com/ *.unpkg.com/ *.adobe.com/ https://widgets.q4app.com/widgets/requireslib/pym.v1.min.js https://unpkg.com/aos@next/dist/aos.css https://unpkg.com/aos@next/dist/aos.js https://s.pinimg.com/ct/core.js/ *.jsdelivr.net/ *.algolia.net/ *.mikmak.ai/ *.swaven.com/ *.algolianet.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.googletagmanager.com/ *.snapchat.com/ *.mathtag.com/ *.lpsnmedia.net/ *.digital4danone.com/ blob: 2 default-src c.wgr.de 'self'; script-src c.wgr.de 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.com maps.googleapis.com https://l.ecn-ldr.de; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de 'self' data: www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.lu https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.facebook.com d32wqyuo10o653.cloudfront.net *.gstatic.com *.econda-monitor.de; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube-nocookie.com; child-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube-nocookie.com; font-src c.wgr.de 'self' data:; connect-src https://mein.westermann.de/ 'self' www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.lu https://www.facebook.com https://graph.facebook.com *.crosssell.info *.econda-monitor.de 2 default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; form-action 'self' https://*.hsforms.com https://*.hubspot.com https://forms.hsforms.com https://www.facebook.com; frame-ancestors 'self' https://*.vwo.com https://*.visualwebsiteoptimizer.com https://*.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://dev.visualwebsiteoptimizer.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.usemessages.com https://js.hubspot.com https://js.hubspotfeedback.com https://*.usercentrics.eu https://connect.facebook.net https://sst.shopware.com https://static.oktopost.com https://okt.to https://bat.bing.com https://snap.licdn.com https://tracking.g2crowd.com https://cdn.dreamdata.cloud https://www.clarity.ms https://scripts.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.usercentrics.eu; font-src 'self' data: https://fonts.gstatic.com https://*.usercentrics.eu; img-src 'self' data: blob: https:; media-src 'self' https:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.vwo.com https://*.visualwebsiteoptimizer.com https://*.hubspot.com https://forms.hubspot.com https://forms.hsforms.com https://share.hsforms.com https://meetings.hubspot.com https://*.usercentrics.eu https://player.simplecast.com https://sst.shopware.com https://www.googletagmanager.com https://www.facebook.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.googleads.g.doubleclick.net https://*.doubleclick.net https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://i.ytimg.com https://s.ytimg.com https://cdn.contentful.com https://graphql.contentful.com https://images.ctfassets.net https://downloads.ctfassets.net https://dev.visualwebsiteoptimizer.com https://wingify.com https://*.hubspot.com https://api.hsforms.com https://track.hubspot.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://privacy-proxy.usercentrics.eu https://*.pusher.com https://*.oktopost.com https://bat.bing.com https://snap.licdn.com https://tracking.g2crowd.com https://cdn.dreamdata.cloud https://www.clarity.ms https://scripts.clarity.ms wss: https:; worker-src 'self' blob:; child-src 'self' blob: https:; manifest-src 'self'; 2 default-src 'self' www.google-analytics.com privacy-policy.truste.com *.marchex.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com privacy-policy.truste.com *.marchex.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' privacy-policy.truste.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; media-src 'self'; 2 frame-ancestors 'self' https://*.tsum.ru https://*.tsum.com; report-uri https://sentry.tsum.com/api/14/security/?sentry_key=009c465ac17e4f3fb722940ac763c938 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.portland.gov *.ssl.fastly.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net unpkg.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.portlandoregon.gov *.portlandmaps.com *.arcgis.com server.arcgisonline.com *.openstreetmap.org *.opentopomap.org *.tiles.wmflabs.org *.loop11.com *.rawgit.com api.mapbox.com *.recollect.net coolingsearch.org cdn.ckeditor.com; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.google.com/maps/ https://www.portlandoregon.gov/ https://www.portlandmaps.com/ *.arcgis.com arcg.is https://online.tableau.com/ https://public.tableau.com/ *.recollect.net https://app.smartsheet.com/ https://publish.smartsheet.com/ https://app.rankedvote.co/ 2 default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https:; style-src https: 'unsafe-inline'; connect-src https: wss:; frame-src https:; font-src * data:; object-src 'none'; frame-ancestors 'self' *.optimizely.com; report-uri /api/next/csp-report; report-to csp-report-endpoint; media-src https://*.ctfassets.net https://prod-bb-images.akamaized.net; 2 frame-ancestors https://platform.nexo.io https://platform.nexo.com https://support.nexo.io https://support.nexo.com https://nexosurvey.force.com https://nexoio.lightning.force.com https://nexoio--c.visualforce.com https://nexoio.my.site.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; img-src 'self' blob: data: * 2 default-src 'self' 'unsafe-inline' fellow.app; frame-ancestors 'self' https://fellow.app https://*.fellow.app https://staging.fellow.co https://*.staging.fellow.co; connect-src 'self' api.hubapi.com api.hubspot.com api.segment.io cdn.segment.com fellow.app forms.hsforms.com forms.hubspot.com heapanalytics.com https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com monitor.clickcease.com stats.g.doubleclick.net www.facebook.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com bat.bing.com yoast.com my.wpengine.com cdn.linkedin.oribi.io px.ads.linkedin.com forms.hscollectedforms.net *.chilipiper.com *.clarity.ms c.bing.com app.clearbit.com share.cello.so growthbook-proxy.fellow.app pocustrack.com *.pocustrack.com events.framer.com framerusercontent.com *.hsforms.net *.hsforms.com *.hubspot.com app.revenuehero.io api.framer.com api.rudderstack.com *.dataplane.rudderstack.com cdn.rudderlabs.com app.framerstatic.com cdn.jsdelivr.net pixel-config.reddit.com ads.reddit.com www.redditstatic.com conversions-config.reddit.com www.google.com google.com data.debugbear.com *.beehiiv.net *.intercom.io *.intercomcdn.com *.intercomusercontent.com pro.ip-api.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io wss://nexus-australia-websocket.intercom.io app.ablecdp.com ga.jspm.io; img-src 'self' blob: data: https: monitor.clickcease.com script.hotjar.com static.hotjar.com js.chilipiper.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com; media-src 'self' *.cloudfront.net *.vidyard.com fellow.app framerusercontent.com; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.hs-banner.com *.hs-scripts.com *.twimg.com *.twitter.com *.youtube.com *.cloudflare.com bat.bing.com cdn.heapanalytics.com cdn.segment.com connect.facebook.net ct.capterra.com d.adroll.mgr.consensu.org fellow.app forms.hubspot.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net monitor.clickcease.com optimize.google.com script.hotjar.com static.hotjar.com snap.licdn.com static.cloudflareinsights.com static.hotjar.com www.clickcease.com google-analytics.com *.google-analytics.com www.google.com googleadservices.com *.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com www.gstatic.com *.googleoptimize.com youtube.com js.usemessages.com *.vidyard.com www.gstatic.com js.chilipiper.com use.fontawesome.com yoast.com fellowapp.bamboohr.com *.clarity.ms c.bing.com tag.clearbitscripts.com *.clearbitjs.com assets.cello.so embed.typeform.com bat.bing.com *.pocustrack.com pocustrack.com framerusercontent.com events.framer.com app.framerstatic.com *.hsforms.net app.revenuehero.io cdn.rudderlabs.com cdn.jsdelivr.net www.redditstatic.com embeds.beehiiv.com cdn.debugbear.com edit.framer.com beehiiv-adnetwork-production.s3.amazonaws.com https://s3-us-west-2.amazonaws.com/b2bjsstore/ *.intercom.io js.intercomcdn.com app.ablecdp.com framer.com/edit/ cdn.cookie-script.com ga.jspm.io; frame-src 'self' blob: fellow.app app.hubspot.com forms.hubspot.com vars.hotjar.com www.facebook.com player.vimeo.com vimeo.com www.youtube.com youtube.com optimize.google.com anchor.fm *.twitter.com open.spotify.com embed-standalone.spotify.com *.vidyard.com www.google.com recaptcha.google.com *.chilipiper.com clarity.microsoft.com bid.g.doubleclick.net td.doubleclick.net form.typeform.com forms.hsforms.com *.schedulehero.io embeds.beehiiv.com www.googletagmanager.com edit.framer.com framer.com intercom-sheets.com; font-src 'self' data: fellow.app fonts.gstatic.com script.hotjar.com *.typekit.net framerusercontent.com app.framerstatic.com fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' *.twitter.com fellow.app fonts.googleapis.com optimize.google.com static.hotjar.com script.hotjar.com embed.typeform.com *.typekit.net 2 img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 2 default-src 'self' blob:; img-src 'self' *.ecpay.com.tw *.boxcdn.net *.maropost.com *.amazonaws.com *.adyen.com *.cloudfront.net *.userlike.com flp-service.zendesk.com static.zdassets.com consent.cookiefirst.com *.ytimg.com *.livehelpnow.net *.pcdn.co *.sharethis.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.googleapis.com *.s3.us-east-1.amazonaws.com *.s3.us-east-2.amazonaws.com *.gstatic.com *.clicktale.net pixy.org *.chargebee.com *.nextsphere.com *.ppipe.net *.myecheck.com *.oppwa.com *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com stats.g.doubleclick.net *.google.com www.google.com.sg data: www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com x1.xingassets.com blob: oppwa.com *.google-analytics.com s3-us-west-2.amazonaws.com *.facebook.com *.googletagmanager.com *.boxcloud.com app.tlinky.com *.fedex.com tile.openstreetmap.org *.basemaps.cartocdn.com *.google.co.uk sp.tinymce.com *.r2.dev *.tinymce.com *.google.ie ecpg-stage.ecpay.com.tw widgets.trustedshops.com *.google.com.mm; script-src 'self' *.forever-giving.org *.cdn-apple.com *.ecpay.com.tw *.userlike.com *.cdn01.boxcdn.net api.smooch.io *.adyen.com *.nexiopay.com *.cdn.jsdelivr.net *.jsdelivr.net *.amazonaws.com *.worldpay.com *.cloudfront.net *.mgipayments.com *.boxcdn.net *.boxcloud.com *.box.com *.s3-eu-west-1.amazonaws.com *.payvision.com *.siteprerender.com siteprerender.com *.google.com *.mgr.consensu.org *.livehelpnow.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com walls.io *.facebook.net *.cdn-javascript.net cdn-javascript.net x-apple-ql-id *.static-resource.com static-resource.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.clicksapp.net clicksapp.net *.s3.us-east-1.amazonaws.com *.clicktale.net *.chargebee.com *.authorize.net *.ppipe.net www.youtube.com *.oppwa.com *.s3-us-west-2.amazonaws.com *.myecheck.com *.googleapis.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com *.s3.amazonaws.com *.dropbox.com *.nextsphere.com www.googletagmanager.com *.google-analytics.com blob: *.gstatic.com test.acaptureservices.com *.clicksafe.lloydstsb.com oppwa.com acaptureservices.com consent.cookiefirst.com dl.dropboxusercontent.com graph.microsoft.com static.zdassets.com js.live.net cdn.tiny.cloud *.paypal.com *.b-cdn.net ecpg-stage.ecpay.com.tw js.hs-scripts.com clickapp.net *.nexiopaysandbox.com *.tiny.cloud *.paypalobjects.com app.tlinky.com *.r2.dev widgets.trustedshops.com flp-service.zendesk.com applepay.cdn-apple.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ecpay.com.tw *.livehelpnow.net *.adyen.com *.cookiefirst.com *.clicktale.net *.chargebee.com *.cdn.jsdelivr.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.google-analytics.com *.nextsphere.com x-apple-ql-id *.s3-us-west-2.amazonaws.com *.ppipe.net *.typekit.net *.oppwa.com *.myecheck.com sp.tinymce.com *.tinymce.com cdn.tiny.cloud *.tiny.cloud *.acaptureservices.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.google.com fonts.googleapis.com cdnjs.cloudflare.com ecpg-stage.ecpay.com.tw oppwa.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com *.r2.dev app.tlinky.com *.nexiopaysandbox.com *.nexiopay.com *.boxcdn.net googletagmanager.com cdn.honey.io 'unsafe-inline'; font-src 'self' applepay.cdn-apple.com *.cdn-apple.com *.ecpay.com.tw *.boxcdn.net *.cdn01.boxcdn.net *.nexiopay.com *.box.com *.cdn.jsdelivr.net *.cloudfront.net *.livehelpnow.net *.clicktale.net *.chargebee.com *.nextsphere.com *.ppipe.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.typekit.net *.myecheck.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.bootstrapcdn.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com ecpg-stage.ecpay.com.tw data: cdnjs.cloudflare.com fonts.gstatic.com *.b-cdn.net *.s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' applepay.cdn-apple.com *.cdn-apple.com wss://umd.userlike.com wss://chat.userlike.com *.nexiopay.com *.s3.us-east-2.amazonaws.com v2.zopim.com ekr. flp-service.zendesk.com *.1drv.com *.cloudfront.net *.cookiefirst.com *.adyen.com *.userlike.com *.box.com *.boxcloud.com api.ipify.org *.livehelpnow.net *.consensu.org *.vimeocdn.com cdn.tiny.cloud *.tiny.cloud *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.googleapis.com www.google.com.sg stats.g.doubleclick.net www.facebook.com *.s3.us-west-2.amazonaws.com *.socialsales.io *.clicktale.net sp.tinymce.com *.tinymce.com *.nextsphere.com *.ppipe.net vimeo.com *.authorize.net *.myecheck.com *.oppwa.com *.flpi.com s3-us-west-2.amazonaws.com *.s3.amazonaws.com *.acaptureservices.com *.s3-us-west-2.amazonaws.com *.chargebee.com *.google.com oppwa.com *.mgipayments.com *.google-analytics.com www.googletagmanager.com graph.microsoft.com google.com *.worldpay.com *.zdassets.com *.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com dl.dropboxusercontent.com *.google.co.in youtube.com *.boxcdn.net *.youtube.com wss://api.smooch.io *.s3-eu-west-1.amazonaws.com js.live.net connect.facebook.net js.hs-scripts.com *.gstatic.com clickapp.net cdn.jsdelivr.net static-resource.com cdn-javascript.net *.nexiopaysandbox.com *.flptitan.com ecpg-stage.ecpay.com.tw tile.openstreetmap.org *.basemaps.cartocdn.com flptitan.com *.r2.dev foreverliving.com app.tlinky.com *.fbo.flptitan.com *.foreverliving.com *.fbo.foreverliving.com www.dropbox.com *.ecpay.com.tw zendesk-eu.my.sentry.io data: blob:; media-src 'self' *.forever-giving.org *.boxcdn.net *.amazonaws.com *.userlike.com *.flptitan.com app.tlinky.com *.cloudfront.net *.youtube.com *.youtu.be *.foreverliving.com *.s3-us-west-2.amazonaws.com *.s3.us-west-2.amazonaws.com blob:; frame-src 'self' *.forever-giving.org forever-giving.org applepay.cdn-apple.com *.cdn-apple.com *.datatrans.com *.mfgroup.ch *.nexiopay.com *.ngenius-payments.com *.boxcdn.net *.flpqa.com *.userlike.com *.adyen.com *.amazonaws.com *.cloudfront.net *.facebook.com *.mgipayments.com *.livehelpnow.net *.sandbox.ngenius-payments.com *.acehubpaymentservices.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.mgr.consensu.org walls.io *.chargebee.com x-apple-ql-id *.youtube.com *.ppipe.net *.socialsales.io socialsales.io *.worldpay.com *.nextsphere.com vimeo.com *.oppwa.com *.myecheck.com *.acaptureservices.com *.flptitan.com *.foreverliving.com *.clicksafe.lloydstsb.com foreverliving.com flptitan.com *.boxcloud.com *.flpi.com *.google.com *.vimeo.com oppwa.com dl.dropboxusercontent.com graph.microsoft.com acs-public.tp.mastercard.com content.googleapis.com *.nexiopaysandbox.com app.tlinky.com *.r2.dev youtu.be youtube.com www.googletagmanager.com *.cardinalcommerce.com; frame-ancestors 'self' *.socialsales.io socialsales.io *.nexiopay.com foreverliving.com *.foreverliving.com *.flptitan.com flptitan.com *.contentsquare.net *.flptitan.com:8080 *.content-square.fr *.contentsquare.com *.chargebee.com youtu.be app.tlinky.com flpqa.com flp.com flp360.social *.flpqa.com *.nexiopaysandbox.com *.boxcdn.net *.flp.com *.flp360.social vimeo.com *.vimeo.com *.youtube.com youtube.com *.worldpay.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://js-eu1.hs-scripts.com https://snippets.freshchat.com https://wchat.freshchat.com https://www.clarity.ms https://chat.1grid.co.za https://bat.bing.com; frame-src 'self' https://chat.1grid.co.za; child-src 'self' https://chat.1grid.co.za; 2 frame-ancestors 'self' https://*.forumcommunity.net/ 2 frame-ancestors 'self' https://wella-pro.cms.wella.digital; object-src 'none'; upgrade-insecure-requests 2 frame-ancestors 'self' https://www.circana.com https://*.circana.com https://*.iriworldwide.com; 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; img-src 'self' https: data: https://www.google-analytics.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.com; connect-src 'self' https: https://www.google-analytics.com https://region1.google-analytics.com https://www.google.com https://www.gstatic.com; font-src 'self' https: data: https://fonts.gstatic.com data:; frame-ancestors 'self' https://mundoconnect.tumundo.cl;; object-src 'none'; frame-src 'self' https://www.youtube.com https://www.google.com https://www.gstatic.com https://tumundo.cl https://*.tumundo.cl https://mundoconnect.tumundo.cl https://ww2.movistar.cl https://tagmanager.google.com https://www.googletagmanager.com blob:; base-uri 'self'; upgrade-insecure-requests 2 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 2 default-src 'self' blob: *;base-uri 'self';font-src 'self' data: https://tv4play.humany.net/ https://apps.mypurecloud.com/ https://chat.kindlycdn.com/ https://cdn.braze.eu https://use.fontawesome.com;form-action 'self' *;frame-ancestors 'self' *;img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;script-src-attr 'none';style-src 'self' 'unsafe-inline' * 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://policy.app.cookieinformation.com https://vercel.live https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.piwik.pro https://portal.konvolo.com/chat-widget-bundle.js https://core.sanity-cdn.com api.vercel.com ; connect-src 'self' ws: *.api.sanity.io https://feed.jobylon.com policy.app.cookieinformation.com https://consent.app.cookieinformation.com https://vercel.live https://sanity-cdn.com https://*.piwik.pro api.vercel.com https://*.google.com https://*.googleadservices.com ; style-src 'self' 'unsafe-inline' policy.app.cookieinformation.com https://*.piwik.pro ; img-src 'self' blob: data: cdn.sanity.io policy.app.cookieinformation.com i.ytimg.com avatars.githubusercontent.com www.gstatic.com www.googletagmanager.com https://*.piwik.pro ; font-src 'self' https://*.piwik.pro ; object-src 'none'; frame-src 'self' *; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.bankid.no https://*.klarna.com https://*.nordea.com https://*.folio.no; upgrade-insecure-requests; 2 frame-ancestors 'self' https://zeroheight.com https://akira.ninjavan.dev https://*.myshopify.com https://app.zeplin.io https://ninjavansg.zendesk.com https://*.ninjavan.cn https://*.ninjavan.co; 2 frame-ancestors 'self' login.transporeon.com login.int.transporeon.com login.dev.transporeon.com login.test.transporeon.com www.transporeon.com; 2 frame-ancestors 'self' *.mybigcommerce.com *.shopify.com *.amptab.com *.wix.com framer.com *.fisglobal.com fisglobal.seismic.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ws: blob: data: 2 frame-ancestors https://app.contentful.com https://app.netlify.com https://create.netlify.com https://create.netlifystg.com 'self' 2 frame-ancestors self https://cms.double11.com 2 default-src data: blob: 'self' https://* 'unsafe-eval' 'unsafe-inline';object-src 'none'; upgrade-insecure-requests; 2 default-src 'self' ws: *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com;frame-ancestors *.magnolia-platform.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.reactandshare.com *.magnolia-platform.com;style-src 'self' 'unsafe-inline' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.reactandshare.com;img-src 'self' data: *.magnolia-platform.com *.cloudinary.net *.cloudfront.net *.facebook.com *.google.com *.google-analytics.com *.linkedin.com *.mapbox.com *.cartocdn.com *.reactandshare.com *.siteimproveanalytics.io https://staeuwvisitfinlandp.file.core.windows.net https://stasustainabletravelp.file.core.windows.net https://saeuwstfpublicp.blob.core.windows.net *.twimg.com *.visitfinland.com vk.com;media-src 'self' data: *.magnolia-platform.com *.cloudinary.net *.cloudfront.net *.facebook.com *.google.com *.google-analytics.com *.linkedin.com *.mapbox.com *.cartocdn.com *.reactandshare.com *.siteimproveanalytics.io https://staeuwvisitfinlandp.file.core.windows.net https://stasustainabletravelp.file.core.windows.net https://saeuwstfpublicp.blob.core.windows.net *.twimg.com *.visitfinland.com vk.com;connect-src 'self' ws: *.addsearch.com *.magnolia-platform.com *.businessfinland.fi *.cookiebot.com *.doubleclick.net *.google-analytics.com *.mapbox.com *.met.no *.oribi.io *.tiktok.com;script-src 'self' blob: 'unsafe-eval';script-src-elem 'self' 'nonce-CJBBJAkXxBsnSEPknKrffQ==' 'nonce-EQifJ0epDvPh4ZZ0idHqdQ==' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.twitter.com *.x.com *.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.snapchat.com *.tiktok.com *.microsoft.com *.office.com *.windows.net *.addsearch.com *.adform.net *.cookiebot.com *.hotjar.com *.licdn.com *.mapbox.com *.met.no *.oribi.io *.reactandshare.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.vimeo.com;frame-src https://* *.youtube.com *.tr.snapchat.com; 2 frame-ancestors 'self' https://*.crsadmin.com; 2 frame-ancestors 'self' https://cms.aws.newsmatics.com 2 frame-ancestors 'self' https://layout-cms.q13fox.com; 2 default-src 'unsafe-eval' 'unsafe-inline' blob: *;frame-src about: *;img-src data: about: blob: *;font-src data: *;frame-ancestors self my.readymag.com readymag.website readymag.com 2 frame-ancestors 'self' https://portal.ciee.org.br https://www.googletagmanager.com https://px.ads.linkedin.com https://dy0rclgxmql8f.cloudfront.net https://*.google.com/ https://*.zendesk.com https://googleads.g.doubleclick.net 2 frame-ancestors 'self' https://*.mncdn.com; 2 frame-ancestors https://*.lifeextension.com http://localhost:4201/; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.lidl-shop.nl https://*.online-metrix.net https://*.parcellab.com https://analytics.google.com https://facebook.com https://fonts.gstatic.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl https://www.google-analytics.com https://*.lidl.nl https://analytics.tiktok.com data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.ftrace.com https://*.lidl-info.com https://*.lidl-shop.nl https://*.vrxs.de https://facebook.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl https://tbs.tradedoubler.com https://www.edge-cdn.net https://*.lidl.nl; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz moz-extension: https://*.advertising.com https://*.adyen.com https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.lidl-shop.nl https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.stickyadstv.com https://*.taboola.com https://*.tradetracker.net https://*.twiago.com https://*.yahoo.com https://*.yieldlab.net https://analytics.google.com https://awin1.com https://content.odj.cloud https://contextual.media.net https://facebook.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl https://match.sharethrough.com https://play-lh.googleusercontent.com https://sync.outbrain.com https://translate.google.com https://translate.google.com https://visitor.omnitagjs.com https://www.google-analytics.com https://www.lidl-shop.be https://*.lidl.nl https://analytics.tiktok.com data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com https://*.lidl-shop.nl https://facebook.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.fitanalytics.com https://*.lidl-shop.nl https://*.parcellab.com https://*.semtrack.de https://*.tradetracker.net https://ajax.googleapis.com https://cdn.ravenjs.com https://code.etracker.com https://facebook.com https://forms.office.com https://h.online-metrix.net https://lidl-shop.nl https://s.ytimg.com https://www.dwin1.com https://www.google-analytics.com https://track.adform.net https://s2.adform.net https://analytics.tiktok.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline' https://*.fitanalytics.com https://*.lidl-shop.nl https://*.parcellab.com https://facebook.com https://forms.office.com https://lidl-shop.nl; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io https://beeem.co https://lidl-shop.nl; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' https://*.eyemed.com https://*.luxottica.com https://*.essilorluxottica.com; 2 frame-ancestors 'self' https://lucid.app 2 default-src 'none'; connect-src 'self'; frame-ancestors 'self'; child-src 'self'; frame-src 'none'; script-src 'self' 'sha256-ieoeWczDHkReVBsRBqaal5AFMlBtNjMzgwKvLqi/tSU='; style-src 'self' 'sha256-c7UXWUzN0H2d6Esy8XO3YkQZDAZlKfdWIsW1bupteNY=' 'sha256-De7agAeYqm6ANIVvRRW6HFWi52AJW8inhFE0gSdgXnI=' 'sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=' 'sha256-hMEnt2qMHAmQZgCjWJ4hweKuzi+3YEdUo00f8k/ebMo=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self'; img-src 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; form-action 'self' 2 default-src 'self' https://*.digitale-sammlungen.de 'unsafe-inline'; img-src * data:; media-src *; connect-src *; frame-src https://www.youtube.com; form-action 'self'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com https://s.ytimg.com https://plausible.io; img-src 'self' data: https://cdn.prgloo.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com https://img.youtube.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://plausible.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com; object-src 'self'; report-uri /service/csp; 2 script-src 'unsafe-inline' 'unsafe-eval' *.bradescoseguros.com.br *.bradescosaude.com.br *.bradescoautore.com.br *.bradescovp.com.br *.bradescodental.com.br *.bradescocapitalizacao.com.br *.mediservice.com.br *.novamedsaude.com.br *.bradseg.com.br *.googletagmanager.com *.google.com *.googleapis.com *.facebook.net *.licdn.com *.cloudflare.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.goadopt.io *.typeform.com *.hotjar.com *.iesnare.com *.medallia.com *.kampyle.com *.datatables.net *.evgnet.com *.thunderhead.com *.handtalk.me *.js.org *.clarity.ms *.jsdelivr.net *.jquery.com *.sunovitoso.com *.blob *.fullstory.com bradescoseguros.csod.com *.bradescoseguros.csod.com viacep.com.br *.go-mpulse.net; frame-ancestors 'self' *.bradescoseguros.com.br *.bradescosaude.com.br *.bradescoautore.com.br *.bradescovp.com.br *.bradescodental.com.br *.bradescocapitalizacao.com.br *.mediservice.com.br *.novamedsaude.com.br *.bradseg.com.br *.googletagmanager.com *.google.com *.googleapis.com *.facebook.net *.licdn.com *.cloudflare.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.goadopt.io *.typeform.com *.hotjar.com *.iesnare.com *.medallia.com *.kampyle.com *.datatables.net *.evgnet.com *.thunderhead.com *.handtalk.me *.js.org *.clarity.ms *.jsdelivr.net *.jquery.com *.sunovitoso.com *.blob *.fullstory.com bradescoseguros.csod.com *.bradescoseguros.csod.com viacep.com.br *.go-mpulse.net; 2 frame-ancestors 'self' *.pucv.cl; 2 frame-ancestors 'self'; block-all-mixed-content; 2 frame-ancestors 'self' https://gnosis-safe.io https://dev.gnosis-safe.io https://dapp-browser.apps.ledger.com https://ledger-live-platform-apps.vercel.app https://bsc.gnosis-safe.io https://polygon.gnosis-safe.io https://tmm.world https://dhedge.org https://dh-pre-prod.vercel.app/ https://app.safe.global https://*.coinshift.xyz https://connect.trezor.io https://verify.walletconnect.com https://wallet-v2.blocto.app https://1inch.cloudflareaccess.com https://buy.moonpay.com https://*.blockscout.com https://1inch.github.io https://connect.solflare.com https://1inch.com https://staging.1inch.com; frame-src data: blob: 'self' https://challenges.cloudflare.com https://app.safe.global https://*.coinshift.xyz https://connect.trezor.io https://verify.walletconnect.com https://wallet-v2.blocto.app https://dapp-browser.apps.ledger.com https://1inch.cloudflareaccess.com https://buy.moonpay.com https://sdk.prod.innerworks.me https://verify.walletconnect.org https://connect.solflare.com https://1inch.com https://staging.1inch.com https://subscribe-forms.beehiiv.com https://www.youtube.com https://youtube.com https://buy.moonpay.com https://verify.walletconnect.org; 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.ace.magsdirect-staging-eks-euw1.futureplc.engineering https://*.ace.magsdirect-prod-eks-euw1.futureplc.engineering; 2 frame-ancestors 'self' http://www.philips.co.uk *.philips.com *.philips.co.uk https://philipsigtdpv.com 2 frame-ancestors 'self' https://*.bidorbuy.co.za https://*.bobshop.co.za https://*.bob.co.za https://*.qa.bobshop.co.za; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://ipapi.co; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.bt.bt/wp-content/cache/; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://www.google-analytics.com https://bt.bt; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://geo.wpforms.com; frame-ancestors 'self'; frame-src 'self' https://maps.google.com https://www.google.com; object-src 'none'; upgrade-insecure-requests; 2 'self' script-src https://ajax.googleapis.com/ajax/*; object-src 'self' 2 default-src * data: 'unsafe-eval' 'unsafe-inline'; 2 Content-Security-Policy: frame-ancestors 'self' https://*.superbid.net; 2 default-src 'self'; style-src 'self' 'unsafe-inline' https://*.inside-graph.com https://fonts.googleapis.com https://*.typekit.net; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.queue-it.net https://*.krxd.net https://bam.nr-data.net https://*.adsrvr.org https://*.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://pixel.mathtag.com https://*.visualwebsiteoptimizer.com https://*.analytics.yahoo.com https://www.google-analytics.com https://s.yimg.com https://js-agent.newrelic.com https://*.inside-graph.com https://staticcdn.co.nz; img-src 'self' data: https://*.krxd.net https://*.mylotto.co.nz https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.co.nz https://staticcdn.co.nz https://shielded.co.nz https://*.adsrvr.org https://*.doubleclick.net; connect-src 'self' https://*.mylotto.co.nz https://misnwhpjb8.execute-api.ap-southeast-2.amazonaws.com https://bam.nr-data.net wss://*.inside-graph.com https://*.inside-graph.com https://*.google-analytics.com https://*.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://cornerstonecx.co.nz https://*.krxd.net https://*.adsrvr.org https://*.windcave.com https://*.paymentexpress.com https://*.doubleclick.net https://*.mathtag.com https://*.finrings.com https://*.youtube.com https://*.vimeo.com https://*.wagerworks.com https://*.nz.rgsgames.com https://*.az4.rgsgames.com https://*.i-w-g.com https://*.mylotto.co.nz https://*.flashtalking.com https://staticcdn.co.nz https://*.rgseinst.com https://*.sgch.com; font-src 'self' data: https://*.mylotto.co.nz https://mylotto.co.nz https://*.inside-graph.com https://fonts.gstatic.com 2 frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2 default-src * blob:;connect-src 'self' 'unsafe-inline' https://forms.hsforms.com https://js.hs-banner.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://region1.google-analytics.com https://us.consent.api.termly.io https://forms.hubspot.com https://hubspot-forms-static-embed.s2.amazonaws.com https://px.ads.linkedin.com https://*.hs-sites.com https://adservice.google.com https://dev.visualwebsiteoptimizer.com https://*.prodpad.com https://prodpad.com https://api.craftcms.com https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://analytics.google.com https://*.6sc.co https://*.fullstory.com https://*.getkoala.com/ https://www.redditstatic.com/ https://www.apollo.io/ https://assets.apollo.io https://signalwire.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://pixel-config.reddit.com https://aplo-evnt.com https://www.googleadservices.com;frame-src 'self' https://forms.hsforms.com https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io https://game.crisp.chat https://aplo-evnt.com https://www.googletagmanager.com https://td.doubleclick.net;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://*.fs1.hubspotusercontent-na1.net https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.swrooms.com https://js.hubspot.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://static.hsappstatic.net https://js.hsforms.net https://www.youtube.com https://youtube.com https://js.hsadspixel.net https://dev.visualwebsiteoptimizer.com https://*.prodpad.com https://prodpad.com https://www.clickcease.com https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://*.6sc.co https://*.fullstory.com https://*.getkoala.com/ https://www.redditstatic.com/ https://www.apollo.io/ https://assets.apollo.io https://signalwire.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://cdn.jsdelivr.net https://client.crisp.chat https://settings.crisp.chat;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com http://mcdn.signalwire.com https://mcdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat data:;img-src * data: 2 child-src 'self' *.lightning.force.com *.pendo.io *.greenhouse.io *.google.com *.vimeo.com *.isnetworld.com *.mypurecloud.com js.hs-scripts.com *.googletagmanager.com *.userway.org *.youtube.com; form-action 'self'; frame-ancestors 'self' *.lightning.force.com google.com *.vimeo.com 2 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.golfgalaxy.com golfgalaxy2.btttag.com *.dickssportinggoods.com *.cardinalcommerce.com *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.radar.com *.googleapis.com *.certona.net *.certona.com res-x.com *.attn.tv *.res-x.com maxcdn.bootstrapcdn.com *.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net *.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com *.nextdoor.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com www.googleadservices.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net *.braintreegateway.com www.paypal.com *.paypalobjects.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.rokt.com *.monetate.net creatives.attn.tv *.monetate.net ep2.adtrafficquality.google mczbf.com sjwoe.com cj.dotomi.com emjcd.com idsync.rlcdn.com *.mczbf.com *.cj.com *.tnapplications.com *.minionplatform.com blob:; worker-src *.golfgalaxy.com *.dickssportinggoods.com *.techlab-cdn.com blob:; frame-ancestors *.golfgalaxy.com *.dickssportinggoods.com *.tt.omtrdc.net; child-src *.golfgalaxy.com *.dickssportinggoods.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.cj.com *.cardinalcommerce.com *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net *.minionplatform.com maps.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.g.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.doubleclick.net *.googlesyndication.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.bambuser.com golfgalaxy-cti.gvcommerce.com *.rokt.com creatives.attn.tv *.tt.omtrdc.net *.monetate.net www.googletagmanager.com ep2.adtrafficquality.google *.techlab-cdn.com blob:; 2 default-src 'self' http://multimediaext.sergas.gal http://multimediaext.sergas.es https://multimediaext.sergas.gal https://multimediaext.sergas.es *.sergas.gal *.sergas.es *.gstatic.com *.googleapis.com *.googletagmanager.com *.readspeaker.com *.google.com *.google-analytics.com https://datawrapper.dwcdn.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.gstatic.com *.googleapis.com *.googletagmanager.com; font-src 'self' data: *.gstatic.com *.googleapis.com *.googletagmanager.com 2 frame-ancestors home.siberianhealth.com; 2 default-src 'none'; connect-src 'self' https://www.google-analytics.com https://sdk.privacy-center.org https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css agegate.pr-globalcms.com 4q87csmwes-dsn.algolia.net *.didomi.io pernod-ricard-deutschland.mynewsdesk.com px.ads.linkedin.com https://loop.pr-globalcms.com https://cdn.blueconic.net https://pernodricardusa.blueconic.net https://www.facebook.com https://www.googletagmanager.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery https://my.matterport.com https://www.google.com pernod-ricard-deutschland.mynewsdesk.com https://www.mynewsdesk.com https://live.eventtia.com; img-src 'self' https: data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://sdk.privacy-center.org https://avp.pravp.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://snap.licdn.com https://www.google.com https://www.gstatic.com https://static.cloudflareinsights.com agegate.pr-globalcms.com pernod-ricard-deutschland.mynewsdesk.com https://loop.pr-globalcms.com https://cdn.blueconic.net https://pernodricardusa.blueconic.net https://plugins.blueconic.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://vuejs.org; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io data: https://live-pernod-ricard-global-cms.pantheonsite.io https://loop.pr-globalcms.com https://plugins.blueconic.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com; frame-ancestors 'self' 2 default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 2 default-src 'self'; child-src https://notificacion.incibe-cert.es/; connect-src 'self' https://*.googleusercontent.com https://maps.googleapis.com https://*.flickr.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://*.incibe.es https://*.osi.es https://antibotnet.osi.es/ https://www.youtube.com https://www.vimeo.com https://*.vimeo.com https://www.google.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://www.youtube-nocookie.com https://notificacion.incibe-cert.es/ https://player.flipsnack.com/; img-src 'self' https://i.ytimg.com/ https://www.facebook.com https://cdn.syndication.twimg.com https://*.twimg.com https://platform.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://*.global.siteimproveanalytics.io https://live.staticflickr.com https://*.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://*.twimg.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' https://*.incibe.es/ https://proxy.sni-des-publica.sni.dev.incibe.es/ 2 base-uri 'none'; font-src 'self' https://*.motel-one.com https://*.the-cloud-one.com https://*.brame-gamification.com https://www.googletagmanager.com https://*.googleapis.com https://*.doubleclick.net https://*.google.com https://*.gstatic.com https://*.dialogshift.com *.abtasty.com; form-action 'self' https://*.motel-one.com https://*.the-cloud-one.com; frame-ancestors 'self' https://*.motel-one.com https://*.the-cloud-one.com https://*.one-foundation.de https://*.one-foundation.local https://one-foundation.local https://one-foundation.de; img-src 'self' data: https://*.motel-one.com https://*.the-cloud-one.com https://image.feature.motel-one.com https://image.stage.motel-one.com https://image.motel-one.com https://i.ytimg.com https://*.facebook.com https://*.abtasty.com https://*.editor-assets.abtasty.com https://*.adup-tech.com https://*.doubleclick.net https://*.bing.com https://*.bing.net https://*.cdninstagram.com https://ik.imagekit.io https://t.co https://*.adnxs.com https://*.demdex.net https://*.ads.yieldmo.com https://*.3lift.com https://*.smartadserver.com https://*.yahoo.net https://*.postrelease.com https://*.adform.net https://*.tremorhub.com https://*.teads.tv https://*.casalemedia.com https://*.emxdgt.com https://*.pubmatic.com https://*.taboola.com https://*.outbrain.com https://*.rubiconproject.com https://*.bidswitch.net https://*.sharethrough.com https://*.pinimg.com https://*.mediavine.com https://*.facebook.net https://*.google.ae https://*.google.at https://*.google.ba https://*.google.be https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ch https://*.google.co.cr https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.co.zw https://*.google.de https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bo https://*.google.com.br https://*.google.com.cy https://*.google.com.ec https://*.google.com.eg https://*.google.com.hk https://*.google.com.kw https://*.google.com.mt https://*.google.com.mx https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hr https://*.google.hu https://*.google.ie https://*.google.im https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.se https://*.google.si https://*.cx.atdmt.com https://maps.gstatic.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://assets.pinterest.com https://log.pinterest.com https://*.fbcdn.net https://image.motel-one.com https://*.motel-one.com https://*.the-cloud-one.com https://*.gstatic.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://analytics.twitter.com https://*.demdex.net https://*.criteo.com https://id5-sync.com https://*.ads.yieldmo.com https://*.3lift.com https://*.smartadserver.com https://*.yahoo.net https://*.yieldlab.net https://*.postrelease.com https://*.ivitrack.com https://*.adform.net https://*.omnitagjs.com https://*.tremorhub.com https://*.teads.tv https://*.casalemedia.com https://*.emxdgt.com https://*.pubmatic.com https://*.twiago.com https://*.360yield.com https://*.taboola.com https://*.outbrain.com https://*.rubiconproject.com https://*.bidswitch.net https://*.media.net https://*.sharethrough.com https://www.googletagmanager.com https://googletagmanager.com https://ih.adscale.de https://ads.betweendigital.com https://ads.travelaudience.com https://sync.1rx.io https://sync.targeting.unrulymedia.com editor-assets.abtasty.com https://*.googlesyndication.com https://*.googleadservices.com; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https://*.motel-one.com https://*.the-cloud-one.com 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://*.abtasty.com https://try.abtasty.com try.abtasty.com https://common-fonts.abtasty.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.pinterest.com https://*.googletagmanager.com https://googletagmanager.com https://*.bing.com https://*.bing.net https://fonts.googleapis.com https://*.google.com https://*.dialogshift.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.googletagmanager.com https://try.abtasty.com https://*.adup-tech.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://code.jquery.com https://brame-static.s3.amazonaws.com https://*.googleapis.com https://*.creativecdn.com https://s.ytimg.com https://*.googleadservices.com https://*.facebook.com https://*.facebook.net https://*.dialogshift.com https://*.criteo.com https://*.criteo.net https://*.licdn.com https://*.linkedin.com https://*.adnxs.com https://*.googlesyndication.com https://*.bing.com https://*.bing.net https://*.adsrvr.org https://*.cloudfront.net https://*.sia.eu https://*.google.ae https://*.google.at https://*.google.ba https://*.google.be https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ch https://*.google.co.cr https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.co.zw https://*.google.de https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bo https://*.google.com.br https://*.google.com.cy https://*.google.com.ec https://*.google.com.eg https://*.google.com.hk https://*.google.com.kw https://*.google.com.mt https://*.google.com.mx https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hr https://*.google.hu https://*.google.ie https://*.google.im https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.se https://*.google.si https://static.ads-twitter.com https://analytics.twitter.com https://assets.pinterest.com https://log.pinterest.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://*.dialogshift.com https://*.smartrecruiters.com https://ads.travelaudience.com https://*.triptease.io https://sgtm.motel-one.com https://sgtm.jobs.motel-one.com https://sgtm.the-cloud-one.com try.abtasty.com blob: *.abtasty.com; upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu https://*.triptease.io https://*.motel-one.com https://*.the-cloud-one.com; connect-src 'self' https://*.motel-one.com https://*.the-cloud-one.com https://*.google.com https://google.com https://*.googletagmanager.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.ingest.sentry.io https://*.abtasty.com https://*.googleapis.com https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.facebook.com https://*.surveysparrow.com https://maps.googleapis.com https://*.adup-tech.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://*.dialogshift.com https://core.prod.co25.net https://*.bing.com https://*.bing.net https://*.triptease.io *.abtasty.com analytics.tiktok.com analytics-ipv6.tiktokw.us; frame-src 'self' https://*.motel-one.com https://*.motel-one.local https://*.the-cloud-one.com https://*.the-cloud-one.local https://*.one-foundation.de https://one-foundation.local https://one-foundation.de https://*.one-foundation.local https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.googletagmanager.com https://www.youtube-nocookie.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://www.youtube.com https://cdnjs.cloudflare.com https://code.jquery.com https://*.googleadservices.com https://creativecdn.com https://*.creativecdn.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.facebook.com https://*.google.de https://*.adnxs.com https://*.bizographics.com https://*.googlesyndication.com https://*.bing.com https://*.bing.net https://*.adsrvr.org https://*.cloudfront.net https://*.usercentrics.eu https://log.pinterest.com https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://surveysparrow.com https://*.dialogshift.com https://*.smartrecruiters.com https://*.brame-gamification.com https://*.triptease.io; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://developers.kakao.com https://t1.kakaocdn.net https://unpkg.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://det86k4hnp18e.cloudfront.net; img-src 'self' data: https: blob:; media-src 'self' https:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://unpkg.com https://cdn.jsdelivr.net https://renewal-hr-applicant-fileupload.s3.ap-northeast-2.amazonaws.com; frame-src 'self' https://www.youtube.com https://www.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; worker-src 'self' blob: data:; child-src 'self' blob: data: 2 default-src 'self' cdn.sanity.io cdn.equinor.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.eds.equinor.com https://platform.twitter.com https://*.twimg.com; script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: https://*.googletagmanager.com https://siteimproveanalytics.com https://*.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.youtube.com ; img-src 'self' data: https://cdn.eds.equinor.com https://cdn.sanity.io https://cdn.equinor.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://i.ytimg.com https://*.cookiebot.com ; connect-src 'self' cdn.sanity.io cdn.equinor.com https://bcdn.screen9.com https://qcdn.screen9.com https://h61q9gi9.api.sanity.io https://h61q9gi9.apicdn.sanity.io/ https://tools.eurolandir.com https://inferred.litix.io/ https://*.algolia.net https://*.algolianet.com https://*.cookiebot.com https://eu-api.friendlycaptcha.eu ; child-src blob:; frame-src 'self' https://consentcdn.cookiebot.com https://lt.morningstar.com https://www.youtube.com https://vimeo.com https://player.vimeo.com https://sds-maintenance.com https://tools.eurolandir.com https://platform.twitter.com https://syndication.twitter.com https://vds.issgovernance.com https://*.plaii.no https://livestream.com https://*.castr.com https://pixel.as https://www.youtube-nocookie.com https://h61q9gi9.api.sanity.io http://localhost:3333; frame-ancestors https://studio-global-equinor-web-sites-preprod.c2.radix.equinor.com https://studio-global-equinor-web-sites-prod.c2.radix.equinor.com http://studiov3-global-development-equinor-web-sites-dev.c2.radix.equinor.com https://equinor.sanity.studio; font-src 'self' https://cdn.eds.equinor.com data:; media-src 'self' blob: https://bcdn.screen9.com https://qcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/; 2 frame-ancestors 'self' https://alpha.duoke.com https://alpha2.duoke.com https://alpha3.duoke.com https://web.duoke.com https://app.tongpaidang.com https://app.duoke.com 2 frame-ancestors https://caramel.la https://caramel.la/* 'self' 2 frame-ancestors 'self' https://app.eu.contentful.com 2 default-src 'none'; media-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self'; connect-src 'self'; 2 default-src 'none'; connect-src 'self' https://8133842.fls.doubleclick.net https://dpm.demdex.net https://ingdirect.d1.sc.omtrdc.net https://*.au.ingdirect.intranet https://*.au.ing.net https://*.ingdirect.com.au https://*.biabau.ingdirect.intranet https://*.biab.au.ing.net https://ingdirectaustralia.tt.omtrdc.net http://www.ingdirect.com.au/ https://www.google.com/ccm/; font-src 'self' data:; frame-src 'self' 'unsafe-inline' https://8133842.fls.doubleclick.net https://www.googletagmanager.com/gtag/ https://www.youtube.com https://ad.doubleclick.net/ https://td.doubleclick.net/ https://ingbankaultd.demdex.net/ https://i.ytimg.com/ https://calculators.infochoice.com.au/ https://keyfactssheet.infochoice.com.au/ https://www.ratecity.com.au/; img-src 'self' 'unsafe-inline' https://8133842.fls.doubleclick.net https://ad.doubleclick.net/ https://td.doubleclick.net/ https://cm.everesttech.net/ https://www.facebook.com/tr/ https://www.facebook.com/tr https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://ingdirect.d1.sc.omtrdc.net/ https://calculators.infochoice.com.au/Content/images/ https://i.ytimg.com/ https://dpm.demdex.net/ https://campaigns.ing.com.au/ data:; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/ https://assets.adobedtm.com https://ad.doubleclick.net/ https://td.doubleclick.net/ https://dpm.demdex.net https://ingdirectaustralia.tt.omtrdc.net/m2 https://calculators.infochoice.com.au/ https://www.ratecity.com.au/ https://connect.facebook.net/ https://campaigns.ing.com.au/; style-src 'self' 'unsafe-inline'; worker-src 'self' 2 default-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.dwin1.com https://*.trustpilot.com https://www.google-analytics.com https://*.heartinternet.uk http://*.doubleclick.net https://*.doubleclick.net https://*.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.googletagmanager.com https://t.co https://www.facebook.com https://www.google.com http://www.google.com https://www.google.co.uk https://www.google.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://googleads.g.doubleclick.net https://*.termly.io https://adac.api.yoursrs.com/static/client.js https://adac.api.yoursrs.com/ajax https://*.cloudstorage.secureserver.net https://snap.licdn.com https://*.trustpilot.com https://*.googleapis.com https://code.jquery.com http://img1.wsimg.com https://analytics.twitter.com https://*.heartinternet.uk https://img1.wsimg.com https://*.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://cdn.polyfill.io http://*.tiqcdn.com https://*.tiqcdn.com https://*.cloudflare.com https://*.trustpilot.com https://*.bootstrapcdn.com https://*.heg-cp.com; style-src 'self' 'unsafe-inline' https://*.heartinternet.uk http://*.googleapis.com https://*.googleapis.com https://*.bootstrapcdn.com https://*.jsdelivr.net; font-src 'self' 'unsafe-inline' https://*.heartinternet.uk https://releases.flowplayer.org https://*.bootstrapcdn.com; img-src 'self' data: https://www.googletagmanager.com https://*.ads.linkedin.com https://www.google.co.uk https://*.heartinternet.uk http://googleads.g.doubleclick.net http://t.co https://t.co http://www.google.com https://www.google.co.uk https://www.google.de https://www.facebook.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://*.akstat.io https://*.akamaihd.net https://analytics.twitter.com; frame-src 'self' https://*.trustpilot.com https://www.google-analytics.com https://*.heartinternet.uk http://*.doubleclick.net https://*.doubleclick.net https://*.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com https://connect.facebook.net https://www.googletagmanager.com https://t.co https://www.facebook.com https://www.google.com http://www.google.com https://www.google.co.uk https://www.google.de; connect-src 'self' https://www.google.com https://customer.heartinternet.uk/cp/public/v1.0/prices/domains https://customer.heartinternet.uk/cp/public/v1.0/subscriptions https://wwws.heartinternet.uk https://*.termly.io https://customer.heartinternet.uk/manage/basket.cgi https://customer.heartinternet.uk/manage/domain-search-data.cgi https://adac.api.yoursrs.com/ajax wss://adac.api.yoursrs.com/ws https://*.akstat.io https://*.go-mpulse.net https://cdn.linkedin.oribi.io https://*.akamaihd.net https://region1.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com; 2 form-action 'self' *.facebook.com *.workhuman.com; frame-ancestors 'self' app.contentful.com; frame-src 'self' *.workhuman.com *.workhumanpreprod.com vercel.app vercel.live *.googletagmanager.com *.doubleclick.net *.cdn.optimizely.com pixel.mathtag.com cdn.useproof.com *.cookiebot.com *.facebook.com *.twitter.com 862-jiq-698.mktoweb.com cookie.havasedge.com fast.wistia.net fast.wistia.com youtube.com www.youtube.com bat.bing.com *.lightning.force.com *.salesforce.com; base-uri 'none'; object-src 'self'; child-src 'self' *.fls.doubleclick.net; upgrade-insecure-requests; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce 2 default-src 'self' *.bioeg.de *.bzga.de *.ddev.site data:; script-src 'self' *.bioeg.de *.bzga.de *.ddev.site 'sha256-rAf7Gj+fDbDpOIfl2NReetn227olVzmASFPJCzQ9yg0='; style-src 'self' *.bioeg.de *.bzga.de *.ddev.site; frame-src 'self' https://www.bioeg.de/ https://piwik.bzga.de/ *.frcapi.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self'; img-src 'self' data: *.ytimg.com *.bioeg.de *.bzga.de 2 frame-ancestors 'self' *.c3.ai *.folloze.com c3.ai folloze.com 2 default-src 'self' blob:; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://tr.snapchat.com https://scripts.clarity.ms/* https://scripts.clarity.ms/ https://*.clarity.ms https://sc-static.net https://www.clarity.ms *.visualwebsiteoptimizer.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com app.vwo.com https://cdn.ampproject.org https://www.youtube.com/iframe_api https://*.intellectadz.com https://*.haptikapi.com https://app.vwo.com https://www.youtube.com https://*.criteo.com https://gtms2s.maxlifeinsurance.com https://*.axismaxlife.com https://dynamic.criteo.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me https://adgebra.co.in https://*.licdn.com https://cdn.pushcrew.com https://*.linkedin.com https://i.l-dsp.inmobicdn.net https://*.google.com https://toolassets.haptikapi.com https://numrcommonstorage.blob.core.windows.net https://*.akamaihd.net https://*.go-mpulse.net https://*.billdesk.com https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://*.outbrain.com https://maxneoggn.silaris.in:* https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://maps.googleapis.com *.indixital.com *.int.tl https://maxlifeinsurance-145508.uc.r.appspot.com https://toolassets.haptikapi.com https://*.hellohaptik.com https://fcmregistrations.googleapis.com https://cdn.indixital.com https://*.maxlifeinsurance.com https://*.axismaxlife.com https://*.creativecdn.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://omnisetup.silaris.in https://*.googleoptimize.com/ https://unpkg.com https://*.intellectadz.com/ https://*.gotrackier.com https://*.paytm.in https://*.google.com https://optimize.google.com https://*.artfut.com https://*.paytm.com https://*.akstat.io https://*.yahoo.com https://*.yimg.com https://a.mgid.com https://pixel.mathtag.com https://*.bing.com https://www.google-analytics.com https://*.amazon-adsystem.com https://TrackTrack.org https://*.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://unpkg.com https://*.billdesk.com https://*.billdesk.io https://*.netcoresmartech.com https://*.taboola.com https://www.tecprocesssolution.com https://www.paynimo.com https://schema.org https://maxneo.silaris.in https://*.hotjar.io https://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.outbrain.com https://maxneoggn.silaris.in:* https://*.ads-twitter.com https://www.invincibleiq.com/ https://www.youtube.com/iframe_api; connect-src 'self' https: wss: https://technicalseo.com https://www.technicalseo.com https://*.technicalseo.com https://fonts.gstatic.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com *.visualwebsiteoptimizer.com app.vwo.com wss: https://*.criteo.com https://www.google.com https://cdn.ampproject.org https://gtms2s.maxlifeinsurance.com https://*.axismaxlife.com https://player.vwo.me https://adgebra.co.in https://firebaseinstallations.googleapis.com https://securepg.paynimo.com https://*.licdn.com app.vwo.com https://*.linkedin.com wss://*.hellohaptik.com/mqtt https://*.haptikapi.com https://*.youtube.com https://app.vwo.com https://*.o18.link https://ssp-csync.smartadserver https://ampcid-google-com.o365.maxlifeinsurance.skyfencenet.com https://*.axismaxlife.com https://numrcommonstorage.blob.core.windows.net https://dev.visualwebsiteoptimizer.com https://dis.criteo.com https://pixel.rubiconproject.com https://u.openx.net https://agrim-prod-documents.s3.ap-south-1.amazonaws.com https://d19l9mjjyusa0p.cloudfront.net https://*.maxlifeinsurance.com https://*.axismaxlife.com https://*.hellohaptik.com wss://staging-emqx.hellohaptik.com wss://mqtt-emqx.haptik.me https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://api.haptikapi.com *.indixital.com *.int.tl https://maxlifeinsurance-145508.uc.r.appspot.com https://fcmregistrations.googleapis.com https://*.visualwebsiteoptimizer.com https://*.creativecdn.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.googleapis.com https://tinyurl.com/ https://bitly.com/ https://agrim-uat-documents.s3.ap-south-1.amazonaws.com https://payments-uat.maxlifeinsurance.com https://*.axismaxlife.com https://d3b8hhxb222skm.cloudfront.net https://d2mvi0djpg9q5l.cloudfront.net https://dixsh5d2ct1z2.cloudfront.net wss://*.paytm.in https://*.paytm.in https://*.paytm.com https://api.bigdatacloud.net https://optimize.google.com https://*.akstat.io https://*.yahoo.com https://*.yimg.com wss://*.hotjar.com https://*.go-mpulse.net https://*.facebook.com https://*.hotjar.io https://*.bing.com https://maxneoggn.silaris.in:* https://*.hotjar.com https://maxneo.silaris.in https://*.outbrain.com https://*.taboola.com https://ampcid.google.com https://ampcid.google.co.in https://www.google-analytics.com https://*.g.doubleclick.net https://www.paynimo.com https://*.netcoresmartech.com https://www.googletagmanager.com https://*.facebook.net https://*.billdesk.io https://*.billdesk.com https://analytics.google.com https://*.google.com https://www.google.co.in/ads https://api.interakt.ai https://tinyurl.com/ https://bitly.com/; img-src 'self' blob: https://*.clarity.ms https://tr.snapchat.com/ https://tr.snapchat.com/ https://sync.teads.tv https://*.casalemedia.com https://*.adnxs.com *.visualwebsiteoptimizer.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com app.vwo.com https://*.youtube.com https://*.maxlifeinsurance.com https://*.axismaxlife.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me https://tpcs.payu.in https://rt.udmserve.net https://*.licdn.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://*.linkedin.com https://*.inmobiapis.com https://*.g2afse.com https://app.vwo.com https://useruploads.vwo.io https://i.l-dsp.inmobicdn.net wss://*.hellohaptik.com/mqtt https://*.mdsmedia.co.in https://*.haptikapi.com https://*.affise.com/ https://*.indoleads.com/ https://*.o18.click/ https://*.onatrack.in/ https://*.salesleaf.com https://*.clckon.in https://*.ringocount.com https://*.performship.com https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fmaxservicecwyl.silaris.in&umid=e4671127-bb1a-11ef-90ee-002248d4b7bf&auth=8187024a6bfee489f0a48f52588c3399c36ab4f4-2895e8e819c67738c2429759f8d31f6d0e44464c https://maps.googleapis.com data: https://apmrum.maxlifeinsurance.com https://*.axismaxlife.com https://haptikappimg.haptikapi.com https://haptikappimg-ap-southeast-1.s3.amazonaws.com/ https://haptikappimg.s3.amazonaws.com/ https://haptikimg.s3.amazonaws.com/ https://haptikimg.s3-ap-southeast-1.amazonaws.com/ https://haptikappimg-v1.haptikapi.com/ https://haptikappimg-v1.s3.ap-south-1.amazonaws.com/ https://haptik-stagingcf.haptikapi.com/ https://haptik-stagingcf.haptikapi.com/ https://expertdashboardcf.haptikapi.com/ https://expert-dashboard.s3-ap-southeast-1.amazonaws.com/ https://expert-dashboard.s3.amazonaws.com/ https://expertdashboardcf-v1.haptikapi.com/ https://expertdashboardcf-v1.s3.ap-south-1.amazonaws.com/ https://s2.googleusercontent.com/ https://*.gstatic.com *.indixital.com *.int.tl https://dis.criteo.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.creativecdn.com https://*.googletagmanager.com https://ad.doubleclick.net https://*.visualwebsiteoptimizer.com https://*.o18.link https://pixel.rubiconproject.com https://u.openx.net https://*.quora.com/ https://*.paytm.in https://*.intellectadz.com/ https://*.gotrackier.com https://*.o18.link/ https://*.airtel.in/ http://*.offerstrack.net https://*.googleadservices.com https://*.atdmt.com https://www.gstatic.com https://*.bing.com https://*.skyfencenet.com https://fonts.gstatic.com https://script.hotjar.com https://optimize.google.com https://www.e-connect.in https://*.trackneo.com https://*.mathtag.com https://*.mgid.com https://*.yahoo.com https://*.clmbtech.com https://*.omguk.com https://*.go2cloud.org https://*.amazon-adsystem.com https://TrackTrack.org https://*.polyvalent.co.in https://adgebra.co.in https://*.taboola.com https://*.outbrain.com https://*.g.doubleclick.net https://*.facebook.com https://www.google.com https://www.google.co.in https://d28krgir60o432.cloudfront.net https://www.google-analytics.com https://www.paynimo.com http://www.w3.org https://www.tpsl-india.in https://adcanopus.go2cloud.org https://1.policytriangle.com/ https://trk.opiclepxl.com https://omnisetup.silaris.in https://optimidea.go2cloud.org https://tracking.salesleaf.com https://ryt.clckon.in https://ttrk.ringocount.com https://click.performship.com https://*.adcanopus.com https://*.twitter.com https://track.adnextmedia.com/ https://affle.vnative.net/ https://tracking.primedigital.in/ https://affilsoft.gotrackier.com/ https://leadstores.in/ https://paytm43.gotrackier.com/ https://metrics.makemytrip.com/ https://*.admitad.com/ https://*.vcommission.com/ https://iqwebgroup.o18.click/ https://timesinternetlimited187.o18.click/ https://addensuremedia.o18.click/ https://staticgw1.paytm.in/ https://t.co/ data:; style-src 'self' 'unsafe-inline' https://*.haptikapi.com https://*.googletagmanager.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com https://*.paytm.in https://*.paytm.com https://*.google.com https://*.googleapis.com https://*.googleapis.com https://*.skyfencenet.com https://*.billdesk.com https://*.billdesk.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.paynimo.com; base-uri 'self'; form-action 'self' * data: blob: 'unsafe-inline' 'unsafe-eval' https://*.paytm.in https://*.paytm.com; media-src 'self' https://app.vwo.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me https://adgebra.co.in https://*.licdn.com https://*.creativecdn.com https://*.paytm.in https://*.visualwebsiteoptimizer.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://www.youtube.com; font-src 'self' https://app.vwo.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me https://adgebra.co.in https://*.licdn.com *.visualwebsiteoptimizer.com https://*.haptikapi.com https://*.paytm.in https://*.paytm.com https://www.paynimo.com https://fonts.gstatic.com https://script.hotjar.com data:; object-src 'none'; frame-src https://tr.snapchat.com/ https://c.clarity.ms/* https://fnrk.in https://fnrk.in *.visualwebsiteoptimizer.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com app.vwo.com https://*.maxlifeinsurance.com https://*.axismaxlife.com https://video-staging.medibuddy.in https://*.licdn.com https://*.criteo.com https://www.googletagmanager.com https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me https://adgebra.co.in https://tsdtocl.com https://surveys.numr.app https://www.maxlifeinsurance.com/ https://*.axismaxlife.com https://video.medibuddy.in https://*.linkedin.com https://*.adgebra.co.in/ https://*.mdsmedia.co.in/ https://bot.maxlifeinsurance.com https://*.axismaxlife.com https://*.visualwebsiteoptimizer.com https://*.creativecdn.com https://*.pruads.com/ https://*.iperformance.in/ https://*.clmbtrck.in/ https://s.docsapp.in/ https://*.gotrackier.com/ https://*.paytm.in https://*.doubleclick.net https://*.paytm.com https://*.google.com https://*.skyfencenet.com https://*.amazon-adsystem.com https://*.mathtag.com https://*.icubeswire.co https://www.youtube.com https://*.billdesk.com https://*.billdesk.io https://*.hotjar.com https://*.facebook.com https://omnisetup.silaris.in https://*.g.doubleclick.net; manifest-src 'self' https://app.vwo.com https://*.vwo.com https://useruploads.vwo.io https://analytics.tiktok.com https://dev.visualwebsiteoptimizer.com https://player.vwo.me https://adgebra.co.in https://*.linkedin.com https://d3b8hhxb222skm.cloudfront.net https://d2mvi0djpg9q5l.cloudfront.net https://dixsh5d2ct1z2.cloudfront.net wss://*.paytm.in https://*.salesleaf.com https://*.clckon.in https://*.ringocount.com https://*.performship.com https://*.licdn.com https://*.visualwebsiteoptimizer.com https://*.paytm.in https://*.netcoresmartech.com https://omnisetup.silaris.in 2 default-src 'self' our.umbraco.com marketplace.umbraco.com;connect-src 'self' https://our.umbraco.com https://www.google-analytics.com https://maps.googleapis.com;frame-src 'self' https://marketplace.umbraco.com https://www.youtube.com;frame-ancestors 'self';script-src-attr 'self' 'unsafe-hashes' https://www.timevaluecalculators.com 'sha256-osfNhigSJXc8OJHaquzanxdFeSrcdyQ4IMr2JCoKAHI=' 'sha256-zBUD20Zzmm8unBB+mQGvT0/RAdIiv9Yb+6wbcLGRnv4=' 'sha256-VZ4ZCysdFhjp4R5vXDX4hGpGYu39RsBnNXp+nU/CfGE=' 'sha256-I2PbBTDldUVf2iViluqgx/xdoPVGu/S1Fv61A2QNUBQ=' 'sha256-bKaUT8+mO4cMU4KETpb5/Pe5S4vY/TIbpa2JP/rH5VI=' 'sha256-zWzoVPi+JRuigrmsloBQuSUBioJxfx8awlNrQsNAwhE=' 'sha256-7GlCGMSIJcNTRBPdfUZ36EvDF3cMNRAXGc1PTBSrmmI=' 'sha256-PII22oOie2pC3XdX0wj66tpVeQ1uT/9EEW66uzJOCVU=' 'sha256-mjFD5uCJaJT0393De1U12rUIPkwqyqbb7rr6T6tOO+g=' 'sha256-3dtoFvjQNiFkfcoaUorL0mCtqQNmEtYPKJ4ZKutLxu0=' 'sha256-6EL3QENKT8ZoHz0B4SujdsG4LcXhq38zBGDmvabrs2g=' 'sha256-UVe8aL77yyrm3Oq9H0/9FxnuNh87IsWoPIynuP20g6g=' 'sha256-QiSIS7Y2mUC+F02jr53n0dSDGruNlq7aI4w5TmSBcU8=' 'sha256-LqZKJS0hH6DBfCoQ5cLkWeDAPoaJ3bxaVrMZJ5aHzxY=' 'sha256-+CMYoP1kEoXsUO/t513QxA5XS2YSsvhcqDKu5zeNIEo=' 'sha256-dojYH1VXQYX8CH460bZscv36v18K7edZplYec/fZDQw=' 'sha256-7o26PSLUVKBgl6qqHjaA91XVSSMTX27SHlwmGzgAILU=' 'sha256-X5ykrk7IufzCUzH++66v2jUJKwzMBLG3jyhIkKIhywc=' 'sha256-ReftB5JqhkOrz3MZa/67YQSWP9z2RbVlRY14ilRZZq4=' 'sha256-lmQzCPWQ2RMDe45+s2z8uWl4bnvpI//cNyy8P1zkbuY=' 'sha256-W0gtYujbazamXxOSUElCtKUs+gXmWzMtcUH4NgVSxlM=' 'sha256-Jlpin7v6urtvjOR3OvqA5RS8WkZSH6yzEUgr4xIEolM=' 'sha256-Ds/qnYtTK7k5ITKaLy86CbgwdzqipMANXbnZSedStYg=' 'sha256-kYaBD3jGcrs0f0RltU4NkSobSkkECt0tGQH5FXtms+0=' 'sha256-/H/Pa6h8fvN++H4uQC3U2qSVbFftAR7SktEQDKKSLXs=' 'sha256-JSXMuCA2KyoM3yusTIOeCgSz9NaqjxyIET3RqqWAYHs=' 'sha256-NQ7syT9URYy8vV0BlG3YzxaEAJJYz2g0jHwY9eeTjQc=' 'sha256-0ANgmO0jSY6nOobwvyjEizt7Bush+mw5WHlOU74WvWI=' 'sha256-R3ap3OX4GdDWj7jLoUL/W3O2VNKbWLcFCqPatgY/CwU=' 'nonce-FPJfAxyh6Ds' 'sha256-Fn4FTkfPl3EJA0xrNVM4lCiJeR2HC6vBqgDTluUz7+Q=' 'sha256-bCoSCrb/somI2qGDll3x6b2dS+KmI0lasJMQbmfYFcY=' 'sha256-R45I/J9kK6eXN5SioFI4Z5QzTsibQGGIoReNY+VBGRI=' 'sha256-bAKtUJ4ZolWyIpLn3HjEhWL/CwbJ1W4TdKRNRZv4n44=' 'sha256-M2voXyYS3VMmfxgEn0xjbVcYMZzFRe1/mCw1tAXZL84=' 'sha256-Jw5pvBfPBjXTOgcyDqn5AaUmFdRb8OE4P136DjD8VqY=' 'sha256-Mr/nBZxV5JRFPOH3BoNcqFDemR06LkFzkXB8o/8EKzE=' 'sha256-28JqjI93F6DpY1aQ5SFoPWO/Bufm1ssXh0JA7OmApBo=' 'sha256-4GwRLe7A7eQbjkNpnOmw5b1N3wvbfZzqCEmPzDrTOIo=' 'sha256-95RMRFeZ+7Po29ZCrafTmZd5V5uMAql1meIxGOpUQsI=' 'sha256-g177Je6F+Y4TDclaSDjKeRnfeHpK14zZY8HR+L9LfWk=' 'sha256-z73EqLq946u2YEQNVU0Z7Zh++Rk1Ut28gRsQL/nTEnI=';script-src-elem 'self' https://siteimproveanalytics.com/js/siteanalyze_49669.js https://www.timevaluecalculators.com 'nonce-vNddzXJn6QA' 'nonce-6xaBY0PGOvA' 'sha256-0CQMbDLhApnZ5liy7mFoZA6ol/5djupAVqlqY64n2U4=' 'sha256-9yG7uFdptlQxsIAmqXatU7TyRmwwD6euCstHBxh/dIM=' 'sha256-s+2qtFQQwZztj9CLKxljBhlwHe1EYvU8kwHyCCePVH8=' 'sha256-axVt0+ZNKSkwrajtzSZhyYTI4i1O/MJ8+2WT5H4Axn0=' 'sha256-VJAM6BolRI9epsZNmfLqW6VTmCwxWqYG/gYF9BHk4zI=' 'sha256-DAR16vnYelQAC8IhJtcqEka+34ZZGeM9OH5H3I7wUnw=' 'sha256-I/0O0X+xh99W43WM8++3Luo7EBb0RwzycCWBOP6YrOs=' 'sha256-Xd28rz7m/SD7XZTiPgsiMfvXducSJyncr4M0VhQAv6g=' 'sha256-BFOKkBjm2ietnTozGFPiM4Sr25H/mVlPw1XTGmcCfWU=' 'sha256-5DI7UnblXeYa0u5FQqAOAXG3gevCJ5UHcKfC7yfZULk=' 'sha256-vp7yR2HlfvabVUIe7i5qa3ukzzrzgfE0Oi+cQyCr+M0=' 'sha256-qwULASgE8t1yz4vVp0zXx9akdXEUrWpKkxIT/vHtzkI=' 'nonce-bG9jYWxpemF0aW9u' 'nonce-ZXhwYW5kYWJsZQ==' 'nonce-LNVM9IYfbXk' 'nonce-3156c3f21b' 'nonce-aW9uYWxpemF0' 'nonce-BY0P6xaGOvA' 'nonce-GOvABY0P6xa' 'sha256-9wDs+yaWrlE2GgGBAbi/NVDugqlFsLAEwgIJnUwKfpc=';script-src 'self' 'unsafe-hashes' siteimproveanalytics.com https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://www.timevaluecalculators.com 'sha256-0CQMbDLhApnZ5liy7mFoZA6ol/5djupAVqlqY64n2U4=' 'sha384-q6JPDONlhQjlTTFSfpA4B+b6N+bpJptDEwKBnILd6BhSBaaQ+MSKRxohUIYuy1MM' 'sha384-yp8skXLQ5MFXsUwAWZbXxAqZMDIqO1aORujwx06y0hOxsFa1EJe56nOMMGXTPkjc' 'sha256-axVt0+ZNKSkwrajtzSZhyYTI4i1O/MJ8+2WT5H4Axn0=' 'sha256-RvkC228Q8+C1uB1j+BVZoYQInwQinnIIPboMNdpkHn0=' 'sha256-VJAM6BolRI9epsZNmfLqW6VTmCwxWqYG/gYF9BHk4zI=' 'sha256-DAR16vnYelQAC8IhJtcqEka+34ZZGeM9OH5H3I7wUnw=' 'sha256-iwiRRwKnOae+e1NUEZNXz7NM+6zy2LuNBMYMsOaG4fU=' 'sha256-zgfBQEBzb4maxy+zSOS6qLNswIS/E70vyCWJqRpoBy4=' 'sha256-VJsfypG/nAx46DLkn1p79yA1QdvdbkPtu3REdS5T+wI=' 'sha256-ZhxM5QkYBQzjJNW2yDLO2DZ88BGvLqv5KTw8H71sykk=' 'sha256-/4cmRfNOEk/cC4Vz9SKiTkVXQ2/T0+q6JMbnIWwAdgU=' 'sha256-5238lGjhhKe+aJ7KyCwzfmd1LGtgcCGRmVGO5fTLRoY=' 'sha256-Sz+yNIB3qxGQSmdphwiwZsdKIOBfu109ShyISKy3UBM=' 'sha256-78+BA7QFqeOVDjQJOT1thoJcehJsQc80iPY7XpFZiDI=' 'sha256-5Bpz5PRpdfQAG158VleLtx2AaMJbMLD3uICYoL4h3e0=' 'sha256-VeaOuhKqVYFuI8L/gM8IsWJEM43i59i5BWuhqhtEPv0=' 'sha256-92msGode+PdMwJ0aRbvcmxvUw0G0eJmfZf7tRFoEwM0=' 'sha256-aaCHDlg8icoJWfJKmIifwYGkGW9giXNAxGu7uYZ9EEk=' 'sha256-gtLATYLDUGjZ3cN30hl1ZlpPtIsuHTOi2ko8dzAYIV0=' 'sha256-Xd28rz7m/SD7XZTiPgsiMfvXducSJyncr4M0VhQAv6g=' 'sha256-L2YATLbuEzycqpj4VQxd7eUfn0g30mp76YWW3NFvqrA=' 'sha256-Tl6eNf6MIDJpxS8N4Q1ls7sxDpeMBdQ1FG0EfVu8Vok=' 'sha256-vXiT7QINpKSvbUM5tORYKLDf3FoF9b2HK6sPl37bhHw=' 'sha384-YMGY63oqO65ZF2CfUEZlpuWq/JGJxY3yKnmsrV5XvI+Dhv9QmhK1Nn9p6Ao1/+3N' 'sha256-zTwj9RFB3h2X5MFms1qaCNHDpJJY7AL3O12Gai580tg=' 'nonce-2726c7f26c' 'sha256-I/0O0X+xh99W43WM8++3Luo7EBb0RwzycCWBOP6YrOs=' 'nonce-bG9jYWxpemF0aW9u' 'nonce-Y2hlY2tpbmc=' 'nonce-vNddzXJn6QA' 'sha384-apfJm2DWye6itJXDari7QfgbBXzkNeRsr1xgTfEH0SCvYV+NlzqP+MkX/LHMZIPI';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.timevaluecalculators.com;img-src 'self' data: our.umbraco.com dashboard.umbraco.com *.woodforest.com https://www.gravatar.com https://www.s1.umbraco.io *.siteimproveanalytics.io https://maps.googleapis.com https://maps.gstatic.com *.prnewswire.com https://www.timevaluecalculators.com;font-src 'self' data: https://fonts.gstatic.com; 2 report-uri /csp-report.php; default-src 'none'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.fio.cz https://www.fio.sk https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://img.bankid.cz; connect-src 'self' *.analytics.google.com *.google-analytics.com https://ajax.googleapis.com https://pagead2.googlesyndication.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2 default-src 'unsafe-inline' knapp.com *.knapp.com blob: *.doubleclick.net fonts.googleapis.com; connect-src knapp.com *.knapp.com data: *.googleapis.com static.hsappstatic.net *.hubapi.com www.gstatic.com sourcemap.devowl.io px.ads.linkedin.com yoast.com my.yoast.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.google.com *.google-analytics.com *.hubspot.com *.hsforms.net *.hsforms.com hubspot-forms-static-embed-eu1.s3.amazonaws.com forms-eu1.hscollectedforms.net cta-eu1.hubspot.com *.leadinfo.net *.leadinfo.com broadcast.knapp.com *.knapp.at knapp.piwik.pro px.ads.linkedin.com *.google.com *.doubleclick.net knapp.containers.piwik.pro web-tracking.cloud.knapp.com; font-src data: maxcdn.bootstrapcdn.com *.gstatic.com static.hsappstatic.net use.typekit.net knapp.com *.knapp.com; frame-src *.hubspot.com *.hsforms.net *.hsforms.com app.hubspot.com *.facebook.com www.googletagmanager.com www.google.com *.google-analytics.com www.youtube-nocookie.com www.youtube.com *.vimeo.com *.hs-sites-eu1.com *.doubleclick.net *.maxr.at knapp.com *.knapp.com; img-src * data: blob:; media-src data: *.gstatic.com cdn-public.borlabs.io knapp.com *.knapp.com; script-src 'unsafe-eval'; script-src-attr 'unsafe-inline'; script-src-elem blob: *.cloudfront.net *.facebook.com *.facebook.net *.fullstory.com www.googletagmanager.com *.googleadservices.com *.googleapis.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com js-eu1.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.net *.hubspot.com *.leadinfo.net connect.facebook.net googleads.g.doubleclick.net knapp.containers.piwik.pro knapp.piwik.pro snap.licdn.com web-tracking.cloud.knapp.com www.googletagmanager.com www.google.com *.google-analytics.com www.gstatic.com www.youtube.com yoast.com knapp.com *.knapp.com 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem maxcdn.bootstrapcdn.com fonts.googleapis.com www.gstatic.com *.gstatic.com web-tracking.cloud.knapp.com 'unsafe-inline' knapp.com *.knapp.com; worker-src blob: knapp.com *.knapp.com; frame-ancestors knapp.com *.knapp.com *.hubspot.com *.maxr.at; report-to csp-endpoint 2 frame-ancestors 'self' https://*.particle.io http://particle.lookbookhq.com https://particle.lookbookhq.com http://particle.pathfactory.com https://particle.pathfactory.com 2 frame-ancestors same *.grupocpfl.com.br *.cpfl.com.br *.rge-rs.com.br grupocpfl.com.br cpfl.com.br rge-rs.com.br *.lndo.site *.web.ahdev.cloud; report-uri /report-csp-violation 2 default-src 'self' data: wss: 'unsafe-eval' 'unsafe-inline' blob: *.afterpay.com *.algolia.net *.algolianet.com *.applicationinsights.azure.com *.azure.com *.braintree-api.com *.braintreegateway.com *.cardinalcommerce.com *.cloudflareinsights.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hoyts.co.nz *.hoyts.com.au *.in.applicationinsights.azure.com *.jsdelivr.net *.paypal.com *.paypalobjects.com *.recaptcha.net *.report-uri.com *.smooch.io *.snapchat.com *.vimeo.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com analytics.tiktok.com analytics-ipv6.tiktokw.us apps.rokt.com az416426.vo.msecnd.net cdn.jsdelivr.net emailvalidatoruatfunc.azurewebsites.net google.com insights.algolia.io js.monitor.azure.com sc-static.net tr.snapchat.com stream.mux.com kg668dbov0.execute-api.us-east-1.amazonaws.com; object-src 'none'; frame-src *; img-src 'self' https: data:;upgrade-insecure-requests;report-uri https://hoyts.report-uri.com/r/d/csp/enforce 2 default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; media-src 'self' data: https: blob:; font-src 'self' data: https:; frame-src 'self' https: blob: data: tel:; frame-ancestors 'self' https://loterienationalenationale.qualifioapp.com/ https://aem-nl.prd.natlot.be https://aem-fr.prd.natlot.be https://aem-de.prd.natlot.be ;worker-src 'self' 'unsafe-inline' * blob:; connect-src 'self' https: https://sdk.privacy-center.org/ https://api.privacy-center.org/ wss://*.hotjar.com wss://webmessaging.mypurecloud.de; 2 default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.europe-west1.firebasedatabase.app https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.google.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com *.doubleclick.net https://connect.facebook.net https://analytics.tiktok.com https://js.stripe.com https://www.paypal.com https://www.paypalobjects.com https://*.onetrust.com https://*.hotjar.com https://www.redditstatic.com;connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk https://*.sndcdn.com https://*.soundcloud.com https://*.radiomast.io; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com https://*.typekit.net; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com https://*.typekit.net https://*.nts.live; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://*.google.com *.doubleclick.net *.firebaseapp.com https://js.stripe.com *.paypal.com https://www.paypalobjects.com https://www.googletagmanager.com; 2 default-src 'self' data: 'unsafe-inline' https://challenges.cloudflare.com *.boltdns.net *.brightcove.net http://opgdev1901 http://opgtest *.google-analytics.com https://*.google.com https://*.brightcove.com *.akamaihd.net *.boltdns.net https://brightcove.hs.llnwd.net https://stats.g.doubleclick.net https://*.classmarker.com https://*.crossref.org https://cm.scholarlyiq.com https://public.tableau.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://*.simpli.fi https://cdn.jsdelivr.net https://snap.licdn.com http://opgdev1901 https://opgtest *.fontawesome.com challenges.cloudflare.com unpkg.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://www.gstatic.com https://*.crossref.org https://cdnjs.cloudflare.com https://vjs.zendcdn.net https://vjs.zencdn.net https://players.brightcove.net https://www.youtube.com https://s.ytimg.com https://*.classmarker.com https://cdn.ckeditor.com https://public.tableau.com https://consent.studio *.perfdrive.com *.doubleclick.net *.stackadapt.com *.facebook.net https://www.redditstatic.com https://files.bettybot.ai blob:; style-src 'self' 'unsafe-inline' files.bettybot.ai https://cdn.jsdelivr.net http://opgdev1901 https://opgtest https://tagmanager.google.com https://fonts.googleapis.com https://*.crossref.org https://cdn.ckeditor.com *.stackadapt.com players.brightcove.net; img-src 'self' 'unsafe-inline' https://*.linkedin.com http://opgdev1901 https://opgtest *.simpli.fi d3qoh5n5udjkx5.cloudfront.net https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.crossref.org https://stats.g.doubleclick.net players.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.brightcovecdn.com https://imagebank.osa.org https://imagebank.optica.org https://account.optica.org https://cdn.ckeditor.com https://public.tableau.com https://www.osapublishing.org alb.reddit.com www.facebook.com www.google.com files.bettybot.ai; font-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.fontawesome.com http://opgdev1901 http://opgtest https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com about: players.brightcove.net; connect-src 'self' https://*.brightcovecdn.com https://*.algolia.net https://*.algolianet.com https://*.ads.linkedin.com https://*.fontawesome.com https://opgadmin https://*.optica.org https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://players.brightcove.net edge.api.brightcove.com *.boltdns.net *.akamaihd.net https://cdn.jsdelivr.net https://consent.studio https://*.linkedin.com https://*.simpli.fi https://opgtest https://analytics.google.com *.jsdelivr.net *.facebook.com *.reddit.com *.redditstatic.com *.googlesyndication.com *.stackadapt.com *.doubleclick.net https://betty-api.tasio.co; media-src 'self' 'unsafe-inline' http://opgdev1901 http://opgtest https://opg.optica.org https://www.osapublishing.org *.akamaihd.net *.boltdns.net https://*.brightcove.com *.brightcovecdn.com *.llnw.net *.llnwd.net *.akafms.net *.cf.brightcove.com blob: data:; object-src 'self' 'unsafe-inline' http://opgdev1901 http://opgtest *.akamaihd.net *.boltdns.net; frame-src 'self' https://www.googletagmanager.com players.brightcove.net crossmark.crossref.org; worker-src blob:; frame-ancestors 'self' http://cmsdev2001:1337/admin https://opgtest/; 2 frame-ancestors 'self' api.sheetmusicdirect.com *.arrangeme.com arrangeme.com 2 report-to slardar-endpoint; upgrade-insecure-requests ; 2 default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://piwik.bzga.de/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://youtu.be/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.18/widget.min.js; connect-src 'self' https://api.friendlycaptcha.com https://piwik.bzga.de 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.ro data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.lidl.ro; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.ro data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' https://layout-cms.fox7austin.com; 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; 2 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2 frame-ancestors 'self' https://sonae.outsystemsenterprise.com outsystems://sonae.outsystemsenterprise.com https://cartaocontinente.pt outsystems://cartaocontinente.pt 2 frame-src https://td.doubleclick.net https://web-widget.gupshup.io/ https://www.youtube.com/ https://*.partners.gupshup.io https://ssl-proxy.quickwork.co https://api.gupshup.io https://console.gupshup.io https://www.gupshup.io https://go.gupshup.io/ https://business.facebook.com https://www.googletagmanager.com;frame-ancestors self https://web-widget.gupshup.io/ https://console.gupshup.io https://www.gupshup.io https://api.gupshup.io https://ssl-proxy.quickwork.co https://*.partners.gupshup.io https://www.youtube.com/ https://go.gupshup.io/ https://business.facebook.com https://www.googletagmanager.com https://td.doubleclick.net/ 2 default-src 'self'; img-src 'self' data: pixel.wp.com *.hemi.xyz secure.gravatar.com *.wordpress.com; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.hemi.xyz *.wp.com cdn.markfi.xyz; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.wp.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.google-analytics.com *.hemi.xyz api.github.com cdn.markfi.xyz a.markfi.xyz; frame-src 'self' *.youtube.com; worker-src 'self' blob:; 2 frame-ancestors *.acuitybrandslighting.net *.acuitybrands.com *.acuitybrands.ca *.acuitybrands.com.mx *.acuitybrandstoronto.com *.besalfund.org *.dglogik.com *.distech-controls.com *.eldoled.com *.iotaengineering.com *.ke2therm.com *.luminis.com *.mcclungfoundation.org; 2 default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com *.firestonecompleteautocare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.firestonecompleteautocare.com *.tiktok.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.io *.hotjar.com *.bing.com *.beamery.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.adroll.com *.sprinklr.com d2hrivdxn8ekm8.cloudfront.net telemetry.vaultdcr.com ads.nextdoor.com; img-src * data: blob: ; connect-src *; frame-src *; media-src 'self' *.sprinklr.com blob:; font-src 'self' fonts.bridgestoneresources.com data: 2 default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com browser.events.data.microsoft.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/ 2 frame-ancestors 'self'; base-uri 'self'; form-action *.amazon.de blog.teufel.de checkout.getalma.eu checkout.sandbox.getalma.eu *.contentsquare.com *.contentsquare.net *.kameleoon.com *.kameleoon.eu *.kameleoon.io m.exactag.com payments.amazon.de payments.amazon.es payments.amazon.fr payments.amazon.it *.przelewy24.pl retoure.teufel.de row.ups.com service.teufel.de supportb2b.teufel.de support.teufel.de testblog.teufel.de test.saferpay.com teufelsurvey.fra1.qualtrics.com www.saferpay.com www.terminland.de teufel.de zed.teufel.de login.microsoftonline.com teufelaudio.at teufel.ch teufelaudio.fr teufelaudio.nl teufelaudio.be teufelaudio.es teufelaudio.it cz.teufelaudio.com dk.teufelaudio.com ee.teufelaudio.com fi.teufelaudio.com gb.teufelaudio.com gr.teufelaudio.com hr.teufelaudio.com hu.teufelaudio.com ie.teufelaudio.com li.teufelaudio.com lt.teufelaudio.com lu.teufelaudio.com lv.teufelaudio.com no.teufelaudio.com pt.teufelaudio.com se.teufelaudio.com si.teufelaudio.com sk.teufelaudio.com teufelaudio.pl us.teufelaudio.com 'self' 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' public.govdelivery.com touchpoints.app.cloud.gov *.clarity.ms dap.digitalgov.gov *.google-analytics.com *.typekit.net *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov *.googletagmanager.com; img-src 'self' blob: fonts.gstatic.com *.googletagmanager.com data: cg-1b082c1b-3db7-477f-9ca5-bd51a786b41e.s3-us-gov-west-1.amazonaws.com content.govdelivery.com touchpoints.app.cloud.gov *.clarity.ms *.bing.com *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov *.google-analytics.com *.typekit.net img.youtube.com; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com; media-src 'self'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com; connect-src 'self' public.govdelivery.com touchpoints.app.cloud.gov *.clarity.ms performance.typekit.net *.google-analytics.com *.googletagmanager.com *.ncua.gov ncua.gov *.mycreditunion.gov mycreditunion.gov; frame-src 'self' app.powerbigov.us public.govdelivery.com *.youtube.com www.googletagmanager.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datarobot.com *.wistia.net *.wistia.com *.google-analytics.com *.googletagmanager.com *.mktoresp.com *.mktoutil.com *.clickagy.com *.smartling.com *.hotjar.com *.amcharts.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net *.hockeystack.com cdn.evgnet.com munchkin.marketo.net cdn.cookielaw.org blob: *.zoominfo.com ws.zoominfo.com static.zoominfo.com cdn.zoominfo.com js.zi-scripts.com; script-src-elem 'self' 'unsafe-inline' *.adsrvr.org *.bing.com *.clearbitscripts.com *.clearbitjs.com *.clickagy.com *.cloudfront.net *.cookiebot.com *.datarobot.com *.doubleclick.net *.evgnet.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.intentsify.io *.jsdelivr.net *.licdn.com *.marketo.net *.sentry-cdn.com *.techtarget.com *.tfaforms.net *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.zoominfo.com *.calendly.com *.amcharts.com *.hotjar.com *.hockeystack.com static.hotjar.com *.onetrust.com *.cookielaw.org *.usbrowserspeed.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net unpkg.com cdn.evgnet.com munchkin.marketo.net d-code.liadm.com cdn.cookielaw.org js.zi-scripts.com blob:; connect-src 'self' *.algolia.net *.algolianet.com *.bing.com *.clearbit.com *.clickagy.com *.cloudfront.net *.cookiebot.com *.cookielaw.org *.doubleclick.net *.datarobot.com *.evergage.com *.facebook.com *.facebook.net *.formassembly.com *.google-analytics.com *.googletagmanager.com *.google.com *.hockeystack.com *.linkedin.com *.mktoresp.com *.mktoutil.com *.amcharts.com *.smartling.com *.techtarget.com *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.zoominfo.com *.geolocation.onetrust.com https://geolocation.onetrust.com *.privacyportal.onetrust.com https://privacyportal.onetrust.com ws.hotjar.com content.hotjar.io insight.adsrvr.org ws.hotjar.com *.jsdelivr.net wss://ws.hotjar.com blob: *.zoominfo.com ws.zoominfo.com js.zi-scripts.com metrics.hotjar.io; style-src * 'unsafe-inline'; font-src * data:; img-src * blob: data: static.zoominfo.com cdn.zoominfo.com; media-src 'self' blob: *.wistia.com fast.wistia.net; frame-src 'self' *.adsrvr.org *.cookiebot.com *.clickagy.com *.datarobot.com *.doubleclick.net *.google.com *.googletagmanager.com *.teamwalnut.com *.wistia.com *.wistia.net *.calendly.com *.amcharts.com *.youtube.com calendly.com; frame-ancestors 'self' *.datarobot.com *.calendly.com calendly.com;; upgrade-insecure-requests; report-to csp-endpoint 2 upgrade-insecure-requests; base-uri 'self'; object-src 'self'; frame-ancestors 'self'; form-action 'self'; 2 frame-ancestors 'self' http://www.1001games.com 2 frame-ancestors 'self'; upgrade-insecure-requests;script-src 'self' 'unsafe-inline' slashdot.org *.fsdn.com *.adroll.com analytics.slashdotmedia.com *.facebook.net *.google.com *.gstatic.com apis.google.com j.6sc.co ml314.com b.sf-syn.com *.consentmanager.net; worker-src 'self' blob: 2 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 2 frame-src blob: https://*.sber-bank.by https://*.bps-sberbank.by http://zabirai.dev-3c.by https://*.zabiray.by https://ioauth.raschet.by:6444 https://ioauth.raschet.by https://www.youtube.com data: https://www.googletagmanager.com https://www.google-analytics.com https://www.webvisor.com; frame-ancestors 'self' https://21vek.finance.by https://*.easyonline.by https://emall.by https://*.finshop.by https://1ak.by https://xistore.by https://*.sila.by https://*.multimart.by https://nsv.by https://*.belpsb.by https://*.[spcom.by|http://spcom.by] https://epay-sber.spcom.by; 2 default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'wasm-unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; frame-src blob:; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-modals allow-downloads 2 default-src https: data: blob: wss://*.zopim.com wss://*.hotjar.com wss://*.noibu.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.reskyt.com; upgrade-insecure-requests 2 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * 'unsafe-inline' 'unsafe-eval' data:; media-src *; worker-src * blob:; 2 connect-src * 2 default-src * 'unsafe-inline' 'unsafe-eval' data:; report-uri /report-csp-violation 2 frame-ancestors 'self' https://pindrop.partners.com 2 frame-ancestors 'self' https://marchedufilm.online 2 img-src * 'self' https: 'unsafe-eval' data: https://*.transcend.io/* https://*.mutinycdn.com/* https://*.mutinyhq.io/* https://*.mutinyhq.com/* https://*.qualified.com/* https://*.wistia.com/* http://splashthat.com/* http://*.marketo.net/* http://*.6sc.co/* https://app.qualified.com/ https://sync.transcend.io/ https://vercel.live/ https://www.youtube.com/ http://668-yxh-576.mktoweb.com/ https://cdn.transcend.io/ https://splashthat.com/ http://splashthat.com/ http://munchkin.marketo.net/ wss://ws.qualified.com/ https://client-registry.mutinycdn.com/ http://668-yxh-576.mktoresp.com https://videos.ctfassets.net/ wss://ws7.hotjar.com/ wss://ws-us3.pusher.com/ https://events.rm-api.com/ https://app.mutinyhq.com/; frame-ancestors 'self' https://app.mutinyhq.com/; 2 style-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net https://s3.tradingview.com/tv.js sdk.onfido.com api.onfido.com 'unsafe-inline' 'unsafe-eval' blob: filesystem:;script-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net https://s3.tradingview.com/tv.js sdk.onfido.com api.onfido.com blob: 'nonce-L5ulJ4uMZrA5wEcgVFADgqSECd5q' 'sha256-KpHv3zgivMSB4dPnfYfqMt2lBibsYvM36EdoBBAsfbM=' 'sha256-CyaL1Is5BrtV1nqGyf5M82XfYCZN/AlWOA1PAYCeQn0=' 'sha256-ThhI8UaSFEbbl6cISiZpnJ4Z44uNSq2tPKgyRTD3LyU=' 'sha256-NNiElek2Ktxo4OLn2zGTHHeUR6b91/P618EXWJXzl3s=' 'sha256-iJzZc68vmFUdQcHFENrt71ytPNej1jN9vfbHsHeC3EY=' 'sha256-9E/vN59Vhl5uVfXqJSzWab36nu8sc/qubjpo15R2h3c=' 'sha256-MllbaXjKDb8zmCId86PfKk5mI7On1rtSLhAdwB5ydag=' 'sha256-3j0iuCOFkkCuP1aq7ZI49Oe7oT3Onx3ryrb00cOf3cA=' 'unsafe-eval';img-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net https://s3.tradingview.com/tv.js sdk.onfido.com api.onfido.com refined-confidence-27b518c130.media.strapiapp.com smarthub.adm.gov.ae blob: data:;object-src 'none';media-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net https://s3.tradingview.com/tv.js sdk.onfido.com api.onfido.com blob:;worker-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net https://s3.tradingview.com/tv.js sdk.onfido.com api.onfido.com blob:;connect-src 'self' *.tamm.ae gstatic.com js.arcgis.com portaldev.elab.abudhabi.ae server.arcgisonline.com services.arcgisonline.com stackpath.bootstrapcdn.com static.arcgis.com arcgis.sdi.abudhabi.ae geocode.arcgis.com translate.googleapis.com *.gstatic.com *.google.com *.google.ae www.tamm.abudhabi api.abudhabi.ae sandboxadmin.prioticket.com adda-chatbot-prod.azurewebsites.net ocsdk-prod.azureedge.net addadevstorage.blob.core.windows.net webchatic3.blob.core.windows.net addastorageaccountuat.blob.core.windows.net *.omnichannelengagementhub.com comms.omnichannelengagementhub.com orgbb3c15ea-crm15.omnichannelengagementhub.com earthquake.usgs.gov onwani.abudhabi.ae https://obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com tamm-pp-prod-static.obs.ae-ad-1.g42cloud.com www.googletagmanager.com www.google-analytics.com schdmngr.tamm.abudhabi static.tamm.abudhabi adda-bot-preprod.azurewebsites.net adda-chatbot-r2-prod.azurewebsites.net org2930f7c0-crm15.omnichannelengagementhub.com tamm-test-bot.azurewebsites.net storageproductionaccount.blob.core.windows.net browser.pipe.aria.microsoft.com *.skype.com *.communication.azure.com *.trouter.skype.com unpkg.com dc.services.visualstudio.com obs-adda-sgs-tamm-portal-dev-test.obs.ae-ad-1.g42cloud.com oc-cdn-ocuae-uae.azureedge.net https://ae-prod.asyncgw.teams.microsoft.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.screenmeet.com https://*.scrn.mt https://tamm-chatbot-test.azurewebsites.net *.office.com/ *.microsoft.com/ https://go.trouter.communication.microsoft.com/ https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.trouter.skype.com https://*.skype.com/* https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://*.omnichannelengagementhub.com/* https://cdn.botframework.com/botframework-webchat https://webchatic3.blob.core.windows.net https://comms.omnichannelengagementhub.com https://ocsdk-prod.azureedge.net https://*.service.signalr.net https://*.communication.azure.com https://oc-cdn-ocprod.azureedge.net/livechatwidget oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://edge.screenmeet.com wss://*.screenmeet.com https://tamm-chatbot-prod.azurewebsites.net/ www.dls.tamm.abudhabi https://dls.tamm.abudhabi dls.tamm.abudhabi https://dmm-prod.tamm.abudhabi/ https://preprodcrm-apim.tammcrm.abudhabi.ae/ https://prodcrm-apim.tammcrm.abudhabi.ae/ https://tamm-chatbot30-test-falcon.azurewebsites.net/ https://static-dev.tamm.abudhabi/ static-dev.tamm.abudhabi https://tamm-convai-dev-apigw.azure-api.net/ tamm-convai-dev-apigw.azure-api.net tamm-convai-dev-apigw.azure-api.net/* https://tamm-convai-stage-apigw.azure-api.net/ tamm-convai-stage-apigw.azure-api.net tamm-convai-stage-apigw.azure-api.net/* https://tamm-convai-prod-apigw.azure-api.net https://tamm-convai-prod-apigw.azure-api.net/* api-stg.tamm.abudhabi api-prod.tamm.abudhabi https://api-stg.tamm.abudhabi/ stage-salama.itc.gov.ae salama-par.itc.gov.ae strguae1dev.blob.core.windows.net https://s3.tradingview.com/tv.js sdk.onfido.com api.onfido.com blob: ws: wss:;frame-ancestors 'self' 2 default-src 'self'; connect-src *; font-src * data:; frame-src * *.wellsfargo.com; img-src * data:; media-src *; object-src *; script-src * *.wellsfargo.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src https://*.afw.com; 2 default-src 'self' https:; img-src * data:; media-src 'self' https: blob: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: data:; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.mega.cl *.megatiempo.cl *.meganoticias.cl *.mdstrm.com *.tomorrow.io *.etc.cl servicios-mega.cdn.mdstrm.com data:; style-src 'self' 'unsafe-inline' https: blob: data:; connect-src 'self' https:; form-action 'self'; base-uri 'self'; worker-src 'self' blob: *.megamedia.cl *.etc.cl *.megatiempo.cl *.meganoticias.cl *.mega.cl; frame-src 'self' https:; child-src 'self' blob: *.megamedia.cl *.firebaseapp.com *.mdstrm.com; frame-ancestors *.meganoticias.cl *.mega.cl *.etc.cl *.megamedia.cl *.megatiempo.cl *.google.com elfestival.tv; 2 form-action 'self' https://*.entorno.es; frame-ancestors 'none'; report-uri https://nicdev9.entorno.es/scp-report.php 2 default-src 'self' 'unsafe-inline' data: https:; frame-ancestors 'self' 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://my.thevivestia.com https://*.lidl-hellas.gr data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://my.thevivestia.com https://*.lidl-hellas.gr; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl-hellas.gr data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; form-action shop.justlanded.com *.justlanded.com *.justlanded.es *.justlanded.co.uk *.justlanded.de *.justlanded.fr *.justlanded.it *.justlanded.jp *.justlanded.at *.justlanded.mx *.justlanded.gr *.justlanded.ru *.justlanded.se *.justlanded.cn *.justlanded.ch *.justlanded.be *.justlanded.co.in *.justlanded.co.nz tpc.googlesyndication.com; object-src 'none'; base-uri 'self'; 2 default-src 'self' assets-next.mattersprotocol.io; script-src 'self' assets-next.mattersprotocol.io 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com challenges.cloudflare.com *.google-analytics.com *.analytics.google.com js.stripe.com *.cloudflareinsights.com pagead2.googlesyndication.com *.adtrafficquality.google *.doubleclick.net tpc.googlesyndication.com adservice.google.com; style-src 'self' 'unsafe-inline' assets-next.mattersprotocol.io fonts.googleapis.com; img-src 'self' data: blob: assets.matters.news imagedelivery.net assets-next.mattersprotocol.io *.matters.town nft-cdn.alchemy.com matters-server-production.s3-ap-southeast-1.amazonaws.com *.google-analytics.com *.walletconnect.com *.walletconnect.org matters-billboard-ad.s3.ap-southeast-1.amazonaws.com/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.adtrafficquality.google; font-src 'self' fonts.gstatic.com; media-src 'self' data: blob: assets.matters.news imagedelivery.net assets-next.mattersprotocol.io *.matters.town nft-cdn.alchemy.com matters-server-production.s3-ap-southeast-1.amazonaws.com *.google-analytics.com *.walletconnect.com *.walletconnect.org matters-billboard-ad.s3.ap-southeast-1.amazonaws.com/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.adtrafficquality.google; connect-src 'self' ws: wss: assets-next.mattersprotocol.io https://server.matters.town/graphql https://server.matters.news/graphql upload.imagedelivery.net *.google-analytics.com firebase.googleapis.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com api.stripe.com *.walletconnect.org *.walletconnect.com *.web3modal.org *.alchemyapi.io *.alchemy.com cloudflare-ipfs.com/ipfs/ ipfs.io/ipfs/ ipfs-gateway.matters.town/ipfs/ ipfs.w3s.link *.ingest.us.sentry.io *.adtrafficquality.google adservice.google.com *.doubleclick.net; frame-src 'self' button.like.co www.youtube.com player.vimeo.com player.bilibili.com www.bilibili.com www.instagram.com jsfiddle.net codepen.io challenges.cloudflare.com js.stripe.com hooks.stripe.com *.walletconnect.com *.walletconnect.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com *.adtrafficquality.google www.google.com; prefetch-src 'self' assets-next.mattersprotocol.io; report-uri https://o1089931.ingest.us.sentry.io/api/6153512/security/?sentry_key=5af839b6d42044548d8ec70f00af8c10; report-to csp-endpoint 2 frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my https://www.cimbclicks.com.my; object-src 'none'; upgrade-insecure-requests; script-src 'self' rum.hlx.page assets.adobedtm.com *.googletagmanager.com *.google-analytics.com analytics.tiktok.com *.adsrvr.org tags.crwdcntrl.net connect.facebook.net *.doubleclick.net *.google.com *.innity.net *.outbrain.com *.hotjar.com *.onetrust.com *.line-scdn.net *.demdex.net *.omtrdc.net *.cimb.com.sg *.quantserve.com *.quantcount.com *.brand-display.com *.fontawesome.com *.pand.ai *.mookie1.com *.cimbclicks.com.my *.bbci.co.uk *.oracleinfinity.io *.oracle.com *.gstatic.com *.licdn.com *.recaptcha.net *.adobe.com *.cloudfront.net *.youtube.com *.googleusercontent.com *.youtube-nocookie.com *.azureedge.net *.blob.core.windows.net 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.google.com https://recaptcha.net https://www.recaptcha.net *.doubleclick.net *.brand-display.com *.googletagmanager.com *.adsrvr.org *.demdex.net *.forksurge.com *.crwdcntrl.net *.cloudfront.net youtube-nocookie.com *.youtube-nocookie.com https://*.fls.doubleclick.net players.brightcove.net *.youtube.com irs.tools.investis.com *.googleusercontent.com *.azureedge.net https://www.cimbclicks.com.my; 2 frame-ancestors 'self' https://energy-explorer-test.azurewebsites.net https://energy-explorer.azurewebsites.net https://explorer.hitachienergy.com https://hitachilandscapes.com https://www.hitachienergy.com https://dev.cms.cloud.hitachienergy.cn https://stage.cms.cloud.hitachienergy.cn https://www.hitachienergy.cn https://landscapes.hitachienergy.com https://privacyportal.cookiepro.com 2 frame-ancestors 'self' ai.nb.no tools.nb.no produksjon.nb.no dev.produksjon.nb.no; 2 default-src *.transactcampus.com *.doubleclick.net *.hubspot.com *.linkedin.com *.ads.linkedin.com *.googletagmanager.com 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js google.com *.google-analytics.com *.doubleclick.net https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com bat.bing.com snap.licdn.com www.clarity.ms *.clarity.ms cdn-cookieyes.com *.hotjar.com js.hsadspixel.net js.hs-banner.com analytics.tiktok.com js.hscollectedforms.net *.sharethis.com *.hsforms.net *.usemessages.com *.sc-static.net sc-static.net *.snapchat.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://www.ssa.gov tours.transactcampus.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com widgets.ziftsolutions.com static.ziftsolutions.com *.ziftsolutions.com analytics.ziftsolutions.com 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.googleadservices.com ka-p.fontawesome.com cdn2.hubspot.net https://www.ssa.gov tours.transactcampus.com *.ziftsolutions.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com devsitefinitystorage.blob.core.windows.net bat.bing.com www.google.com google.com px.ads.linkedin.com dev.transactcampus.com cdn-cookieyes.com *.clarity.ms *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.googleusercontent.com *.hotjar.com *.snapchat.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net dummyimage.com transactcampus.com https://www.ssa.gov/accessibility/andi/icons/reload.png https://www.ssa.gov *.transactcampus.com *.ads.linkedin.com px4.ads.linkedin.com cdn.jsdelivr.net *.ziftsolutions.com *.ziftone.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: kit.fontawesome.com ka-p.fontawesome.com *.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com; frame-src *.transactcampus.com 0ecf577fddb14f62ad2eaa098f4a5f08.svc.dynamics.com https://www.youtube.com https://player.vimeo.com https://devsitefinitystorage.blob.core.windows.net https://dev.transactcampus.com google.com *.hotjar.com *.hsforms.net *.hsforms.com *.google.com *.sharethis.com *.snapchat.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.monday.com *.doubleclick.net biteable.com *.googletagmanager.com hemsync.clickagy.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com ka-p.fontawesome.com kit.fontawesome.com stats.g.doubleclick.net log.cookieyes.com cdn-cookieyes.com google.com *.google.com *.clarity.ms *.cookieyes.com *.hubapi.com *.tiktok.com *.hubspot.com *.hsforms.com *.hsforms.net forms.hubspot.com *.hotjar.io *.hotjar.com *.sharethis.com *.hscollectedforms.net *.oribi.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com js.hscta.net *.hs-banner.com *.bitsighttech.com *.linkedin.com *.snapchat.com *.crwdcntrl.net aorta.clickagy.com hemsync.clickagy.com *.ziftsolutions.com *.zi-scripts.com *.zoominfo.com *.ziftmarcom.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://devsitefinitystorage.blob.core.windows.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com google.com www.clarity.ms *.google.com 'self' web-chat.nativechat.com 2 block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2 default-src 'self'; font-src 'self' data: https://cdn.givechariot.com https://cdn.jdrf.design https://cdn.acsbapp.com https://doublethedonation.com/fonts/inter/ https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://cloud.typography.com *.userway.org matchbox.hepdata.com; frame-ancestors 'self'; frame-src 'self' blob: https://app.blackbaud.com/ https://secure.dafpay.com https://chatbot.breakthrought1d.org https://cdn.userway.org https://www.tiktok.com/ https://platform.twitter.com https://ndam-landing-page.s3.amazonaws.com https://www.googletagmanager.com https://widget.thegivingblock.com/ https://td.doubleclick.net/ https://word.rodeo/ https://prod-useast-b.online.tableau.com/ https://www2.breakthrought1d.org https://crosswordlabs.com https://jdrf.massrel.io https://*.jdrfoverlays.com https://jdrfoverlays.com https://tgbwidget.com https://public.tableau.com/ https://app.hubspot.com https://www.youtube-nocookie.com https://a597080980.cdn.optimizely.com https://wp.freemius.com https://player.vimeo.com https://antidote.me https://www.youtube.com https://public.domo.com https://www.google.com https://www.facebook.com https://www.matchinggifts.com https://ww2.matchinggifts.com https://javamatch.matchinggifts.com https://x.adroll.com; img-src 'self' blob: https://img.youtube.com/ https://*.adentifi.com https://doublethedonation.com/api/img/ https://www.facebook.com/ https://connect.facebook.net https://s.amazon-adsystem.com/ https://cm.g.doubleclick.net https://public.tableau.com/static/images/Ma/MapsActiveGrants-US/MapsActiveGrants-US/1.png https://public.tableau.com/static/images/7N/7NPFK7P5M/1.png data: https://www.dafdirect.org https://ipv4.d.adroll.com https://x.bidswitch.net https://*.reson8.com https://reson8.com https://idsync.rlcdn.com https://dsum-sec.casalemedia.com https://sync.srv.stackadapt.com https://tags.bluekai.com https://dpm.demdex.net https://usermatch.krxd.net https://cms.analytics.yahoo.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.taboola.com https://image2.pubmatic.com https://sync.outbrain.com https://ib.adnxs.com *.userway.org https://ups.analytics.yahoo.com https://eb2.3lift.com https://d.adroll.com https://pixel.quantserve.com https://cdn.acsbapp.com https://gravatar.com https://s3-us-west-2.amazonaws.com https://wpstorelocator.co https://khms0.googleapis.com https://khms1.googleapis.com https://s38924.pcdn.co https://gravityforms.s3.amazonaws.com https://s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://marvel-processor.bc0a.com https://updates.bnecreative.com https://s.w.org https://ps.w.org https://a1.b0e8.com https://marvel-b1-cdn.bc0a.com https://www.google.co.in https://googleads.g.doubleclick.net https://*.wpengine.com https://bat.bing.com https://nova.collect.igodigital.com https://p.typekit.net https://secure.gravatar.com https://sp.analytics.yahoo.com https://www.google-analytics.com https://www.google.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com *.ads.linkedin.com ajax.googleapis.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6467beef974ac544f93aa9e8.endpoint.csper.io https://www2.breakthrought1d.org; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://secure.dafpay.com https://cdn.givechariot.com https://chatbot.breakthrought1d.org https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js https://*.adentifi.com https://widget.thegivingblock.com/widget/script.js https://doublethedonation.com/api/js/ddplugin.js *.userway.org https://platform.twitter.com https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.js https://www.tiktok.com/embed.js https://www.gstatic.com https://app.blackbaud.com https://sdk.amazonaws.com/js/aws-sdk-2.927.0.min.js https://code.jquery.com/jquery-3.6.0.min.js https://www.harborcompliance.com/js/dynamic-disclosures.js https://online.tableau.com/javascripts/api/tableau.embedding.3.latest.min.js https://prod-useast-b.online.tableau.com/javascripts/api/tableau.embedding.3.latest.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js https://www.dafdirect.org https://public.tableau.com/javascripts/api/viz_v1.js https://analytics.tiktok.com https://d.adroll.com https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js https://js.dev.shift4.com/shift4.js https://s.adroll.com https://cdn.segment.com https://js.hs-scripts.com https://ajax.aspnetcdn.com https://djtflbt20bdde.cloudfront.net https://player.vimeo.com https://antidote.me https://www.google.com https://cdn.optimizely.com https://maps.googleapis.com https://cdn.jsdelivr.net https://marvel-b2-cdn.bc0a.com https://cdn.b0e8.com https://cdn.mxpnl.com https://acsbapp.com https://*.collect.igodigital.com https://bat.bing.com https://connect.facebook.net https://*.doubleclick.net https://s.yimg.com https://s3.amazonaws.com https://*.hotjar.com https://secure.adnxs.com https://unpkg.com https://use.typekit.net https://walls.io https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www2.breakthrought1d.org https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com snap.licdn.com https://ams.wpml.org; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.givechariot.com https://doublethedonation.com/api/css/ddplugin.css *.userway.org https://ams.wpml.org https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css https://www.dafdirect.org https://ajax.googleapis.com https://rgsharedweb.s3.amazonaws.com https://use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css https://use.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cloud.typography.com matchbox.hepdata.com; worker-src 'self' blob: https://www.breakthrought1d.org https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is; connect-src 'self' https://*.givechariot.com https://mpc-prod-14-s6uit34pua-ue.a.run.app/events/ https://demo-1.conversionsapigateway.com/ https://test-drive-20-1053047382554.us-central1.run.app/ https://unpkg.com/ https://www.google.com/ccm/collect *.userway.org https://doublethedonation.com/api/v1/ https://ndam-landing-page.s3.amazonaws.com https://bt1d-320050302261.s3-accesspoint.us-east-1.amazonaws.com https://www.harborcompliance.com/dynamic-disclosures/public-api/subscriptions/fb24b4c8-2b27-4d65-86d7-e37bff85eb69 https://prod-useast-b.online.tableau.com/vizportal/api/web/v1/auth/embed/signin https://analytics.google.com https://*.optimizely.com https://optimizely.com https://*.hubspot.com https://hubspot.com https://pixel.quantcount.com https://spreadsheets.google.com https://host-v618rd.api.swiftype.com https://metrics.hotjar.io https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://in.hotjar.com https://www2.breakthrought1d.org https://acsbapp.com https://errors.client.optimizely.com https://my.yoast.com https://vc.hotjar.io https://my.wpengine.com https://yoast.com https://www.google-analytics.com https://www.google.co.in https://cdn.acsbapp.com https://logx.optimizely.com https://maps.googleapis.com https://s.yimg.com https://stats.g.doubleclick.net https://dx.mountain.com https://px.mountain.com https://gs.mountain.com/gs https://44.238.122.172/is https://100.20.58.101/is https://35.85.84.151/is https://44.228.85.26/is https://34.215.155.61/is https://35.160.46.251/is https://52.71.121.170/is https://18.210.229.244/is https://44.212.189.233/is https://3.212.39.155/is https://52.22.50.55/is https://54.156.2.105/is matchbox.hepdata.com *.ads.linkedin.com bat.bing.com https://ams.wpml.org; 2 script-src 'unsafe-inline' 'unsafe-eval' * blob:; frame-src 'unsafe-inline' *; connect-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-ancestors 'self' https://*.sitecorecloud.io; img-src * data:; upgrade-insecure-requests; 2 default-src 'none'; connect-src 'self' hcaptcha.com *.hcaptcha.com; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net hcaptcha.com *.hcaptcha.com; style-src 'self' hcaptcha.com *.hcaptcha.com 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; frame-src 'self' hcaptcha.com *.hcaptcha.com *.youtube-nocookie.com; 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.hubspot.com *.cookielaw.org *.cdntwrk.com *.wistia.com *.wistia.net *.q2.com *.sentry-cdn.com *.clarity.ms *.google.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.gstatic.com *.hsappstatic.com *.hsappstatic.net *.hubspot.net *.hs-banner.com *.hsadspixel.net *.hs-analytics.com *.hs-analytics.net *.licdn.com *.marketo.net *.marketo.com *.zoominfo.com *.bizible.com *.6sc.co *.qualified.com *.segment.com *.bugcrowd.com *.bugcrowdusercontent.com bugcrowd.com *.jsdeliver.net *.jsdelivr.net *.cloudflare.com *.doubleclick.net *.youtube.com *.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com 8ab0a26cb0027939bcf5-49c99c3c0c9c98b3365b710757036e1b.ssl.cf5.rackcdn.com *.crazyegg.com *.callrail.com; style-src 'self' *.q2.com 'report-sample' 'unsafe-inline' *.cdntwrk.com *.googleapis.com *.hsappstatic.net *.hubspot.net *.jsdeliver.net *.jsdelivr.net *.marketo.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net *.hubspotusercontent-na1.net *.pathfactory.com *.googletagmanager.com *.zuddl.com *.qualified.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.mktoresp.com *.hubspotusercontent-na1.net *.google.com *.hubspot.com *.hs-banner.com *.onetrust.com *.cookielaw.org *.wistia.com *.embed-cloudfront.wistia.com *.wistia.net *.6sc.co *.6sense.com *.qualified.com wss://*.qualified.com *.segment.com *.segment.io *.linkedin.com *.google-analytics.com *.clarity.ms *.hubapi.com *.doubleclick.com https://stats.g.doubleclick.net *.zoominfo.com *.adnxs.com *.litix.io *.marketo.com *.doubleclick.net *.youtube.com *.pathfactory.com *.zuddl.com api.prod.zuddl.com *.crazyegg.com *.gonorth.io *.callrail.com *.googleadservices.com; font-src 'self' data: *.gstatic.com *.cdntwrk.com *.wistia.com *.wistia.net 7044196.fs1.hubspotusercontent-na1.net *.pathfactory.com *.zuddl.com; frame-src 'self' *.q2.com *.qualified.com *.doubleclick.net *.wistia.net *.gstatic.com *.google.com *.googletagmanager.com *.bugcrowd.com bugcrowd.com *.hubspotvideo.com *.marketo.com *.youtube.com *.pathfactory.com *.uberflip.com *.zuddl.com *.on24.com *.qualified.com; img-src 'self' *.q2.com data: *.hubspotusercontent-na1.net *.hsappstatic.net *.6sc.co *.cdntwrk.com *.cookielaw.org *.wistia.com *.hsforms.com *.linkedin.com *.hubspot.com *.hubspot.net *.bizible.com *.cloudinary.com *.clarity.ms *.bing.com *.googletagmanager.com *.placeholder.com *.marketo.com googleads.g.doubleclick.net *.doubleclick.net *.google.com *.doubleclick.net *.youtube.com *.hubspotusercontent40.net *.pathfactory.com *.bizibly.com *.gstatic.com *.zuddl.com *.imgix.net *.wistia.net *.qualified.com; manifest-src 'self'; media-src 'self' *.q2.com 7044196.fs1.hubspotusercontent-na1.net 7044196.fs2.hubspotusercontent-na1.net 7044196.fs1.hubspotusercontent-eu1.net 7044196.fs2.hubspotusercontent-eu1.net *.marketo.com blob: *.doubleclick.net *.youtube.com *.pathfactory.com; form-action 'self' *.marketo.com *.mktoweb.com *.zuddl.com *.callrail.com *.googleadservices.com *.qualified.com; frame-ancestors 'self' *.q2.com *.pathfactory.com *.lookbookhq.com; report-to https://343747560e392f7a31ae9a0247c09302.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2 default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 2 default-src 'self' blob: data: gap:; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' *.entel.cl *.en.tel *.ampproject.org *.cliengo.com *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.adnxs.com *.doubleclick.net *.rfihub.com *.vimeo.com *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.bing.com *.qualtrics.com *.cloudfront.net *.google-analytics.com *.youtube.com *.run.app *.visualwebsiteoptimizer.com *.ocularsolution.com *.creativecdn.com https://www.liveentel.cl/ https://cdn.cookielaw.org/ https://ws01.a365.com.pe:5443 https://ad.soicos.com https://api.instanda.us https://entel.sistemaimpulsa.com https://cdn.mouseflow.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://ds-aksb-a.akamaihd.net/aksb.min.js https://front.optimonk.com/public/122144/js/preload.js https://gs-cdn.optimonk.com/jfclientsdk/latest/jfclientsdk.min.js https://hit.uptrendsdata.com/rum.min.js https://sslwidget.criteo.com/event https://static.criteo.net/js/ld/ld.js https://unpkg.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://entel.sistemaimpulsa.com/catchform-oportunidades.js https://js.hs-analytics.net/ https://js.hs-banner.com/6758175.js https://js.hs-scripts.com/6758175.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://prism.app-us1.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://track.neianalytics.com/piwik.js https://trackcmp.net/t_prism_sitemessages.php https://www.googleadservices.com wss://claudia-bff-web-production.lisstaylor.net/ https://snap.licdn.com/ https://www.gstatic.com https://smtpjs.com/v3/smtp.js https://code.jquery.com/jquery-3.5.1.min.js https://use.fontawesome.com/releases/v5.0.6/js/all.js https://www.google-analytics.com/analytics.js https://embedded-files.tryadviser.com https://cloudfront.barilliance.com/entel.cl https://cloudfront.barilliance.com/entel.cl/cbar.js.php https://www.barilliance.net https://static.barilliance.com/web-push/service-worker.js https://assets.videsk.io https://api.telegram.org https://www.google.cl http://js.hsforms.net/forms/v2.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://hcaptcha.com https://cdn.alive.haus/ https://api-events.alive.haus/ https://site.golive.haus/ https://*.maze.co/ https://tags.tiqcdn.com/libs/tealiumjs/latest/tealium_collect.min.js https://tags.tiqcdn.com/shared/tms/ https://analytics.tiktok.com/ https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com https://app.vwo.com https://api-encrypt-dot-entel-vm-md-ct.rj.r.appspot.com/encrypt-node-crypto-js visitor-service-us-east-1.tealiumiq.com visitor-service.tealiumiq.com https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js https://cdn.jsdelivr.net/npm/fuse.js@6.5.3 https://www.datadoghq-browser-agent.com https://web-vitals-script.leaderint.workers.dev https://*.clarity.ms https://t.womtp.com/ https://ws.walmeric.com/; style-src 'unsafe-inline' 'report-sample' 'self' *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.google.com *.googletagmanager.com *.bing.com *.onesignal.com *.doubleclick.net *.ocularsolution.com https://cdn.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://embedded-files.tryadviser.com https://assets.videsk.io https://www.barilliance.net https://*.maze.co https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com https://app.vwo.com https://t.womtp.com/ https://ws.walmeric.com/; font-src 'self' 'unsafe-inline' data: *.entel.cl *.en.tel *.entelcc.cl:9001 *.entelcc.cl *.onesignal.com *.doubleclick.net https://cdn.visualwebsiteoptimizer.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.maze.co https://*.digitalretail.vodafone.com https://db.onlinewebfonts.com/t/ https://entel.cdn.modyo.com; object-src 'self'; base-uri 'self'; connect-src 'self' *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.google.com *.google.cl *.googleapis.com *.googletagmanager.com *.google-analytics.com *.bing.com *.analytics.google.com *.g.doubleclick.net *.onesignal.com *.doubleclick.net *.rfihub.com *.zendesk.com *.onetrust.com *.qualtrics.com *.creativecdn.com *.visualwebsiteoptimizer.com *.ocularsolution.com *.vodafone.com https://www.googleadservices.com https://d5phz18u4wuww.cloudfront.net https://*.clarity.ms https://connect.facebook.net https://www.facebook.com https://graph.instagram.com wss://olivia-bff-web-production.coffeew.net https://entel.sistemaimpulsa.com https://api.hsforms.com https://ws01.a365.com.pe:5443 https://api.instanda.us https://api-encrypt-dot-entel-vm-md-ct.rj.r.appspot.com/decrypt https://api-encrypt-dot-entel-vm-md-ct.rj.r.appspot.com/encrypt-node-crypto-js https://corsanywhereentel-dot-entel-vm-md-run.rj.r.appspot.com https://entel-vm-md-ct.rj.r.appspot.com https://front.optimonk.com https://jfapiprod.optimonk.com https://hit.uptrendsdata.com https://n2.mouseflow.com https://54.94.191.152 https://api.hubapi.com https://forms.hubspot.com https://hooks.zapier.com http://200.27.23.102/Test_WF_ENTEL6/WebServices/WorkflowEngineSOA.asmx https://cdn.ampproject.org https://gcs-storage.airavirtual.com https://portal.cci-entel.cl https://eccnetserver.entelcallcenter.cl https://cdn.cookielaw.org https://api.videsk.io wss://api.videsk.io https://api.telegram.org https://forms.hsforms.com https://js.hs-banner.com https://cdn.alive.haus https://api-events.alive.haus https://www.liveentel.cl https://site.golive.haus https://api.ipify.org https://www.barilliance.net https://*.maze.co/ https://prompts.maze.co https://graph.microsoft.com https://mindicador.cl/api/uf https://fonts.gstatic.com https://www.gstatic.com https://www.googleoptimize.com https://lh3.googleusercontent.com https://cdn.mouseflow.com https://www.youtube.com/iframe_api https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://*.digitalretail.vodafone.com https://entel.cdn.modyo.com https://gateway.zscalertwo.net https://app.vwo.com https://collect.tealiumiq.com/entel/ https://visitor-service-us-east-1.tealiumiq.com https://visitor-service.tealiumiq.com https://backend-asistente-memoria-ia-thzsrfkbnq-uc.a.run.app https://uat-api-buscador-lanus.web.app https://prod-api-buscador-lanus.web.app https://api-servicio-2g-pro.web.app https://entelcl-cdn.s3.amazonaws.com https://browser-intake-us5-datadoghq.com https://rum-collector.leaderint.workers.dev https://uat-api-contratos-2025.web.app https://prod-api-contratos-2025.web.app https://uat-api-contratos-2026-enero.web.app https://prod-api-contratos-2026-enero.web.app https://service-bridge-dev-914639200389.us-central1.run.app https://service-bridge-prod-914639200389.us-central1.run.app https://t.womtp.com/ https://ws.walmeric.com/ https://cm.adform.net https://ih.adscale.de https://cm.g.doubleclick.net https://visitor.omnitagjs.com https://pixel.advertising.com https://ib.adnxs.com https://ice.360yield.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://hbx.media.net https://cs.mobfox.com https://cm.mgid.com https://onetag-sys.com https://us-u.openx.net https://sync.outbrain.com https://simage2.pubmatic.com https://bh.contextweb.com https://s.seedtag.com https://match.sharethrough.com https://s.ad.smaato.net https://us.ck-ie.com https://ce.lijit.com https://sync.taboola.com https://eb2.3lift.com https://s-cs.rmp.rakuten.com https://dot.wp.pl https://ad.yieldlab.net https://ads.yieldmo.com https://t.visx.net https://ssc-cms.33across.com https://inv-nets.admixer.net https://sync.e-planning.net https://csync.loopme.me https://adn.caprofitx.com https://sync.addlv.smt.docomo.ne.jp https://sync.teads.tv https://rt.udmserve.net https://sync.console.adtarget.com.tr https://sync.1rx.io https://ssp-csync.smartadserver.com https://rtb.gumgum.com https://sync.connectad.io https://csync.smilewanted.com https://sync.go.sonobi.com https://fast.nexx360.io https://hb.yahoo.net https://sync-service.net https://sync.cootlogix.com https://cs.adingo.jp https://sync.inmobi.com https://stickyadstv.com https://yellowblue.io https://dmxleo.com https://ms-cookie-sync.presage.io https://adtech.ink https://cm-exchange.toast.com https://ad.as.amanad.adtdp.com https://sync.bidence.net https://cs.gssprt.jp https://sp.gmossp-sp.jp https://analytics.ad.daum.net https://s-cs.send.microad.jp https://mixer.mobon.net https://tg.socdm.com https://sync.ad-stir.com https://t.adx.opera.com https://ad.tpmn.co.kr; frame-src 'self' bytedance: sslocal: *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.google.com *.google.cl *.ventastecnicas.cl *.ocularsolution.com *.doubleclick.net *.onesignal.com *.rfihub.com *.vimeo.com *.qualtrics.com *.visualwebsiteoptimizer.com *.creativecdn.com https://www.liveentel.cl https://eccnetserver.entelcallcenter.cl https://entel-vm-md.firebaseapp.com https://entel-vm-md-run.firebaseapp.com/ https://www.googletagmanager.com https://individeo.com https://gum.criteo.com https://www.youtube.com https://digitalcorp.cl https://entelfidelizacion.cl https://lw.cliengo.com https://www.youtube-nocookie.com https://www.facebook.com https://entelchile.speedtestcustom.com https://qaentel.autoasegurado.cl https://entelagenda.totalpack.cl https://entelecommerce.speedtestcustom.com https://entel.tryadviser.com https://forms.hsforms.com https://bop-tde.brightstar.com https://alb-alive-1021733634.us-west-2.elb.amazonaws.com https://cdn.alive.haus https://api-events.alive.haus https://site.golive.haus https://www.barilliance.net https://bop-tde.brightcell-logistics.com https://gateway.zscalertwo.net https://app.vwo.com; frame-ancestors 'self' *.creativecdn.com https://entel.cl https://www.entel.cl https://testentel.cl https://altiplano.entel.cl https://corporaciones.entel.cl https://empresas.entel.cl https://miperfil.entel.cl https://miportal.entel.cl https://appswls.entel.cl https://ifpso.entel.cl https://ifpiap.entel.cl https://portal.entel.cl https://bop-tde.brightcell-logistics.com; img-src 'self' data: *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.google-analytics.com *.google.cl *.google.com *.google.com.br *.google.com.ar *.google.co.in *.googletagmanager.com *.googleusercontent.com *.googleapis.com *.analytics.google.com *.bing.com *.rfihub.com *.doubleclick.net *.onesignal.com *.cliengo.com *.adnxs.com *.ocularsolution.com *.qualtrics.com *.g.doubleclick.net *.barilliance.com *.hubspotusercontent-na1.net *.visualwebsiteoptimizer.com *.creativecdn.com *.hsforms.com https://*.clarity.ms https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://ds-aksb-a.akamaihd.net https://www.facebook.com https://connect.facebook.net https://scontent.cdninstagram.com https://graph.instagram.com https://t.womtp.com/ https://ws.walmeric.com/ https://pixel-rmk.blueknow.com https://f.hubspotusercontent20.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://track.neianalytics.com https://p.adsymptotic.com https://ad.soicos.com/conv.php https://www.linkedin.com/px/li_sync https://embedded-files.tryadviser.com https://cdn.cookielaw.org https://assets.videsk.io https://videsk.io https://bimgs.s3.amazonaws.com https://firebasestorage.googleapis.com https://www.barilliance.net https://*.maze.co https://storage.cloud.google.com https://analytics.tiktok.com https://*.digitalretail.vodafone.com https://admin-portal-media-bucket-prod.s3.eu-central-1.amazonaws.com https://entel.cdn.modyo.com https://app.vwo.com https://useruploads.vwo.io https://d21y75miwcfqoq.cloudfront.net/593efb91 https://d5phz18u4wuww.cloudfront.net https://cm.adform.net https://ih.adscale.de https://cm.g.doubleclick.net https://visitor.omnitagjs.com https://pixel.advertising.com https://ib.adnxs.com https://ice.360yield.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://hbx.media.net https://cs.mobfox.com https://cm.mgid.com https://onetag-sys.com https://us-u.openx.net https://sync.outbrain.com https://simage2.pubmatic.com https://bh.contextweb.com https://s.seedtag.com https://match.sharethrough.com https://s.ad.smaato.net https://us.ck-ie.com https://ce.lijit.com https://sync.taboola.com https://eb2.3lift.com https://s-cs.rmp.rakuten.com https://dot.wp.pl https://ad.yieldlab.net https://ads.yieldmo.com https://t.visx.net https://ssc-cms.33across.com https://inv-nets.admixer.net https://sync.e-planning.net https://csync.loopme.me https://adn.caprofitx.com https://sync.addlv.smt.docomo.ne.jp https://sync.teads.tv https://rt.udmserve.net https://sync.console.adtarget.com.tr https://sync.1rx.io https://ssp-csync.smartadserver.com https://rtb.gumgum.com https://sync.connectad.io https://csync.smilewanted.com https://sync.go.sonobi.com https://fast.nexx360.io https://hb.yahoo.net https://sync-service.net https://sync.cootlogix.com https://cs.adingo.jp https://sync.inmobi.com https://stickyadstv.com https://yellowblue.io https://dmxleo.com https://ms-cookie-sync.presage.io https://adtech.ink https://cm-exchange.toast.com https://ad.as.amanad.adtdp.com https://sync.bidence.net https://cs.gssprt.jp https://sp.gmossp-sp.jp https://analytics.ad.daum.net https://s-cs.send.microad.jp https://mixer.mobon.net https://tg.socdm.com https://sync.ad-stir.com https://t.adx.opera.com https://ad.tpmn.co.kr; manifest-src 'self'; media-src 'self' *.entel.cl *.en.tel *.entelcc.cl *.entelcc.cl:9001 *.vimeo.com *.onesignal.com *.doubleclick.net *.ocularsolution.com https://www.entel.cl https://entel.cl https://vod-progressive.akamaized.net https://www.barilliance.net https://entel.cdn.modyo.com; worker-src 'self' blob: https://www.entel.cl/public/js/importer.js https://www.barilliance.net https://www.entel.cl; upgrade-insecure-requests 2 default-src 'self' http://nginx-ingress-internal-ingress-nginx-controller.nginx-ingress.svc.cluster.local/cas-ing https://*.mpsv.cz https://*.uradprace.cz https://*.google-analytics.com https://*.hotjar.com/ https://*.hotjar.io/ https://stats.g.doubleclick.net/ https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://nominatim.openstreetmap.org https://*.clarity.ms/collect wss://*.hotjar.com/ wss://*.mpsv.cz:9001 wss://*.uradprace.cz:9001 wss://*.predu.sk https://www.google.com https://nia.identita.gov.cz https://*.acesarchit.cz; img-src 'self' data: https://*.mpsv.cz https://*.gstatic.com https://www.google-analytics.com https://c.seznam.cz/retargeting https://www.google.com/ads/ https://www.google.cz/ads/ https://www.google.com/pagead/ https://www.google.cz/pagead/ https://*.mpsv.cz:9000/ https://*.uradprace.cz:9000/ https://*.predu.sk https://*.openstreetmap.org https://*.clarity.ms/c.gif https://c.bing.com https://*.mailerlite.com; frame-src 'self' data: formapps: https://www.google.com https://www.googletagmanager.com/ https://vars.hotjar.com/ https://www.youtube.com https://player.rss.com/ https://www.youtube-nocookie.com https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://*.predu.sk https://*.mpsv.cz https://*.mailerlite.com; child-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://nginx-ingress-internal-ingress-nginx-controller.nginx-ingress.svc.cluster.local/cas-ing https://*.gstatic.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://c.seznam.cz/ https://googleads.g.doubleclick.net/ https://www.google.com https://www.google-analytics.com https://*.mpsv.cz:9000 https://*.uradprace.cz:9000 https://portal.gov.cz https://*.predu.sk https://*.mpsv.cz https://unpkg.com/leaflet/dist/leaflet.js https://unpkg.com/leaflet.markercluster/dist/leaflet.markercluster.js https://cdnjs.cloudflare.com/ajax/libs/proj4js/2.7.5/proj4.js https://www.clarity.ms/tag/ https://www.clarity.ms/s/ https://*.mailerlite.com https://assets.mlcdn.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com https://*.mpsv.cz:9000/ https://*.uradprace.cz:9000/ https://*.predu.sk https://*.mpsv.cz https://*.mailerlite.com https://assets.mlcdn.com; font-src 'self' data: https://*.mailerlite.com; frame-ancestors 'self' https://www.mpsv.cz https://www.uradprace.cz https://*.mpsv.cz; 2 frame-ancestors 'self' https://timestation.uservoice.com; 2 default-src https:; script-src 'unsafe-inline' blob: https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2 frame-ancestors www.googletagmanager.com; 2 default-src 'self'; font-src 'self' fonts.bunny.net data:; img-src 'self' matomo.sib.swiss fonts.googleapis.com fonts.gstatic.com data: blob: ui-avatars.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss https://unpkg.com; style-src 'self' fonts.bunny.net 'unsafe-inline' https://unpkg.com; connect-src 'self' matomo.sib.swiss https://chat.expasy.org; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; img-src 'self' https: data:; connect-src 'self' https:; media-src 'self' https:; frame-src https:; 2 default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src * blob:; child-src blob: gap:; img-src * blob: data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; object-src * data: 'unsafe-inline'; frame-src * data: 'unsafe-inline'; connect-src * 'self' blob: data: 'unsafe-inline'; frame-ancestors 'self' https://app.amplience.net https://content.amplience.net https://content-form.extensions.content.amplience.net; 2 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; style-src 'self' https: 'unsafe-inline' *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; font-src 'self' data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; connect-src 'self' *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; frame-src 'self' data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; frame-ancestors 'self' *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; object-src data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; media-src 'self' data: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184; worker-src 'self' data: blob: *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.capitalone.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.cstmapp.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.optimizely.com *.orsac.net *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.segment.com *.segment.io *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.0.184 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' blob: https://bat.bing.com https://*.clickcease.com https://*.clarity.ms https://*.debugbear.com https://*.doubleclick.net https://connect.facebook.net https://tracking.g2crowd.com https://www.google.com/recaptcha/ https://www.googleadservices.com/pagead/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/releases/ https://beacon-v2.helpscout.net https://*.hotjar.com https://js.hsadspixel.net https://static.hsappstatic.net/adsscriptloaderstatic/ https://js.hs-analytics.net https://js.hs-scripts.com/4990723.js https://*.hubspot.com http://cdn.jsdelivr.net/gh/google/ https://snap.licdn.com https://*.byspotify.com https://bam.nr-data.net https://*.smarty.com https://*.spreedly.com https://*.survicate.com/workspaces/7953565c19994f080119cfb226af83de/ https://surveys-static-prd.survicate-cdn.com https://521353.tctm.xyz/t.js https://*.termly.io https://vercel.live/_next-live/feedback/feedback.js https://dev.visualwebsiteoptimizer.com https://www.youtube.com https://ws.zoominfo.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.redditstatic.com https://*.reddit.com https://tracking.g2crowd.com/attribution_tracking/conversions/5802.js https://js.hs-banner.com/v2/4990723/banner.js; connect-src 'self' https://bat.bing.com https://*.clickcease.com https://*.clarity.ms https://d3hb14vkzrxvla.cloudfront.net https://*.debugbear.com https://*.doubleclick.net https://www.facebook.com https://tracking-api.g2.com https://google.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com/pagead/ https://*.googleapis.com https://pagead2.googlesyndication.com https://*.helpscout.net https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io https://api.hsforms.com/submissions/v3/integration/submit/4990723/ https://*.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs https://px.ads.linkedin.com wss://*.pusher.com https://*.spotify.com https://bam.nr-data.net https://*.smarty.com https://*.smartyops.net https://*.smartyops.org https://*.survicate.com/workspaces/7953565c19994f080119cfb226af83de/ https://*.termly.io https://*.vercel-insights.com https://dev.visualwebsiteoptimizer.com https://ws.zoominfo.com https://static.hsappstatic.net https://*.redditstatic.com https://*.reddit.com; frame-ancestors 'self'; frame-src 'self' https://asciinema.org https://*.doubleclick.net https://www.facebook.com https://*.google.com https://www.googletagmanager.com https://beacon-v2.helpscout.net https://*.smarty.com https://*.spreedly.com https://vercel.live https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.clickcease.com https://*.googleapis.com https://beacon-v2.helpscout.net https://*.hotjar.com https://surveys-static-prd.survicate-cdn.com; font-src 'self' data: https://fonts.gstatic.com https://beacon-v2.helpscout.net https://surveys-static-prd.survicate-cdn.com; img-src 'self' data: https://chatapi-prod.s3.amazonaws.com https://*.bing.com https://*.clarity.ms https://d33wubrfki0l68.cloudfront.net https://d19k7ckgaizvi3.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://d3jlqkabnnke2x.cloudfront.net https://d79i1fxsrar4t.cloudfront.net https://*.doubleclick.net https://connect.facebook.net https://www.facebook.com https://*.google.com https://www.googletagmanager.com https://*.gravatar.com https://beacon-v2.helpscout.net https://*.hsforms.com https://*.hubspot.com https://*.linkedin.com https://*.smarty.com https://dev.visualwebsiteoptimizer.com https://*.ytimg.com https://*.capterra.com https://*.reddit.com; media-src 'self' https://s3.amazonaws.com https://d3jlqkabnnke2x.cloudfront.net https://d79i1fxsrar4t.cloudfront.net https://beacon-v2.helpscout.net https://*.smarty.com; object-src 'self' https://beacon-v2.helpscout.net; base-uri 'self' https://*.helpscout.net; worker-src 'self' blob: https://*.smarty.com; child-src 'self' https://*.spreedly.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.pendo.io bankauswahl.giropay.de bat.bing.com cdn-ukwest.onetrust.com cdn.appdynamics.com cdn.cquotient.com cdn.curalate.com https://cdn-assets-prod.s3.amazonaws.com connect.facebook.net *.sub2tech.com e.cquotient.com ecommerce-scripts.adscale.com edge.curalate.com embed.typeform.com geolocation.onetrust.com *.doubleclick.net/pagead/viewthroughconversion/ www.google.com/pagead/ www.google.bg/pagead/ *.online-metrix.net intljs.rmtag.com liber11128.pcapredict.com mpsnare.iesnare.com p.cquotient.com s3-eu-west-1.amazonaws.com/appointedd-portal-assets/ services.postcodeanywhere.co.uk snap.licdn.com songbirdstag.cardinalcommerce.com static-demo.mention-me.com static.mention-me.com static.zdassets.com storage-pu.adscale.com tag-demo.mention-me.com tag.mention-me.com tags.rd.linksynergy.com ut.ra.linksynergy.com unpkg.com *.global-e.com webservices.global-e.com *.google-analytics.com www.google.com/recaptcha/ www.googleadservices.com/pagead/ *.googletagmanager.com www.gstatic.com/recaptcha/ *.bglobale.com *.chargebee.com https://ut.rd.linksynergy.com/jsp *.rewardstyle.com *.fullstory.com *.micpn.com *.libertylondon.com login-ds.dotomi.com *.clarity.ms/ https://www.paypalobjects.com/api/ https://www.paypal.com/tagmanager/ https://cdn.jsdelivr.net/npm/ https://polyfill.io/v3/ https://polyfill.io/ t.contentsquare.net app.contentsquare.com *.analytics.google.com *.klarnaservices.com analytics.tiktok.com www.libertylondon.com *.gocertify.me *.studentbeans.com cdn.linkedin.oribi.io *.klarnacdn.net *.klarna.com maps.googleapis.com *.storage.googleapis.com https://storage.googleapis.com/adscale/static/ecom_js/libertylondon.com/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: *.payments-amazon.com *.global-e.com *.securev2.global-e.com *.profitmetrics.io www.facebook.com *.pinimg.com *.pinterest.com *.bazaarvoice.com api.typeform.com *.appointedd.com *.yimg.com *.yahoo.com *.adsrvr.org *.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net *.rakuten.com *.tryzens-analytics.com https://pzapi-ij.com/ https://static.srcspot.com/ https://server-side-tagging-25tpkba47a-uc.a.run.app *.dynamicyield.com *.dynamicyield.eu https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/* metrics.libertylondon.com; style-src 'self' 'unsafe-inline' bankauswahl.giropay.de cdn.pendo.io https://embed.typeform.com services.postcodeanywhere.co.uk https://use.typekit.net/ https://p.typekit.net/ *.googletagmanager.com *.chargebee.com http://d2jxbtsa1l6d79.cloudfront.net/static/app-static-assets/hp/hp-7.3.0/ https://cdn.jsdelivr.net/npm/ *.contentsquare.net *.klarnacdn.net *.gocertify.me *.studentbeans.com fonts.googleapis.com *.storage.googleapis.com https://fonts.googleapis.com *.bazaarvoice.com api.typeform.com *.yimg.com *.yahoo.com *.adsrvr.org *.sub2tech.com *.dynamicyield.com *.dynamicyield.eu https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/*; object-src 'self' *.online-metrix.net; base-uri 'self'; connect-src 'self' app.pendo.io bat.bing.com wss://tsock.us1.twilio.com *.twilio.com cdn-assets-prod.s3.amazonaws.com cdn-ukwest.onetrust.com centinelapistag.cardinalcommerce.com col.eum-appdynamics.com connect.facebook.net edge.curalate.com ekr.zdassets.com *.facebook.com *.online-metrix.net libertylondon.zendesk.com libertylondon1588339266.zendesk.com privacyportal-uk.onetrust.com services.postcodeanywhere.co.uk *.doubleclick.net tag-demo.mention-me.com tag.mention-me.com writer.cardinalcommerce.com *.google-analytics.com *.tryzens-analytics.com *.tryzens-analytics.com:12280 wss://widget-mediator.zopim.com *.chargebee.com *.fullstory.com *.clarity.ms *.paypal.com *.algolianet.com *.algolia.net https://insights.algolia.io/ *.contentsquare.net *.analytics.google.com adservice.google.com/pagead/ www.google.com/pagead/ *.klarnaservices.com analytics.tiktok.com www.libertylondon.com *.gocertify.me *.studentbeans.com cdn.linkedin.oribi.io geolocation.onetrust.com *.cdnwidget.com *.cdnbasket.net *.klarnaevt.com *.klarnacdn.net *.klarna.com https://maps.googleapis.com/ https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: *.bglobale.com *.global-e.com *.securev2.global-e.com *.pinimg.com *.pinterest.com *.profitmetrics.io *.bazaarvoice.com api.typeform.com *.appointedd.com *.yimg.com *.yahoo.com *.adsrvr.org https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://1.1.1.1 https://d94qwxh6czci4.cloudfront.net https://dr6vcclmzwk74.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d1ezzflfzltk6e.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://d3lqotgbn3npr.cloudfront.net *.rakuten.com *.sub2tech.com unpkg.com https://server-side-tagging-25tpkba47a-uc.a.run.app https://ecommerce-events.adscale.com/EcommerceProxy *.dynamicyield.com *.dynamicyield.eu https://*.dy-api.com https://*.dy-api.eu *.libertylondon.com metrics.libertylondon.com; font-src 'self' data: *.global-e.com https://use.typekit.net/ *.klarnacdn.net *.studentbeans.com fonts.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com *.dynamicyield.com *.dynamicyield.eu; frame-src 'self' *.doubleclick.net *.appointedd.com core.conversant.mgr.consensu.org form.typeform.com geostag.cardinalcommerce.com *.online-metrix.net libertylondon.typeform.com login.dotomi.com login-ds.dotomi.com demo.mention-me.com static.mention-me.com mention-me.com tags.rd.linksynergy.com webservices.global-e.com www.facebook.com https://www.facebook.com/tr/ www.googleadservices.com *.bglobale.com *.chargebee.com https://centinelapi.cardinalcommerce.com/ *.rewardstyle.com *.paypal.com/smart/ *.contentsquare.net https://cdn.smooch.io/ bytedance: sslocal: www.libertylondon.com *.gocertify.me *.studentbeans.com *.youtube.com *.klarna.com *.google.com *.global-e.com *.securev2.global-e.com *.bazaarvoice.com *.pinimg.com *.pinterest.com api.typeform.com *.yimg.com *.yahoo.com *.adsrvr.org *.klarnaservices.com *.sub2tech.com *.googletagmanager.com https://www.youtube.com/ https://player.vimeo.com/ *.libertylondon.com metrics.libertylondon.com; img-src 'self' data: app.pendo.io bat.bing.com consent.linksynergy.com connect.facebook.net ecommerce-scripts.adscale.com cx.atdmt.com edge.curalate.com globale-prod.s3-eu-west-1.amazonaws.com *.doubleclick.net i1.adis.ws i8.amplience.net cdn.media.amplience.net idsync.rlcdn.com liberty.a.bigcontent.io *.linkedin.com nypi.dc-storm.com s3.global-e.com services.postcodeanywhere.co.uk static-demo.mention-me.com tags.rd.linksynergy.com track.linksynergy.com ut.ra.linksynergy.com utils.global-e.com www.facebook.com *.google-analytics.com www.google.co.uk www.google.com *.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://p.adsymptotic.com/ *.libertylondon.com *.micpn.com login-ds.dotomi.com *.clarity.ms *.bing.com *.paypal.com/ *.contentsquare.net *.analytics.google.com analytics.tiktok.com *.cdnwidget.com *.online-metrix.net *.klarna.com *.klarnacdn.net maps.googleapis.com maps.gstatic.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: *.bazaarvoice.com *.pinimg.com *.pinterest.com *.yimg.com *.yahoo.com *.adsrvr.org https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://db7q4jg5rkhk8.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://d94qwxh6czci4.cloudfront.net https://dr6vcclmzwk74.cloudfront.net https://d6rak4b14t5gp.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d1ezzflfzltk6e.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://d3lqotgbn3npr.cloudfront.net *.bglobale.com https://prf.hn/conversion/ *.dynamicyield.com *.dynamicyield.eu metrics.libertylondon.com; child-src 'self' blob:; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' cdn.media.amplience.net i1.adis.ws static.zdassets.com i8.amplience.net cdn.static.amplience.net *.curalate.com *.bazaarvoice.com; form-action 'self' *.facebook.com *.playground.klarna.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.klarnaevt.com *.google.com *.paypal.com *.paypalobjects.com *.bazaarvoice.com *.global-e.com *.securev2.global-e.com *.cardinalcommerce.com development-emea-libertyltd.demandware.net staging-emea-libertyltd.demandware.net dev.libertylondon.com stg.libertylondon.com *.libertylondon.com metrics.libertylondon.com; upgrade-insecure-requests; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/lib-cspdata; 2 default-src 'self' 'unsafe-inline' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl https://www.googletagmanager.com https://www.google-analytics.com;img-src 'self' 'unsafe-inline' data: blob: https://logowanie.zpe.gov.pl https://platforma.zpe.gov.pl https://static.zpe.gov.pl https://static.epodreczniki.pl https://www.google-analytics.com https://www.googletagmanager.com https://kronika.gov.pl;connect-src 'self' ws: blob: https://logowanie.zpe.gov.pl https://platforma.zpe.gov.pl https://moje.zpe.gov.pl https://static.zpe.gov.pl https://static.epodreczniki.pl https://sandbox.zpe.gov.pl https://sr-production.contentplus.io https://*.google-analytics.com;media-src 'self' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;worker-src 'self' data: blob: https://static.zpe.gov.pl https://static.epodreczniki.pl;frame-src * data:;frame-ancestors 'self' https://logowanie.zpe.gov.pl 2 default-src 'none'; child-src 'self'; connect-src 'self' *.ads.linkedin.com *.bazaarvoice.com *.boltdns.net *.brightcove.com *.brightcovecdn.com *.clarity.ms *.cloudfront.net *.commerce.insitesandbox.com *.cookielaw.org *.copeland.com *.ecorebates.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.mapbox.com *.mavenoid.com *.mavenoidfiles.com *.omappapi.com *.onetrust.com *.optimizely.com *.pricespider.com *.pusher.com *.qualtrics.com *.secure.force.com *.segment.com *.segment.io *.sentry.io *.stackadapt.com *.tiles.mapbox.com *.userflow.com *.youku.com *.zaius.com api.mapbox.com ds360.co edge.api.brightcove.com mavenoidfiles.com maweb.copeland.com players.brightcove.net prd-commerce.copeland.com prd-commerce.sensi.copeland.com sensiapi.io wss://*.mavenoid.com wss://*.pusher.com wss://*.twilio.com wss://*.userflow.com wss://api.mavenoid.com wss://twilio.com wss://ws.hotjar.com/; font-src 'self' data: *.cloudfront.net *.ecorebates.com *.gstatic.com *.mavenoid.com *.typekit.net https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/; frame-src 'self' *.amazon-adsystem.com *.cdn.optimizely.com *.copeland.com *.doubleclick.net *.google.com *.mavenoid.com *.qualtrics.com *.surveymonkey.com *.youku.com *.youtube.com app.cypheme.com cg.optimizely.com fastcomments.com flex.cybersource.com https://www.googletagmanager.com oversight.copeland.com players.brightcove.net service.force.com static.addtoany.com; img-src 'self' data: *.ads.linkedin.com *.akamaihd.net *.baidu.com *.bazaarvoice.com *.bing.com *.boltdns.net *.brightcove.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.cookielaw.org *.copeland.com *.doubleclick.net *.facebook.com *.google.com *.google.com.hk *.google.com.ph *.google.com.sg *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.cn *.linkedin.com *.mavenoidfiles.com *.omappapi.com *.pricespider.com *.qualtrics.com *.rnengage.com *.s3.amazonaws.com *.smassets.net *.usea01.idio.episerver.net *.zaius.com ds360.co files.bugherd.com mavenoidfiles.com media.copeland.com players.brightcove.net www.bugherd.com; media-src 'self' blob: *.akafms.net *.akamaihd.net *.boltdns.net *.brightcovecdn.com *.cf.brightcove.com *.copeland.com *.llnw.net *.llnwd.net *.mavenoid.com *.mavenoidfiles.com *.media.brightcove.com; script-src-elem 'self' 'unsafe-inline' *.ads-twitter.com *.azalead.com *.baidu.com *.bazaarvoice.com *.brightcove.com *.brightcovecdn.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.cookielaw.org *.copeland.com *.dwin1.com *.ecorebates.com *.en25.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.hotjar.com *.igodigital.com *.jsdelivr.net *.licdn.com *.lightning.force.com *.mavenoid.com *.omappapi.com *.optimizely.com *.pricespider.com *.qualtrics.com *.rnengage.com *.salesforce.com *.salesforceliveagent.com *.secure.force.com *.stackadapt.com *.surveymonkey.com *.tiles.mapbox.com *.usea01.idio.episerver.net *.userflow.com *.youku.com *.youtube.com cdn.fastcomments.com copeland-latam.custhelp.com copeland.custhelp.com copeland.widget.custhelp.com ds360.co flex.cybersource.com https://copeland-latam.custhelp.com https://copeland-latam.widget.custhelp.com https://www.googletagmanager.com players.brightcove.net service.force.com static.addtoany.com unpkg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cdn.optimizely.com *.cloudfront.net *.episerver.net *.optimizely.com *.srv.stackadapt.com *.usea01.idio.episerver.net *.youku.com cdn.fastcomments.com players.brightcove.net vjs.zencdn.net; style-src-elem 'self' 'unsafe-inline' *.bazaarvoice.com *.ecorebates.com *.googleapis.com *.jsdelivr.net *.omappapi.com *.pricespider.com *.secure.force.com *.stackadapt.com *.tiles.mapbox.com *.typekit.net *.youku.com copeland.custhelp.com copeland.widget.custhelp.com https://copeland-latam.widget.custhelp.com service.force.com; style-src 'self' 'unsafe-inline' players.brightcove.net; frame-ancestors *.copeland.com *.emerson.cn *.emerson.com *.oversight.copeland.com cope01mstrkhh65prod-slot.dxcloud.episerver.net cope01mstrkhh65prod.dxcloud.episerver.net copeland.pathfactory.com fastcomments.com oversight.copeland.com; worker-src blob: *.copeland.com *.sensi.copeland.com; 2 frame-ancestors self https://*.123greetings.com http://*.123g.us https://*.123g.us; 2 frame-ancestors 'self' https://sysdig.jp https://*.mindtickle.com https://*.mindtickle.app https://sysdig.lightning.force.com https://digdeeper.sysdig.com https://enablement.sysdig.com https://dig.sysdig.com https://sysdig.pathfactory.com/ 2 default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 2 default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://www.google-analytics.com https://content.hotjar.io wss://ws.hotjar.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://analytics.google.com/ https://metrics.hotjar.io https://www.youtube.com/ https://www.google.com https://www.gstatic.com https://www.youtube.com https://js.hs-banner.com https://js.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://www.w3.org https://*.addtoany.com https://www.google-analytics.com/ https://content.hotjar.io/ https://analytics.google.com https://stats.g.doubleclick.net/ www-widgetapi.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.crazyegg.com/ https://go.toppanmerrill.com/ https://api.livechatinc.com https://cdn.livechatinc.com/ https://connect.facebook.net https://cdn.semrush.com https://yoast.com https://www.semrush.com https://pi.pardot.com https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js https://cdn.livechat-static.com https://go.toppanmerrill.com https://api.livechatinc.com https://cdn.livechatinc.com/ https://connect.livechatinc.com/ https://consent.cookiefirst.com/ https://script.hotjar.com/ https://snap.licdn.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com https://www.googletagmanager.com/ https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com https://js.hs-banner.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsleadflows.net https://static.addtoany.com https://*.gstatic.com https://www.youtube.com https://www.google.com https://googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://snap.licdn.com https://static.hotjar.com/ https://snap.licdn.com/li.lms-analytics/ https://snap.licdn.com/ https://www.googletagmanager.com/ https://script.hotjar.com wss://ws.hotjar.com/ https://content.hotjar.io https://px.ads.linkedin.com/ https://cdnjs.cloudflare.com/; style-src 'self' 'unsafe-inline' https://cdn.livechat-static.com https://fonts.googleapis.com https://consent.cookiefirst.com https://www.w3.org https://maxcdn.bootstrapcdn.com/; img-src 'self' 'unsafe-inline' data: https://cdn.livechat-static.com https://i.ytimg.com https://api.text.com https://yoast.com https://yoa.st https://ps.w.org https://px4.ads.linkedin.com https://www.linkedin.com https://www.googletagmanager.com/ https://forms-na1.hsforms.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.s.w.org https://www.google-analytics.com/ https://forms.hsforms.com https://track.hubspot.com forms-na1.hsforms.com https://px.ads.linkedin.com; connect-src 'self' data: https://www.googletagmanager.com https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://stats.addtoany.com/menu https://www.semrush.com https://my.yoast.com https://cdn.livechatinc.com https://api.cookiefirst.com https://vc.hotjar.io https://yoast.com https://metrics.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://googleads.g.doubleclick.net https://content.hotjar.io/ wss://ws.hotjar.com https://px.ads.linkedin.com https://www.google.com https://consent.cookiefirst.com https://edge.cookiefirst.com; font-src 'self' 'unsafe-inline' data: https://s0.wp.com https://fonts.gstatic.com; frame-ancestors 'self' toppanmerrill.my.salesforce.com toppanmerrill.lightning.force.com content.toppanmerrill.com toppanmerrill.seismic.com; frame-src 'self' 'unsafe-inline' https://cdn.semrush.com https://www.googletagmanager.com/ https://connect.livechatinc.com https://secure.livechatinc.com https://www.youtube-nocookie.com/ https://go.toppanmerrill.com/ https://w.soundcloud.com/ https://www.google.com/ https://www.youtube.com/ https://static.addtoany.com/; worker-src blob: 'self' 2 frame-ancestors 'self' *.katalon.com;; upgrade-insecure-requests 2 frame-ancestors https://opengov.com https://procurement.ogstaging.us http://procurement.ogstaging.us https://*.cartegraphoms.com http://*.cartegraphoms.com https://*.eamclassic.opengov.com https://*.eam.opengov.com http://localhost:* https://*.eam.ogintegration.us 2 frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 2 default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://*.google.com https://*.youtube.com https://*.gstatic.com https://*.gstatic.cn https://*.ul.com https://player.vimeo.com https://www.recaptcha.net *.salesforce-sites.com data: blob:; connect-src 'self' https://*.acsbapp.com https://*.wistia.com http://*.wistia.com https://*.wistia.net *.wistia.cdn.com https://*.ul.com https://www.google-analytics.com https://*.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com http://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://*.nr-data.net https://sheets-proxy.knightlab.com wss://*.hotjar.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.litix.io https://*.qualtrics.com https://en.wikipedia.org/ *.my.salesforce-sites.com https://api.company-target.com https://acsbapp.com https://cdn.acsbapp.com https://*.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://uliodev.azure-api.net/informatica-email-phone/Global_Email_Phone_Validation https://io.ul.com/informatica-email-phone/Global_Email_Phone_Validation https://na1.ai.dm-us.informaticacloud.com/active-bpel/public/rt/cTHkDDQ8MOqgFALFbuPY0C/Global_Email_Phone_Validation_test https://ulenterpriseorg--devservice.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--intdev.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--sit.sandbox.my.salesforce-scrt.com *.my.salesforce-scrt.com *.adobe.io wss://*.adobe.io https://adobeid-na1.services.adobe.com https://*.adobelogin.com https://auth.services.adobe.com https://delegated.identity.adobe.com https://www.recaptcha.net *.doubleclick.net *.6sc.co *.zi-scripts.com *.zoominfo.com https://*.algolia.net *.clickcease.com bat.bing.com https://www.googletagmanager.com; font-src 'self' https://*.wistia.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.gstatic.com https://*.gstatic.cn https://script.hotjar.com https://*.ul.com https://fast.wistia.com/ https://acsbapp.com https://consent.trustarc.com https://cdnjs.cloudflare.com https://*.typekit.net data:; frame-src 'self' https://*.marketo.com https://*.google.com https://player.vimeo.com https://*.youtube.com https://fast.wistia.com https://fast.wistia.net https://vars.hotjar.com https://www.facebook.com http://*.ul.com https://*.ul.com https://www.recaptcha.net https://*.addtoany.com https://*.doubleclick.net https://airtable.com https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com http://consent-pref.trustarc.com company-target.com *.company-target.com https://documentcloud.adobe.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com experience.adobe.com js.stripe.com www.googletagmanager.com https://ulsolutions.outgrow.us; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://fast.wistia.com https://fast.wistia.net https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.ul.com https://s.ml-attr.com https://*.adnxs.com https://attr.ml-api.io https://pixel.mathtag.com https://*.amazonaws.com https://*.acsbapp.com https://*.qualtrics.com *.trustarc.com https://ul.com https://id.rlcdn.com https://segments.company-target.com/validateCookie https://assets.adoberesources.net https://lh3.googleusercontent.com data: *.adobeaemcloud.com https://ulsolutions.outgrow.us *.kickfire.com *.6sc.co https://live-shimadzu.pantheonsite.io https://live-wwwul.pantheonsite.io https://live-latamul.pantheonsite.io https://live-emergo1.pantheonsite.io https://live-aunzul.pantheonsite.io https://live-vietnam-ul.pantheonsite.io https://test-shimadzu.pantheonsite.io https://test-wwwul.pantheonsite.io https://test-latamul.pantheonsite.io https://test-emergo1.pantheonsite.io https://test-aunzul.pantheonsite.io https://dev-shimadzu.pantheonsite.io https://dev-wwwul.pantheonsite.io https://dev-latamul.pantheonsite.io https://dev-emergo1.pantheonsite.io https://dev-aunzul.pantheonsite.io https://develop-shimadzu.pantheonsite.io https://develop-wwwul.pantheonsite.io https://develop-latamul.pantheonsite.io https://develop-emergo1.pantheonsite.io https://develop-aunzul.pantheonsite.io https://aunz.psapp.dev https://emergo.psapp.dev https://latam.psapp.dev https://shimadzu.psapp.dev https://ul.psapp.dev https://test-vietnam-ul.pantheonsite.io https://dev-vietnam-ul.pantheonsite.io https://develop-vietnam-ul.pantheonsite.io bat.bing.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.wistia.net *.wistia.cdn.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sentry-cdn.com https://*.wistia.com http://*.wistia.net https://*.wistia.net https://*.youtube.com http://*.youtube.com https://*.vimeo.com https://connect.facebook.net https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://googleads.g.doubleclick.net https://*.ul.com https://*.ul-renewables.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.c212.net https://c212.net https://pixel.mathtag.com *.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.marketo.com https://browser-update.org http://browser-update.org https://acsbapp.com https://cdn.acsbapp.com https://*.qualtrics.com https://en.wikipedia.org https://tag.demandbase.com http://munchkin.marketo.net http://consent.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://assets.adoberesources.net https://documentcloud.adobe.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com blob: https://ulsolutions.outgrow.us *.adobedtm.com *.doubleclick.net *.kickfire.com *.6sc.co *.zi-scripts.com https://src.litix.io *.clickcease.com bat.bing.com consent.trustarc.com https://cdn.ckeditor.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://commons.ul.com https://experience.adobe.com https://fast.wistia.com https://js.stripe.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://static.addtoany.com https://*.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.typekit.net *.salesforce.com *.salesforce-sites.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com https://ulsolutions.outgrow.us https://fast.wistia.com cdnjs.cloudflare.com https://cdn.knightlab.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 2 img-src 'self' data:; default-src 'self' 'unsafe-inline' 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; object-src * data: blob: 'unsafe-inline' 2 frame-ancestors 'self' https://*.seo.aws.about.com https://*.dotdash.com *.parents.com; upgrade-insecure-requests; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com https://plcorp-cms.pinelabs.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://plcorp-cdn.pinelabs.com https://www.google.com/ https://maps.google.com/ https://maps.googleapis.com/; child-src 'self' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; worker-src 'self' blob:; connect-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https: wss://ws.hotjar.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; media-src 'self' https:; frame-ancestors 'self' https://plcorp-cms.pinelabs.com; 2 frame-ancestors 'self' https://builder.drinkag1.com; 2 frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: https://calendario-ministro.tst.jus.br https://tst.jus.br https://www.tst.jus.br https://csjt.jus.br https://www.csjt.jus.br https://portalextranet.tst.jus.br https://cdnjs.cloudflare.com https://translate.googleapis.com https://use.fontawesome.com https://vlibras.gov.br https://www.google-analytics.com https://www.gstatic.com https://www.vlibras.gov.br https://enamat.jus.br https://www.enamat.jus.br wss://ws.hotjar.com; img-src 'self' data: https: https://tst.jus.br https://www.tst.jus.br https://csjt.jus.br https://www.csjt.jus.br https://portalextranet.tst.jus.br https://cdnjs.cloudflare.com https://translate.googleapis.com https://use.fontawesome.com https://vlibras.gov.br https://www.google-analytics.com https://www.gstatic.com https://www.vlibras.gov.br https://enamat.jus.br https://www.enamat.jus.br; 2 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 2 default-src 'self'; script-src *.maps.yandex.net *.yandex.ru api-maps.yandex.ru 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; frame-src yandex.ru api-maps.yandex.ru 'self' 'unsafe-inline' 'unsafe-eval'; connect-src *.yandex.ru *.1c-bitrix.ru 'self' 2 frame-ancestors 'self' http://localhost:3000 2 default-src 'self' https://www.figma.com/ https://cdnjs.cloudflare.com/ https://plugin.handtalk.me https://stats.g.doubleclick.net; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com https://dec.azureedge.net/ https://rum-static.pingdom.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net http://maps.google.com https://unpkg.com www.googletagmanager.com https://*.cookiebot.com *.ads-twitter.com *.doubleclick.net *.teads.tv *.cdnjs.cloudflare.com plugin.handtalk.me https://d335luupugsy2.cloudfront.net https://cdn.jsdelivr.net *.plugin.handtalk.me https://www.gstatic.com/ https://static.elfsight.com/ https://cdn.curator.io/ https://snap.licdn.com/ https://cdn.commented.io/ https://brand.phinia.com/ *.adform.net https://px.ads.linkedin.com https://js.createsend1.com https://secure.imaginative-trade7.com/js/807289.js https://tags.srv.stackadapt.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.curator.io/ https://tags.srv.stackadapt.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: blob: * 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com https://consentcdn.cookiebot.com https://td.doubleclick.net https://fledge.teads.tv https://cloud.news.borgwarner.com https://brand.phinia.com/ https://open.spotify.com https://www.googletagmanager.com/ forms.hsforms.com; connect-src accounts.google.com https://*.googleapis.com/ *.mktoresp.com *.pingdom.net *.visualstudio.com http://maps.googleapis.com https://*.cookiebot.com https://*.google-analytics.com https://*.teads.tv https://api.mypartfinder.com https://webservice.tecalliance.services https://stats.g.doubleclick.net https://pageview-notify.rdstation.com.br https://popups.rdstation.com.br https://*.handtalk.me https://core.service.elfsight.com https://storage.elfsight.com https://www.google.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://api.curator.io https://px.ads.linkedin.com https://cdn.dev.commented.io wss://api.commented.io https://functions.commented.io https://cdn-image.commented.io https://api.commented.io https://brand.phinia.com/ https://s3.eu-west-2.amazonaws.com https://createsend.com https://tags.srv.stackadapt.com https://cdn.commented.io 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.azureedge.net https://curatorio.s3.amazonaws.com/; child-src 'self' https://www.figma.com/ https://www.google.com/ *.borgwarner.com borgwarner.com https://*.cookiebot.com https://plugin.handtalk.me phinia.wd5.myworkdayjobs.com configurator.delphiautoparts.com data: 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.friendlycaptcha.eu *.frcapi.com *.etermin.net *.googleadservices.com *.g.doubleclick.net *.doubleclick.net wpml.org cdn.wpml.org api.wpml.org api.toolset.com cloudfront.net *.cloudfront.net link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com usercentrics.eu *.usercentrics.eu oribi.io *.oribi.io secure.gravatar.com google-analytics.com *.google-analytics.com youtube-nocookie.com *.youtube-nocookie.com consentmanager.net *.consentmanager.net google.com *.google.com google.de *.google.de linkedin.com *.linkedin.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com usercentrics.eu *.usercentrics.eu secure.gravatar.com *.w.org consentmanager.net *.consentmanager.net linkedin.com *.linkedin.com ytimg.com *.ytimg.com google.de *.google.de data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' link11.com *.link11.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.friendlycaptcha.eu *.frcapi.com *.etermin.net *.doubleclick.net link11.com *.link11.com matomo.cloud *.matomo.cloud pardot.com *.pardot.com calendly.com *.calendly.com usercentrics.eu *.usercentrics.eu ajax.googleapis.com consentmanager.net *.consentmanager.net licdn.com *.licdn.com linkedin.com *.linkedin.com youtube.com *.youtube.com googletagmanager.com *.googletagmanager.com data: blob:; 2 default-src 'self'; script-src 'self' https://websdk.appsflyer.com https://main.storage-object.pscloud.io https://top-fwz1.mail.ru http://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://mc.yandex.ru https://forte.overizon.io https://static.pay2u.ru https://apigw.forte.kz https://dev-apigw.fortebank.com 'unsafe-inline' https://c2d-livechat-v2.fortebank.com https://www.youtube.com https://analytics.tiktok.com https://vk.com https://forte.overizon.io https://static.pay2u.ru https://vpn-td-fo.technodom.kz https://apigw.forte.kz https://dev-apigw.fortebank.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src * 'self' data: https:; media-src https://c2d-livechat-v2.fortebank.com; frame-ancestors 'self' https://forte-main-next.onedev.zone https://www.technodom.kz https://id.forte.kz https://f-business.forte.kz https://f-business.onedev.zone https://yandex-card-onboarding.forte.kz; frame-src 'self' https://www.technodom.kz https://apps.apple.com https://airbafresh1.prfl.me https://airbafresh.onelink.me https://prfl.me https://1fitapp.prfl.me https://1fit.onelink.me https://technodom1.prfl.me https://kz-kari.prfl.me https://ryadom1.prfl.me https://forte.overizon.io https://youtube.com https://cdn-europe2-forte-kz.marketjs-cloud2.com https://engamio.live https://dev-yandex-card-onboarding.fortebank.com https://d2pf7hnk4a8f75.cloudfront.net https://docs.google.com https://id.forte.kz https://qa-id.forte.kz https://youtu.be https://youtube.com http://10874069.fls.doubleclick.net https://f-business.forte.kz https://f-business.onedev.zone https://www.facebook.com https://formdesigner.ru https://www.youtube.com https://main.storage-object.pscloud.io https://static.pay2u.ru; connect-src * blob:; form-action 'self' https://www.facebook.com; base-uri 'self'; object-src 'self'; worker-src 'none'; upgrade-insecure-requests; 2 frame-ancestors 'self' *.blinds-2go.co.uk; 2 script-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' *.ing.com.tr; object-src 'self'; 2 frame-ancestors 'self' *.taiwantrade.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.svenskadomaner.se *.dibspayment.eu *.cookiebot.com *.trustpilot.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net www.googletagmanager.com www.clarity.ms; frame-src 'self' *.svenskadomaner.se *.dibspayment.eu *.cookiebot.com *.trustpilot.com *.youtube.com *.facebook.com s-static.ak.facebook.com www.googletagmanager.com td.doubleclick.net blob:; object-src 'self'; worker-src 'self' blob:; 2 upgrade-insecure-requests; default-src 'self' https://cdn.plaid.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://www.google.com https://www.gstatic.com https://cdn.plaid.com/link/v2/stable/link-initialize.js https://platform.benefits.wexglobal.com/identityverification/v1/js/identityverificationwrapper.min.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com fonts.googleapis.com; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com; media-src *; object-src 'none'; frame-src 'self' http: fast.whc.demdex.net https://cdn.plaid.com; connect-src 'self' dpm.demdex.net https://production.plaid.com https://northamerica.directline.botframework.com wss://northamerica.directline.botframework.com blob:; img-src 'self' * data:;frame-ancestors 'self';; 2 connect-src 'self' https: ws: https://ww2-api.tigocloud.net https://analytics.google.com https://cdn.cookielaw.org https://script.hotjar.com https://stats.g.doubleclick.net; img-src 'self' data: blob: https://ww2-cdn.tigocloud.net https://ww2-api.tigocloud.net https://www.millicom.com https://www.google.com.gt https://www.google-analytics.com https://cdn.cookielaw.org https://i.ytimg.com; media-src 'self' data: blob: https://ww2-cdn.tigocloud.net; default-src 'self'; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' https: https://analytics.google.com https://cdn.cookielaw.org https://script.hotjar.com https://stats.g.doubleclick.net 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https://www.youtube.com/; 2 default-src 'self' data: https: wss: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.ampproject.org www.google.com sale.sulpak.kz www.googletagmanager.com tags.creativecdn.com recommender.scarabresearch.com cdn.retailrocket.ru app.blinger.io sulpak.api.useinsider.com eitri.api.useinsider.com connect.facebook.net content.mql5.com www.google-analytics.com www.googleadservices.com mc.yandex.ru static.hotjar.com script.hotjar.com googleads.g.doubleclick.net kaspi.kz static.demoup.com analytics.tiktok.com maps.googleapis.com code.jquery.com www.gstatic.com export.sulpak.kz media.flixfacts.com media.flixcar.com content.24ttl.stream button.loadbee.com assets.api.useinsider.com api-maps.yandex.ru yastatic.net suggest-maps.yandex.ru widget.devino.chat core-renderer-tiles.maps.yandex.net plerdy.com a.plerdy.com c.plerdy.com h.plerdy.com cdn.loadbee.com prod.flixgvid.flix360.io my.devino.chat widget-chat.devinotele.com epay.homebank.kz epay-oauth.homebank.kz creativecdn.com abt.s3.yandex.net ajax.cloudflare.com mw2.breezyx.space test-halykid.homebank.kz;style-src 'self' 'unsafe-inline' data: blob: www.google.com fonts.googleapis.com assets.api.useinsider.com media.flixcar.com media.flixfacts.com widget.devino.chat cdn.loadbee.com widget-chat.devinotele.com mw2.breezyx.space 2 frame-ancestors 'self' https://solar.justpark.com https://business.justpark.com https://pay-26l.pages.dev/ https://o2landingpage.kinsta.cloud/ https://pay.justpark.com/ https://app.storyblok.com/ 2 script-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://buttercms.com; 2 frame-ancestors 'self' *dol.com.br *elitecs.gruporba.com.br 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com *.guardianlife.com *.aws.glic.com guardiandirect.custhelp.com guardiandirect--tst2.custhelp.com www.googletagmanager.com tagmanager.google.com/ maps.googleapis.com www.youtube.com view.ceros.com src.litix.io *.evgnet.com *.bound360.com *.evergage.com guardianlife.us-1.evergage.com *.launchdarkly.com *.aws.glic.com *.wistia.com js.sentry-cdn.com cdn.cookielaw.org cdn.evgnet.com api.ipify.org fast.wistia.net www.google-analytics.com a.tribalfusion.com s.tribalfusion.com snap.licdn.com s.dpmsrv.com a.dpmsrv.com tag.demandbase.com googleads.g.doubleclick.net ad.doubleclick.net www.googleadservices.com connect.facebook.net ib.adnxs.com cm.g.doubleclick.net cdn.appdynamics.com cdn.mouseflow.com td.doubleclick.net block.sse.cisco.com s.pinimg.com www.redditstatic.com *.smartofficecrm.com c.amazon-adsystem.com s2.adform.net ct.pinterest.com unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https: *.wistia.com fonts.googleapis.com; img-src 'self' data: *.doubleclick.net *.bing.com *.facebook.com www.googletagmanager.com/ images.ctfassets.net www.google-analytics.com www.google.com maps.googleapis.com ssl.gstatic.com/ fast.wistia.com embed.wistia.com embed-ssl.wistia.com secure.adnxs.com ib.adnxs.com/ www.google.com maps.gstatic.com bat.bing.com www.facebook.com px.ads.linkedin.com p.adsymptotic.com/ i.ytimg.com www.guardiananytime.com/ pixel.mediaiqdigital.com pixel.mathtag.com d1bvwpcbxq9v24.cloudfront.net t.co idsync.rlcdn.com *.amazonaws.com cx.atdmt.com www.linkedin.com/ *.fls.doubleclick.net cm.g.doubleclick.net id.rlcdn.com/464526.gif match.prod.bidr.io/cookie-sync/demandbase segments.company-target.com block.opendns.com images.ctfassets.net pippio.com *.aws.glic.com cdn.cookielaw.org a.dpmsrv.com a.tribalfusion.com s.tribalfusion.com fast.wistia.net cdn.appdynamics.com s3-us-west-2.amazonaws.com s3.amazonaws.com ade.googlesyndication.com dsum-sec.casalemedia.com a.usbrowserspeed.com us-u.openx.net block.sse.cisco.com *.smartofficecrm.com; media-src 'self' blob: *.aws.glic.com *.wistia.com; frame-src 'self' *.doubleclick.net *.appdynamics.com/ guardiandirect.custhelp.com guardiandirect--tst2.custhelp.com js.stripe.com hooks.stripe.com www.canva.com www.googletagmanager.com api-sandbox.donut.farm *.ipipeline.com flex.cybersource.com testflex.cybersource.com *.youtube.com script.hotjar.com vars.hotjar.com cm.g.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org my.visme.co *.ipipeline.com guardianlife.com *.guardianlife.com guardianlife.uat.aws.glic.com *.bound360.com tagmanager.google.com www.podbean.com cloud.alert.guardiandirect.com cloud.connect.guardian pixel.mathtag.com/ bid.g.doubleclick.net *.fls.doubleclick.net pi.pardot.com go.pardot.com connect.guardiangroupbenefits.com guardianabsence.webflow.io *.ebix.com *.aws.glic.com a.tribalfusion.com s.company-target.com fast.wistia.net fast.wistia.com block.sse.cisco.com; connect-src 'self' pagead2.googlesyndication.com *.guardianlife.com *.aws.glic.com fonts.gstatic.com *.doubleclick.net *.g.doubleclick.net guardiandirect.custhelp.com guardiandirect--tst2.custhelp.com www.google-analytics.com api.stripe.com cdn.contentful.com preview.contentful.com n2.mouseflow.com rules.atgsvcs.com *.ipipeline.com *.donut.farm col.eum-appdynamics.com collectorprod.glic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com fast.wistia.com embed-cloudfront.wistia.com distillery.wistia.com pipedream.wistia.com *.litix.io *.podbean.com cloud.alert.guardiandirect.com cloud.connect.guardian bat.bing.com maps.googleapis.com api.company-target.com segments.company-target.com m.addThis.com geolocation.onetrust.com guardianlife-privacy.my.onetrust.com cdn.linkedin.oribi.io www.facebook.com gw.linkedin.oribi.io gw.dr1.linkedin.oribi.io analytics.tiktok.com pixel.mathtag.com guardianabsence.webflow.io *.ebix.com *.evgnet.com *.evergage.com guardianlife.us-1.evergage.com *.launchdarkly.com *.aws.glic.com cdn.segment.com api.segment.io graphql.contentful.com cdn.cookielaw.org www.google.com fast.wistia.net px.ads.linkedin.com tag-logger.demandbase.com cdn.appdynamics.com pdx-col.eum-appdynamics.com privacyportal-na01.onetrust.com us01.rec.mouseflow.com google.com ad.doubleclick.net block.sse.cisco.com *.smartofficecrm.com ct.pinterest.com alsoaskedapi.com api.openai.com unpkg.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com login.guardianlife.com *.aws.glic.com fast.wistia.com fast.wistia.net 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com https:; frame-ancestors 'self' https:; 2 frame-ancestors 'self'; object-src 'self' https://on-site.com https://*.on-site.com https://*.realpage.com; report-uri /pub/csp_reports 2 default-src *; child-src 'self' blob:; connect-src * blob: ws: wss:; frame-src 'self' www.googletagmanager.com api.foxentry.cz www.databreakers.com cdn.msgok.net www.mall.tv mall.fameplay.tv fameplay.tv www.google.com www.youtube.com creativecdn.com sketchfab.com socialplugin.facebook.net www.kdukvh.com tcp.googlesyndication.com www.zbozi.cz cj.dotomi.com open.spotify.com payu.com secure.payu.com merch-prod.snd.payu.com cpx.smind.hr cpx.smind.si data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mall.cz *.mall.sk *.mall.hr *.mall.hu *.mall.pl *.mimovrste.com *.google-analytics.com ajax.googleapis.com mallgroup-api.exponea.com supine.io *.clarity.ms www.googleadservices.com download.databreakers.com connect.facebook.net api.mapy.cz *.cdn.nrholding.net c.seznam.cz tpc.googlesyndication.com www.zbozi.cz cdn.msgok.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ translate.google.com cdnjs.cloudflare.com cdn.jsdelivr.net cloudflare.hcaptcha.com static.cloudflareinsights.com www.googletagmanager.com *.foxentry.cz im9.cz/js/ bat.bing.com *.adform.net static.criteo.net sslwidget.criteo.com *.mallgroup.com yottlyscript.com login.dognet.sk etargetnet.com secure.smartform.cz 4w.smartform.cz ssl.heureka.cz ssl.heureka.sk http://localhost:* *.cs.mall.local *.cs.mall.test www.arukereso.hu tracking.channelsight.com ngastatic.com/s4c/tracker.js sk.search.etargetnet.com/j/ *.mczbf.com *.cj.com *.payu.com unpkg.com/leaflet@1.9.4/dist/leaflet.js https://unpkg.com/leaflet.markercluster@1.4.1/dist/leaflet.markercluster.js *.mgit.cz *.smind.hr *.smind.si; style-src * 'unsafe-inline'; img-src * data:; object-src 'none' 2 frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://*.enboarder.com 2 default-src *.myidx.cloud 'self' ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; connect-src *.myidx.cloud 'self' media.idigitalcontents.com irs.tools.investis.com jzkss3k18d.execute-api.eu-west-1.amazonaws.com stats.reciteme.com api.reciteme.com stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com kingfisher-global.cd.invdcloud-is.co.uk www.kingfisher.com *.invdcloud-is.co.uk; script-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.amazonaws.com *.analytics.google.com *.google.com *.google-analytics.com *.lfeeder.com *.staticcontents.investisdigital.com api.reciteme.com googletagmanager.com ajax.googleapis.com static.cloudflareinsights.com player.vimeo.com www.youtube.com cdn.jsdelivr.net kingfisher-global.cd.invdcloud-is.co.uk www.kingfisher.com code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com unpkg.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com *.invdcloud-is.co.uk; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com unpkg.com *.googletagmanager.com google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com *.invdcloud-is.co.uk; object-src 'none'; base-uri 'none'; form-action 'self'; font-src *.myidx.cloud 'self' 'unsafe-inline' data: www.w3.org api.reciteme.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com; frame-src *.myidx.cloud 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net bugcrowd.com www.youtube-nocookie.com *.zscalerthree.net *.zscloud.net adfs.justretirement.com viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com; img-src *.myidx.cloud 'self' 'unsafe-inline' data: i.ytimg.com www.w3.org fonts.gstatic.com tr.lfeeder.com www.googletagmanager.com www.google-analytics.com; media-src *.myidx.cloud 'self' media.idigitalcontents.com; 2 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; frame-ancestors 'self'; 2 object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob:; base-uri https: http:; frame-ancestors https://app.contentful.com 2 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.roh.org.uk roh.global.ssl.fastly.net bam.nr-data.net bat.bing.com bs.serving-sys.com canopylabstracking.s3.amazonaws.com connect.facebook.net *.cloudfront.net intljs.rmtag.com js-agent.newrelic.com nxtck.com rules.quantcount.com secure-ds.serving-sys.com secure.quantserve.com tags.rd.linksynergy.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com https://tagmanager.google.com http://*.hotjar.com https://*.hotjar.com https://optimize.google.com https://*.bookatable.com https://youtube.com https://*.youtube.com https://static.ads-twitter.com https://analytics.twitter.com https://app.charitycheckout.co.uk https://media.imi.chat/ https://analytics.tiktok.com/ https://*.ctnsnet.com consentag.eu collector-11526.tvsquared.com https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://cdn.bitmovin.com/ https://cdn.cookielaw.org/ https://www.gstatic.com/ https://*.prospect2.com/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com/ https://trackcmp.net/ www.clarity.ms https://translations.signapsesolutions.com/; style-src 'self' blob: 'unsafe-inline' https://cloud.typography.com https://*.googleapis.com https://static.roh.org.uk https://static.rolex.com https://optimize.google.com https://*.googleapis.com https://*.bookatable.com https://tagmanager.google.com https://youtube.com https://*.youtube.com https://media.imi.chat/ https://*.typekit.net/; object-src 'none'; worker-src blob:; 2 default-src 'self' chat.searchengines.guru d.searchengines.guru; script-src 'self' search.searchengines.guru d.searchengines.guru pagead2.googlesyndication.com 'unsafe-inline' ep1.adtrafficquality.google ep2.adtrafficquality.google; style-src d.searchengines.guru 'unsafe-inline'; img-src 'self' chat.searchengines.guru d.searchengines.guru blob: data: pagead2.googlesyndication.com ep1.adtrafficquality.google ep2.adtrafficquality.google; media-src 'self' chat.searchengines.guru; font-src 'self' d.searchengines.guru; connect-src 'self' https://chat.searchengines.guru wss://chat.searchengines.guru pagead2.googlesyndication.com ep1.adtrafficquality.google ep2.adtrafficquality.google; frame-src 'self' d.searchengines.guru www.youtube.com googleads.g.doubleclick.net ep1.adtrafficquality.google ep2.adtrafficquality.google www.google.com pagead2.googlesyndication.com; frame-ancestors 'self'; object-src 'self' blob:; 2 frame-ancestors 'self' https://www.cartoonporno.xxx https://www.cartoonporno1cn.com https://www.cartoonporno.pro 2 object-src 'none'; block-all-mixed-content 2 frame-ancestors 'self' *.sartorius.com service.ariba.com www.service.ariba.com s1.ariba.com www.s1.ariba.com service-2.ariba.com www.service-2.ariba.com s1-eu.stc.ariba.com *.ariba.com *.coupa.com *.govsci.com govsci.com *.sciquest.com *.coupahost.com *.coupadev.com *.compute.amazonaws.com *.netsuite.com *.shop.sartorius.com *.shop.sartorius.com.cn; 2 frame-ancestors https://*.gates.com https://www.google.com https://rum.hlx.page;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google.com https://rum.hlx.page https://zncc3qogefxnevd9k-gates.siteintercept.qualtrics.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://s7d2.scene7.com https://siteintercept.qualtrics.com https://assets.adobedtm.com https://static.cloudflareinsights.com https://code.jquery.com https://snippet.maze.co https://assets.adobedtm.com https://www.google-analytics.com https://www.googletagmanager.com https://gates.scene7.com https://browser-update.org https://snippet.maze.co https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net https://munchkin.marketo.net https://assets.adobedtm.com https://maps-api-ssl.google.com https://hosted.where2getit.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://snap.licdn.com https://app-sn05.marketo.com https://static.cognitoforms.com https://services.cognitoforms.com https://www.youtube.com https://cdn.intake-lr.com https://go.gates.com https://sc.lfeeder.com https://www.cognitoforms.com https://visit.gates.com https://www.google.com https://www.gstatic.com https://track.accountinsight.cloud https://www.googleadservices.com https://view.ceros.com https://js.zi-scripts.com https://tags.clickagy.com https://rum.hlx.page https://labs.ceros.com https://sdk.ceros.com https://*.qualtrics.com https://v.calameo.com https://ws.zoominfo.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.jsdelivr.net https://maps.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.ca http://aorta.clickagy.com https://aorta.clickagy.com http://hemsync.clickagy.com https://hemsync.clickagy.com http://insight.adsrvr.org https://insight.adsrvr.org https://cloudflareinsights.com https://www.clarity.ms https://tags.srv.stackadapt.com https://*.clarity.ms https://c.bing.com https://app-sj01.marketo.com https://pagead2.googlesyndication.com blob:; style-src 'self' https://zncc3qogefxnevd9k-gates.siteintercept.qualtrics.com https://fonts.googleapis.com https://go.gates.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://s7d2.scene7.com https://siteintercept.qualtrics.com https://assets.adobedtm.com https://static.cloudflareinsights.com https://code.jquery.com https://snippet.maze.co https://assets.adobedtm.com https://www.google-analytics.com https://www.googletagmanager.com https://gates.scene7.com https://browser-update.org https://snippet.maze.co https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net https://munchkin.marketo.net https://assets.adobedtm.com https://maps-api-ssl.google.com https://hosted.where2getit.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://snap.licdn.com https://app-sn05.marketo.com https://static.cognitoforms.com https://www.cognitoforms.com https://www.youtube.com https://cdn.intake-lr.com https://visit.gates.com https://www.gstatic.com https://track.accountinsight.cloud https://www.googleadservices.com https://view.ceros.com https://*.qualtrics.com https://labs.ceros.com https://sdk.ceros.com https://v.calameo.com https://ws.zoominfo.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.jsdelivr.net https://maps.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.ca http://aorta.clickagy.com https://aorta.clickagy.com http://hemsync.clickagy.com https://hemsync.clickagy.com http://insight.adsrvr.org https://insight.adsrvr.org https://cloudflareinsights.com https://www.clarity.ms https://tags.srv.stackadapt.com https://*.clarity.ms https://c.bing.com https://app-sj01.marketo.com https://pagead2.googlesyndication.com 'unsafe-inline';img-src 'self' https://www.google.com https://rum.hlx.page https://gates.scene7.com https://gatescorporation.sc.omtrdc.net https://px.ads.linkedin.com https://www.facebook.com https://maps-api-ssl.google.com https://hosted.where2getit.com https://dpm.demdex.net https://cm.everesttech.net https://cdn.cookielaw.org https://www.youtube.com https://media-s3-us-east-1.ceros.com https://app-sn05.marketo.com https://www.google.com https://www.googletagmanager.com https://i.ytimg.com https://s7d2.scene7.com https://tr.lfeeder.com https://mma.prnewswire.com https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://www.google.com.mx https://www.googleadservices.com https://view.ceros.com https://*.qualtrics.com https://www.linkedin.com https://go.gates.com https://gates.bigmachines.com https://testgates.bigmachines.com https://track.accountinsight.cloud https://www.haynespro-assets.com https://v.calameo.com https://ws.zoominfo.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.jsdelivr.net https://maps.googleapis.com https://maps.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.ca http://aorta.clickagy.com https://aorta.clickagy.com http://hemsync.clickagy.com https://hemsync.clickagy.com http://insight.adsrvr.org https://insight.adsrvr.org https://cloudflareinsights.com https://www.clarity.ms https://tags.srv.stackadapt.com https://*.clarity.ms https://c.bing.com https://app-sj01.marketo.com https://pagead2.googlesyndication.com data: blob:;connect-src 'self' https://cdn.cookielaw.org https://*.onetrust.com https://*.cdu5-gatescorp1-d1-public.model-t.cc.commerce.ondemand.com https://*.cdu5-gatescorp1-s1-public.model-t.cc.commerce.ondemand.com https://www.google.com https://rum.hlx.page https://pdx1.sr.qualtrics.com https://js.zi-scripts.com https://siteintercept.qualtrics.com https://s7mbrstream.scene7.com https://gates.scene7.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.cognitoforms.com https://media-s3-us-east-1.ceros.com https://api.ceros.com https://prompts.maze.co https://sr.qualtrics.com https://hosted.where2getit.com https://gates.sjc1.qualtrics.com https://info.gates.com https://services.cognitoforms.com https://www.google.com https://439-cta-171.mktoresp.com https://dpm.demdex.net https://gatescorporation.2o7.net https://gatescorporation.sc.omtrdc.net https://www.facebook.com https://maps-api-ssl.google.com https://cm.everesttech.net https://cdn.cookielaw.org https://www.youtube.com https://app-sn05.marketo.com https://www.googletagmanager.com https://i.ytimg.com https://s7d2.scene7.com https://tr.lfeeder.com https://mma.prnewswire.com https://googleads.g.doubleclick.net https://www.google.com.mx https://www.googleadservices.com https://view.ceros.com https://*.qualtrics.com https://www.linkedin.com https://go.gates.com https://439-cta-171.mktoutil.com https://track.accountinsight.cloud https://731-sqb-766.mktoresp.com https://labs.ceros.com https://sdk.ceros.com https://rum.hlx.page https://439-cta-171.mktoutil.com https://v.calameo.com https://ws.zoominfo.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.jsdelivr.net https://maps.googleapis.com https://maps.gstatic.com https://www.cognitoforms.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.ca http://aorta.clickagy.com https://aorta.clickagy.com http://hemsync.clickagy.com https://hemsync.clickagy.com http://insight.adsrvr.org https://insight.adsrvr.org https://cloudflareinsights.com https://www.clarity.ms https://tags.srv.stackadapt.com https://*.clarity.ms https://c.bing.com https://app-sj01.marketo.com https://pagead2.googlesyndication.com; frame-src 'self' https://info.gates.com https://services.cognitoforms.com https://hosted.where2getit.com https://view.ceros.com https://td.doubleclick.net https://www.googletagmanager.com https://gates.demdex.net https://go.gates.com https://unchain.gates.com https://webapps.gates.com https://www.youtube.com https://app.smartsheet.com https://gates.bigmachines.com https://testgates.bigmachines.com https://misc.lawcreative.co.uk https://visit.gates.com https://www.google.com https://track.accountinsight.cloud https://www.linkedin.com https://labs.ceros.com https://sdk.ceros.com https://s7d2.scene7.com https://*.qualtrics.com https://www.google.com https://v.calameo.com https://ws.zoominfo.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://cdn.jsdelivr.net https://maps.googleapis.com https://maps.gstatic.com https://www.cognitoforms.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.ca http://aorta.clickagy.com https://aorta.clickagy.com http://hemsync.clickagy.com https://hemsync.clickagy.com http://insight.adsrvr.org https://insight.adsrvr.org https://cloudflareinsights.com https://www.clarity.ms https://tags.srv.stackadapt.com https://*.clarity.ms https://c.bing.com https://app-sj01.marketo.com https://pagead2.googlesyndication.com;object-src 'none'; worker-src blob:; 2 frame-ancestors 'self' https://mydrive.univ-st-etienne.fr https://mydrive-ng.univ-st-etienne.fr https://laboratoirehubertcurien.univ-st-etienne.fr 2 Content-Security-Policy: default-src 'self' *.clic2buy.com *.click2buy.com *.clic2drive.com 2 default-src * 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://remitano.com 2 script-src *.website-solution.net *.googletagmanager.com *.facebook.net *.google.com *.gstatic.com www.recaptcha.net *.doubleclick.net 'unsafe-inline' 2 frame-ancestors 'self' guides.tvunetworks.com; 2 frame-ancestors 'self' *.wrike.com 2 frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ts1.numeroblu.it https://widget.spreaker.com https://assets.sitescdn.net https://platform.twitter.com https://platform.linkedin.com https://*.iubenda.com https://*.liveperson.net https://www.googletagmanager.com https://cdn.eye-able.com https://answers.trenord.com.pagescdn.com https://trenord.mailmnsa.com https://bat.bing.com https://connect.facebook.net https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://www.clarity.ms https://snap.licdn.com https://maps.googleapis.com https://www.geocms.it https://storage.googleapis.com https://*.lpsnmedia.net https://www.google.com https://*.paypal.com https://*.paypalobjects.com https://www.gstatic.com https://s.pinimg.com https://analytics.tiktok.com https://ct.pinterest.com https://download.pi.dynamics.com/sdk/web/msei-0.js; 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se https://piwik-ext.vgregion.se/ https://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/ https://ssl.webserviceaward.com/; style-src 'unsafe-inline' 'self' https://*.vgrblogg.se/ https://*.vimeocdn.com https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.vimeocdn.com registry.dataportalvast.se https://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/ *.t-d.se; font-src 'self' data: https://static.entryscape.com/ https://static2.sharepointonline.com/ https://players.cupix.com/*; frame-src 'self' https://*.siteimprove.com/ https://*.vgrblogg.se/ https://sketchfab.com/ https://play.gu.se/ https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com https://players.cupix.com/; img-src 'self' data: https://*.vgrblogg.se/ https://maps.lantmateriet.se https://ssl.webserviceaward.com/wsc/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com blob:; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgrblogg.se *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com ; 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; 2 frame-ancestors https://*.com 2 frame-ancestors 'self' *.bnc.ca *.nbc.ca; 2 frame-ancestors 'self' https://orovivo-tablet.vercel.app 2 default-src 'self' flickrembed.com *.flickrembed.com *.jquery.com *.flickr.com *.twitter.com *.gstatic.com *.weloveiconfonts.com weloveiconfonts.com *.googletagmanager.com *.google-analytics.com *.youtube.com youtube.com *.ytimg.com *.google.com *.googlevideo.com *.googleapis.com *.facebook.net *.facebook.com *.doubleclick.net *.rss2json.com *.instagram.com *.googleservices.com *.office.com *.matterport.com *.cloudflare.com *.benchmarkemail.com *.renem.es *.openstreetmap.org *.opentopomap.org *.ign.es data: 'unsafe-inline' 'unsafe-eval'; 2 frame-ancestors 'self' https://eppendorf.e-spirit.hosting https://*.ariba.com https://*.sciquest.com https://*.oracle.com https://*.workday.com https://procure.prendio.com https://*.coupahost.com https://*.gep.com https://eprocurement.esmsolutions.com https://*.labcloudinc.com https://demo.procuredesk.com https://myprocuredesk.com https://*.umn.edu https://*.mdanderson.edu https://*.princeton.edu https://*.duke.edu https://austin.utexas.edu https://*.utmb.edu https://*.virginia.edu https://*.miami.edu https://*.moffit.org https://*.app.netsuite.com https://rcbb.psfs.lsuhsc.edu https://prd.psfs.lsuhsc.edu https://lawpe.c0xl.velocity.cloud https://lawde.c0xl.velocity.cloud https://lawdf.c0xl.velocity.cloud https://hilsapp50.qiagen.ads:8403 https://hilsapp50.qiagen.ads https://*.uni-bonn.de 2 frame-ancestors 'self' http://*.vde.com; 2 upgrade-insecure-requests; frame-ancestors 'self' ; report-to csp-violation; report-uri https://cspreports.realpage.com/api/reports/save/violation; 2 frame-src 'self' https://193.105.74.4/ https://62.140.31.104/ https://www.gstatic.com/ https://www.google.com/recaptcha/ https://platform-use.ci360.sas.com https://individeo.com/ https://www.youtube.com/ https://www.produbanco.com.ec/ https://estella01.prd.net.ec/api/heartbeat https://cdn.botframework.com/ https://*.hotjar.com https://*.hotjar.io https://cixctn.produbanco.ec 2 base-uri 'self'; frame-ancestors *;frame-src *;child-src 'self';block-all-mixed-content;object-src 'none'; prefetch-src 'self';worker-src 'self'; default-src https: data: ws:; script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline'; 2 default-src 'self' https://dayone.me https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ blob: https://pixel.wp.com/t.gif https://i.ytimg.com/; img-src 'self' https://dayone.me https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ blob: https://pixel.wp.com/t.gif https://i.ytimg.com/ data: https://api.mapbox.com https://dgalywyr863hv.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://accounts.google.com/gsi/client https://apis.google.com https://cdn.jsdelivr.net/npm/@huggingface/ https://cdn.jsdelivr.net/npm/onnxruntime-common/+esm https://cdn.jsdelivr.net/npm/onnxruntime-web@1.22.0-dev.20250409-89f8206ba4/+esm; connect-src 'self' https://dayone.me https://pbcms.dayone.me https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://apis.google.com https://accounts.google.com/gsi/ https://pixel.wp.com/t.gif https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://d1m1arvbwat4xp.cloudfront.net/ https://o248881.ingest.sentry.io/api/4503976745369600/envelope/ https://public-api.wordpress.com/geo/ https://www.googleapis.com https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone-client-only/production/private/records/ https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone/production/public/users/current https://publish.dayone.app/support/SupportFormConfig.json https://api.mapbox.com https://dgalywyr863hv.cloudfront.net https://api.openai.com https://zapier.com https://huggingface.co/Xenova/all-MiniLM-L6-v2/ https://cas-bridge.xethub.hf.co/xet-bridge-us/ https://cdn.jsdelivr.net/npm/@huggingface/ https://cdn.jsdelivr.net/npm/onnxruntime-web@1.22.0-dev.20250409-89f8206ba4/+esm https://cdn.jsdelivr.net/npm/onnxruntime-common/+esm https://cdn.jsdelivr.net/sm/2bdf6a06ee70e15b76b5d2ff1e8a9aa3c9c8d4cfe7cea16cb0bfff62a751077e.map https://cdn.jsdelivr.net/sm/4944f7a27027a137aef8f6088012eb90dceb5fcbe5f8ceed67e37774e5d814bc.map https://cdn.jsdelivr.net/sm/e3518fbe0c2a4ec8c27d5a407c9a244a0ac7a9c81cc77c64b40e470ba6707160.map; frame-src https://accounts.google.com/gsi/ blob: https://content.googleapis.com/ https://www.youtube.com/ https://player.vimeo.com/video/ https://embed.spotify.com/ https://open.spotify.com/embed/playlist/; font-src 'self' data: blob:; frame-ancestors 'self' 2 default-src self https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; worker-src blob: data: 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; connect-src https: wss:; img-src * data:; style-src https: 'unsafe-inline'; font-src * data:; 2 default-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com https://www.ims-cms.net; script-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com ; style-src 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://www.bundeswahlleiter.de https://service.bundeswahlleiter.de https://www.bundeswahlleiterin.de https://service.bundeswahlleiterin.de https://www.youtube-nocookie.com https://www.ims-cms.net ; upgrade-insecure-requests 2 frame-ancestors 'none';upgrade-insecure-requests; 2 default-src https: 'unsafe-inline'; script-src 'self' *.ketchcdn.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.ketchjs.com *.ketchcdn.com 'unsafe-inline';img-src * 'self' coverscans.renlearn.com; 2 default-src https: blob: data: ws: 'self' 'unsafe-inline' 'unsafe-eval' 2 object-src 'none'; upgrade-insecure-requests; 2 frame-ancestors 'self' http://localhost:3333 https://*.sanity.studio https://*.ingress.npstage.lan https://joi.com https://*.joi.com https://joi.ai https://*.joi.ai https://www.sanity.io 2 default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net www.datadoghq-browser-agent.com *.sandbox.my.site.com www.googleadservices.com cdn.mouseflow.com googleads.g.doubleclick.net www.youtube.com www.clarity.ms dianews.roche.com cdn.c360a.salesforce.com *.gstatic.com platform.twitter.com static.cloudflareinsights.com roche.piwik.pro widget.usersnap.com twitter.com t.contentsquare.net cdnjs.cloudflare.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.google.com munchkin.marketo.net *.marketo.com snippet.ramblechat.com ajax.googleapis.com dev.virtualearth.net app-sji.marketo.com maps.googleapis.com assets.adobedtm.com assets.adoberesources.net cdn.cookielaw.org static.ads-twitter.com connect.facebook.net snap.licdn.com sc.lfeeder.com cdn.leadinfo.net platform-api.sharethis.com buttons-config.sharethis.com www.gstatic.com https://t.sharethis.com https://*.bing.com player.vimeo.com znccssodhgpbfve5g-rochediacx.siteintercept.qualtrics.com siteintercept.qualtrics.com *.qualtrics.com rexis--apollo.sandbox.my.site.com https://rexis--selma.sandbox.my.site.com znehyzqu4e5xaovmd-rochediagnostics1.siteintercept.qualtrics.com roche.containers.piwik.pro bot.eu-rochebot.intersofthub.com bh.contextweb.com eu-cdn.walkme.com documentcloud.adobe.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self' https://rexis--selma.sandbox.my.site.com; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net www.googletagmanager.com; frame-src 'self' *.roche.com *.roche.net rochediacx.fra1.qualtrics.com bot.eu-rochebot.intersofthub.com creators.spotify.com www.brighttalk.com podcasters.spotify.com anchor.fm fhoffmann-larocheag.demdex.net sites.google.com *.googleapis.com *.marketo.com *.twitter.com *.google.com roche.scene7.com *.youtube.com *.googletagmanager.com sftp.rch.cm platform.twitter.com app-sji.marketo.com cdn.walkme.com/* heyzine.com app.smartsheet.com roche.demdex.net dayintegrationinternal.demdex.net td.doubleclick.net https://t.sharethis.com https://r.bing.com/* https://www.bing.com/* v.calameo.com player.vimeo.com docs.google.com accounts.google.com https://docs.google.com/ *.monday.com documentcloud.adobe.com; worker-src 'self' *.roche.com *.roche.net blob:; frame-ancestors 'self' *.roche.com *.roche.net sites.google.com https://docs.google.com/ docs.google.com accounts.google.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net rochediacx.fra1.qualtrics.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com assets.adobedtm.com; report-uri https://bxu7fu4kkj.execute-api.eu-west-1.amazonaws.com/TestStage/CSPReports; 2 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors *.comparasemplice.it *.enigaseluce.com *.eniplenitude.com eniplenitude.com *.ci360.sas.com design-prod.cidemo.sas.com *.roialty.net *.facebook.com 52.18.162.157 52.17.161.123 *.adobeaemcloud.com *.google.com *.apple.com; 2 upgrade-insecure-requests; frame-ancestors https: 'self' *.uprinting.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 2 frame-ancestors 'self' https://live.nkd.com https://www2.nkd.com 2 script-src 'unsafe-inline' https://abdm.gov.in http://localhost:3000 https://sandbox.abdm.gov.in/ https://sandbox.abdm.gov.in/api/sandbox/v1/dashboard https://connect.facebook.net/en_US/sdk.js http://www.youtube.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ 2 http: data: 'unsafe-eval' 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adoberesources.net *.ads.linkedin.com *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.fti-cloud.com *.ftsites.com *.googleads.g.doubleclick.net *.kampyle.com *.linkedin.com *.linkedin.oribi.io *.marketo.com *.marketo.net *.mktoutil.com *.mktoweb.com *.mountain.com *.qualtrics.com *.taboola.com *.twimg.com *.yimg.com ads-api.twitter.com ads-twitter.com amplify.outbrain.com analytics.twitter.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net classify.gofurther.com collector-52407.us.tvsquared.com connect.facebook.net documentcloud.adobe.com lonrtp1-cdn.marketo.com munchkin.marketo.net p.adsymptotic.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net siteimproveanalytics.com sjs.bizographics.com snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com trc.taboola.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.clarity.ms www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ; connect-src 'self' *.adobe.io *.ads.linkedin.com *.akamaihd.net *.analytics.google.com *.apolloplatform.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.browser-intake-datadoghq.com *.clarity.ms *.cloudhub.io *.decibelinsight.com *.decibelinsight.net *.digital-cloud-west.medallia.com *.doubleclick.net *.franklintempleton.com *.frk.com *.fti-cloud.com *.ftsites.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleads.g.doubleclick.net *.googletagmanager.com *.kampyle.com *.launchdarkly.com *.linkedin.com *.linkedin.oribi.io *.marketo.com *.mktoresp.com *.mktoutil.com *.mountain.com *.onetrust.com *.onetrust.io *.qualtrics.com *.taboola.com *.widen.net *.widencdn.net *.yimg.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 848-iap-939.mktoresp.com ads-api.twitter.com ads-twitter.com adservice.google.com analytics-fe.digital-cloud-west.medallia.com analytics.twitter.com api.intentiq.com bat.bing.com bat.bing.net browser-intake-datadoghq.com cdn.cookielaw.org cdn.linkedin.oribi.io classify.gofurther.com collector-52407.us.tvsquared.com dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io p.adsymptotic.com pdswebapi.fti-cloud.com px.ads.linkedin.com resources.digital-cloud-west.medallia.com s.yimg.com session-replay.browser-intake-datadoghq.com siteimproveanalytics.com sjs.bizographics.com snap.licdn.com wss://*.adobe.io wss://*.decibelinsight.com wss://*.decibelinsight.net www.facebook.com www.fti.wallst.com www.google.com www.google.co.uk www.googleadservices.com www.googletagmanager.com assets.adoberesources.net ; img-src 'self' *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.franklintempleton.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.siteimproveanalytics.io *.stocksnap.io *.tvsquared.com *.twimg.com *.widen.net *.widencdn.net ad.doubleclick.net analytics.twitter.com assets.adoberesources.net bat.bing.com bat.bing.net browser-update.org c.bing.com c.clarity.ms classify.gofurther.com collector-52407.us.tvsquared.com connect.facebook.net d21y75miwcfqoq.cloudfront.net data: di.rlcdn.com fa.aidemsrv.com fml-x.com franklintempletonprod.widen.net lh3.googleusercontent.com pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com sync.intentiq.com syndication.twitter.com t.co tk-static.fml-x.com tr.outbrain.com www.dianomi.com www.facebook.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk ; font-src 'self' *.franklintempleton.com *.franklintempleton.lu *.ftsites.com *.typekit.net data: fonts.googleapis.com fonts.gstatic.com templeton.com ; style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com *.typekit.net blob: fonts.googleapis.com fonts.gstatic.com platform.twitter.com ; worker-src blob: *.decibel.net ; frame-ancestors 'none'; 2 base-uri 'self';object-src 'none';frame-ancestors 'self' *.bajajallianz.com *.bajajgeneralinsurance.com *.bajajgeneral.com https://bagicare.bajajallianz.com https://bagicare.bajajgeneral.com https://bagicare.bajajgeneralinsurance.com https://bagicbizconnect--motordev.sandbox.lightning.force.com https://bagicbizconnect--motordev.sandbox.my.salesforce.com https://bagicbizconnect--motordev.sandbox.my.site.com https://bagicbizconnect--uat.sandbox.my.salesforce.com https://bagicbizconnect--uat.sandbox.lightning.force.com https://bagicbizconnect--uat.sandbox.my.site.com https://bagicbizconnect.lightning.force.com https://bagicbizconnect.my.salesforce.com https://bagicbizconnect.my.site.com ; upgrade-insecure-requests; 2 frame-ancestors 'self' https://good-game-network.com https://*.good-game-network.com https://*.ggpoker.co.uk https://ggpoker.com https://*.ggpoker.com https://ggpoker.kg https://*.ggpoker.kg https://ggpoker.eu https://*.ggpoker.eu https://*.ggpoker.ca https://ggpoker.ca https://*.olybet.ee https://*.olybet.lv https://*.olybet.eu; 2 frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com addtocalendar.com *.airtable.com airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com heyzine.com *.heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com; img-src 'self' data: *.acast.com *.adbutter.net *.adform.net *.adnxs.com *.adnxs-simple.com *.ads-twitter.com *.airtable.com airtable.com *.airtableusercontent.com *.ckeditor.com *.cloudflare.com *.didomi.io *.doubleclick.net *.elfsight.com *.elfsightcdn.com elfsightcdn.com *.facebook.com *.facebook.net *.gomovein.com *.google.com *.google.fr *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.heyzine.com heyzine.com *.hzstats.com *.instagram.com *.jellyfish.com *.jsdelivr.net *.licdn.com *.linkedin.com *.marches-publics.info *.marketo.com *.marketo.net *.matomo.cloud *.mews.com *.mktoresp.com *.otowui.com *.privacy-center.org *.seadform.net sc-static.net *.sharethis.com *.sibforms.com *.static.net *.tapad.com *.tiktok.com *.twitter.com *.typeform.com *.unibuddy.co *.vimeo.com *.webleads-tracker.fr *.welcomekit.co *.youtube.com youtube.com *.youtube-nocookie.com youtu.be *.ytimg.com page.hec.edu *.readspeaker.com *.addtoany.com; font-src 'self' data:; report-uri /hec-report-csp-violation 2 script-src blob: https://*.virginplus.ca https://*.vpc.ca https://*.bell.ca https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://www.googletagmanager.com https://assets.adobedtm.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://solutions.invocacdn.com https://*.google-analytics.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.licdn.com https://sc-static.net https://virgin.know-where.com https://maps.googleapis.com https://bellmaps.korem.com https://*.ss-omtrdc.net https://*.invoca.net https://*.tiktok.com https://*.bing.com https://*.googleadservices.com https://*.clarity.ms https://*.schemaapp.com https://*.medallia.ca https://*.googlesyndication.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.acuityplatform.com https://*.stackadapt.com https://*.outbrain.com https://*.adnxs.com https://*.cluep.com https://*.snapchat.com https://*.cookielaw.org https://cdn.cookielaw.org https://websdk.ujet.co https://www.websdk.ujet.co https://bell-npe-9jnycaz.ca.ccaiplatform.com/log-proxy/log https://cdn.gbqofs.com https://ct.pinterest.com https://*.ccaiplatform.com https://www.geoplugin.com https://*.vaulting.io 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' data: https:; frame-ancestors *.bell.ca *.virginplus.ca *.vpc.ca; object-src https://*.virginplus.ca; 2 default-src 'self'; script-src 'self' https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google-analytics.com/ https://*.analytics.google.com https://www.googletagmanager.com https://translate.google.com https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://*.js.stripe.com/; style-src 'unsafe-inline' 'self'; frame-src https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://*.js.stripe.com/ https://www.youtube.com/; child-src 'self'; img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com; font-src data:; connect-src blob: https://api.textures.com/ https://api-v3.textures.com/ https://www.textures.com/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/ https://stats.g.doubleclick.net https://*.google-analytics.com/ https://*.analytics.google.com; worker-src 'self'; form-action 'self'; object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.paypal.com/ https://www.sandbox.paypal.com/ https://js.stripe.com/; upgrade-insecure-requests; media-src 'self'; prefetch-src 'self'; manifest-src 'self'; 2 frame-ancestors https://sbgi.net; upgrade-insecure-requests 2 frame-ancestors 'self' https://*.withsecure.com 2 frame-ancestors http://*.seagate.com https://*.seagate.com http://*.seagate.cn https://*.seagate.cn http://seagate.saleshood.com https://seagate.saleshood.com; 2 frame-ancestors 'self' https://www.xxxvideor.com https://www.xxxvideor2cn.com https://www.xxxvideorindia.pro 2 frame-ancestors 'self' https://viestimedia.blueconic.net https://viestimedia.sb.blueconic.net https://*.viestimedia.net; 2 default-src 'self' * 'unsafe-inline' *.3qsdn.com *.payengine.de data: blob:; style-src 'self' *.googleapis.com *.eye-able.com *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com; img-src * 'unsafe-inline' data:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' *.gstatic.com 'unsafe-inline' *.vorteilsguru.de *.3qsdn.com data: 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://statuspal.io https://www.googletagmanager.com https://consent.cookiebot.com https://connect.facebook.net https://bat.bing.com https://googleads.g.doubleclick.net https://widget.intercom.io https://static.hotjar.com https://js.intercomcdn.com https://vercel.live https://cdn.redoc.ly https://script.hotjar.com https://cdn.redocly.com https://www.clarity.ms; connect-src 'self' https://statuspal.io https://www.google.com https://analytics.google.com https://googleads.g.doubleclick.net https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://metrics.hotjar.io https://vercel.live wss://ws-us3.pusher.com https://pagead2.googlesyndication.com https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://vc.hotjar.io https://stats.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://vercel.live https://fonts.googleapis.com; img-src 'self' blob: data: https://zzj.fuu.mybluehost.me https://www.gravatar.com https://bat.bing.com https://www.google.com https://www.facebook.com https://vercel.com https://www.googletagmanager.com https://cdn.redoc.ly https://static.intercomassets.com https://js.intercomcdn.com https://statuspal.io; font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com https://vercel.live; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com https://vercel.live; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 2 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src blob: 'self'; font-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src https: wss: blob: data: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://translate.google.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ https://www.googleadservices.com/ https://assets.adobedtm.com/ https://assets.map.brightcove.com/ https://cdn.taboola.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://img.en25.com/i/elqCfg.min.js https://io.clickguard.com/s/cHJvdGVjdG9y/824tES5G https://players.brightcove.net/ https://s2448.t.eloqua.com/ https://sc.lfeeder.com/lftracker_v1_ywVkO4XRx1W8Z6Bj.js https://stats.wp.com/ https://trc.taboola.com/ https://vjs.zencdn.net/ https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/ https://www.gstatic.com/ https://*.hotjar.com https://app.leadberry.com/ https://cdn.matomo.cloud/ https://ws.zoominfo.com/ https://snap.licdn.com/ https://j.6sc.co/; style-src 'report-sample' 'self' 'unsafe-inline' https://www.gstatic.com/ https://*.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://smetrics1.experian.com/ https://www.google.co.uk/pagead/ http://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://dpm.demdex.net https://edge.api.brightcove.com https://google.com https://manifest.prod.boltdns.net https://psb.taboola.com https://pulse.clickguard.com https://region1.google-analytics.com https://trc-events.taboola.com https://www.experian.com https://www.google-analytics.com https://www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://translate.googleapis.com/ https://translate-pa.googleapis.com/; font-src 'self' data: https://*.hotjar.com; frame-src 'self' https://players.brightcove.net/ https://ecs.demdex.net https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com/; frame-ancestors 'self' https://ecs.demdex.net https://td.doubleclick.net https://www.google.com; img-src 'self' data: https://googleads.g.doubleclick.net/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://dpm.demdex.net/ https://secure.adnxs.com/ https://cf-images.us-east-1.prod.boltdns.net https://cm.everesttech.net https://metrics.brightcove.com https://pixel.wp.com https://s.ml-attr.com https://s2448.t.eloqua.com https://smetrics1.experian.com https://tr-rc.lfeeder.com https://www.facebook.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://attr.ml-api.io/ https://www.gstatic.com/ https://translate-pa.googleapis.com/ https://translate.google.com https://translate.googleapis.com/ https://fonts.gstatic.com/ https://experian.go-vip.net/; manifest-src 'self'; media-src 'self'; worker-src blob:; 2 child-src 'self' https://*.hotjar.com https://www.rightworks.com; connect-src 'self' 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 https://*.6sc.co https://*.cvent.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.ba https://*.google.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.mktoresp.com https://*.mutinycdn.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mypurecloud.com https://*.outbrain.com https://*.parsely.com https://*.qualified.com https://*.reddit.com https://*.redditstatic.com https://*.sitesearch360.com https://*.storylane.io https://*.typeform.com https://*.wistia.com https://*.youtube.com https://a.usbrowserspeed.com https://apps.mypurecloud.com https://cdn.linkedin.oribi.io https://ct.capterra.com https://designer-api.hu-manity.co https://grsm.io https://ipv6.6sc.co https://js.callrail.com https://maps.googleapis.com https://o132438.ingest.sentry.io https://partnerlinks.io https://scout.salesloft.com https://secure.adnxs.com https://tagmanager.google.com https://transactional-api.hu-manity.co https://www.googletagmanager.com https://www.rightworks.com wss://*.hotjar.com wss://*.qualified.com wss://ws.hotjar.com; default-src 'self' https://rightworks.com https://www.rightworks.com; font-src 'self' data: https://*.gstatic.com https://*.sfdcstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com https://webpack.mutinyhq.com/app/assets/0cba14176273c0b62665.woff https://www.rightworks.com; frame-ancestors 'self' https://*.smartvault.com https://app.mutinyhq.com https://www.rightworks.com; frame-src 'self' https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.marketo.com https://*.rightworks.com https://*.sitescout.com https://*.smartvault.com https://*.storylane.io https://*.typeform.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://app.mutinyhq.com https://app.qualified.com https://apps.mypurecloud.com https://calendly.com https://ct.capterra.com https://d1l7z5ofrj6ab8.cloudfront.net https://js.driftt.com https://mypurecloud.com https://open.spotify.com https://s-static.ak.facebook.com https://service.force.com https://tagmanager.google.com https://widget.drift.com https://widgets.wp.com https://www.g2.com https://www.rightworks.com; img-src 'self' data: https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.ba https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.images.cvent.com https://*.instagram.com https://*.linkedin.com https://*.mutinycdn.com https://*.outbrain.com https://*.parsely.com https://*.sitesearch360.com https://*.vimeocdn.com https://*.wistia.com https://*.yahoo.com https://*.youtube.com https://alb.reddit.com https://analytics.twitter.com https://attr.ml-api.io https://b.6sc.co https://bat.bing.com https://c.clarity.ms https://ct.capterra.com https://googleads.g.doubleclick.net https://images.production.cdn.mutinyhq.io https://img.youtube.com https://info.rightworks.com https://maps.googleapis.com https://pixel.wp.com https://s.ml-attr.com https://s.w.org https://secure.adnxs.com https://storage.pardot.com https://storylane-prod-uploads.s3.us-east-2.amazonaws.com https://t.co https://tr.outbrain.com https://www.googletagmanager.com https://www.rightworks.com; media-src 'self' blob: data: file: https://*.wistia.com/ https://js.driftt.com https://www.rightworks.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adroll.com https://*.ads-twitter.com https://*.calendly.com https://*.doubleclick.net https://*.drift.com https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.mountain.com https://*.mutinycdn.com https://*.outbrain.com https://*.pardot.com https://*.parsely.com https://*.partnerstack.com https://*.qualified.com https://*.redditstatic.com https://*.rightworks.com https://*.salesforceliveagent.com https://*.storylane.io https://*.transactionpro.com https://*.twitter.com https://*.typeform.com https://*.vimeo.com https://*.wistia.com https://*.wp.com https://a.usbrowserspeed.com https://amplify.outbrain.com/cp/obtp.js https://apps.mypurecloud.com https://apps.mypurecloud.com/genesys-bootstrap/genesys.min.js https://bat.bing.com https://cdn.callrail.com https://cdn.hu-manity.co https://cdn.sitesearch360.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://ct.capterra.com https://d1l7z5ofrj6ab8.cloudfront.net https://extend.vimeocdn.com https://j.6sc.co https://js.callrail.com https://js.driftt.com https://lex.33across.com https://mypurecloud.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://service.force.com https://snap.licdn.com https://snippet.growsumo.com https://tagmanager.google.com https://tr.outbrain.com https://transactionpro.us20.list-manage.com https://widget.drift.com https://wistia.com https://www.clarity.ms https://www.googleadservices.com https://www.googletagmanager.com https://www.rightworks.com https://www.youtube.com wss://*.qualified.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gravatar.com https://*.marketo.com https://*.typeform.com https://*.wp.com https://cdnjs.cloudflare.com https://code.jquery.com https://service.force.com https://tagmanager.google.com https://webpack.mutinyhq.com/app/assets/0cba14176273c0b62665.woff https://www.rightworks.com; worker-src 'self' blob: data: file: filesystem: https://www.rightworks.com unsafe-eval unsafe-inline 2 default-src https: 'unsafe-inline' 2 default-src 'self';form-action 'self'; object-src 'self'; frame-ancestors 'self'; connect-src 'self' ely-keskus.fi *.youtube.com *.tyomarkkinatori.fi *.ahtp.fi keha-matomo-sdg-qa-qa.azurewebsites.net *.cookiebot.com wss://*.tyomarkkinatori.fi *.elisa.fi wss://*.elisa.fi tetyomarkkinatori.boost.ai lukija.aimater.com fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' *.elisa.fi fonts.googleapis.com *.youtube.com gstatic.com blob:; img-src * data: blob:; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' *.tyomarkkinatori.fi *.ahtp.fi *.elisa.fi lukija.aimater.com tetyomarkkinatori.boost.ai *.cookiebot.com keha-matomo-sdg-qa-qa.azurewebsites.net youtube.com blob:; frame-src 'self' data: feed.mikle.com *.elisadesk.com *.cookiebot.com *.youtube.com; media-src 'self' data: blob:; font-src 'self' data: fonts.gstatic.com; 2 upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.us *.santanderbank.com; script-src 'self' *.gstatic.com *.openbank.com *.openbank.us *.santanderbank.com https://www.google.com 'nonce-gatsby-script-loader' 'nonce-gatsby-chunk-mapping' 'nonce-tealium' tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.ytimg.com *.googletagmanager.com blob: 'nonce-atjs' *.omtrdc.net 'nonce-gatsby-compilation-hash' *.we-stats.com *.facebook.net *.impactradius-event.com *.amazon-adsystem.com/ https://advertising-api.amazon.com *.redditstatic.com/ads/ https://bat.bing.com/bat.js https://www.clarity.ms/ https://flex.msn.com/mstag/tag/ https://analytics.tiktok.com/ https://business.tiktok.com/ https://s.yimg.com/wi/ytc.js https://ups.analytics.yahoo.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://pixel-prod.sprinklr.com/ https://bat.bing.com/p/action/211050051.js https://*.g.doubleclick.net/ api.securedvisit.com content.securedvisit.com track.sv.rkdms.com https://resources.digital-cloud-west.medallia.com https://resources.digital-cloud.medallia.com https://www.googleadservices.com/; connect-src 'self' *.openbank.com *.openbank.us *.santanderbank.com *.google-analytics.com *.we-stats.com *.biocatch.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net https://dpm.demdex.net https://sbna.tt.omtrdc.net https://o.clarity.ms/collect https://*.clarity.ms/collect https://*.omtrdc.net https://assets.adobetarget.com/sbna/ https://s.amazon-adsystem.com/ https://ara.paa-reporting-advertising.amazon/ santander.sv.rkdms.com track.securedvisit.com https://resources.digital-cloud-west.medallia.com https://resources.digital-cloud.medallia.com https://analytics-fe.digital-cloud.medallia.com https://google.com/; style-src 'unsafe-inline' 'self' *.openbank.com *.openbank.us *.santanderbank.com *.omtrdc.net content.securedvisit.com; img-src 'self' *.openbank.com *.openbank.us *.santanderbank.com data: *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.googlesyndication.com cm.everesttech.net https://dpm.demdex.net https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ *.r.msn.com https://assets.pinterest.com/images/PinExt.png https://datacloud.tealiumiq.com/vdata/i.gif https://sp.analytics.yahoo.com/ https://b91.yahoo.co.jp/ https://bat.bing.com/action/ https://c.clarity.ms/c.gif https://c.bing.com/c.gif https://*.bing.com/c.gif images.securedvisit.com track.sv.rkdms.com santander.sv.rkdms.com track.securedvisit.com https://www.google.com/; media-src 'self' *.openbank.com *.openbank.us *.santanderbank.com *.youtube.com; frame-src 'self' *.openbank.com *.openbank.us *.santanderbank.com *.gstatic.com *.youtube.com https://www.google.com *.doubleclick.net blob: sbna.demdex.net https://*.demdex.net https://flex.msn.com/ https://s.amazon-adsystem.com/ https://www.googletagmanager.com/ api.securedvisit.com https://resources.digital-cloud-west.medallia.com https://resources.digital-cloud.medallia.com; child-src 'self' *.openbank.com *.openbank.us *.santanderbank.com *.gstatic.com *.youtube.com https://www.google.com *.doubleclick.net blob: sbna.demdex.net ;frame-ancestors 'self' *.adobedtm.com *.adobe.com; 2 default-src 'self' https://*.lifepointspanel.com https://*.clarity.ms; connect-src 'self' https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://bat.bing.com https://*.doubleclick.net https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.at https://www.google.be https://www.google.com.br https://www.google.ca https://www.google.cl https://www.google.cn https://www.google.com.co https://www.google.cz https://www.google.de https://www.google.dk https://www.google.com.eg https://www.google.es https://www.google.fi https://www.google.fr https://www.google.com.gh https://www.google.gr https://www.google.com.hk https://www.google.hu https://www.google.co.id https://www.google.co.in https://www.google.ie https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.com.mx https://www.google.co.ma https://www.google.com.ng https://www.google.nl https://www.google.no https://www.google.co.nz https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.com.sa https://www.google.com.sg https://www.google.sn https://www.google.sk https://www.google.co.za https://www.google.se https://www.google.ch https://www.google.co.th https://www.google.com.tr https://www.google.co.tz https://www.google.co.ug https://www.google.com.ua https://www.google.ae https://www.google.co.uk https://www.google.com.vn https://www.google-analytics.com https://www.googleadservices.com https://capig.lifepointspanel.com *.nr-data.net; font-src 'self' data: https://www.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://content.lifepointspanel.com; frame-src 'self' https://*.trustpilot.com https://consent.kantar.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10766450.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com; img-src 'self' data: https://*.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google.com.ar https://www.google.com.au https://www.google.at https://www.google.be https://www.google.com.br https://www.google.ca https://www.google.cl https://www.google.cn https://www.google.com.co https://www.google.cz https://www.google.de https://www.google.dk https://www.google.com.eg https://www.google.es https://www.google.fi https://www.google.fr https://www.google.com.gh https://www.google.gr https://www.google.com.hk https://www.google.hu https://www.google.co.id https://www.google.co.in https://www.google.ie https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.com.mx https://www.google.co.ma https://www.google.com.ng https://www.google.nl https://www.google.no https://www.google.co.nz https://www.google.com.ph https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.com.sa https://www.google.com.sg https://www.google.sn https://www.google.sk https://www.google.co.za https://www.google.se https://www.google.ch https://www.google.co.th https://www.google.com.tr https://www.google.co.tz https://www.google.co.ug https://www.google.com.ua https://www.google.ae https://www.google.co.uk https://www.google.com.vn https://www.google.cat https://adservice.google.com https://www.googleadservices.com https://10766450.fls.doubleclick.net https://ad.doubleclick.net https://*.clarity.ms https://*.bing.com https://www.facebook.com https://s1.adform.net https://sb.scorecardresearch.com https://sb.voicefive.com https://secure.insightexpressai.com https://a.e-webtrack.net https://img.macromill.com https://www.insightexpressai.com https://www.rlcdn.com https://flextrack.msi-aci.com https://ads.e-webtrack.net https://*.nudatasecurity.com; object-src 'none'; script-src 'self' 'unsafe-inline' blob: https://*.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://js-agent.newrelic.com https://redditstatic.com https://*.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://tag.simpli.fi https://a.e-webtrack.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://www.lifepointspanel.com https://content.lifepointspanel.com https://panel-lifepointsportals.drupal.production.platone.red https://cdn.jsdelivr.net; frame-ancestors 'self' 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.de cdn.cookielaw.org www.google.it adservice.google.com *.onetrust.com *.imperva.com www.google.com.et www.google.co.il www.google.com.sa munchkin.marketo.net cdn.bizible.com www.google.pl *.doubleclick.net www.google.com.co www.google.com.np edge.fullstory.com www.google.com.ph www.google.fr www.google-analytics.com www.google.co.th www.google.com.br www.google.es *.mktoresp.com www.brighttalk.com region1.analytics.google.com translate.google.com www.google.com.ua www.google.nl www.google.com.eg *.optimizely.com www.google.com.hk www.youtube.com jscloud.net *.adroll.com www.google.com.pk *.googleapis.com www.google.com.ng rs.fullstory.com *.vimeo.com www.google.com.au www.google.ie www.google.com.gh www.google.co.kr www.google.com.vn www.google.com www.google.se www.google.com.my *.mktoutil.com imperva.piwik.pro www.google.co.in www.googletagmanager.com *.gstatic.com www.google.com.tw imperva.containers.piwik.pro js.driftt.com bam.nr-data.net privacy-policy.truste.com www.google.co.uk www.google.co.il analytics.google.com gc.kis.v2.scr.kaspersky-labs.com www.google.ca cdn.bizibly.com js-agent.newrelic.com *.gravatar.com code.highcharts.com go.imperva.com imperva.substack.com *.vimeocdn.com *.demandbase.com *.company-target.com id.rlcdn.com yoast.com *.hcaptcha.com demostack.app snap.licdn.com *.linkedin.com *.6sense.com *.navattic.com netdna.bootstrapcdn.com *.6sc.co static.oktopost.com *.soundcloud.com *.thalesgroup.com *.bttrack.com bttrack.com ; form-action 'self' *.salesforce.com ; frame-ancestors 'self' http://thalesgroup.lookbookhq.com https://thalesgroup.lookbookhq.com http://thalesgroup.pathfactory.com https://thalesgroup.pathfactory.com http://hub-cpl.thalesgroup.com https://hub-cpl.thalesgroup.com demostack.app ; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.exactag.com https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.cz https://*.heureka.group https://*.heureka.sk https://*.lidl-shop.sk https://*.lidl.sk https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://app.creaition.cz https://awin1.com https://cloud.mail.lidl.sk https://cloud.news.lidl.sk https://creaition.b-cdn.net https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://fonts.gstatic.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://p.biano.sk https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.heureka.sk https://*.lidl-shop.sk https://*.lidl.sk https://*.online-metrix.net https://*.tradedoubler.com https://*.vrxs.de https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://cloud.news.lidl.sk https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.assets.lidl https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.exactag.com https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.sk https://*.lidl-shop.cz https://*.lidl-shop.sk https://*.lidl.sk https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.smartclip.net https://*.stickyadstv.com https://*.taboola.com https://*.tradedoubler.com https://*.twiago.com https://*.xplosion.de https://*.yahoo.com https://*.yieldlab.net https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://analytics.google.com https://app.creaition.cz https://awin1.com https://cloud.news.lidl.sk https://content.odj.cloud https://contextual.media.net https://creaition.b-cdn.net https://criteo-sync.teads.tv https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://i.liadm.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://lidl.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://match.sharethrough.com https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://play-lh.googleusercontent.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://sync.outbrain.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://translate.google.com https://twiago.com https://visitor.omnitagjs.com https://www.dwin1.com https://www.edge-cdn.net https://www.glami.sk https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval' https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.glami.cz https://*.heureka.sk https://*.lidl-shop.sk https://*.online-metrix.net https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://awin1.com https://cloud.news.lidl.sk https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.exactag.com https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.cz https://*.heureka.group https://*.heureka.sk https://*.lidl-shop.sk https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://app.creaition.cz https://awin1.com https://cloud.mail.lidl.sk https://cloud.news.lidl.sk https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://p.biano.sk https://partners.webmasterplan.com https://pixel.biano.sk https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline' https://*.criteo.net https://*.doubleclick.net https://*.exactag.com https://*.fitanalytics.com https://*.glami.cz https://*.googleapis.com https://*.heureka.sk https://*.lidl-shop.sk https://*.online-metrix.net https://*.parcellab.com https://*.tradedoubler.com https://*.xplosion.de https://*.yahoo.com https://3218-4706-m.edge-cdn.net https://act.webmasterplan.com https://addthis.com https://advertising.com https://app.creaition.cz https://awin1.com https://cloud.news.lidl.sk https://demdex.net https://doubleclick.net https://dsp-user-sync.emetriq.de https://dwin1.com https://etracker.de https://facebook.com https://forms.office.com https://glami.cz https://hlserve.com https://im9.cz https://imedia.cz https://lidl-shop.com https://lidl-shop.sk https://ligadx.com https://ligatus.com https://login.dognet.sk https://m6r.eu https://media.net https://nxtck.com https://omnitagjs.com https://openx.net https://outbrain.com https://partners.webmasterplan.com https://pubmatic.com https://quantserve.com https://rlcdn.com https://s.ytimg.com https://seznam.cz https://sharethrough.com https://sspqns.com https://st.smartassistant.com https://stickyadstv.com https://t.semtrack.de https://taboola.com https://tracker.marinsm.com https://tracking.m6r.eu https://tradetracker.net https://twiago.com https://www.dwin1.com https://www.edge-cdn.net https://www.google-analytics.com https://www.jsctool.com https://www.lead-alliance.net https://yahoo.com https://yieldlab.net; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https: 2 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; font-src 'self' https: data:; connect-src *; object-src 'none'; frame-ancestors *; upgrade-insecure-requests 2 frame-ancestors 'self' *.microsoft.com *.sharepoint.com *.tarimorman.gov.tr *.com.tr *.gov.tr *.com 2 frame-ancestors 'self' https://join-stories.com https://*.join-stories.com 2 default-src 'self' https://trillian.cachefly.net https://static.olark.com https://forms.hubspot.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 2 default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.mathjax.org https://kit.fontawesome.com https://ka-f.fontawesome.com https://p.typekit.net https://www.googletagmanager.com https://www.google-analytics.com https://cse.google.com https://www.google.com https://www.gstatic.com https://script.crazyegg.com https://players.brightcove.net https://soundcloud.com https://*.soundcloud.com https://sndcdn.com https://*.sndcdn.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cse.google.com https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://a-v2.sndcdn.com https://sndcdn.com https://*.sndcdn.com https://ka-f.fontawesome.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.crazyegg.com https://www.google.com https://cse.google.com https://www.gstatic.com https://*.gstatic.com https://bcove.video https://*.brightcove.com https://*.brightcove.net https://manifest.prod.boltdns.net https://*.boltdns.net https://*.brightcovecdn.com https://soundcloud.com https://*.soundcloud.com https://sndcdn.com https://*.sndcdn.com https://i1.sndcdn.com https://a-v2.sndcdn.com; font-src 'self' data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ka-f.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com https://soundcloud.com https://*.soundcloud.com https://sndcdn.com https://*.sndcdn.com https://a-v2.sndcdn.com; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://*.crazyegg.com https://edge.api.brightcove.com https://metrics.brightcove.com https://*.brightcove.com https://*.brightcove.net https://manifest.prod.boltdns.net https://*.boltdns.net https://*.brightcovecdn.com https://kit.fontawesome.com https://ka-f.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://soundcloud.com https://*.soundcloud.com https://sndcdn.com https://*.sndcdn.com; media-src 'self' blob: https://bcove.video https://bcovlive-a.akamaihd.net https://*.brightcove.com https://*.brightcove.net https://manifest.prod.boltdns.net https://*.boltdns.net https://*.brightcovecdn.com https://soundcloud.com https://*.soundcloud.com https://sndcdn.com https://*.sndcdn.com https://cf-media.sndcdn.com https://media.soundcloud.com https://*.sndcdn.com; frame-src 'self' https://www.googletagmanager.com https://players.brightcove.net https://cse.google.com https://www.google.com https://soundcloud.com https://w.soundcloud.com https://sndcdn.com https://*.sndcdn.com; worker-src 'self' blob:; 2 frame-ancestors 'self' https://app.contentful.com http://15.156.122.252 https://timescale.ghost.io https://assets.tigerdata.com https://assets.timescale.com https://timescale.com https://www.timescale.com; 2 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https: *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com core.spreedly.com https://secure.paygate.co.za/payweb3/process.trans *.cardinalcommerce.com *.salesforceliveagent.com https://secure-test.worldpay.com/shopper/3ds/ddc.html https://seo.mageplaza.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.vuse.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com core.spreedly.com *.vimeo.com *.doubleclick.net https://static.addtoany.com https://map.pargo.co.za *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.contentsquare.net *.vuse.com https://pay.google.com https://secure-test.worldpay.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.openpay.mx *.openpay.co https://*.moneris.com/ *.opencontrol.mx *.kaptcha.com *.openpay.pe *.salesforce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https: data: *.cloudflare.com *.gstatic.com magefan.com cm.magefan.com *.postimg.cc *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal core.spreedly.com *.subscribepro.com *.cookielaw.org *.pcapredict.com *.salesforce.com *.postcodeanywhere.co.uk *.doubleclick.net *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.reviews.co.uk https://static.addtoany.com https://unpkg.com https://staticw2.yotpo.com http://staticw2.yotpo.com https://widgetsrepository.yotpo.com https://cdn-widgetsrepository.yotpo.com https://js-agent.newrelic.com *.newrelic.com *.salesforceliveagent.com https://t.contentsquare.net https://sec.webeyez.com https://static.vic-m.co https://js.adsrvr.org *.adform.net https://widgetcdn.zoomengage.com https://c.lytics.io https://connect.facebook.net *.facebook.com https://widgetapi.zoomengage.com *.zoomengage.com *.vuse.com https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.googleoptimize.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com s7.addthis.com *.avada.io *.mapbox.com https://*.moneris.com/ *.googleapis.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.force.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.reviews.io *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.subscribepro.com *.fontawesome.com *.postcodeanywhere.co.uk *.prod.marketing.bat.net *.non-prod.marketing.bat.net https://accounts.google.com/gsi/style http://staticw2.yotpo.com/assets/open_sans.css https://staticw2.yotpo.com/assets/open_sans.css http://staticw2.yotpo.com/ https://staticw2.yotpo.com/ *.contentsquare.net *.vuse.com *.cloudflare.com *.mapbox.com https://*.moneris.com/ *.salesforce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.prod.marketing.bat.net *.non-prod.marketing.bat.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.subscribepro.com core.spreedly.com *.cookielaw.org *.google.com *.doubleclick.net *.onetrust.com *.prod.marketing.bat.net *.non-prod.marketing.bat.net *.secure.paygate.co.za services.postcodeanywhere.co.uk https://maps.googleapis.com/ https://staticw2.yotpo.com http://staticw2.yotpo.com https://widgetsrepository.yotpo.com https://cdn-widgetsrepository.yotpo.com https://w2.yotpo.com/ https://ssapi.vuse.com/ *.newrelic.com *.salesforce.com *.salesforceliveagent.com *.contentsquare.net https://q-eu1.az.contentsquare.net https://k-eu1.az.contentsquare.net https://sec.webeyez.com https://static.vic-m.co https://js.adsrvr.org https://s2.adform.net https://widgetcdn.zoomengage.com https://c.lytics.io https://connect.facebook.net *.facebook.com *.vuse.com ekr.zdassets.com/ *.openpay.mx *.openpay.co https://get.geojs.io *.avada.io *.openpay.pe webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudfront.net *.reviews.io *.reviews.co.uk t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors *.yandex.ru 2 default-src blob: https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';img-src 'self' data: https:;font-src 'self' data: https:;worker-src blob: https:;frame-ancestors 'self' 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 2 default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.vantor.com https://*.sanity.io https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.ytimg.com https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://*.wistia.com https://*.vantor.com https://*.sanity.io https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.ytimg.com https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://www.google.com; script-src-attr 'unsafe-inline'; worker-src 'self' blob:; frame-src 'self' https://*.wistia.net https://*.sanity.io https://*.wistia.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.youtube-nocookie.com https://*.company-target.com https://*.linkedin.com https://www.google.com; frame-ancestors 'self' https://*.sanity.io https://vantor-cms.netlify.app; connect-src 'self' https://*.netlify.app https://*.sanity.io https://*.sanity-cdn.com https://sanity-cdn.com https://*.vantor.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.wistia.com https://fast.wistia.com https://ava0h2e5.apicdn.sanity.io https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://px.ads.linkedin.com https://www.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; img-src 'self' https://*.sanity.io https://*.netlify.app https://cdn.sanity.io https://*.s3.amazonaws.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.linkedin.com https://*.licdn.com https://www.google.com data: https:; media-src 'self' https://*.sanity.io https://*.netlify.app https://cdn.sanity.io https:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https:; 2 frame-ancestors 'self' *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg http://uob.eltropy.com https://uob.eltropy.com http://findahomeloan.co https://www.edgeprop.sg https://sleek.sg 2 default-src 'self'; font-src *;img-src * data:; script-src *; style-src *; 2 frame-ancestors 'self' https://top.gg 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob:; worker-src blob: https:; connect-src wss: https: 2 frame-ancestors 'self' *.serviceminder.com ; 2 frame-ancestors 'self' https://www.gesis.org https://lms.uni-kiel.de; 2 frame-ancestors 'self' https://www.winspark.ai 2 frame-ancestors 'self' https://*.cashconverters.es https://www.pccomponentes.com https://production-eu01-cashconverters.demandware.net https://*.cashconverters.pt; 2 object-src 'none'; frame-ancestors 'self' script-src 'self' 'nonce-6c2fcd1cd7939c2c844c965cae94af511398bc54fd629b3982c0dd86983e934e' *.hdbfs.com *.hdbfs.com/branch/ *.google-analytics.com *.google.com *.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.googletagmanager.com *.hdbfs.com hdbfs.com *.fontawesome.com *.gstatic.com cdn.datatables.net cdnjs.cloudflare.com; img-src 'self' data: *.hdbfs.com *.google.co.in *.google.com *.googletagmanager.com *.maggiesadler.com *.google-analytics.com *.gstatic.com *.googleapis.com *.hdbfs.com *.fontawesome.com css.page-source.com; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://*/vnd.ms-fontobject https://*/octet-stream https://*/font-woff https://*/x-font-ttf https://*/svg+xml https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://livesystemssrl.germany-2.evergage.com/ 'self' data: https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com *.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com intent://arvr.google.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.cloudflare.com www.mondoconv.it my.adabra.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com testeps.netswgroup.it eps.netswgroup.it *.facebook.com finanziamenti.agosweb.it secure.findomestic.it test-securepay.eupayglobe.com securepay.eupayglobe.com *.cetelem.es 'self' 'unsafe-inline'; frame-ancestors 'self' www.mondoconv.it *.force.com 'self'; frame-src bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.braintreegateway.com *.paypal.com google.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://mondoconvenienza--partial.sandbox.my.site.com https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://td.doubleclick.net/ https://ct.pinterest.com *.youtube-nocookie.com https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com intent://arvr.google.com https://load.sgtm.mondoconv.es https://sgtm.mondoconv.es https://main.d2l4jnxpos1qsv.amplifyapp.com https://staging.d2l4jnxpos1qsv.amplifyapp.com *.iubenda.com *.livechatinc.com *.online-metrix.net *.tracead.com tracead.com *.signifyd.com img.signifyd.com *.addthis.com *.jrs5.com pubxtag1.com amc.demdex.net *.facebook.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.hotjar.com *.adabra.com *.intervieweb.it finanziamenti.agosweb.it *.force.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://*.online-metrix.net https://*.mondoconv.it https://*.cookielaw.org https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://livesystemssrl.germany-2.evergage.com/ https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://td.doubleclick.net https://*.valueservice.cloud https://n.clarity.ms *.clarity.ms https://image.mondoconvenienza.eu *.mondoconvenienza.eu https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com https://www.google.es https://www.google.fr https://mondoconv.it https://*.google-analytics.com https://*.doubleclick.net media.mondoconv.it media.mondoconv.es *.mondoconv.es *.payments-amazon.com *.linksynergy.com *.nxtck.com *.mediaforge.com *.jrs5.com *.dc-storm.com *.rd.linksynergy.com *.ra.linksynergy.com *.facebook.com *.google.it *.google.com *.signifyd.com *.e.aa.online-metrix.net *.googleapis.com amcglobal.sc.omtrdc.net cm.everesttech.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.demdex.net *.bing.com *.igodigital.com 510001710.collect.igodigital.com *.googletagmanager.com *.adabra.com track.adabra.com *.flix360.com *.pinterest.com *.swogo.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://*.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://*.vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://*.cloudflareinsights.com *.googletagmanager.com *.facebook.net *.hotjar.com https://*.clearsale.com.br https://*.online-metrix.net https://api.psma.com.au https://*.ewaypayments.com https://*.clearpay.co.uk https://*.afterpay.com https://*.adobedtm.com https://*.adobe.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net js-agent.newrelic.com *.eu01.nr-data.net https://*.cardinalcommerce.com https://*.ccdc02.com https://*.paypal.com https://*.paypalobjects.com https://*.ytimg.com *.googleapis.com https://*.vimeocdn.com *.gstatic.com https://*.typekit.net https://*.omtrdc.net https://*.magento-ds.com *.chimpstatic.com https://*.mailchimp.com https://*.list-manage.com https://*.braintreegateway.com https://*.googleoptimize.com https://*.polyfill.io *.iubenda.com mondoconv.it mondoconv.es https://*.evgnet.com https://*.site.com https://*.noibu.com https://*.googlesyndication.com https://*.cookielaw.org https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://cdn.evgnet.com https://livesystemssrl.germany-2.evergage.com/ https://dynamic.criteo.com https://ct.pinterest.com https://is-cdn.dynatrace.com *.dynatrace.com *.clarity.ms widget.pinterest.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com *.flixfacts.com https://*.flix360.io https://*.flix360.com *.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com https://www.google.es chimpstatic.com *.cloudflare.com *.doofinder.com *.signifyd.com *.livechatinc.com *.rmtag.com *.tracead.com tracead.com *.addthis.com *.amazon.com *.amazonaws.com *.jsdelivr.net *.moatads.com *.addthisedge.com *.genteroma.com smct.co *.smct.co smct.io *.smct.io *.adabra.com widget-mediator.zopim.com *.bing.com *.igodigital.com 510001710.collect.igodigital.com *.swogo.net *.intervieweb.it pushpad.xyz *.mondoconv.it *.mondoconv.es *.force.com *.pinimg.com https://www.clarity.ms https://*.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://*.site.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com *.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com https://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.adabra.com *.force.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.mondoconv.it 'self' 'unsafe-inline'; manifest-src https://media.mondoconv.es 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.cloudflareinsights.com https://cloudflareinsights.com https://api.psma.com.au https://*.salesforce-scrt.com https://*.mondoconv.it https://*.googlesyndication.com https://*.cookielaw.org https://*.onetrust.com https://maps.googleapis.com https://mondoconvenienza--partial.sandbox.my.site.com https://cdn.evgnet.com https://livesystemssrl.germany-2.evergage.com/ https://mondoconvenienza.my.site.com https://sgtm.mondoconv.it https://cdn.noibu.com https://bat.bing.net https://n.clarity.ms *.clarity.ms *.dynatrace.com https://*.valueservice.cloud https://media-staging247.mondoconv.it https://media.mondoconv.it https://js.stripe.com https://media.flixcar.com https://media.flixfacts.com https://*.flix360.io https://*.flix360.com https://media.flixsyndication.net https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://ssl.p.jwpcdn.com https://www.google.es https://www.google.it https://sgtm.mondoconv.es https://*.googleapis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.iubenda.com *.doofinder.com *.g.doubleclick.net *.doubleclick.net *.signifyd.com *.signifyd.com:11103 *.signifyd.com:11103/onload https://bt.signifyd.com:11103 https://bt.signifyd.com:11103/onload bt.signifyd.com *.facebook.com *.google-analytics.com *.livechatinc.com *.addthis.com dpm.demdex.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com widget-mediator.zopim.com wss://widget-mediator.zopim.com bat.bing.com *.hotjar.com *.adabra.com pushpad.xyz *.igodigital.com http://510001710.collect.igodigital.com *.eu01.nr-data.net *.pinterest.com *.swogo.net ws: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; frame-ancestors 'self' *.contentful.com; 2 default-src https: data: blob: wss:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors https://app.contentful.com; 2 connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.doubleclick.net https://insight.adsrvr.org www.googleadservices.com px.ads.linkedin.com *.facebook.com/ *.6sc.co capig.stape.do wss://*.hotjar.com *.hotjar.io https://*.qualtrics.com https://api.sitelytics.tech https://ce.lijit.com;frame-ancestors 'self' ww.google.com;object-src 'none' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google.com www.googletagmanager.com cdn.jsdelivr.net https://js.adsrvr.org www.buzzsprout.com www.youtube.com connect.facebook.net static.ads-twitter.com snap.licdn.com *.6sc.co *.hotjar.com https://*.qualtrics.com https://cdn.delivr.ai;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com https://www.international.com; 2 base-uri 'self'; connect-src 'self' data: https://insight.adsrvr.org/ https://www.googleadservices.com/ https://ohpo.maps.arcgis.com/ https://js.arcgis.com/ https://www.google.com https://google.com https://fresnel.vimeocdn.com https://www.google-analytics.com https://maps.googleapis.com https://us01.records.in.treasuredata.com; default-src 'self'; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net; frame-src 'self' data: https://arcg.is/ https://experience.arcgis.com/ https://2026naamccartofsoul.artcall.org/ https://www.googletagmanager.com/ https://ohpo.maps.arcgis.com/ https://maps.google.com https://www.google.com https://td.doubleclick.net https://e.issuu.com https://insight.adsrvr.org https://match.adsrvr.org https://player.vimeo.com https://www.youtube.com; img-src 'self' data: https://graph.facebook.com https://*.fbcdn.net https://i.vimeocdn.com https://maps.google.com https://maps.gstatic.com https://dpm.demdex.net https://secure.adnxs.com https://match.adsrvr.org https://maps.googleapis.com https://www.googletagmanager.com https://winstar-110-adswizz.attribution.adswizz.com/fire https://di.rlcdn.com https://googleads.g.doubleclick.net https://insight.adsrvr.org https://pixel.tapad.com https://www.facebook.com https://www.google.com https://secure.gravatar.com https://s3.amazonaws.com/gravityforms https://cdn.socialgoodsoftware.com; manifest-src 'self'; media-src 'self' https://www.youtube.com https://youtu.be; object-src 'none'; report-uri https://667c396fd528e3ceb6b0e079.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js.arcgis.com/ https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://www.youtube.com https://maps.google.com https://s7.addthis.com https://www.googletagmanager.com https://maps.googleapis.com https://tags-cdn.clarivoy.com https://connect.facebook.net https://js.adsrvr.org https://googleads.g.doubleclick.net https://in.treasuredata.com https://www.googleadservices.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://cdn.datatables.net/v/bs4/dt-1.10.18/r-2.2.2/datatables.min.js https://cdn.socialgoodsoftware.com https://www.gstatic.com https://www.google.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' https://js.arcgis.com/ https://cdn.datatables.net/ https://cdn-images.mailchimp.com https://fonts.googleapis.com https://p.typekit.net https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdn.socialgoodsoftware.com; worker-src blob:; 2 frame-ancestors 'self' https://webidprovera-p.yettel.rs https://idprovera-p.yettel.rs https://webidprovera-t.yettel.rs https://idprovera-t.yettel.rs 2 frame-ancestors 'self' https://open-educational-resources.de https://analyse.dipf.de/ http://analyse.dipf.de/; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.testkontur.ru localhost localhost:3000 localhost:5995 localhost:8080 kontur.ru *.kontur.ru http://*.kontur.ru wss://ntf.kontur.ru *.skbkontur.ru *.kontur-extern.ru *.diadoc.ru *.kontur.host kontur.tools *.atlasnw.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://metrika.yandex.ru https://yastatic.net http://pki.cib-service.ru http://pki.sertum-pro.ru http://pki.skbkontur.ru *.globalsign.com *.burgaz.ru *.gazprom-hr.transfer *.cryptopro.ru *.ozon.ru *.ozonru.me *.tinkoff.ru *.tbank.ru *.tcsbank.ru https://clientcd.kontur:3443 lh3.googleusercontent.com; img-src 'self' data: *.testkontur.ru localhost localhost:3000 localhost:5995 localhost:8080 kontur.ru *.kontur.ru http://*.kontur.ru wss://ntf.kontur.ru *.skbkontur.ru *.kontur-extern.ru *.diadoc.ru *.kontur.host kontur.tools *.atlasnw.ru https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://metrika.yandex.ru https://yastatic.net http://pki.cib-service.ru http://pki.sertum-pro.ru http://pki.skbkontur.ru *.globalsign.com *.burgaz.ru *.gazprom-hr.transfer *.cryptopro.ru *.ozon.ru *.ozonru.me *.tinkoff.ru *.tbank.ru *.tcsbank.ru; report-uri https://frontreport-relay.kontur.host/csp/ 2 base-uri 'self'; child-src 'self'; connect-src 'self' https://*.abtasty.com https://*.bookmebob.co.nz https://*.bookmebob.com https://*.clarity.ms https://*.crazyegg.com https://*.doubleclick.net https://*.googlesyndication.com https://*.infinity-tracking.com https://*.myma.ai https://*.onetrust.com https://*.optimizely.com https://*.smartagent.app https://*.uniqodo.com https://*.warnerhotels.co.uk https://bat.bing.com https://bat.bing.net https://cdn.cookielaw.org https://ct.pinterest.com https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com https://metacb.digitaldevs.co.uk https://pixel.quantcount.com https://pixel.quantserve.com https://prreqcroab.icu https://region1.analytics.google.com https://routes.soreto.com https://siteintercept.qualtrics.com https://vimeo.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.wepowerconnections.com https://zn3imymdnfofyzkdw-warnerhotels.siteintercept.qualtrics.com; default-src 'self'; font-src 'self' https://*.abtasty.com https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.gstatic.com; form-action 'self' https://warnerhotels.eu.qualtrics.com https://www.facebook.com; frame-src 'self' https://*.abtasty.com https://*.bookmebob.co.nz https://*.bookmebob.com https://*.crazyegg.com https://*.doubleclick.net https://*.myma.ai https://*.promotionx.io https://*.smartagent.app https://*.uniqodo.com https://*.uqd.io https://*.warnerhotels.co.uk https://ct.pinterest.com https://player.vimeo.com https://warnerhotels.eu.qualtrics.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com; img-src 'self' data: https://*.abtasty.com https://*.adalyser.com https://*.adnxs.com https://*.bing.com https://*.bookmebob.co.nz https://*.bookmebob.com https://*.clarity.ms https://*.crazyegg.com https://*.doubleclick.net https://*.googlesyndication.com https://*.micpn-eu.com https://*.myma.ai https://*.optimizely.com https://*.warnerhotels.co.uk https://bat.bing.com https://cdn.cookielaw.org https://connect.facebook.net https://ct.pinterest.com https://i.vimeocdn.com https://lantern.roeye.com https://pixel.quantserve.com https://prreqcroab.icu https://siteintercept.qualtrics.com https://www.facebook.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://www.warnerleisurehotels.co.uk; manifest-src 'self'; media-src 'self' https://*.warnerhotels.co.uk; object-src 'self'; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.abtasty.com https://*.adalyser.com https://*.bookmebob.co.nz https://*.bookmebob.com https://*.clarity.ms https://*.crazyegg.com https://*.doubleclick.net https://*.micpn-eu.com https://*.myma.ai https://*.optimizely.com https://*.smartagent.app https://*.uniqodo.com https://*.uqd.io https://*.warnerhotels.co.uk https://acdn.adnxs.com https://assets.soreto.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/ https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/dist/ https://cdn.jsdelivr.net/npm/feather-icons/dist/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/dist/ https://cdn.jsdelivr.net/npm/markdown-it@14.1.0/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com/jquery-3.2.1.slim.min.js https://connect.facebook.net https://ct.pinterest.com https://d1igp3oop3iho5.cloudfront.net https://ict.infinity-tracking.net https://js.monitor.azure.com https://lantern.roeyecdn.com https://rules.quantcount.com https://s.pinimg.com https://script.infinity-tracking.com https://secure.quantserve.com https://siteintercept.qualtrics.com https://web-sdk-eu.aptrinsic.com https://www.dwin1.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://www.upsellit.com https://zn3imymdnfofyzkdw-warnerhotels.siteintercept.qualtrics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.abtasty.com https://*.adalyser.com https://*.bookmebob.co.nz https://*.bookmebob.com https://*.clarity.ms https://*.crazyegg.com https://*.doubleclick.net https://*.micpn-eu.com https://*.myma.ai https://*.optimizely.com https://*.smartagent.app https://*.uniqodo.com https://*.uqd.io https://*.warnerhotels.co.uk https://acdn.adnxs.com https://assets.soreto.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/ https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/dist/ https://cdn.jsdelivr.net/npm/feather-icons/dist/ https://cdn.jsdelivr.net/npm/jquery@3.6.4/dist/ https://cdn.jsdelivr.net/npm/markdown-it@14.1.0/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/ https://code.jquery.com/jquery-3.2.1.slim.min.js https://connect.facebook.net https://ct.pinterest.com https://d1igp3oop3iho5.cloudfront.net https://ict.infinity-tracking.net https://js.monitor.azure.com https://lantern.roeyecdn.com https://rules.quantcount.com https://s.pinimg.com https://script.infinity-tracking.com https://secure.quantserve.com https://siteintercept.qualtrics.com https://web-sdk-eu.aptrinsic.com https://www.dwin1.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://www.upsellit.com https://zn3imymdnfofyzkdw-warnerhotels.siteintercept.qualtrics.com; style-src-elem 'self' 'unsafe-inline' https://*.abtasty.com https://*.bookmebob.co.nz https://*.bookmebob.com https://*.crazyegg.com https://*.smartagent.app https://*.warnerhotels.co.uk https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/ https://fonts.googleapis.com https://web-sdk-eu.aptrinsic.com; style-src 'self' 'unsafe-inline' https://*.abtasty.com https://*.bookmebob.co.nz https://*.bookmebob.com https://*.crazyegg.com https://*.smartagent.app https://*.warnerhotels.co.uk https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/ https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/ https://fonts.googleapis.com https://web-sdk-eu.aptrinsic.com; report-to stott-security-endpoint; 2 default-src 'self' https://querovero.com.br https://gr0qxh3qhkka.compat.objectstorage.sa-saopaulo-1.oraclecloud.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://bat.bing.com https://plugin.handtalk.me https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.youtube.com https://connect.facebook.net https://scripts.clarity.ms https://www.clarity.ms https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.com.br https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; img-src 'self' data: blob: https://images.querovero.com.br https://fonts.gstatic.com https://connect.facebook.net https://www.googleadservices.com https://bat.bing.com https://google.com https://www.google.com https://www.google.com.br https://plugin.handtalk.me https://*.handtalk.me https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://c.bing.com https://i.ytimg.com https://verosite-assets.tesla.com.br https://img.imageboss.me https://gr0qxh3qhkka.compat.objectstorage.sa-saopaulo-1.oraclecloud.com https://c.clarity.ms https://verosite.tesla.com.br https://tesla.verointernet.com.br https://ssl.gstatic.com https://www.gstatic.com https://googletagmanager.com https://*.googletagmanager.com https://facebook.com https://*.facebook.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net ; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net; frame-src 'self' https://www.googletagmanager.com https://plugin.handtalk.me https://www.facebook.com https://www.youtube.com https://velocidade.verointernet.com.br https://bid.g.doubleclick.net; connect-src 'self' https://www.googleadservices.com https://www.google.com https://www.google.com.br https://bat.bing.com https://cdn.jsdelivr.net https://translation-v3.handtalk.me https://plugin.handtalk.me https://maps.googleapis.com https://maps.gstatic.com https://viacep.com.br wss://localhost:* https://analytics.google.com https://analytics.google.com.br https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://facebook.com https://*.facebook.com https://clarity.ms https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net; 2 img-src hm.vostok.zone35.net *.b-ite.com *.hm.edu flockler.com fl-1.cdn.flockler.com media-api.flockler.com media.licdn.com cloud.ccm19.de *.cdninstagram.com *.xx.fbcdn.net 'self' data:; font-src *.assisto.beranet.de formulare.hm.edu formulare-test.hm.edu assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu data:; script-src *.assisto.beranet.de *.b-ite.com plugins.flockler.com matomo.hm.edu assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu cloud.ccm19.de 'unsafe-inline'; script-src-elem *.assisto.beranet.de *.b-ite.com plugins.flockler.com matomo.hm.edu formulare.hm.edu formulare-test.hm.edu assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu cloud.ccm19.de 'unsafe-inline' 'self'; script-src-attr 'unsafe-inline'; connect-src wss://hm.vostok.zone35.net cdn.jsdelivr.net hm.vostok.zone35.net *.beranet.de hm-edu-search-api.e-spirit.cloud *.b-ite.com stats-api.flockler.app api.flockler.app *.hm.edu cloud.ccm19.de matomo.hm.edu; style-src *.assisto.beranet.de *.b-ite.com assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu cloud.ccm19.de 'unsafe-inline'; style-src-elem *.assisto.beranet.de *.b-ite.com formulare.hm.edu formulare-test.hm.edu mediapool.hm.edu mediapool-prem.hm.edu assets.hm.edu cloud.ccm19.de 'unsafe-inline'; style-src-attr 'unsafe-inline'; default-src 'self' matomo.hm.edu search.hm.edu formulare.hm.edu formulare-test.hm.edu cloud.ccm19.de assets.hm.edu mediapool.hm.edu mediapool-prem.hm.edu 'unsafe-inline'; media-src 'self' dms.licdn.com media-api.flockler.com data:; frame-src 'self' cloud.ccm19.de mstream.hm.edu www.youtube.com www.youtube-nocookie.com media-api.flockler.com *.cloudflarestream.com; child-src 'self'; frame-ancestors 'none'; base-uri 'self'; worker-src 'none'; manifest-src 'none'; report-to https://sentry.hm.edu/api/9/security/?sentry_key=3d6f839d908181cf6622e6f584d2efe3; report-uri https://sentry.hm.edu/api/9/security/?sentry_key=3d6f839d908181cf6622e6f584d2efe3; 2 style-src 'self' 'unsafe-inline' https://cmcmarketsinvest.com https://service.force.com *.salesforce.com https://static.lightning.force.com *.my.salesforce-sites.com *.salesforceliveagent.com https://trading.sharetrade.com.au https://fonts.googleapis.com https://*.google-analytics.com; font-src 'self' data: https://cmcmarketsinvest.com fonts.gstatic.com *.sfdcstatic.com cmcmarketsstockbroking.com.au https://*.qantas.com https://fonts.gstatic.com; object-src 'self'; frame-ancestors 'self' https://www.cmcmarketsstockbroking.com.au https://signup.invest.cmcmarkets.com.au https://trading.anzshareinvesting.com.au https://cmcmarketsinvest.com https://www.cmcmarketsinvest.com; report-uri https://report-uri.cmcmarkets.com.au/csp 2 frame-ancestors 'self' teams.microsoft.com; script-src 'self' cdn.rudderlabs.com 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; frame-ancestors 'self'; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.odphp.health.gov odphp.health.gov health.gov https://cdn.jsdelivr.net https://d1il786i4vdqy4.cloudfront.net https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://analytics.google.com *.analytics.google.com *.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://td.doubleclick.net *.youtube.com *.youtube-nocookie.com survey.alchemer.com *.ytimg.com, frame-ancestors 'self' 2 default-src 'none'; connect-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; frame-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; script-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/ 'unsafe-inline'; style-src 'unsafe-inline'; 2 frame-ancestors 'self'; report-uri https://csp-reports.apis.cuf.pt/_csp 2 frame-ancestors 'self' https://edicola.naviga.it/ 2 "frame-ancestors 'none';" 2 frame-ancestors 'self'; report-uri https://o28929.ingest.us.sentry.io/api/676675/security/?sentry_key=ece733f80e4d4958a8c9cfc1f5a6a5db 2 frame-ancestors 'self' resources.renishaw.com static.renishaw.net www.renishaw.cz www.renishaw.de www.renishaw.com www.renishaw.es www.renishaw.fr www.renishaw.it www.renishaw.hu www.renishaw.nl www.renishaw.pl www.renishaw.com.br www.renishaw.si www.renishaw.se www.renishaw.com.tr www.renishaw.ru www.renishaw.jp www.renishaw.co.kr www.renishaw.com.cn pg.info.renishaw.net; report-uri https://renishaw.report-uri.com/r/d/csp/enforce 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://corp.sertifi.com https://campaigns.sertifi.com https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://j.6sc.co https://s3-us-west-2.amazonaws.com https://b-code.liadm.com https://js.zi-scripts.com https://widget.surveymonkey.com https://ajax.googleapis.com https://anjt6a9l0k.execute-api.us-west-1.amazonaws.com https://app.jazz.co https://cdn.dreamdata.cloud https://cdn.jsdelivr.net https://connect.facebook.net https://diffuser-cdn.app-us1.com https://dyv6f9ner1ir9.cloudfront.net https://embed.typeform.com https://cdn-asset.optimonk.com https://front.optimonk.com https://googleads.g.doubleclick.net https://gs-cdn.optimonk.com https://js.intercomcdn.com https://kit.fontawesome.com https://l0w6hlar9j.execute-api.us-west-1.amazonaws.com https://onsite.optimonk.com https://onsite2.optimonk.com https://player.vimeo.com https://prism.app-us1.com https://script.hotjar.com https://sertifi.activehosted.com https://snap.licdn.com https://static.cloudflareinsights.com https://static.hotjar.com https://trackcmp.net https://widget.intercom.io https://www.googleadservices.com https://www.googletagmanager.com https://www.redditstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn-asset.optimonk.com https://cdn.jsdelivr.net https://embed.typeform.com https://fonts.bunny.net https://fonts.googleapis.com https://l0w6hlar9j.execute-api.us-west-1.amazonaws.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://pro.ip-api.com https://alocdn.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://stats.g.doubleclick.net https://analytics.google.com https://ws.zoominfo.com https://js.zi-scripts.com https://tracking.chilipiper.com https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://api-iam.intercom.io https://api.typeform.com https://cdn-limit.optimonk.com https://cdn-account.optimonk.com https://cdn-renderer.optimonk.com https://cdn-content.optimonk.com https://cdn.dreamdata.cloud https://content.hotjar.io https://vc.hotjar.io https://front.optimonk.com https://jfapiprod.optimonk.com https://metrics.hotjar.io https://pixel-config.reddit.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://pixel-config.reddit.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.redditstatic.com wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com; font-src 'self' data: https://cdn-custom.optimonk.com https://fonts.bunny.net https://fonts.gstatic.com https://fonts.intercomcdn.com https://ka-p.fontawesome.com; frame-src 'self' https://sertifi.chilipiper.com https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://www.googletagmanager.com https://www.tfaforms.com https://www.typeform.com https://www.surveymonkey.com https://sertifi818.outgrow.us https://form.typeform.com https://player.vimeo.com https://td.doubleclick.net https://www.youtube.com; img-src 'self' data: https://testsertifiumbstorage.blob.core.windows.net https://prodsertifiumbstorage.blob.core.windows.net https://sertifi.chilipiper.com https://b.6sc.co https://js.chilipiper.com https://api.chilipiper.com https://apps.chilipiper.com https://fire.chilipiper.com https://prod.smassets.net https://www.facebook.com https://alb.reddit.com https://app.jazz.co https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://js.intercomcdn.com https://px.ads.linkedin.com https://static.intercomassets.com https://ucarecdn.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://corp.sertifi.com https://js.intercomcdn.com; worker-src 'none'; 2 object-src 'none'; base-uri 'none';frame-ancestors 'self' *.myscheme.gov.in *.myscheme.in https://dashboard.dl6.in; 2 default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com *.inviewuclab.com static.zdassets.com js.stripe.com *.google.com *.gstatic.com gstatic.com connect.facebook.net *.zendesk.com blob: ; script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com api.mapbox.com *.google.com *.gstatic.com static.zdassets.com js.stripe.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.datatables.net ; style-src-elem 'self' 'unsafe-inline' api.mapbox.com fonts.googleapis.com cdn.datatables.net ; style-src-attr 'unsafe-inline' ; img-src 'self' https://maps.gstatic.com https://maps.googleapis.com data: blob: 127.0.0.1:18623 *.mapbox.com *.facebook.com *.google.com *.gstatic.com ; frame-src 'self' *.google.com *.google.ie js.stripe.com player.vimeo.com www.youtube.com; font-src 'self' https://fonts.gstatic.com data: gstatic.com *.gstatic.com *.alicdn.com ; connect-src 'self' https://google.com *.google.com https://maps.googleapis.com https://maps.gstatic.com ekr.zdassets.com *.zendesk.com wss://127.0.0.1:18623 https://127.0.0.1:18623 mlts.dynamsoft.com *.mapbox.com *.inviewuclab.com https://tiles.openfreemap.org ; worker-src 'self' blob: ; upgrade-insecure-requests ; report-uri https://9a1a6d99ab6aa4ac3290a60bae476ab7.report-uri.com/r/d/csp/enforce 2 frame-ancestors 'self' https://myportal.bingel.be 2 default-src 'none'; connect-src *; font-src * data: about:; frame-src *; img-src * data: about:; media-src 'self' www.l3harris.com; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'strict-dynamic' 'nonce-My-v7Aqzz-5V-VmfWdbJJA'; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'strict-dynamic' 'nonce-My-v7Aqzz-5V-VmfWdbJJA'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.wescam.info www.googletagmanager.com cdn.userway.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; report-uri https://www.l3harris.com/system/reporting/csp; report-to csp; trusted-types * 'allow-duplicates'; require-trusted-types-for 'script' 2 default-src 'self' *; img-src * 'self' data: https: blob:; worker-src 'self' blob:; child-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com *.google.com *.youtube.com *.vimeo.com *.gstatic.com *.googletagmanager.com *.onetrust.com *.cookiebot.com *.cookielaw.org *.clarity.ms *.visitorqueue.com *.detailsdata7.com *.intelligence-7syndicate.com *.euroland.com *.eurolandir.com *.yano.digital; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; frame-src *; 2 default-src *.crazyegg.com *.cognigy.ai *.iubenda.com blob: wss: https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; object-src 'self' blob:; media-src 'self' https://foundever.com https://*.foundever.com data: blob:; 2 default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://c.clarity.ms https://c.bing.com *.clarity.ms *.betufa.com ufshseo-cdn.mybet789.com natural-sunrise-eea00ccd45.media.strapiapp.com; media-src self data: *.betufa.com ufshseo-cdn.mybet789.com natural-sunrise-eea00ccd45.media.strapiapp.com; script-src 'self' 'unsafe-inline' https://www.clarity.ms *.clarity.ms https://www.googletagmanager.com;connect-src 'self' https://*.betufa.com https://staging-api.ufabet.sh https://ufshseo-content.mybet789.com https://content.ufanews.com https://api.staging.myufa.com https://ajax-login-portal.mybet789.com https://one.one.one.one/cdn-cgi/trace https://www.googletagmanager.com https://www.clarity.ms *.clarity.ms https://www.google-analytics.com https://j.clarity.ms; 2 default-src 'self' *.springairlines.com *.ch.com wkbrs2.tingyun.com *.growingio.com static.geetest.com;style-src 'self' 'unsafe-inline' *.springairlines.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ch.com *.springairlines.com static.geetest.com beacon.riskified.com assets.giocdn.com; img-src * data:; connect-src 'self' *.springairlines.com *.ch.com wkbrs2.tingyun.com c.riskified.com *.growingio.com;font-src 'self' static.geetest.com *.springairlines.com;worker-src 'self' blob: *.ch.com; 2 img-src 'self' data: https: ; object-src 'none'; 2 default-src 'self' data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2 default-src 'self'; connect-src 'self' https://sentry.walletbot.me; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 2 default-src 'self' https: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io cdn.pushcrew.com; script-src 'self' data: blob: * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://www.youtube.com https://youtube.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://code.jquery.com https://cdn.cookielaw.org https://www.google.com/recaptcha https://maps.googleapis.com https://www.gstatic.com/recaptcha https://static.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com https://js.adsrvr.org https://cdnjs.cloudflare.com https://nexus.ensighten.com https://*.tidio.co https://*.jivosite.com https://browser.sentry-cdn.com https://*.cloudfront.net; style-src 'self' * 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https://www.youtube.com https://youtube.com https://*.fontawesome.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.jivosite.com https://*.tidio.co; img-src 'self' data: * app.vwo.com useruploads.vwo.io https://media.wp.d.fogo-testing.g43labs.net https://*.jivosite.com https://*.tidio.co https://cdn.cookielaw.org https://fogodechao.com https://*.wixstatic.com; font-src 'self' data: * https://www.gstatic.com https://fonts.gstatic.com https://*.fontawesome.com https://fonts.googleapis.com; connect-src 'self' * *.visualwebsiteoptimizer.com app.vwo.com https://media.wp.d.fogo-testing.g43labs.net https://www.youtube.com https://youtube.com https://*.tidio.co https://*.jivosite.com https://firebaseremoteconfig.googleapis.com https://www.google.com/recaptcha https://maps.googleapis.com https://www.gstatic.com/recaptcha https://ajax.googleapis.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org/ https://cdn.cookielaw.org https://match.adsrvr.org https://geolocation.onetrust.com; frame-src 'self' *.visualwebsiteoptimizer.com app.vwo.com * https://*.tidio.co https://*.jivosite.com https://www.youtube.com https://www.google.com https://recaptcha.google.com https://insight.adsrvr.org https://match.adsrvr.org https://www.gstatic.com/recaptcha https://www.google.com/recaptcha https://app.calconic.com https://*.issuu.com https://www.donationx.org; media-src 'self' data: blob: * 'unsafe-inline' 'unsafe-hashes'; worker-src 'self' blob:; child-src *.visualwebsiteoptimizer.com app.vwo.com; 2 frame-ancestors https://www.notion.so 2 default-src 'self' https://downloads.ctfassets.net/ *.gstatic.com *.proteccion.com assets.ctfassets.net d10o2ofpymhfmh.cloudfront.net *.wufoo.com contenidos-proteccion.s3.amazonaws.com *.proteccion.com.co cdnjs.cloudflare.com *.api.ipify.org videos.ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.ads-twitter.com/uwt.js parly-webchat-proteccion-pronto.1jp7e8ua8ne3.us-east.codeengine.appdomain.cloud script.crazyegg.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net *.clarity.ms/ *.googleoptimize.com partner.googleadservices.com *.ipdialbox.com *.wolkvox.com kit.fontawesome.com widget.spreaker.com connect.facebook.net *.youtube.com *.proteccion.com *.gstatic.com www.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com cdnjs.cloudflare.com pratech-chatbot-cdn-proteccion.mybluemix.net static.ads-twitter.com cdn.perfdrive.com client.rum.us-east-1.amazonaws.com; img-src * 'self' data: *.proteccion.com; style-src 'self' 'unsafe-inline' parly-webchat-proteccion-pronto.1jp7e8ua8ne3.us-east.codeengine.appdomain.cloud *.proteccion.com cdnjs.cloudflare.com d10o2ofpymhfmh.cloudfront.net *.google.com *.googleapis.com cdn.botframework.com pratech-chatbot-cdn-proteccion.mybluemix.net use.fontawesome.com; object-src 'self' *.proteccion.com; font-src 'self' *.proteccion.com fonts.gstatic.com cdnjs.cloudflare.com ka-p.fontawesome.com use.fontawesome.com fonts.googleapis.com data:; child-src *.spotify.com forms.office.com *.google.com *.ipdialbox.com *.wolkvox.com widget.spreaker.com *.core.windows.net *.youtube.com *.wufoo.com *.proteccion.com blob:; connect-src 'self' kit.fontawesome.com parly-webchat-proteccion-pronto.1jp7e8ua8ne3.us-east.codeengine.appdomain.cloud https://noembed.com/ https://js.hs-banner.com https://forms.hscollectedforms.net *.clarity.ms wss://directline.botframework.com https://directline.botframework.com ka-p.fontawesome.com pratech-chatbot-cdn-proteccion.mybluemix.net cdn.contentful.com images.ctfassets.net stats.g.doubleclick.net *.googleapis.com *.proteccion.com.co *.proteccion.com *.google-analytics.com api.ipify.org analytics.google.com; frame-ancestors 'self' www.proteccion.com.co www.proteccion.com proteccion.com.co proteccion.com; frame-src www.proteccion.com.co www.proteccion.com proteccion.com.co proteccion.com *.facebook.com open.spotify.com widget.spreaker.com docs.google.com cse.google.com *.wolkvox.com https://youtube.com/ *.youtube.com *.google.com https://app.nati.ai 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 2 frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com h.online-metrix.net https://s3.rdbuz.com https://*.doubleclick.net https://graph.facebook.com https://*.redbus.in https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.sentry-cdn.com www.lacmp.net flackr.github.io cdn.branch.io cdn.moengage.com beacon.riskified.com tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com https://static.ads-twitter.com https://*.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net https://*.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: img.youtube.com niubizqr.pagoefectivo.pe img.riskified.com moe-email-campaigns.s3.amazonaws.com image.moengage.com web-elb *.online-metrix.net *.goibibo.com barcode-latam.s3.amazonaws.com t.co www.googletagmanager.com *.doubleclick.net tpc.googlesyndication.com maps.gstatic.com maps.googleapis.com rb-plus.s3.ap-southeast-1.amazonaws.com s3-ap-southeast-1.amazonaws.com *.s3-ap-southeast-1.amazonaws.com h.online-metrix.net bat.bing.com www.google.co.in origin-st.redbus.in www.redbus.in www.redbus.in *.google.com www.google-analytics.com https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com http://st.redbus.in https://api.midtrans.com https://www.glassdoor.co.in; style-src blob: 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' st.redbus.in payment.pagoefectivo.pe *.firebaseapp.com *.firebaseio.com www.surveymonkey.com *.google.com isb.au1.qualtrics.com www.googletagservices.com *.redbus.com h.online-metrix.net checkout.payulatam.com *.doubleclick.net in-tags.vizury.com sg-pl.vizury.com *.facebook.com www.youtube.com dis.as.criteo.com; object-src 'self'; connect-src 'self' *.apm.ap-south-1.aws.elastic-cloud.com flackr.github.io browser.sentry-cdn.com *.ingest.de.sentry.io www.lacmp.net wss://rbpub.redbus.com s3-ap-southeast-1.amazonaws.com *.moengage.com analytics.google.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com www.google-analytics.com graph.facebook.com accounts.google.com 2 base-uri 'none'; connect-src 'self' https://552-ogk-141.mktoresp.com https://analytics.google.com https://api.company-target.com https://api.hubapi.com https://cdn.cookielaw.org https://cdn.lottielab.com https://forms-na1.hubspot.com https://forms.hsforms.com https://forms.hubspot.com https://geolocation.onetrust.com https://hubspot-forms-static-embed.s3.amazonaws.com https://openpgpkey.bitgo.com https://pagead2.googlesyndication.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://tag-logger.demandbase.com https://www.google-analytics.com https://www.google.com https://js.zi-scripts.com https://ws.zoominfo.com/ https://ws-assets.zoominfo.com/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; form-action https://forms.hsforms.com; frame-ancestors; frame-src https://app.hubspot.com https://forms.hsforms.com https://landing.bitgo.com/ https://recaptcha.google.com/recaptcha/ https://docs.google.com/ https://td.doubleclick.net https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://analytics.twitter.com https://cdn.cookielaw.org https://cdn.lottielab.com https://forms-na1.hsforms.com https://googleads.g.doubleclick.net https://id.rlcdn.com https://images.ctfassets.net https://px.ads.linkedin.com https://segments.company-target.com https://t.co https://track.hubspot.com https://www.google.com https://www.googletagmanager.com https://www.linkedin.com; media-src 'self' https://videos.ctfassets.net; object-src; script-src 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; script-src-elem 'self' 'unsafe-inline' https://app.hubspot.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://landing.bitgo.com https://munchkin.marketo.net https://pagead2.googlesyndication.com https://snap.licdn.com https://static.ads-twitter.com https://tag.demandbase.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://js.zi-scripts.com https://ws-assets.zoominfo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://landing.bitgo.com; worker-src; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.simonetti.com.br *.chernobyl.pentagrama:8001 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf *.atweb.com.br *.moveissimonetti.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com https://h.online-metrix.net *.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.simonetti.com.br *.chernobyl.pentagrama:8001 *.atweb.com.br *.moveissimonetti.com.br *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://h.online-metrix.net *.d.aa.online-metrix.net https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.confi.com.vc *.clarity.ms *.google.com *.google.com.br *.bing.com *.g.doubleclick.net *.facebook.com *.clearsale.com.br *.atweb.com.br imgs.webpdv.net.br *.moveissimonetti.com.br maps.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.googleapis.com *.gstatic.com https://h.online-metrix.net *.cardinalcommerce.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.simonetti.com.br *.emailmkt.moveissimonetti.com.br *.chernobyl.pentagrama:8001 *.confi.com.vc bam.nr-data.net *.facebook.net *.getblue.io *.azureedge.net *.clarity.ms *.onesignal.com onesignal.com *.pinterest.com *.pinimg.com *.smartflowinc.com *.clearsale.com.br *.atweb.com.br static.cloudflareinsights.com ajax.cloudflare.com https://cdn.jsdelivr.net/gh/mymetric/scripts@main/mmtracker_general.js *.moveissimonetti.com.br maps.googleapis.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net assets.braintreegateway.com *.simonetti.com.br *.chernobyl.pentagrama:8001 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf *.confi.com.vc *.onesignal.com onesignal.com *.atweb.com.br *.moveissimonetti.com.br tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.confi.com.vc *.atweb.com.br *.moveissimonetti.com.br 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.confi.com.vc bam.nr-data.net *.sae.stape.io *.clarity.ms *.g.doubleclick.net *.pinterest.com *.atweb.com.br *.smartflowinc.com *.moveissimonetti.com.br mymetric-hub-shopify.ue.r.appspot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-uri https://sentry.eneba.com/api/6/security/?sentry_key=102de17feb49405fadcbb032c33331d1&sentry_release=1.3343.0; report-to csp-endpoint; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.nsureapi.com https://device.maxmind.com https://fpnpmcdn.net https://connect.facebook.net https://eneba.atlassian.net https://static.eneba.games https://assets.eneba.games https://challenges.cloudflare.com https://mx.eneba.com https://*.criteo.net https://*.criteo.com https://mainf.global-cache.online https://widget.trustpilot.com https://apps.rokt.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://www.paypal.com https://c.paypal.com https://*.cardinalcommerce.com https://*.js.stripe.com https://js.stripe.com https://checkoutshopper-live-us.adyen.com https://checkoutshopper-live.adyen.com https://cdn.safecharge.com https://pay.google.com https://static.dlocal.com https://ebanx-js.ebanx.com https://beacon.riskified.com https://i.k-analytix.com https://cdn.checkout.com https://applepay.cdn-apple.com https://js.tazapay.com https://newsletter.ene.ba https://an.gr-wcon.com https://us-an.gr-cdn.com https://ga2.getresponse.com https://m.gr-cdn-e.eu https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net https://d16hi2v1mh7lg7.cloudfront.net; 2 default-src 'self' https: data: blob:;style-src 'self' 'unsafe-inline' https: data:;font-src 'self' https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;img-src 'self' data: https: blob: *;frame-src 'self' https: data: blob: *;connect-src 'self' https: wss: ws:;navigate-to 'self' https: http: *;form-action 'self' https: http: *;base-uri 'self' https: http:;object-src 'self' https: data: blob:;media-src 'self' https: data: blob:;worker-src 'self' blob: data:;child-src 'self' https: data: blob: *;manifest-src 'self' https: data:;prefetch-src 'self' https: data: *;frame-ancestors 'self' https: http:;script-src-attr 'none';upgrade-insecure-requests 2 default-src 'self'; script-src 'self'; connect-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; media-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org 2 frame-ancestors 'self' https://nginx-sonova-d8-develop.ch.amazee.io https://www.sonova.com https://relaunch.sonova.com https://jobs.nzz.ch https://management.jobs.nzz.ch ; report-uri /report-csp-violation 2 default-src * 'unsafe-inline' 2 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 2 default-src 'self' https://cdn.vargroup.com https://*.gstatic.com https://*.adacto.it https://*.vargroup.it https://*.vargroup.com http://*.tidiochat.com https://*.tidiochat.com https://*.dynamics.com https://*.genially.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.vargroup.com https://*.hsforms.net https://matomo01.bizmart2.it https://matomo.ubics.app https://sc-matomo.adacto.it https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://*.googleapis.com https://*.google.com https://*.google.it https://*.gstatic.com http://*.hsforms.net https://*.hsforms.net https://*.recaptcha.net https://*.addthis.com https://*.intervieweb.it https://*.azureedge.net https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com http://*.tidio.co https://*.tidio.co http://*.tidiochat.com https://*.tidiochat.com https://*.youtube.com https://*.aspnetcdn.com https://*.dynamics.com https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://*.hubspot.com https://cdnjs.cloudflare.com https://*.bing.com https://*.genially.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://*.lfeeder.com https://*.typeform.com https://*.vargroup.com https://*.vargroup.it wss://*.typeform.com ws://*.typeform.com http://*.typeform.com https://*.googleadservices.com https://*.fillout.com; style-src 'self' 'unsafe-inline' https://cdn.vargroup.com https://*.googleapis.com https://*.azureedge.net https://*.genially.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co https://*.vargroup.com https://*.vargroup.it https://*.fillout.com; img-src * data:; media-src 'self' https://cdn.vargroup.com https://sitecore.vargroup.com https://edge.sitecorecloud.io http://*.tidiochat.com https://*.tidiochat.com https://*.genially.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co https://*.vargroup.com https://*.vargroup.it; frame-src 'self' https://www.youtube.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://docs.google.com https://*.google.com https://*.google.it https://*.hsforms.com https://*.recaptcha.net https://*.intervieweb.it https://*.dynamics.com https://*.googletagmanager.com https://*.microsoft.com https://*.googleadservices.com https://*.doubleclick.net https://sitecore.vargroup.com https://*.hubspot.com https://player.vimeo.com/ https://go.pardot.com/ https://*.genially.com https://*.powerbi.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co https://*.vargroup.com https://*.vargroup.it https://*.fillout.com https://sitecore.vargroup.com https://*.vargroup.it https://*.vargroup.com https://*.adacto.it https://*.vargroup.ch https://*.vargroup.de https://*.vargroup.es https://*.vargroup.ad https://*.dsec.it https://*.mediamenteconsulting.it https://*.tekneretail.it https://*.wisesecurity.com https://*.yarix.com https://*.cyres-consulting.com https://*.ubics.it https://*.infolog.it https://*.incidentresponse.com https://*.nip.io https://*.adview.mx https://*.adview.it https://cdn.vargroup.com; frame-ancestors https://sitecore.vargroup.com https://cdn.vargroup.com https://*.vargroup.it https://*.vargroup.com https://*.adacto.it https://*.vargroup.ch https://*.vargroup.de https://*.vargroup.es https://*.vargroup.ad https://*.dsec.it https://*.mediamenteconsulting.it https://*.tekneretail.it https://*.wisesecurity.com https://*.yarix.com https://*.cyres-consulting.com https://*.ubics.it https://*.infolog.it https://*.incidentresponse.com https://*.nip.io https://*.adview.mx https://*.adview.it; object-src none; connect-src 'self' https://cdn.vargroup.com https://*.hsforms.com https://www.youtube.com https://matomo01.bizmart2.it https://matomo.ubics.app https://sc-matomo.adacto.it https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://*.googleapis.com https://*.ingest.sentry.io https://*.intervieweb.it https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.google.com https://*.google.it https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.doubleclick.net http://*.tidiochat.com https://*.tidiochat.com ws://*.tidio.co wss://*.tidio.co https://*.dynamics.com https://*.azureedge.net https://sitecore.vargroup.com https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://google.com/pagead/form-data/ https://google.com/ccm/form-data/ https://googleadservices.com/ https://google.it/ https://*.hubspot.com https://*.bing.com https://*.genially.com https://*.tableau.com https://*.facebook.net https://*.facebook.com https://*.lfeeder.com https://*.typeform.com wss://*.typeform.com ws://*.typeform.com https://*.tidio.co https://*.vargroup.com https://*.vargroup.it https://*.googleadservices.com https://*.fillout.com https://*.recaptcha.net 2 block-all-mixed-content; child-src blob:; connect-src 'self' https://*.scene7.com https://*.limelight.com https://*.google-analytics.com https://*.bing.com https://*.mktoresp.com https://*.doubleclick.net https://*.wisepops.com https://*.medallia.com https://*.kampyle.com https://*.msanet.com https://*.mapbox.com https://*.googlevideo.com https://*.llnw.net https://*.facebook.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.onetrust.com https://*.msasafety.com https://*.zoominfo.com https://*.usetiful.com https://*.mktoutil.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://*.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.rumiview.com wss://*.hotjar.com https://*.hotjar.com https://*.csp-1.com https://csp-1.picarioxpo.com https://*.tockify.com https://tockify.com https://app.getwisp.co https://*.wisepops.net https://*.qzzr.com https://*.algolianet.com https://*.algolia.net https://*.kudoboard.com https://*.curator.io https://*.pricespider.com https://cdnjs.cloudflare.com https://*.algolia.io https://wisepops.net https://*.tiles.mapbox.com wss: https://px.ads.linkedin.com https://*.niceincontact.com https://*.uplynk.com https://pactsafe.io https://lexipol.blueconic.net; default-src 'self'; font-src 'self' data: https://*.gstatic.com https://*.fontawesome.com https://*.cloudfront.net https://*.typekit.net https://*.pricespider.com https://*.niceincontact.com https://webapps.msanet.com; frame-src 'self' https://*.msasafety.com https://*.msanet.com https://*.google.com https://*.doubleclick.net https://*.marketo.com https://*.bing.com https://*.hotjar.com https://*.medallia.com https://*.zoho.com https://*.metalocator.com https://*.youtube.com https://*.sierramonitor.com https://*.123formbuilder.com https://*.clickagy.com https://*.facebook.com http://*.msanet.com https://*.webdamdb.com https://*.force.com https://*.office.com https://*.csp-1.com https://msasafety.wufoo.com https://*.tockify.com https://tockify.com https://*.vimeo.com https://www.firegrantshelp.com https://*.qzzr.com https://*.riddle.com https://*.surveymonkey.com https://www.mybacharach.com https://*.kudoboard.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://*.marketingautomation.services https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://insight.adsrvr.org https://msa.webdamdb.com/ https://*.niceincontact.com https://*.instagram.com https://jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com https://*.googletagmanager.com https://content.uplynk.com https://msasafety700.outgrow.us https://*.uplynk.com; img-src data: 'self' https://*.scene7.com https://*.googletagmanager.com https://*.pricespider.com https://*.googleadservices.com https://*.linkedin.com https://*.doubleclick.net https://*.bing.com https://*.facebook.com https://*.google-analytics.com https://*.cookielaw.org https://*.clarity.ms https://*.metalocator.com https://*.msasafety.com https://*.msanet.com https://*.webdamdb.com https://*.kickfire.com https://*.kampyle.com https://*.simpli.fi https://*.rumiview.com https://*.webtraxs.com https://*.analytics.google.com https://*.adroll.com https://*.g.doubleclick.net https://*.ads.linkedin.com https://*.clickagy.com https://*.msafire.com https://*.content.video.llnw.net https://*.csp-1.com https://csp-1.picarioxpo.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://blog.sierramonitor.com https://*.wisepops.net https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://*.wisepops.com https://*.mapbox.com https://safetyio.com https://*.safetyio.com blob: https://img.delvenetworks.com https://pixel-geo.prfct.co https://blog.fieldserver.com https://curator-assets.b-cdn.net https://*.curator.io https://*.niceincontact.com/ https://dummyimage.com https://*.placeholder.com https://placehold.it https://*.uplynk.com https://media.msasafety.com.cn https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://msasafety.bynder.com; media-src 'self' blob: https://*.llnw.net https://*.msanet.com https://*.webdamdb.com/ https://*.curator.io https://curator-assets.b-cdn.net/ https://*.shutterstock.com https://*.uplynk.com/ https://msasafety.bynder.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.msasafety.com https://*.scene7.com https://*.pricespider.com https://*.limelight.com https://*.marketo.com https://*.marketo.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.bing.com https://*.doubleclick.net https://*.hotjar.com https://*.facebook.net https://*.wisepops.com https://*.adobedtm.com https://*.licdn.com https://*.medallia.com https://*.kampyle.com https://*.kickfire.com https://*.simpli.fi https://*.google.com https://*.metalocator.com https://*.pardot.com https://*.mapbox.com https://*.sierramonitor.com https://*.zohostatic.com https://*.usersnap.com https://*.cloudfront.net https://*.youtube.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.123formbuilder.com https://*.zoominfo.com https://*.usetiful.com https://*.webtraxs.com https://*.adroll.com https://*.rumiview.com https://*.la5-c2-ia4.salesforceliveagent.com https://*.jquery.com https://*.force.com https://*.g.doubleclick.net https://*.csp-1.com https://*.tockify.com https://tockify.com https://*.wisepops.net https://app.getwisp.co https://*.qzzr.com https://cdn.jsdelivr.net https://koi-3QNJ3FOY90.marketingautomation.services https://curator.io https://*.curator.io https://*.marketingautomation.services https://wisepops.net https://cdnjs.cloudflare.com https://tag.perfectaudience.com https://js.adsrvr.org https://*.tiles.mapbox.com https://pixel-geo.prfct.co https://*.niceincontact.com https://*.instagram.com https://webapps.msanet.com https://webapps.msasafety.com https://*.uplynk.net https://*.uplynk.com https://pactsafe.io https://*.pactsafe.io https://msasafety.bynder.com https://*.blueconic.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.mapbox.com https://*.pricespider.com https://*.tiles.mapbox.com https://*.msasafety.com https://*.scene7.com https://www.usetiful.com https://*.msanet.com https://*.fontawesome.com https://*.googleapis.com https://*.typekit.net https://*.curator.io/ https://*.niceincontact.com https://*.uplynk.com https://*.blueconic.net; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /.webscale/csp-report 2 upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'none';default-src 'self';child-src 'self';frame-src https://www.google.com https://*.linkedin.com *.hotjar.com;script-src *.smartology.net *.hotjar.com https://www.gstatic.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://kit.fontawesome.com https://*.sharethis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://connect.facebook.net https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://*.linkedin.com https://unpkg.com https://code.jquery.com/ 'self' 'unsafe-inline' 'unsafe-eval';img-src http://www.w3.org https://www.smartology.net https://*.google-analytics.com https://secure.gravatar.com https://*.googletagmanager.com https://*.sharethis.com 'self' data:;style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://buttons-config.sharethis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com 'self' data:;connect-src *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://website-api.smartology.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.fontawesome.com https://l.sharethis.com https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://lottie.host 'self' ws:;object-src 'self' 2 child-src 'self' https://survey.jam-software.com;frame-src https://jam-software-gmbh.jobs.personio.de; base-uri 'self';font-src 'self';form-action 'self' https://survey.jam-software.com https://customers.jam-software.de;frame-ancestors 'self' *.jam-software.de *.jam-software.com ;img-src *.jam-software.com 'self' https://www.google.com https://www.google.de https://ja.jam-software.com https://www.jam-software.de https://www.jam-software.com https://customers.jam-software.de https://manuals.jam-software.de https://manuals.jam-software.com https://survey.jam-software.com media.jam-software.com;media-src 'self' media.jam-software.com https://survey.jam-software.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.jam-software.de https://matomo.jam-software.com https://www.googletagmanager.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://survey.jam-software.com; 2 default-src 'self' https://*.wistia.com https://*.wistia.net; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.algolia.net aorta.clickagy.com hemsync.clickagy.com https://www2.ttec.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://px.ads.linkedin.com https://js.zi-scripts.com https://ws.zoominfo.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://fbo-b.flippingbook.com https://online.flippingbook.com https://d17lvj5xn8sco6.cloudfront.net https://*.doubleclick.net https://pi.pardot.com https://www.google.com https://google.com https://www.facebook.com https://*.clarity.ms https://c.bing.com; font-src 'self' data: https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net https://cdnjs.cloudflare.com; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://js.driftt.com https://widget.drift.com https://fast.wistia.com https://fast.wistia.net hemsync.clickagy.com https://insight.adsrvr.org https://www2.ttec.com https://online.flippingbook.com https://match.adsrvr.org; img-src 'self' data: https://www.ttec.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://www.google.com https://google.com https://*.wistia.com https://*.wistia.net https://cdn.cookielaw.org https://px.ads.linkedin.com https://ade.googlesyndication.com https://www.linkedin.com https://fonts.gstatic.com https://online.flippingbook.com https://d17lvj5xn8sco6.cloudfront.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://connect.facebook.net https://www.facebook.com https://*.clarity.ms https://c.bing.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net; object-src 'none'; script-src 'self' 'strict-dynamic' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com 'nonce-MQMaicO6gZY4UBGWgyyxhQ'; script-src-elem 'self' https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.google.com https://js.driftt.com https://widget.drift.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.zi-scripts.com https://tags.clickagy.com https://www2.ttec.com https://snap.licdn.com/ https://www.gstatic.com https://ws-assets.zoominfo.com https://pagead2.googlesyndication.com https://js.adsrvr.org/ https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://online.flippingbook.com https://d33i2vgywgme2s.cloudfront.net https://js.sentry-cdn.com https://pi.pardot.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.clarity.ms https://c.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com 'nonce-MQMaicO6gZY4UBGWgyyxhQ'; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.wistia.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com use.fontawesome.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2 default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com data: *.hotjar.com *.fontawesome.com maxcdn.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.jsdelivr.net *.cloudflare.com *.googleapis.com *.1worldsync.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.embluemail.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.lacuracao.pe *.efe.com.pe 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.pmbox.cloud *.inconcertcc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.criteo.net *.flixcar.com *.os.tc *.onesignal.com *.doubleclick.net *.vnforapps.com *.online-metrix.net gum.criteo.com fledge.us.criteo.com *.livechatinc.com *.pointandplace.com *.powr.io *.omnitok.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.efe.com.pe *.flixcar.com *.flix360.com https://*.hotjar.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com.pe *.lacuracao.pe *.doubleclick.net *.emxdgt.com *.bidswitch.net img *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.criteo.com *.bluekai.com *.yahoo.com *.clmbtech.com *.smaato.net *.sharethrough.com *.revcontent.com *.pubmatic.com *.outbrain.com *.postrelease.com *.bing.com *.teads.tv *.3lift.com *.omnitagjs.com *.casalemedia.com *.stickyadstv.com *.360yield.com *.embluemail.com *.yieldmo.com *.tremorhub.com *.mediavine.com *.liadm.com *.flix360.io *.aralego.com *.criteo.net *.aralego.net *.vnforapps.com *.online-metrix.net *.yahoo.net *.contextweb.com *.demoup.com *.pointandplace.com *.adform.net *.adgrx.com *.powrcdn.com *.1rx.io *.alquimio.cloud *.yandex.com *.yandex.ru *.yads.tech *.yango.com cm.g.doubleclick.net t.adx.opera.com *.agkn.com *.unrulymedia.com *.1worldsync.com *.windows.net *.clarity.ms *.hsforms.net *.hsforms.com *.hubspotusercontent-na1.net *.hubspot.com yandex.ru *.hsappstatic.net *.fwmrm.net *.adsrvr.org *.bidr.io *.sitescout.com *.crwdcntrl.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.magento-datasolutions.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.embluemail.com *.hotjar.com storage.googleapis.com *.flixfacts.com *.flixcar.com *.onesignal.com onesignal.com *.inconcertcc.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://maps.googleapis.com *.criteo.com *.tiktok.com *.flix360.io *.pointandplace.com *.vnforapps.com *.ccdc02.com *.online-metrix.net *.amazonaws.com *.demoup.com *.livechatinc.com *.powr.io *.omnitok.com infimv.com *.topsort.com *.jsdelivr.net *.yads.tech *.1worldsync.com *.clarity.ms *.hsforms.net *.hsadspixel.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hubspot.com *.hscollectedforms.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.hotjar.com *.fontawesome.com maxcdn.bootstrapcdn.com assets.braintreegateway.com onesignal.com *.flixcar.com *.cloudflare.com *.googleapis.com *.1worldsync.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.demoup.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com api.comapi.com bam.nr-data.net *.culqi.com *.alquimio.cloud *.hotjar.com *.hotjar.io wss://*.hotjar.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.criteo.com *.doubleclick.net *.embluemail.com onesignal.com google.com.pe *.pointandplace.com *.flixcar.com *.google.com.pe *.vnforapps.com *.tiktok.com *.pangle-ads.com *.demoup.com *.flix360.com *.powr.io *.topsort.com *.yandex.com *.yandex.ru *.yads.tech *.yango.com *.omnitok.com *.psychological.ai *.hsforms.net *.hsforms.com *.amazonaws.com *.hubspot.com *.clarity.ms *.hubapi.com *.hscollectedforms.net/ facebook.com *.onesignal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com trck.spoteffects.net www.lotto.de m.lotto.de www.youtube.com localhost:; script-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com connect.facebook.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.google.com data1.bresera.com data1.open-dog.com connect.facebook.net tags.tiqcdn.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu 'unsafe-inline' 'unsafe-eval'; style-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com translate.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de 'unsafe-inline'; style-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.gstatic.com 'unsafe-inline'; connect-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com prodint.eurojackpot.de prodint.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de miframe.lotto.de iframe.lotto.de www.youtube.com trck.spoteffects.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de www.facebook.com connect.facebook.net translate.googleapis.com api.usercentrics.eu ib.adnxs.com consent-api.service.consent.usercentrics.eu privacy-proxy.usercentrics.eu privacy-proxy-server.usercentrics.eu cdn.dynamicyield.com st-eu.dynamicyield.com aggregator.service.usercentrics.eu graphql.usercentrics.eu ws://localhost:12387/ data:; font-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com fonts.gstatic.com api.rabatta.app data:; img-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com prodint.eurojackpot.de prodint.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com s.w.org ps.w.org www.gstatic.com secure.gravatar.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de eurojackpot.webtrekk.net fbc.wcfbc.net ad3.adfarm1.adition.com imagesrv.adition.com i.ytimg.com www.facebook.com fonts.gstatic.com app.usercentrics.eu uct.service.usercentrics.eu privacy-proxy-server.usercentrics.eu www.googleadservices.com adservice.google.com *.googleapis.com www.google-analytics.com translate.google.com pagead2.googlesyndication.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.kr www.google.com www.google.co.ma www.google.com.br www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.lk www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk data:; child-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de blob:; frame-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de lotto.de www.youtube-nocookie.com www.facebook.com app.usercentrics.eu; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/enforce 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://babiel.jobbase.io https://babiel.onlyfy.jobs https://*.usercentrics.eu https://www.instagram.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fast.fonts.net; img-src 'self' data: https://www.google-analytics.com https://*.usercentrics.eu; frame-src 'self' https://babiel.jobbase.io https://babiel.onlyfy.jobs https://www.youtube-nocookie.com https://www.instagram.com https://*.usercentrics.eu; connect-src 'self' https://www.google-analytics.com https://*.usercentrics.eu 2 frame-ancestors 'self' chayns.de qa.chayns.de tobit.team qa.tobit.team 2 object-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/enforce; report-to csp-endpoint 2 default-src 'self' 'unsafe-inline'; connect-src 'self' *.tapbit.mobi *.sentry.io *.ida-it.com *.tapbit.com *.tapbit.io *.tapbit.link *.tapbit.net wss://*.zendesk.com wss://*.tapbit.com wss://*.tapbit.io wss://*.tapbit.link wss://*.tapbit.net wss://*.ida-it.com wss://*.zopim.com https://*.go-mpulse.net https://*.ipify.org https://wkbrs2.tingyun.com https://*.aisecurius.com https://*.google.com https://google.com https://*.growingio.com https://*.zdassets.com https://*.zendesk.com https://*.aliyuncs.com https://*.zopim.com; style-src 'self' 'unsafe-inline' https://*.tapbit.mobi https://*.ida-it.com https://*.googleapis.com https://*.gstatic.com https://*.geetest.com; script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com https://appleid.cdn-apple.com https://accounts.google.com https://*.giocdn.com https://s.go-mpulse.net https://wkbrs2.tingyun.com https://*.zendesk.com https://*.ida-it.com https://*.tapbit.com https://*.tapbit.io https://*.tapbit.link https://*.tapbit.net 'unsafe-inline' https://*.jsdelivr.net https://polyfill.io https://*.tapbit.mobi https://*.googletagmanager.com https://*.aisecurius.com https://*.alicdn.com https://*.ida-it.com data: blob: *.ida-it.com *.tapbit.com *.tapbit.io *.tapbit.link *.tapbit.net 'unsafe-inline' https://adscool.net https://*.growingio.com https://*.alicdn.com https://*.aisecurius.com https://*.doubleclick.net https://*.geetest.com https://*.zdassets.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://*.tapbit.mobi; font-src 'self' data: blob: https://*.ida-it.com https://*.jsdelivr.net https://*.tapbit.mobi https://*.gstatic.com; img-src 'self' data: blob: *.zdusercontent.com *.zendesk.com *.zdassets.com *.googleadservices.com *.aliyuncs.com *.ida-it.com *.tapbit.com *.tapbit.io *.tapbit.link *.tapbit.net https://*.gravatar.com https://*.zdassets.com https://*.tapbit.mobi https://www.google.co.kr https://www.google.co.jp https://www.google.co.uk https://www.google.com.au https://www.google.ca https://www.google.com.mx https://www.google.fr https://www.google.de https://www.google.it https://www.google.es https://www.google.nl https://www.google.ru https://www.google.com.br https://www.google.co.in https://www.google.com.sg https://www.google.co.za https://www.google.com.hk https://www.google.com.tw https://www.google.co.th https://www.google.com.vn https://www.google.com.my https://www.google.com.ph https://www.google.com.eg https://www.google.co.il https://www.google.com.sa https://www.google.ae https://www.google.gr https://www.google.se https://www.google.no https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://*.doubleclick.net https://*.gstatic.com https://*.geetest.com https://*.geevisit.com; media-src 'self' https://*.zdassets.com https://*.tapbit.mobi data:; frame-src 'self' * ida:; base-uri 'self'; object-src 'none'; child-src 'self' blob:; 2 default-src * blob: data:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2 frame-ancestors 'self' https://matomo01vp.noris.gr https://analytics.noris.de https://analytics.noris.net https://noris.de https://www.noris.de 2 frame-ancestors 'self' https://hunterdouglas-website-dev.sanity.studio https://hd.lightning.force.com 2 worker-src 'self' blob: ;script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; object-src 'none'; 2 default-src 'self'; child-src 'self' https://platform.twitter.com https://youtube.com; connect-src 'self' https://dap.digitalgov.gov https://*.doubleclick.net https://orcid.org/userStatus.json https://search.usa.gov https://translate.googleapis.com https://usda.libanswers.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' data: https://cdn.knightlab.com https://fonts.gstatic.com; frame-src 'self' https://publicdashboards.dl.usda.gov https://*.twitter.com https://usda.libanswers.com https://player.vimeo.com https://*.youtube.com; frame-ancestors 'self'; img-src 'self' data: https://cdn.knightlab.com https://feed.informer.com https://fonts.gstatic.com https://*.nal.usda.gov https://orcid.org https://info.orcid.org https://*.twitter.com https://*.usa.gov https://validator.swagger.io https://*.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' https://ajax.googleapis.com https://cdn.knightlab.com https://dap.digitalgov.gov https://feed.informer.com https://*.google-analytics.com https://*.libanswers.com https://www.nal.usda.gov https://platform.twitter.com https://search.usa.gov https://www.googletagmanager.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdn.knightlab.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/ https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/ https://dap.digitalgov.gov https://feed.informer.com https://*.libanswers.com https://www.nal.usda.gov https://publicdashboards.dl.usda.gov https://search.usa.gov https://*.twitter.com https://unpkg.com/chart.js@4.4.0/ https://unpkg.com/chartjs-adapter-date-fns@3.0.0/ https://unpkg.com/chartjs-plugin-datalabels@2.0.0/ https://*.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.knightlab.com https://fonts.googleapis.com https://search.usa.gov; style-src-elem 'self' 'unsafe-inline' https://cdn.knightlab.com https://static-assets-us.libanswers.com https://search.usa.gov;; 2 default-src https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com; img-src https: data:; connect-src wss://*.tawk.to *.tawk.to *.lobbes.nl *.lobbesspeelgoed.be *.lobbesspielzeug.de *.lobbesjouet.fr *.icecat.biz bat.bing.com www.google-analytics.com stats.g.doubleclick.net ad.doubleclick.net squeezely.tech *.trustedshops.com *.trustbadge.com *.clic2buy.com trustbadge.api.etrusted.com *.etrusted.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google.com https://google.com *.googlesyndication.com *.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.click2buy.com *.clic2drive.com *.convertexperiments.com *.plausible.io https://googleads.g.doubleclick.net *.cookiebot.com https://cookiebot.com https://plausible.io *.beslist.nl maps.googleapis.com; worker-src *.convertexperiments.com blob:; frame-ancestors 'self' https://pwisao1609.prd.corp; 2 object-src 'none'; frame-src *; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2 frame-ancestors 'self' *.westchestergov.com *.myaccess.westchestergov.com *.westchestercatalyst.com westchestercatalyst.com *.westchesterputnamonestop.com *.westchesterda.net westchesterda.net *.westchesterlegislators.com westchesterlegislators.com; 2 default-src 'self' https://*.clarity.ms https://c.bing.com 'unsafe-inline'; connect-src https://cdn.growthbook.io *.google-analytics.com https://maps.googleapis.com https://www.googleapis.com https://*.google.com https://google.com *.facebook.com *.appmcdonalds.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://accounts.mcdonalds.com.pe https://api-im.mcdonaldscupones.com https://api-middleware-mcd.mcdonaldscupones.com https://api.lupap.co/v2 'self' https:; base-uri 'self'; block-all-mixed-content; font-src 'self' https://script.hotjar.com https: data:; frame-ancestors 'self'; frame-src *.facebook.com https://appleid.apple.com https://accounts.google.com 'self' https:; img-src https://rfm2latampp.mcd.com *.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://cache-backend-mcd.q.mcdonaldscupones.com https://cache-backend-mcd.mcdonaldscupones.com https://cache-mcd-ecommerce.q.mcdonaldscupones.com https://cache-mcd-ecommerce.mcdonaldscupones.com https://d2umxhib5z7frz.cloudfront.net https://static-q.appmcdonalds.com https://static.appmcdonalds.com https://static.hotjar.com https://script.hotjar.com 'self' data: https:; object-src 'none'; script-src https://cdn.growthbook.io https://connect.facebook.net https://accounts.google.com/gsi/client https://www.googletagmanager.com https://appleid.cdn-apple.com https://maps.googleapis.com https://www.google.com https://static.hotjar.com https://script.hotjar.com https://sonicsdk.mastercard.com 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline' https:; style-src 'self' https://static.hotjar.com https://script.hotjar.com https: 'unsafe-inline'; upgrade-insecure-requests; media-src 'self' data:; worker-src 'self' blob: 2 default-src 'self'; img-src 'self' data: *.msb.se i.ytimg.com maps.gstatic.com maps.googleapis.com; frame-src 'self' mailto: qcnl.tv api.screen9.com *.youtube.com youtube.com www.google.com msb.mynewsdesk.com brandrisk.smhi.se lastkaj.msb.se msb.ungapped.io ui.ungapped.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.readspeaker.com tracking.webbanalys.msb.se maps.googleapis.com www.google.com; style-src 'self' 'unsafe-inline' *.readspeaker.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' sr.artologik.net srtry.artologik.net msb.mynewsdesk.com tracking.webbanalys.msb.se *.readspeaker.com www.youtube.com www.google.com www.gstatic.com maps.googleapis.com dashboard.webbanalys.msb.se/js/container_F96Nf4nS_preview.js; frame-ancestors 'self'; 2 default-src 'self' https://cdn.dogonews.com;img-src 'self' data: https://*.dogomedia.com https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.googlesyndication.com https://*.gstatic.com https://www.mailjet.com https://i.ytimg.com https://i.vimeocdn.com https://images-na.ssl-images-amazon.com https://m.media-amazon.com https://ep1.adtrafficquality.google https://www.redditstatic.com https://alb.reddit.com;style-src 'self' https://cdn.dogonews.com https://fonts.googleapis.com https://www.googletagmanager.com https://accounts.google.com https://cdn.jsdelivr.net 'unsafe-inline';connect-src 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://www.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://js.stripe.com https://noembed.com https://cdn.plyr.io https://accounts.google.com https://*.adtrafficquality.google https://*.gstatic.com https://www.redditstatic.com https://pixel-config.reddit.com https://ads.reddit.com;frame-ancestors 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://*.dogogames.com https://*.dogonews.co.kr https://dogonews.co.kr https://partner.googleadservices.com https://*.googlesyndication.com https://admanager.google.com https://*.sanako.com https://accounts.google.com;frame-src *;script-src 'self' https://*.dogonews.com https://*.dogobooks.com https://*.dogomovies.com https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://js.stripe.com https://static.cloudflareinsights.com https://www.youtube.com https://teams.microsoft.com https://player.vimeo.com https://console.googletagservices.com https://accounts.google.com https://*.adtrafficquality.google https://www.redditstatic.com 'unsafe-eval' 'unsafe-inline';font-src 'self' https://fonts.gstatic.com https://cdn.dogonews.com;media-src 'self' https://cdn.dogonews.com 2 upgrade-insecure-requests; form-action https: 2 frame-ancestors 'self' https://www.hdpornvideo.xxx https://www.hdpornvideoindia.pro https://www.hdpornvideo3cn.com 2 default-src *;script-src * 'unsafe-inline' 'unsafe-eval';frame-src 'self' https: blob:;style-src * 'unsafe-inline';img-src * data:;font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://cdnjs.cloudflare.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:* https://maxcdn.bootstrapcdn.com:* https://cdn.jsdelivr.net:*;upgrade-insecure-requests;block-all-mixed-content;manifest-src 'self';object-src 'self'; 2 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; 2 frame-src 'self' https: data:; 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.force.com; 2 base-uri 'self'; font-src 'self' data: https:; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https: wss: blob:; child-src 'self' https: wss: blob:; frame-src 'self' https:; form-action 'self' 2 frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com cdn.realescort.com 2 default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.suizoargentina.com.ar *.suizoargentina.com suizoargentina.com *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com cdn.gtranslate.net *.mapbox.com chat-rueda.firebaseio.com *.firebaseio.com s-usc1c-nss-265.firebaseio.com *.bootstrapcdn.com caba33.suizoargentina.com.ar *.youtube.com *.log-in.com.ar *.w3.org *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com cdn.jsdelivr.net chat.suizoargentina.com *.google-analytics.com *.googletagmanager.com code.jquery.com ajax.googleapis.com connect.facebook.net *.facebook.com *.g.doubleclick.net js.hubspot.com *.amazonaws.com *.gravatar.com *.suizoargentina.com/webchat chat.suizoargentina.com/webchat/ https://suizoargentina.com/ 10.5.0.33 https://10.0.29.29; img-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.mapbox.com http://suizoargentina.com https://suizoargentina.com https://suizoargentina.com/ caba33.suizoargentina.com.ar https://10.0.29.29 *.suizoargentina.com.ar *.suizoargentina.com *.exposuizo.com.ar *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com cdn.gtranslate.net *.bootstrapcdn.com *.amazonaws.com js.hubspot.com *.youtube.com *.log-in.com.ar chat-rueda.firebaseio.com *.firebaseio.com *.w3.org s-usc1c-nss-265.firebaseio.com *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com connect.facebook.net *.facebook.com *.g.doubleclick.net secure.gravatar.com; 2 frame-ancestors 'self' mill3.studio 2 frame-ancestors 'self' https://*.bod.de https://*.bod.ch https://*.bod.dk https://*.bod.fi https://*.bod.fr https://*.bod.se https://*.bod.com.es https://*.bod.no; 2 block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz govtbookings.airnewzealand.co.nz au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' flightbookings.airnewzealand.com t.a3cloud.net ib.adnxs.com *.demdex.net www.everestjs.net oc-cdn-public-oce.azureedge.net https://unpkg.com/acs_webchat-chat-adapter@0.0.35-beta.20/dist/chat-adapter.js www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.google-analytics.com analytics.google.com tagmanager.google.com *.doubleclick.net static.hotjar.com script.hotjar.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com upgrade.plusgrade.com s.swiftypecdn.com player.vimeo.com s.wayin.com xd.wayin.com x.wayin.com eu-x.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com yourir.info www.youtube.com s.ytimg.com; style-src 'unsafe-inline' p-airnz.com 'self' oc-cdn-public-oce.azureedge.net fonts.googleapis.com tagmanager.google.com static.hotjar.com script.hotjar.com upgrade-cdn-prd.plusgrade.com upgrade-prod-cdn.plusgrade.com s.swiftypecdn.com yourir.info; img-src https: data: blob: ad.doubleclick.net ade.googlesyndication.com adservice.google.com www.googletagmanager.com www.google.com static.hotjar.com script.hotjar.com *.kampyle.com i.vimeocdn.com i.ytimg.com; font-src p-airnz.com 'self' *.cdn.office.net fonts.googleapis.com fonts.gstatic.com script.hotjar.com data: dhm5hy2vn8l0l.cloudfront.net; media-src 'self' p-airnz.com data: video.cdnvue.com; frame-src 'self' *.demdex.net www.everestjs.net pixel.everesttech.net au-connect.authsignal.com auth.identity.airnewzealand.com identity.airnewzealand.com airnz-cargo.chooose.today airnz-corporate.chooose.today forms.cd.airnewzealand.co.nz sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com oc-cdn-public-oce.azureedge.net blob: comms.omnichannelengagementhub.com customervoice.microsoft.com www.googletagmanager.com td.doubleclick.net *.google.com *.doubleclick.net vars.hotjar.com nebula-cdn.kampyle.com www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html www.airnewzealand.co.nz/payment/scripts/done.html *.cdn-pci.optimizely.com nz.fltmaps.com v.qq.com player.vimeo.com xd.wayin.com x.wayin.com eu-x.wayin.com display.engagesciences.com airnz.wufoo.com player.youku.com www.youtube.com; worker-src blob:; connect-src 'self' api.airnz.io api.airnz.ai p-airnz.com *.demdex.net *.tt.omtrdc.net identity.airnewzealand.com sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com unq0355446423e84eb397bc71189d78d-crm6.omnichannelengagementhub.com browser.pipe.aria.microsoft.com *.omnichannelengagementhub.com *.au.omnichannelengagementhub.com https://*.trouter.skype.com wss://*.trouter.skype.com edge.skype.com *.communication.azure.com ocsdk-prod.azureedge.net blob: pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com ad.doubleclick.net *.googleapis.com *.google.com *.gstatic.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://widget.timatic.iata.org/api/ md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com geolocation.onetrust.com privacyportal-au.onetrust.com *.optimizely.com https://*.sentry.io s.swiftypecdn.com search-api.swiftype.com yourir.info; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2 frame-ancestors 'self' localhost:* https://*.doccle.be https://*.doccle.nl https://*.doccle-test.be 2 script-src *.adsrvr.org *.cloudflareinsights.com *.cookiefirst.com *.embraer.com *.embraerexecutivejets.com *.facebook.net *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleapis.com *.googletagmanager.com *.qualtrics.com *.sharethis.com *.youtube.com data: embraer.com https://connect.facebook.net 'self' static.elfsight.com 'unsafe-eval' 'unsafe-inline';img-src *.adsrvr.org *.embraer.com *.embraerexecutivejets.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleapis.com *.googletagmanager.com *.gstatic.com *.sharethis.com data: embraer.com https://connect.facebook.net https://www.facebook.com;script-src-elem *.cloudflareinsights.com *.cookiefirst.com *.embraer.com *.facebook.net *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleapis.com *.googletagmanager.com *.qualtrics.com *.sharethis.com *.youtube.com data: embraer.com 'unsafe-inline';style-src *.cookiefirst.com *.embraer.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleapis.com *.gstatic.com *.sharethis.com data: embraer.com 'self' 'unsafe-inline';connect-src *.cookiefirst.com *.embraer.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googleadservices.com *.google-analytics.com *.googleapis.com *.qualtrics.com *.sharethis.com data: embraer.com stats.g.doubleclick.net t.sharethis.com;style-src-elem *.cookiefirst.com *.embraer.com *.googleapis.com *.gstatic.com *.sharethis.com embraer.com 'unsafe-inline';script-src-attr *.embraer.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl data: 'unsafe-inline';style-src-attr *.embraer.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl data: embraer.com 'unsafe-inline';object-src *.embraer.com embraer.com 'self';default-src *.embraer.com *.embraerexecutivejets.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googletagmanager.com *.sharethis.com data: embraer.com;frame-src *.embraerexecutivejets.com *.google.co.jp *.google.co.uk *.google.com *.google.com.br *.google.com.co *.google.dk *.google.fr *.google.lk *.google.nl *.googletagmanager.com *.sharethis.com *.tableau.com *.youtube.com data: embraer.com t.sharethis.com;font-src *.googleapis.com data: embraer.com fonts.gstatic.com 'self';base-uri 'self' 2 frame-ancestors 'self' www.amway.com.au www.amway.co.nz https://pos.amway.com.au https://pos.amway.co.nz https://pos.amway.com.vn www.amway.com.vn www.amway.com.ph admin.amway.com.ph 2 default-src * 'self' data: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline'; img-src * data: blob:; font-src * data: blob:; frame-src *; 2 frame-ancestors 'self' *.qidian.com *.hongxiu.com *.yuewen.com *.qq.com *.qdmm.com *.readnovel.com *.xs8.cn *.xxsy.net *.tingbook.com *.lrts.me *.ywurl.cn *.qdwenxue.com *.if.qidian.com www.gameloop.com *.xxsypro.com 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; object-src *; frame-ancestors *; frame-src *; media-src *; 2 1 2 default-src 'self' chat.oesterreich.gv.at; script-src 'self' chat.oesterreich.gv.at 'unsafe-inline'; img-src data: 'self'; connect-src 'self' wss://chat.oesterreich.gv.at https://chat.oesterreich.gv.at; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com vimeo.com player.vimeo.com pubmon.a-sit.at; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 2 default-src 'self'; script-src 'self' https://stats.allenai.org/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://cdn.us.heap-api.com/ https://c.us.heap-api.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://www.google-analytics.com/ https://*.mux.com/ https://inferred.litix.io/ https://cdn.us.heap-api.com/ https://c.us.heap-api.com/ https://www.datocms-assets.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://i.ytimg.com/ https://i3.ytimg.com/ https://allenai-web.stats.allenai.org/ https://www.datocms-assets.com/ https://image.mux.com/ data:; media-src 'self' https://*.mux.com/ blob:; object-src 'self' https://www.datocms-assets.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://www.datocms-assets.com/; frame-ancestors 'none'; upgrade-insecure-requests; 2 worker-src 'self' https: blob:; font-src 'self' https://fonts.gstatic.com data:; 2 frame-src 'self' https://optimize.google.com https://www.googletagmanager.com https://staging.eigendev.com https://ms1.eigendev.com https://bid.g.doubleclick.net *.lpsnmedia.net *.liveperson.net *.hotjar.com *.fls.doubleclick.net *.salecycle.com https://www.google.com https://customersso.rvs.com https://customersso-stage.rvs.com https://customer-sso-api.kong.test.site-testing.com https://gsclaimsubmissions.wufoo.com https://acquire1.comenity.net https://acquire1uat.comenity.net *.youtube.com *.googlesyndication.com https://console.googletagservices.com https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://bookings.spot2nite.com https://bookings.spot2nite.dev https://www.google.com https://www.facebook.com; 2 media-src blob: * 2 frame-ancestors 'self' *.reamaze.com google.com 2 default-src ‘self’; object-src ‘none'; form-action 'none’; report-to csp-endpoint; 2 default-src 'self'; script-src 'self' https://stats.cyfronet.pl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com;img-src 'self' data: https://*.gravatar.com https://*.cyfronet.pl;connect-src 'self' https://stats.cyfronet.pl;frame-src https://www.google.com;object-src 'none'; frame-ancestors 'self'; 2 script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com *.ibb.co.com www.googletagmanager.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to *.jsdelivr.net d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;media-src d7a3e8b1c4f9g2h5i6j7k8l9m0n1o2p3q4r5s6.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://public.tableau.com https://secure.intelligence-enterprise.com https://secure.leadforensics.com https://cdn.yoshki.com https://sidley.rev.vbrick.com https://sidley.readz.com https://www.buzzsprout.com https://www.google-analytics.com/ https://www.googletagmanager.com/ http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://fast.fonts.net/ https://fast.fonts.net/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/ https://vimeo.com/ https://idx.liadm.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://public.tableau.com https://secure.intelligence-enterprise.com https://secure.leadforensics.com https://static.cloud.coveo.com/ https://ajax.cloudflare.com https://sidley.readz.com https://www.buzzsprout.com https://www.google-analytics.com/ https://www.googletagmanager.com/ http://use.typekit.net/ https://use.typekit.net/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://fast.fonts.net https://fast.fonts.net https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://player.vimeo.com/ https://secure.tent0mown.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://static.cloud.coveo.com/ https://www.buzzsprout.com http://use.typekit.net/ https://use.typekit.net/ http://fast.fonts.net/ https://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.buzzsprout.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' https://secure.harm6stop.com data: filesystem:; font-src 'self' https://fonts.gstatic.com/ http://fast.fonts.net/ https://fast.fonts.net/ http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/ http://api2.fonts.com/ https://api2.fonts.com/; frame-src 'self' https://resources.sidley.com https://public.tableau.com https://app.mapengine.io https://cdn.yoshki.com https://sidley.rev.vbrick.com https://sidley.readz.com https://www.buzzsprout.com http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://share.transistor.fm/ http://share.transistor.fm/ https://soundcloud.com https://w.soundcloud.com/; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/enforce 2 object-src 'none'; base-uri 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com fonts.intercomcdn.com https://*.hotjar.com; frame-ancestors 'self' https://*.hygraph.com; manifest-src 'self'; worker-src 'none'; report-to default; 2 frame-ancestors 'self' yamada-denkiweb.com *.yamada-denkiweb.com yamada-denki.jp *.yamada-denki.jp ymall.jp *.ymall.jp nojima.co.jp *.nojima.co.jp edion.com *.edion.com edion.co.jp *.edion.co.jp biccamera.com *.biccamera.com biccamera.co.jp *.biccamera.co.jp kojima.net *.kojima.net sofmap.com *.sofmap.com sofmap.co.jp *.sofmap.co.jp joshinweb.jp *.joshinweb.jp joshin.co.jp *.joshin.co.jp ksdenki.com *.ksdenki.com ksdenki.co.jp *.ksdenki.co.jp yodobashi.com *.yodobashi.com yodobashi.co.jp *.yodobashi.co.jp xprice.co.jp *.xprice.co.jp cocorostore.jp.sharp st-cocorostore.jp.sharp st.jp.sharp;, frame-ancestors 'self' yamada-denkiweb.com *.yamada-denkiweb.com yamada-denki.jp *.yamada-denki.jp ymall.jp *.ymall.jp nojima.co.jp *.nojima.co.jp edion.com *.edion.com edion.co.jp *.edion.co.jp biccamera.com *.biccamera.com biccamera.co.jp *.biccamera.co.jp kojima.net *.kojima.net sofmap.com *.sofmap.com sofmap.co.jp *.sofmap.co.jp joshinweb.jp *.joshinweb.jp joshin.co.jp *.joshin.co.jp ksdenki.com *.ksdenki.com ksdenki.co.jp *.ksdenki.co.jp yodobashi.com *.yodobashi.com yodobashi.co.jp *.yodobashi.co.jp xprice.co.jp *.xprice.co.jp cocorostore.jp.sharp st-cocorostore.jp.sharp st.jp.sharp; 2 frame-ancestors 'self' https://www.endesaclientes.com https://syndication.teleborsa.it https://accounts-coll.enel.com:9443 https://assets.adobedtm.com http://52.144.89.133 https://enel.taleo.net https://reg.enel.it https://aemproddmz.enel.com https://endesa.cogitodesk.com https://www.energiaxxi.com https://www.endesatarifasluzygas.com https://watlab.es https://*.watlab.es 2 frame-ancestors 'self' http://coder.lookbookhq.com https://coder.lookbookhq.com http://coder.pathfactory.com https://coder.pathfactory.com http://resources.coder.com https://resources.coder.com https://help.coder.com https://coder.zendesk.com 2 frame-ancestors 'self' mein.kabelplus.at mein-test.kabelplus.at newapp.etracker.com 2 frame-ancestors 'self' https://www.twinkmovies.xxx https://www.twinkmovies1cn.com https://www.twinkmovies.pro 2 form-action https:; upgrade-insecure-requests 2 frame-ancestors 'none'; base-uri 'none'; form-action 'self'; block-all-mixed-content 2 object-src 'none'; frame-ancestors 'self'; report-uri https://www.securite-routiere.gouv.fr/report-uri/enforce 2 frame-ancestors 'self' https://sacsbi.z13.web.core.windows.net 2 frame-ancestors 'self', frame-ancestors 'self' 2 default-src 'self'; img-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp *.pluspo.app; media-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net *.tixpo.jp *.pluspo.app; style-src 'self' 'nonce-yiyABNgr0rFv5i+sndZpFTeyWOw=' fonts.googleapis.com cdn.jsdelivr.net *.cloudfront.net *.tixpo.jp *.pluspo.app; style-src-attr 'self' 'nonce-yiyABNgr0rFv5iasndZpFTeyWOw='; script-src 'self' 'nonce-acga38w6Qa0Xoa7JsaBE0xAWWP0=' www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ajax.googleapis.com *.cloudfront.net *.mul-pay.jp *.tixpo.jp *.pluspo.app *.emtg.co.jp; font-src 'self' data: fonts.gstatic.com fonts.googleapi.com *.cloudfront.net *.tixpo.jp *.pluspo.app; form-action 'self' *.mul-pay.jp *.emtg.co.jp; connect-src 'self' www.google-analytics.com analytics.google.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com www.gstatic.com *.pluspo.app cdn.jsdelivr.net; frame-ancestors 'self'; 2 frame-ancestors 'self' https://www.werkhaus.cc; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.vimeo.com https://*.buzzsprout.com https://*.turtl.co https://preview.ppd.com https://www.ppd.com https://cdn.propensity.com https://cdnjs.cloudflare.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://dev.visualwebsiteoptimizer.com https://players.brightcove.net https://script.hotjar.com https://snap.licdn.com https://static.addtoany.com https://static.hotjar.com https://tag.demandbase.com https://vjs.zencdn.net https://ws-assets.zoominfo.com https://*.clarity.ms https://*.googletagmanager.com https://*.google.com https://www.gstatic.com https://*.gstatic.com https://*.doubleclick.net https://*.google-analytics.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsappstatic.net https://*.hubspot.com https://*.hsadspixel.net https://js.zi-scripts.com https://koi-3qnoj7ouly.marketingautomation.services https://www.redditstatic.com https://googleads.g.doubleclick.net blob:; style-src 'self' 'unsafe-inline' https://*.turtl.co https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.redditstatic.com https://www.facebook.com https://yoast.com https://analytics.google.com https://analytics.propensity.com https://analytics.propensity-abm.com https://api.company-target.com wss://ws.hotjar.com https://*.hotjar.io https://*.hotjar.com https://api.hubapi.com https://cookie-cdn.cookiepro.com https://cta-service-cms2.hubspot.com https://dev.visualwebsiteoptimizer.com https://edge.api.brightcove.com https://fastly-signed-us-east-1-prod.brightcovecdn.com https://forms.hsforms.com https://geolocation.onetrust.com https://js.zi-scripts.com https://manifest.prod.boltdns.net https://pixel-config.reddit.com https://px.ads.linkedin.com https://tag-logger.demandbase.com https://ws.zoominfo.com https://segments.company-target.com https://*.clarity.ms https://*.googletagmanager.com https://*.google.com https://google.com https://*.doubleclick.net https://*.google-analytics.com https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://stats.g.doubleclick.net https://www.facebook.com https://*.hsappstatic.net; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com; frame-ancestors 'self'; frame-src 'self' https://*.vimeo.com https://*.buzzsprout.com https://*.visualwebsiteoptimizer.com https://app.hubspot.com https://*.turtl.co https://app-3qnoj7ouly.marketingautomation.services https://forms.hsforms.com https://players.brightcove.net https://s.company-target.com https://static.addtoany.com https://td.doubleclick.net https://*.googletagmanager.com https://*.google.com; img-src 'self' data: https://*.vimeocdn.com https://www.linkedin.com https://*.buzzsprout.com https://*.visualwebsiteoptimizer.com https://*.turtl.co https://www.ppd.com https://*.redditstatic.com https://*.sitescout.com https://www.facebook.com https://secure.gravatar.com https://alb.reddit.com https://cf-images.us-east-1.prod.boltdns.net https://clickserv.sitescout.com https://cookie-cdn.cookiepro.com https://dev.visualwebsiteoptimizer.com https://c.bing.com https://ppd.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://segments.company-target.com https://metrics.brightcove.com https://id.rlcdn.com https://*.hubspot.com https://*.hsforms.com https://*.googletagmanager.com https://*.google.com https://c.clarity.ms; manifest-src 'self'; media-src 'self' blob: data: https://*.brightcovecdn.com https://manifest.prod.boltdns.net https://*.ppd.com; worker-src blob:; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net/npm/js-cookie@3.0.5/dist/js.cookie.min.js https://www.googleoptimize.com/optimize.js https://sf1-eu.readspeaker.com/script/4967/ https://cdn.jsdelivr.net/npm/@duetds/ https://cdn.jsdelivr.net/gh/jackocnr/ https://prod.widgets.burgerprofiel.vlaanderen.be/api/v1/ https://consentcdn.cookiebot.com/consentconfig/ https://consent.cookiebot.com/ https://cdn-eu.readspeaker.com/script/4967/webReader/webReader.js https://www.googletagmanager.com https://cdn.popupsmart.com/bundle.js https://cdn.popupsmart.com/accounts/34422/9661/5/main.js https://cdn.jsdelivr.net/gh/stadgent/ https://www.google.com/pagead/1p-conversion/ https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://www.googleadservices.com/pagead/conversion/ https://script.hotjar.com/ https://www.clarity.ms/tag/ https://www.clarity.ms/s/ https://knrpc.olark.com/nrpc/ https://static.hotjar.com/c/hotjar-1813370.js https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net/npm/@snowplow/ https://projectaanvraag-api.uitdatabank.be https://ajax.googleapis.com/ajax/libs/jquery/ https://script.crazyegg.com/pages/ https://script.crazyegg.com/scripts/ https://js.arcgis.com https://api.olark.com https://scripts.clarity.ms https://cdn.popupsmart.com/accounts/34422/ https://unpkg.com/swiper/swiper-bundle.min.js https://unpkg.com https://cdn3.devexpress.com/jslib/ https://widget.onlineafspraken.nl/consumer/booking/book/ https://static.olark.com/ https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js; object-src 'self' ; style-src 'self' 'unsafe-inline' https://sf1-eu.readspeaker.com/script/4967/ReadSpeaker.Styles.css https://cdn.jsdelivr.net/npm/@duetds/ https://cdn.jsdelivr.net/gh/NigelOToole/ https://cdn.jsdelivr.net/gh/jackocnr/ https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://cdn.popupsmart.com/accounts/34422/9661/5/main.css https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://cdn.jsdelivr.net/gh/stadgent/ https://projectaanvraag-api.uitdatabank.be/widgets/layout/ https://unpkg.com/swiper/swiper-bundle.min.css https://js.arcgis.com/4.30/esri/themes/light/main.css https://cdn3.devexpress.com/jslib/ https://static.olark.com/ https://widget.onlineafspraken.nl/assets/ https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css; img-src 'self' data: https://sf1-eu.readspeaker.com/script/4967/img/ https://i.ytimg.com/vi_webp/ https://geo.gent.be/geoserver/ https://imgsct.cookiebot.com/1.gif https://cdn.popupsmart.com/assets/ https://cdn.popupsmart.com/campaign_images/ https://cdn.popupsmart.com/uploaded/ https://cdn.jsdelivr.net/gh/stadgent/ https://www.googletagmanager.com/td https://c.clarity.ms/c.gif https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googletagmanager.com/a https://www.google-analytics.com/collect https://translate.google.com/gen204 https://log.olark.com/jslog/log.png https://images.uitdatabank.be https://projectaanvraag-api.uitdatabank.be/assets/images/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.google.com/pagead/1p-conversion/ http://geo.gent.be/geoserver/wms https://data.stad.gent https://media.uitdatabank.be https://c.bing.com/c.gif https://images-prod-uitdatabank.imgix.net https://udb2-media.imgix.net/static/ https://communicatie-digitaal.gent.be https://studieplekken.ugent.be/assets/ https://img.transistor.fm https://apidg.gent.be https://www.dov.vlaanderen.be/geoserver/ https://www.dov.vlaanderen.be/geoserver/wms https://geo.api.vlaanderen.be https://wms.ngi.be/inspire/ortho/service https://tile.openstreetmap.org; media-src 'self' https://app-eu.readspeaker.com/enterprise/iframeproxy.php https://rstts-eu.readspeaker.com/cgi-bin/rspeak/ https://static.olark.com/jsclient/sounds/olark-chimes.ogg; frame-src 'self' https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://www.youtube-nocookie.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://data.stad.gent https://w.soundcloud.com https://stonly.com https://www.fietsrouteplanner.org https://static.olark.com/ https://share.transistor.fm https://forms.office.com https://open.spotify.com https://gent.maps.arcgis.com https://360-tour.be https://www.360-tour.be https://app.powerbi.com https://player.vimeo.com; child-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com/s/ https://cdn.jsdelivr.net/gh/stadgent/ https://projectaanvraag-api.uitdatabank.be/assets/webfonts/ https://ui.vlaanderen.be/2.latest/fonts/ https://static.olark.com https://js.arcgis.com/4.30/esri/ https://cdn3.devexpress.com/jslib/ https://widget.onlineafspraken.nl/themes/a2sp/css/fonts/; connect-src 'self' https://openingsuren.gent.be/api/v1/ https://consentcdn.cookiebot.com/consentconfig/ https://region1.google-analytics.com/ https://handler-api.popupsmart.com https://cdn.popupsmart.com/accounts/34422/ https://data.stad.gent/api/records/1.0/search/ https://prod.widgets.burgerprofiel.vlaanderen.be/api/v1/ https://app-eu.readspeaker.com/cgi-bin/rsent https://www.google-analytics.com https://cdn-eu.readspeaker.com/script/4967/webReader/r/ https://rstts-eu.readspeaker.com/cgi-bin/rspeak/ https://extragis.gent.be/restproxygl/GLRestFacade2.svc/ https://vc.hotjar.io/sessions/1813370 https://www.google.com https://*.clarity.ms/collect https://knrpc.olark.com/nrpc/ https://sneeuwploeg.uitdatabank.be/publiq/t https://www.burgerprofiel.be https://script.crazyegg.com/pages/ https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://geo.gent.be/geoserver/ https://assets-tracking.crazyegg.com/healthcheck https://services2.arcgis.com https://static.arcgis.com/fonts/ https://www.arcgis.com https://geo.api.vlaanderen.be https://apidg.gent.be https://metrics.hotjar.io https://data.stad.gent wss://ws.hotjar.com/api https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.googletagmanager.com/gtag/js https://unpkg.com/swiper/swiper-bundle.min.js.map https://cdn.jsdelivr.net/npm/@snowplow/ https://js.arcgis.com/4.30/esri/ https://cdn.jsdelivr.net/gh/stadgent/ https://static.olark.com/ https://code.jquery.com https://widget.onlineafspraken.nl https://content.hotjar.io wss://ws.hotjar.com/api/v2/ https://www.dov.vlaanderen.be/geoserver/; report-uri /report-csp-violation; upgrade-insecure-requests 2 font-src 'self' data: https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://icon.widen.net *.prod.acquia-sites.com https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.facebook.com https://ade.googlesyndication.com https://*.widencdn.net https://www.iconplc.com https://metrics.brightcove.com https://www.google-analytics.com https://*.boltdns.net https://www.googletagmanager.com https://tracking.monsido.com https://hostedseal.trustarc.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com apis.google.com js-agent.newrelic.com https://cdn.cookielaw.org gtm.js www.tagassistant.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://pi.pardot.com js-agent.newrelic.com https://www.google-analytics.com www.google.com apis.google.com https://connect.facebook.net https://cdn.cookielaw.org https://www2.iconplc.com https://players.brightcove.net https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://s.go-mpulse.net https://app-script.monsido.com/v2/monsido-script.js https://heatmaps.monsido.com/v1/heatmaps.js https://www.gstatic.com https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://googleads.g.doubleclick.net; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://players.brightcove.net https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fast.fonts.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://players.brightcove.net https://unpkg.com; worker-src 'self' blob:; frame-ancestors 'self' 2 default-src 'self' https: wss:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: blob: data:; media-src 'self' https: blob: data:; font-src 'self' https:; frame-src 'self' https:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; 2 default-src 'self' https://bsubwm.meblobranie.pl https://bsubwm.furnivo.ro https://bsubwm.furnivo.cz https://static.meblobranie.pl https://analityka.meblobranie.pl https://google.com https://bat.bing.net https://*.bing.com https://*.clarity.ms *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://tagmanager.google.com https://fonts.gstatic.com https://fonts.googleapis.com *.google.com https://www.google.pl https://www.google-analytics.com https://www.facebook.com *.doubleclick.net https://www.youtube.com https://cdn.ampproject.org *.hotjar.com *.hotjar.io wss://ws5.hotjar.com wss://*.hotjar.com *.opineo.pl https://consent.cookie-script.com https://cdn.cookie-script.com https://cz.im9.cz https://*.trustedshops.com https://*.freshchat.com https://src.fwusercontent.com https://*.livechatinc.com https://*.user.com wss://*.user.com https://api.luigisbox.com https://live.luigisbox.com https://app.luigisbox.com https://linter.luigisbox.com https://pagead2.googlesyndication.com https://bam.eu01.nr-data.net https://data.debugbear.com https://static.compari.ro https://chat.askspot.io; style-src 'self' https://fonts.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com https://*.freshchat.com https://cdn.luigisbox.com https://static.compari.ro 'unsafe-inline'; img-src data: https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bsubwm.meblobranie.pl https://bsubwm.furnivo.ro https://bsubwm.furnivo.cz https://analityka.meblobranie.pl https://*.bing.com https://*.clarity.ms https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.optimize.google.com https://www.googleoptimize.com https://apis.google.com *.doubleclick.net https://www.google-analytics.com https://www.google.pl https://www.googleadservices.com https://connect.facebook.net https://www.facebook.com *.hotjar.com https://pixel.wp.pl https://cdn.ampproject.org https://ssl.ceneo.pl https://www.wiarygodneopinie.pl https://www.google.com https://c.imedia.cz https://c.seznam.cz https://cdn.cookie-script.com https://cz.im9.cz https://*.trustedshops.com https://feedback.trusted.ro https://fw-cdn.com https://*.freshchat.com https://*.livechatinc.com https://*.user.com wss://*.user.com https://chat.askspot.io https://scripts.luigisbox.com https://cdn.luigisbox.com https://assets.arukereso.com https://js-agent.newrelic.com https://cdn.debugbear.com https://static.compari.ro 2 child-src 'self' *.optimizely.com *.eu.qualtrics.com *.legalandgeneral.com *.everesttech.net *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.g.doubleclick.net *.brighttalk.com *.theidoluat.com *.theidolprod.com *.landginvestments.com *.videomarketingplatform.co www.youtube-nocookie.com storagelandgv2prod.blob.core.windows.net landgmya.ctc.uk.com view.ceros.com apps.euw2.pure.cloud flo.uri.sh nr1.s3.amazonaws.com embeds.audioboom.com www.google.com aax-eu.amazon-adsystem.com 11594483.fls.doubleclick.net 4918313.fls.doubleclick.net 5z4kxmbpt3zylymtu.helpcenter.uwassist.com 6165515.fls.doubleclick.net 7rm60022.ibosscloud.com 9797771.fls.doubleclick.net 9797771.fls.doubleclick.net.x.aec9d37d03ffa0431a09ca80b9876705d3c8.d045239c.id.opendns.com 9797771.fls.doubleclick.net.x.f523c93f0a69604355083bc0a81abbf27ed1.d045239c.id.opendns.com accounts.google.com acestream.me api.nakarta.com auth.filteredinternet.co.uk auth.iws-hybrid.trendmicro.com az416426.vo.msecnd.net blipznchitzcom-a.akamaihd.net blob: bot.ebilobster.ai block.opendns.com butoembed.twentythree.net candysodapopcom-a.akamaihd.net cdncache-a.akamaihd.net checkpoint.tpt.org cn-1998263966-7vnsr30171.ibosscloud.com cn-1998264190-7vnsr30028.ibosscloud.com cn-1998264264-7vnsr40033.ibosscloud.com compare.defaqto.com connect.facebook.net crushclanscom-a.akamaihd.net data: edge.addthis.com embed.buto.tv embed.wirewax.com ernie.midlothian.gov.uk:15871 filter.techloq.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net go.skimresources.com grpfpgw01.group.local:15871 hdapp1008-a.akamaihd.net hhwssac.healthcareath.local images-static.trustpilot.com landg.nanorep.co lgim.turtl.co lifesearch.co.uk localhost:6543 login.microsoftonline.com login.zscalertwo.net login.zscloud.net mail.google.com mh-bir-mgmt101 mozbar.moz.com notify.bluecoat.com o.yieldsquare.com oakfppr01 omny.fm pa.eshapay.net player.videosmart.com pp.ephapay.net pp.eshapay.net pwm-image.trendmicro.com reassured-ltd-dev.onelogin.com rm40954.ibosscloud.com rm40962.ibosscloud.com rm40966.ibosscloud.com rm40977.ibosscloud.com rocket.theregisschool.co.uk s7.addthis.com saml.threatpulse.net:8443 schools-blocked.s3-website-us-east-1.amazonaws.com secure.mycouponizemac.com secure.myshopcouponmac.com secure.optibuymac.com secure5.arcot.com service.securesrv12.com skytraf.xyz sophosxg.equinox.co.uk:8090 sts.global.tesco.org sts.morrisonus.com sts.royalmailgroup.net subwayclanscom-a.akamaihd.net tool-bcg.bwe.io useast2-www.securly.com usercheck.themovefactory.com uwf.demo.upstreamworks.com uwfbankm.demo.upstreamworks.com webui.dashlane.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.calculateyourchances.com www.facebook.com www.houzz.com www.open.edu www.podbean.com www.youtube.com www.youtube.com.x.6449e3e00100204968084550e30d871835ad.d045227c.id.opendns.com www.youtube.com.x.7bfd31dc044f3047e60a8db015534ad35762.d045227d.id.opendns.com yournews-legalandgeneral.com zswpmanager.wip.mmc.com www.everestjs.net lgima.filepoint.live embeds.audioboom.com player.vimeo.com; connect-src 'self' *.optimizely.com *.dynatrace.com *.lgnet.co.uk *.infinity-tracking.com *.infinity-tracking.net *.bold360usercontent.com *.console.glassboxsaas.com *.report.gbss.io *.tealiumiq.com *.sgwidget.com *.recipelondon.co.uk *.crownpeak.net *.nanorep.com *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.everesttech.net *.legalandgeneral.com *.sessioncam.com *.g.doubleclick.net *.googleapis.com *.tt.omtrdc.net edge.adobedc.net wss://webmessaging.euw2.pure.cloud pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com api.euw2.pure.cloud api.shelf-eu.com api-cdn.euw2.pure.cloud brochure-tool.huguenots.co.uk widgets-lgim.huguenots.co.uk incomestandards-api-prod.azurewebsites.net yournews-legalandgeneral.com 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org ad.doubleclick.net ads34.adlane.info adservice.google.com am-uk.sophus3.com api.addressy.com api.ip6.org.il api.pokuponik.net api.trongrid.io api.tronstack.io b.1p1eqpotato.com backoffice.abaka.me base3-sv.tribal-enjoy.com bat.bing.com bf21791iym.bf.dynatrace.com blob: block.opendns.com bot.ebilobster.ai catds.net cdn.aframe.io cdncache-a.akamaihd.net cdnjs.cloudflare.com cdn-ukwest.onetrust.com clipsold.com code.jquery.com customer.iad-03.braze.com dasfelynsaterr.webcam data: dc.services.visualstudio.com dpdb.webvr.rocks eu-ec.walkme.com floatingplayer.com gateway.zscloud.net gb.api4load.net gjtrack.ucweb.com hm.baidu.com ka-f.fontawesome.com labs.observepoint.com lawiersenadrey.webcam legalandgeneral.report-uri.com localhost:3000 luxins.net m.addthis.com m65.prod2016.com mcid-0ac271e4-b1ad-4312-a8f4-776fbc9c2cd7.ep-mimecast.doubleclick.net mcid-f5ea55f2-57aa-4c38-8e4d-d04af422d7f4.ep-mimecast.doubleclick.net metriq.xyz new229.com njs.wigoal.com performance.observepoint.com plugin.ucads.ucweb.com privacyportal-uk.onetrust.com qfafcffge3.execute-api.eu-west-2.amazonaws.com s.yimg.com s3-eu-west-1.amazonaws.com s7.addthis.com sample-api-v2.crazyegg.com savingsslider-a.akamaihd.net siteintercept.qualtrics.com steganos-api.ciuvo.com subwayblaze.com subwayclanscom-a.akamaihd.net subwaysmash.com sun.tronex.io surfly.com t.co t.skimresources.com usemarketings.com uwf.demo.upstreamworks.com widget.trustpilot.com ws://localhost:22174 wss://gc.kis.v2.scr.kaspersky-labs.com wss://websocket-eu.bold360.com www.bing.com www.cgtforms.com www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com you.caresourcer.com landg.nanorep.co api.ebiai.app messenger.ebiai.app; default-src 'unsafe-inline' 'self' *.netlify.app *.recipelondon.co.uk *.eu.qualtrics.com *.boldchat.com *.g.doubleclick.net *.google-analytics.com *.brighttalk.com *.everesttech.net *.googleapis.com *.landg.com *.legalandgeneral.com *.lgim.com *.sessioncam.com *.tt.omtrdc.net cdn.jsdelivr.net 4918313.fls.doubleclick.net 6165515.fls.doubleclick.net 9797771.fls.doubleclick.net aa.agkn.com aax-eu.amazon-adsystem.com abp.smartadcheck.de ad.doubleclick.net ad.sxp.smartclip.net ads.avct.cloud ads.avocet.io ads.stickyadstv.com adservice.google.co.uk adservice.google.com am-uk.sophus3.com analytics.twitter.com api.addressy.com app-static.turtl.co assets.adobedtm.com assets.quadpay.com assets.turtl.co at.alicdn.com autroliner.com az416426.vo.msecnd.net backoffice.abaka.me bat.bing.com beacon.krxd.net blinkjork.com blob: block.opendns.com bot.abaka.me bot.ebilobster.ai boxclone.com bppmdmxgsg.execute-api.eu-west-1.amazonaws.com brigstoneapp.com butoembed.twentythree.net cdn.botframework.com cdn.faceworks.nl cdn.honey.io cdn.mark.reevoo.com cdn.megabonus.com cdn.scite.ai cdnjs.cloudflare.com cdn-ukwest.onetrust.com ce.lijit.com cgtforms.com chrome-extension cilkonlay.com cm.adform.net cm3.adform.net code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com compare.defaqto.com connect.facebook.net cs.adingo.jp customer.iad-03.braze.com cx.atdmt.com d.agkn.com d2oh4tlt9mrke9.cloudfront.net d3c3cq33003psk.cloudfront.net data: dc.services.visualstudio.com *.episerver.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com embed.buto.tv embed.caresourcer.com eu-u.openx.net fonts.gstatic.com fra1.qualtrics.com fuhupo.lohuwomenu.com g.microsoft.com gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com github.com gohimu.kawebezija.com goldapps.org gsa://onpageload https://*.demdex.net hublosk.com i.liadm.com i6.liadm.com ib.adnxs.com ice.360yield.com icelandsue.com id5-sync.com idsync.reson8.com idsync.rlcdn.com ih.adscale.de images-static.trustpilot.com img.youtube.com jp-u.openx.net jullyambery.net ka-f.fontawesome.com kellysford.com killssource.com kit.fontawesome.com kit-free.fontawesome.com lagrtest.112.2o7.net landg.nanorep.co lgim.turtl.co loadm.exelator.com loadus.exelator.com localhost:3000 login.microsoftonline.com login.zscloud.net m.addthis.com mark.reevoo.com match.adsrvr.org mawisa.botateyime.com maxcdn.bootstrapcdn.com metrics.responsetap.com mikkiload.com mp.4dex.io mwzeom.zeotap.com nickletto.com noop.style nr1.s3.amazonaws.com nr-customers.s3.amazonaws.com null omny.fm onetag-sys.com p.adsymptotic.com p.typekit.net pi.pardot.com pippio.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.tapad.com player.videosmart.com polinaryapp.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com pp.ephapay.net privacyportal-uk.onetrust.com pwm-image.trendmicro.com px.ads.linkedin.com px4.ads.linkedin.com qfafcffge3.execute-api.eu-west-2.amazonaws.com rtb.gumgum.com rtb.vidoomy.com rtb-csync.smartadserver.com s.ad.smaato.net s.btstatic.com s.yimg.com s3.amazonaws.com s3.eu-west-2.amazonaws.com s7.addthis.com scripts.sophus3.com secure.adnxs.com simage2.pubmatic.com singlactive.com siteintercept.qualtrics.com snap.licdn.com sp.analytics.yahoo.com stags.bluekai.com static.ads-twitter.com static2.sharepointonline.com static3.avast.com static-ssl.responsetap.com su.addthis.com sync.admanmedia.com sync.crwdcntrl.net sync.go.sonobi.com sync.lemmatechnologies.com sync.mathtag.com sync.search.spotxchange.com sync-eu.connectad.io t.co t.visx.net themes.googleusercontent.com thrtle.com trableflick.com track.adform.net track.omguk.com tracksmall.com translate.googleapis.com typesample.com uip.semasio.net uipglob.semasio.net unpkg.com ups.analytics.yahoo.com use.fontawesome.com use.typekit.net us-u.openx.net v1.addthisedge.com webfonts.zohostatic.com websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk wss://websocket-eu.bold360.com www.atdmt.com www.calculateyourchances.com www.caresourcer.com www.ciuvo.com www.clearplay.com www.everestjs.net www.facebook.com www.google.co.uk www.google.com www.googleadservices.com www.googletagmanager.com www.linkedin.com www.miaprova.com www.nectar.com www.podbean.com www.slant.co www.topcashback.co.uk www.typesample.com www.youtube.com x.bidswitch.net you.caresourcer.com z.moatads.com; form-action 'self' *.lgim.com *.crownpeak.com *.eu.qualtrics.com bpb.opendns.com connect.facebook.net connect.secure.wellsfargo.com data: identity.landg.com landg.nanorep.co livechat-eu.boldchat.com myaccount.landg.com nr1.s3.amazonaws.com retirements.landg.com sitesearch.legalandgeneral.com sitesearch.legalandgeneral.com.x.0c40fd7205db604fad082c00c03b6e6091fa.d045227c.id.opendns.com sitesearch.legalandgeneral.com.x.3b196ca9077b9049240bee2042ebfaa06335.d045227d.id.opendns.com watermelonsurveys.com www.facebook.com www10.landg.com; frame-ancestors 'self' *.legalandgeneral.com *.legalandgeneralre.com *.lgima.com *.longevitypanel.co.uk *.landg.com *.lgim.com; img-src 'self' data: https: blob:; manifest-src 'self'; media-src 'self' data: https:; object-src data: 'self' 'unsafe-inline' *.brighttalk.com yournews-legalandgeneral.com; script-src *.optimizely.com *.lgim.netlify.huguenots.co.uk *.infinity-tracking.com *.infinity-tracking.net *.boldchat.com *.brighttalk.com *.crownpeak.com *.ep-mimecast.googleadservices.com *.everesttech.net *.google-analytics.com *.googleapis.com *.gstatic.com *.id.opendns.com *.legalandgeneral.com *.landg.com *.lgim.com *.qualtrics.com *.recipelondon.co.uk *.sessioncam.com *.sgwidget.com *.tt.omtrdc.net *.tealiumiq.com *.gbqofs.com *.landginvestments.com www.redditstatic.com cdn.jsdelivr.net view.ceros.com apps.euw2.pure.cloud public.flourish.studio am-uk.sophus3.com analytics.twitter.com assets.adobedtm.com az416426.vo.msecnd.net bat.bing.com bot.ebilobster.ai blob: cdnjs.cloudflare.com cdn-ukwest.onetrust.com cgtforms.com code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com connect.facebook.net cookie-cdn.cookiepro.com d2oh4tlt9mrke9.cloudfront.net d32rf3z04esc6j.cloudfront.net d3c3cq33003psk.cloudfront.net data: *.episerver.net embed.caresourcer.com g.microsoft.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net googleads.g.doubleclick.net googletagmanager.com js.buto.tv js-cdn.dynatrace.com landg.nanorep.co login.zscloud.net mark.reevoo.com mcid-019e7840-618c-457e-a849-9a30ac859267.ep-mimecast.facebook.net mcid-121966df-4958-44b7-bdb2-eaf7495aa328.ep-mimecast.licdn.com mcid-16e9e470-bffa-4bda-ac78-44195b66767b.ep-mimecast.ads-twitter.com mcid-1976a623-6682-4713-baed-2c6f37db1ab5.ep-mimecast.omguk.com mcid-26d71e74-3d79-4f8c-8971-257a1b849987.ep-mimecast.yahoo.com mcid-28deceea-6370-4ebc-9148-13911797af60.ep-mimecast.yahoo.com mcid-29a6bb62-bc5a-498b-a38b-593223170ed2.ep-mimecast.facebook.net mcid-36c18f8a-e64f-4fc4-86db-140aceed9c8e.ep-mimecast.twitter.com mcid-553b692d-9067-4272-b990-8ea8cc32f877.ep-mimecast.facebook.net mcid-5cc076b2-622e-4661-9626-a5754ea24680.ep-mimecast.ads-twitter.com mcid-5f164421-199b-4745-9fa1-4e4e205e682d.ep-mimecast.yahoo.com mcid-6477d951-4ea1-49ca-98c3-9f252dbc1833.ep-mimecast.licdn.com mcid-679f2ff6-ecf8-4f58-bfca-1dc501b19238.ep-mimecast.omguk.com mcid-69d81405-2fd9-49ed-befb-becf1583331a.ep-mimecast.yahoo.com mcid-731b479d-c90c-4b45-8cdc-f81ed387b7c6.ep-mimecast.facebook.net mcid-7d5144a5-b5c0-477f-a08c-22e687a39e2e.ep-mimecast.twitter.com mcid-8722c1df-d8fc-4d3e-8fbf-16314344b30c.ep-mimecast.licdn.com mcid-8a5dc1e3-8fe7-44f8-85cc-223f23be4a84.ep-mimecast.yahoo.com mcid-8ea90f5e-acce-4c10-ab7e-34a2e1e1a149.ep-mimecast.yahoo.com mcid-9892198a-748e-4255-9dff-5d0c822dc6d3.ep-mimecast.ads-twitter.com mcid-99c84166-89d1-4d15-9f9b-d2d7892e25bd.ep-mimecast.licdn.com mcid-9e39af0e-6e5b-42f2-aa14-41109590b4c2.ep-mimecast.licdn.com mcid-a3a8355f-f1c9-4420-9d75-0277324af800.ep-mimecast.ads-twitter.com mcid-c5f55808-ef87-448e-b4fe-67485b672ba4.ep-mimecast.yahoo.com mcid-d5aed1ce-58dc-4759-9b4b-82850797592e.ep-mimecast.facebook.net mcid-dbae6fe0-9ce4-4603-ba5c-d48ffd6196bf.ep-mimecast.yahoo.com mcid-e435a0c4-c921-433d-9d1a-5e48e73655d8.ep-mimecast.facebook.net mcid-ed66c754-edc3-4d70-972b-b3acd565858e.ep-mimecast.licdn.com mcid-f0018d13-1521-4461-8af1-96e3dc39d741.ep-mimecast.licdn.com mcid-f59a4106-e508-4f24-925d-3d8fca127f59.ep-mimecast.twitter.com metrics.responsetap.com mobile.twitter.com pi.pardot.com player.videosmart.com s.btstatic.com s.yimg.com scripts.sophus3.com 'self' snap.licdn.com sp.analytics.yahoo.com static.ads-twitter.com static-ssl.responsetap.com tags.tiqcdn.com track.omguk.com translate.google.com twitter.com ucads-cdn.ucweb.com 'unsafe-eval' 'unsafe-inline' websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.everestjs.net www.google.co.uk www.google.com www.google.com.au www.googleadservices.com www.googleadservices.com.x.c27180fd0f15504886087fb0e004caf0c09f.9270fc42.id.opendns.com www.googletagmanager.com www.youtube.com yournews-legalandgeneral.com *.lgima.com api.ebiai.app messenger.ebiai.app d2hkbi3gan6yg6.cloudfront.net 2 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com 2 frame-ancestors *.mewatch.sg *.8world.com *.channelnewsasia.com *.mediacorp.sg *.melisten.sg *.teams.microsoft.com *.todayonline.com home.mediacorp.grp mediacorpteams.sharepoint.com teams.microsoft.com 2 script-src 'self' https://2checkout.com http://* https://* 'unsafe-inline' 'report-sample' disqus.com c.disquscdn.com platform.instagram.com cdnjs.cloudflare.com z.moatads.com tpcf.feedify.net cdn.feedify.net feedify.net www.google.com/ www.gstatic.com/ call.chatra.io code.jquery.com cdn.amcharts.com code.highcharts.com kenwheeler.github.io cdn.jsdelivr.net a.disquscdn.com go.disqus.com platform.twitter.com cdn.syndication.twimg.com gist.github.com/ScottHelme/ static.cloudflareinsights.com js.stripe.com https://unpkg.com/@tryghost/; style-src 'self' 'unsafe-inline' 'report-sample' c.disquscdn.com a.disquscdn.com fonts.googleapis.com cdnjs.cloudflare.com cdn.feedify.net feedify.net kenwheeler.github.io platform.twitter.com assets-cdn.github.com github.githubassets.com; img-src 'self' data: www.gravatar.com cdn.feedify.net feedify.net links.services.disqus.com referrer.disqus.com a.disquscdn.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com abs.twimg.com www.google-analytics.com stripe.com/ 2checkout.com/; frame-ancestors 'none'; report-uri https://cdn.feedify.net.report-uri.com/r/d/csp/enforce; report-to default 2 default-src 'self' https://*.wistia.com https://*.wistia.net; connect-src * data: https: https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://app.storylane.io; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io https://app.storylane.io data: https:; img-src * 'self' data: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://app.storylane.io; media-src * 'self' data: blob: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://app.storylane.io; style-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://fast.wistia.com https://app.storylane.io;font-src * data: https:; frame-src * data: https: https://fast.wistia.com https://fast.wistia.net https://app.storylane.io; child-src blob:; worker-src 'self' blob:; frame-ancestors 'self' https://*.wistia.com https://*.wistia.net https://src.litix.io https://app.storylane.io; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai https://assets-eu-01.kc-usercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://*.googleapis.com https://*.google.com https://*.vimeo.com https://*.facebook.net https://*.siteimprove.com https://*.siteimprove.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://siag.form.cloud https://fonts.gstatic.com https://cdn.knightlab.com https://siagsap4pab.prod.apimanagement.eu20.hana.ondemand.com https://api.demo-integrations.services.siag.it https://api-integrations.services.siag.it https://api.integrations.services.siag.it https://sis.prod.apimanagement.eu20.hana.ondemand.com https://redas.services.siag.it https://civis.bz.it https://static.provinz.bz.it https://www.openstreetmap.org https://*.iubenda.com; base-uri 'self'; frame-ancestors 'self' https://*.kontent.ai/; 2 child-src blob: mc.yandex.ru; connect-src 'self' ekapusta.ru potato-app.ekapusta.ru tracker.ekapusta.com *.google-analytics.com *.analytics.google.com mc.yandex.ru mc.yandex.com top-fwz1.mail.ru www.facebook.com stats.g.doubleclick.net pixel.scoring.ru *.appsflyer.com *.ekapusta.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ru *.ekapusta.com; default-src 'self'; font-src 'self' *.gstatic.com cdnjs.cloudflare.com; frame-ancestors 'self' blob: https://metrika.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; frame-src 'self' www.googletagmanager.com mc.yandex.ru mc.yandex.com reformal.ru *.facebook.com https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://cards.ekapusta.ru https://vk.com https://login.vk.com; img-src 'self' blob: data: mc.yandex.ru mc.yandex.com vk.com www.facebook.com *.google-analytics.com *.google.com potato-app.ekapusta.ru *.zdusercontent.com ekapusta.zendesk.com storage.ekapusta.com top-fwz1.mail.ru login.vk.com *.google.com *.google.ru *.doubleclick.net counter.yadro.ru www.googleadservices.com www.googletagmanager.com *.googlesyndication.com x01.aidata.io *.skype.com *.battle.net *.steampowered.com *.clouddrive.com *.paypal.com *.youtube.com *.live.com *.drom.ru hh.ru *.hh.ru *.dnevnik.ru *.selcdn.ru *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net zendesk.ekapusta.com *.ekapusta.com *.ekapusta.ru pixel.scoring.ru; report-uri https://report-uri.ekapusta.com; script-src 'self' 'unsafe-inline' *.google-analytics.com www.googleadservices.com mc.yandex.ru mc.yandex.com connect.facebook.net top-fwz1.mail.ru kladr-api.com *.doubleclick.net *.gstatic.com www.googletagmanager.com websdk.appsflyer.com *.googletagmanager.com https://yastatic.net; style-src 'self' 'unsafe-inline' www.gstatic.com cdnjs.cloudflare.com; worker-src 'self' blob:; 2 default-src 'unsafe-inline' 'unsafe-eval' https: data: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 2 frame-ancestors *; default-src 'self'; frame-src 'self' unicaja.webfg.com unicaja-uat.webfg.com www.liberbank.es www.tarjetaplaystation.com univia.unicaja.es univiapru.unicaja.es hola.unicajabanco.es *.doubleclick.net 8020496.fls.doubleclick.net 8499384.fls.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net pagead2.googlesyndication.com region1.analytics.google.com adservice.google.com www.google.es www.youtube.com www.google.com asp.quefondos.com unicajabanco-backend.flumotion.com player.vimeo.com www.facebook.com connect.facebook.net *.teads.tv track.adform.net vars.hotjar.com optimize.google.com *.weborama.fr *.qualtrics.com data.unicajabanco.es *.tiktok.com analytics-ipv6.tiktokw.us *.afi.es *.outbrain.com sdk.tradedoubler.com; media-src *; img-src 'self' *.contentsquare.net *.qualtrics.com data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com www.gstatic.com *.doubleclick.net 8020496.fls.doubleclick.net 8499384.fls.doubleclick.net www.unicajabanco.es www.youtube.com www.google.com www.google-analytics.com maps.googleapis.com www.facebook.com connect.facebook.net *.teads.tv googleads.g.doubleclick.net stats.g.doubleclick.net pagead2.googlesyndication.com region1.analytics.google.com adservice.google.com www.google.es www.googleadservices.com www.unicajabanco.com unicaja-prod.adobecqms.net chat.kommunicate.io *.adform.net *.googletagmanager.com cdnjs.cloudflare.com widget.kommunicate.io www.unicajabanco.es.seg.js www.unicajabanco.com.seg.js cdn.kommunicate.io cdn.applozic.com cdn.cookielaw.org uimarketpro.com asp.quefondos.com storage.googleapis.com static.hotjar.com script.hotjar.com www.googleoptimize.com optimize.google.com tagmanager.google.com hercial-thurch.com t.contentsquare.net app.contentsquare.com *.weborama.fr *.visualwebsiteoptimizer.com *.qualtrics.com data.unicajabanco.es *.tiktok.com analytics-ipv6.tiktokw.us *.afi.es *.outbrain.com sdk.tradedoubler.com; child-src blob:; worker-src blob:; style-src * 'unsafe-inline'; font-src *; connect-src 'self' *.contentsquare.net *.qualtrics.com blob: data: * 2 default-src *; script-src * 'unsafe-inline' blob:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-ancestors 'self'; connect-src * blob:; report-uri /report-csp-violation 2 script-src 'self' 'unsafe-inline' *.cookiebot.com *.hacon.de 2 default-src 'self' *.readspeaker.com data: https://zer-poc.bzst.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; base-uri 'self'; connect-src 'self' *.pstmn.io https://zer-poc.bzst.de *.readspeaker.com *.itzbund.de https://formularbot-viola.bzst.de wss://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net wss://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net wss://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de wss://formularbot-fms.bzst.de https://api.evatr.vies.bzst.de; style-src 'self' 'unsafe-inline' https://zer-poc.bzst.de *.readspeaker.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; script-src 'self' 'unsafe-eval' https://zer-poc.bzst.de *.google.com piwik.itzbund.de *.readspeaker.com https://formularbot-viola.bzst.de https://bzst.lucom.com https://idnr-formular.bzst.bot-itzbund.de https://formularbot-fms.bzst.de https://formularbot-viola.bzst.de https://viola-bzst-fms.azr.juacvoe.net https://viola-bzst.azr.juacvoe.net https://viola.bundesbots.de 'sha256-fvt1zDnRVAuASIt4MdBmzTSLXs4mdTCa5fg9wNopnC0=' 'sha256-B9AMHvfU16Nc6sndzogCV/VH/SXmKESowGb6dBud/RA=';object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' *.bzst.de multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; frame-src *.readspeaker.com https://formularbot-viola.bzst.de https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst.azr.juacvoe.net https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de https://bzst.lucom.com https://formularbot-viola.bzst.de https://viola-bzst.azr.juacvoe.net https://idnr-formular.bzst.bot-itzbund.de https://viola-bzst-fms.azr.juacvoe.net https://formularbot-fms.bzst.de; upgrade-insecure-requests; frame-ancestors 'self' *.preview.bzst.intranet.bund.de; 2 default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' mailto: tel: https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://www.googletagmanager.com https://profir.it.infrontfinance.com *.apnic.net www.formations-irisbus-iveco.com https://insight.adsrvr.org https://rdap.registro.br https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com https://welcome-c.iveco.com https://welcome.iveco.com https://rdap.lacnic.net https://13750033.fls.doubleclick.net *.fls.doubleclick.net *.doubleclick.net https://iveco.com.br https://maps.google.com https://c.contentsquare.net https://t.contentsquare.net https://cnhidcx.fra1.qualtrics.com https://www.facebook.com https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com https://cpqr.ivecogroup.com https://cpqr.iveco.com https://open.spotify.com https://iveco.ubiest.com https://tools.eurolandir.com https://vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.stockexpert.it https://stockexpert.it https://www.google.com https://servizi2.message-asp.com;img-src 'self' 'unsafe-inline' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://fonts.gstatic.com https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://welcome-c.iveco.com https://welcome.iveco.com https://cpqr-cert.iveco.com https://cpqr.iveco.com blob: https://purecatamphetamine.github.io *.contentsquare.net https://cpqr-cert.ivecogroup.com *.clarity.ms https://www.clarity.ms https://www.google.pl https://ad.doubleclick.net *.contentsquare.net https://l.contentsquare.net https://c.contentsquare.net https://maps.gstatic.com https://siteintercept.qualtrics.com https://maps.googleapis.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.google.it https://px4.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://fra1.qualtrics.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://tmpprod-eucompwaf010.azureedge.net data:;style-src 'self' 'unsafe-inline' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://www.googletagmanager.com https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' data: https://privacyportal-eu-cdn.onetrust.com https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src-elem 'self' 'unsafe-inline' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://www.googletagmanager.com https://profir.it.infrontfinance.com *.apnic.net www.formations-irisbus-iveco.com https://js.adsrvr.org https://www.clarity.ms https://s.go-mpulse.net https://www.googleadservices.com https://client.rum.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://c.contentsquare.net https://app.contentsquare.com https://t.contentsquare.net https://maps.googleapis.com https://snap.licdn.com https://connect.facebook.net https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com https://cpqr.iveco.com https://cpqr.ivecogroup.com https://player.vimeo.com https://zn4pjepjt86sqmlks-fptindustrial.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://privacyportal-eu-cdn.onetrust.com https://zn4pjepjt86sqmlks-fptindustrial.siteintercept.qualtrics.com https://vimeo.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://geolocation.onetrust.com https://www.googletagmanager.com https://static.site24x7rum.eu;connect-src 'self' 'unsafe-inline' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au *.adfixus.com https://privacyportal-eu.onetrust.com https://*.akamaihd.net https://*.adsrvr.org https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://mw-fanshop.ivecogroup.com https://www.googletagmanager.com https://profir.it.infrontfinance.com *.apnic.net www.formations-irisbus-iveco.com https://trial-eum-clienttons-s.akamaihd.net https://trial-eum-clientnsv4-s.akamaihd.net https://rdap.registro.br https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com https://rdap.lacnic.net https://welcome-c.iveco.com https://welcome.iveco.com https://cpqr-cert.iveco.com https://cpqr.iveco.com https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com data: https://az-eu-sitec-app-p-020.azurewebsites.net *.clarity.ms https://www.clarity.ms https://westeurope-sandbox.ordercloud.io https://westeurope-production.ordercloud.io https://az-eu-sitec-app-c-010.azurewebsites.net https://adservice.google.com *.googlesyndication.com https://www.google.com https://api.ipify.org https://rdap.arin.net https://maps.googleapis.com https://rdap.db.ripe.net *.akstat.io https://c.go-mpulse.net https://analytics.google.com https://dataplane.rum.eu-central-1.amazonaws.com https://sts.eu-central-1.amazonaws.com https://cognito-identity.eu-central-1.amazonaws.com https://px.ads.linkedin.com https://13750033.fls.doubleclick.net *.fls.doubleclick.net *.doubleclick.net https://www.facebook.com *.contentsquare.net https://iveco.com.br https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://c.contentsquare.net https://maps.googleapis.com https://region1.analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com https://cpqr.iveco.com https://cpqr.ivecogroup.com https://player.vimeo.com https://siteintercept.qualtrics.com https://privacyportal-eu-cdn.onetrust.com https://vimeo.com https://region1.google-analytics.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://col.site24x7rum.eu https://www.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jswpowersports.com.au/ https://ipapi.co https://carsales.com.au https://www.google.com.au https://*.akamaihd.net https://*.adsrvr.org https://*.adform.net https://www.cognitoforms.com/ https://widget.cdn.sprii.shop https://www.googletagmanager.com https://profir.it.infrontfinance.com https://privacyportal-eu.onetrust.com *.apnic.net www.formations-irisbus-iveco.com https://js.adsrvr.org https://insight.adsrvr.org https://trial-eum-clienttons-s.akamaihd.net https://trial-eum-clientnsv4-s.akamaihd.net https://rdap.registro.br https://www.googleadservices.com https://client.rum.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://player.vimeo.com https://t.contentsquare.net https://app.contentsquare.com https://maps.googleapis.com https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com https://cpqr.iveco.com https://cpqr.ivecogroup.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://www.youtube.com; child-src blob:; worker-src blob:;frame-ancestors 'self' astra-trucks.com www.astra-trucks.com; 2 default-src 'self' ; connect-src 'self' www.google-analytics.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: i.ytimg.com image.tmdb.org *.gstatic.com *.google.com *.w.org *.gravatar.com *.vimeocdn.com *.phenomena.com; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com *.youtube.com *.vimeo.com *.googleapis.com *.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com; frame-src 'self' *.youtube.com *.vimeocdn.com *.vimeo.com; frame-ancestors 'self'; object-src 'self' ; 2 frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com www.fanexpohq.events 2 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://js.navattic.com/ https://capture.navattic.com/ https://js.hs-scripts.com/ https://bat.bing.com/ https://connect.facebook.net/ https://t.visitorqueue.com/ https://js.driftt.com/ https://tracking.g2crowd.com/ https://www.clarity.ms/ https://i.clarity.ms/ https://snap.licdn.com/ https://tag.pearldiver.io/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hubspot.com/ https://track.hubspot.com/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://js.zi-scripts.com/ https://ws-assets.zoominfo.com/ https://a.usbrowserspeed.com/ https://tags.clickagy.com/ https://js.adsrvr.org/ https://i.liadm.com/ https://js.hsforms.net/ https://*.fs1.hubspotusercontent-na1.net/ https://20898597.fs1.hubspotusercontent-na1.net/ https://js.chilipiper.com/ https://www.clickcease.com/ https://boards.greenhouse.io/ https://www.tfaforms.com/ https://www.google.com/ https://c.clarity.ms/ https://assets.adobedtm.com/ https://twin-iq.kickfire.com/ https://demo.rectanglehealth.com/ https://stackadapt.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com/ https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ https://www.gstatic.com https://scripts.clarity.ms https://www.rectanglehealth.com/ https://nitroscripts.com/; img-src 'self' data: blob: https://t.visitorqueue.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://perf-na1.hsforms.com/ https://www.google.com/ https://bat.bing.com/ https://track.hubspot.com/ https://aorta.clickagy.com/ https://us-u.openx.net/ https://i.liadm.com/ https://idsync.rlcdn.com/ https://dpm.demdex.net/ https://pixel-sync.sitescout.com/ https://forms-na1.hsforms.com/ https://www.googletagmanager.com/ https://images.g2crowd.com/ https://googleads.g.doubleclick.net/ https://aa.agkn.com/ https://www.linkedin.com/ https://c.clarity.ms/ https://c.bing.com/ https://d.agkn.com/ https://cm.g.doubleclick.net/ https://assets.adobedtm.com/ https://twin-iq.kickfire.com/ https://tags.srv.stackadapt.com https://www.rectanglehealth.com/; object-src 'self' data: blob: https://demo.rectanglehealth.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://js.driftt.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://i.liadm.com/ https://s.pointerpro.com/ https://job-boards.greenhouse.io/ https://www.tfaforms.com/ https://pcihipaa.com/ https://rectanglehealth.chilipiper.com/ https://forms.hsforms.com/ https://c.clarity.ms/ https://*.youtube.com/ https://youtube.com/ https://assets.adobedtm.com https://*.fls.doubleclick.net/ https://track.hubspot.com/ https://capture.navattic.com/ https://tags.srv.stackadapt.com https://www.google.com; frame-src 'self' data: blob: https://demo.rectanglehealth.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://js.driftt.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://i.liadm.com/ https://s.pointerpro.com/ https://job-boards.greenhouse.io/ https://www.tfaforms.com/ https://pcihipaa.com/ https://rectanglehealth.chilipiper.com/ https://forms.hsforms.com/ https://c.clarity.ms/ https://*.youtube.com/ https://youtube.com/ https://assets.adobedtm.com https://*.fls.doubleclick.net/ https://track.hubspot.com/ https://capture.navattic.com/ https://tags.srv.stackadapt.com https://www.google.com 2 default-src 'self'; connect-src 'self' sentry.io https://*.sentry.io *.sentry.io https://apikeys.civiccomputing.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://connect.facebook.net https://clapi.civiccomputing.com https://*.azurewebsites.net https://*.wtopt.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.youtube.com https://vimeo.com https://www.google.com https://*.trussell.org.uk https://analytics.tiktok.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://browser.sentry-cdn.com https://js.sentry-cdn.com https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://s3.amazonaws.com https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://*.list-manage.com https://*.turn2us.org.uk https://*.google-analytics.com https://connect.facebook.net https://clapi.civiccomputing.com https://*.azurewebsites.net https://*.sentry.io https://*.hotjar.com https://www.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://*.trussell.org.uk https://analytics.tiktok.com https://*.tfaforms.com https://*.tfaforms.net; style-src 'self' 'unsafe-inline' https://at.alicdn.com https://fonts.googleapis.com https://cdn-images.mailchimp.com https://*.hotjar.com; style-src-elem 'self' 'unsafe-inline' https://at.alicdn.com; worker-src 'self' blob:; img-src 'self' data: blob: https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://digitalasset.intuit.com https://www.facebook.com https://*.vimeocdn.com https://i.ytimg.com https://*.hotjar.com; font-src 'self' https://at.alicdn.com https://fonts.gstatic.com https://*.hotjar.com; object-src 'self' data:; base-uri 'self'; form-action 'self' https://*.list-manage.com;; frame-src 'self' data: https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com https://www.youtube.com https://www.turn2us.org.uk https://player.vimeo.com https://www.google.com https://*.turn2us.org.uk https://www.googletagmanager.com https://*.issuu.com https://*.tfaforms.com https://*.tfaforms.net https://givetoday.co.uk https://*.givetoday.co.uk https://app.bankthefood.org; frame-ancestors 'self' https://*.trussell.org.uk https://tt-website.ddev.site https://trusselltrustdev.prod.acquia-sites.com https://trusselltruststage.prod.acquia-sites.com https://trusselltrustprod.prod.acquia-sites.com; upgrade-insecure-requests; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.paddle.com/paddle/paddle.js https://gc.zgo.at/count.js https://hcaptcha.com https://*.hcaptcha.com https://plausible.simplelogin.io/js/index.js; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.paddle.com https://www.youtube.com https://app.tryhoist.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdn.paddle.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://acsbapp.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://polyfill.io https://unpkg.com https://*.fontawesome.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com https://*.google.com https://www.gstatic.com https://player.vimeo.com https://*.vimeocdn.com https://connect.facebook.net https://platform.twitter.com https://www.youtube.com https://*.upgrade.guide https://*.googleapis.com https://svc.webspellchecker.net https://touchstoneenergy.com https://cdn.questline.com https://weatherwidget.io https://cdn.gtranslate.net https://www.powr.io https://c03.apogee.net https://static.addtoany.com https://imaginationlibrary.com/; object-src 'self'; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://*.fontawesome.com https://use.typekit.net https://p.typekit.net https://www.gstatic.com https://svc.webspellchecker.net https://cdn.questline.com https://unpkg.com; img-src 'self' data: https://www.google-analytics.com https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://syndication.twitter.com https://cdn.app.cfigroup.com https://images.applicant-tracking.com https://*.gstatic.com https://cdn.questline.com https://www.touchstoneenergy.com https://cdn.gtranslate.net https://www.cooperative.com https://i.vimeocdn.com https://i.ytimg.com https://jelly.mdhv.io https://jelly-v6.mdhv.io https://h5p.org https://www.facebook.com https://cdn.jsdelivr.net https://*.youtube.com; media-src 'self' data:; frame-src 'self' https://*.smarthub.coop https://player.vimeo.com https://www.youtube.com https://outlook.office365.com https://ws-na.amazon-adsystem.com https://*.google.com https://express.adobe.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.youtube-nocookie.com https://hosted.where2getit.com https://*.upgrade.guide https://www.touchstoneenergy.com https://weatherwidget.io https://www.powr.io https://online.fliphtml5.com https://c03.apogee.net https://e.issuu.com https://issuu.com https://static.addtoany.com https://*.arcgis.com https://td.doubleclick.net https://touchstone.myenergysites.com https://arcg.is https://imaginationlibrary.com/; frame-ancestors 'self' https://*.smarthub.coop; font-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com https://use.typekit.net https://acsbapp.com https://cdn.jsdelivr.net https://svc.webspellchecker.net https://cdnjs.cloudflare.com https://ka-f.fontawesome.com; connect-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com https://use.typekit.net https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://*.acsbapp.com https://acsbapp.com https://*.googleapis.com https://svc.webspellchecker.net https://www.powr.io https://stats.addtoany.com; upgrade-insecure-requests 2 connect-src 'self' * ws: blob:; 2 default-src 'none'; connect-src 'self' https://*.auvix.ru https://*.google-analytics.com https://yandex.ru https://*.yandex.com https://*.yandex.ru https://*.yandex.net https://bitrix.info/bx_stat https://stats.g.doubleclick.net; font-src 'self' data: https://*.auvix.ru https://fonts.gstatic.com https://fonts.bitrix24.ru; frame-ancestors 'self' https://www.lumien.ru https://www.arturia.com.ru; frame-src 'self' blob: https://*.auvix.ru https://www.google.com https://maps.google.com https://www.youtube.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://cp.unisender.com https://vk.com https://rutube.ru https://*.dev.auvix.ru; media-src 'self' https://www.youtube.com; img-src 'self' blob: data: https://*.auvix.ru https://*.google-analytics.com https://img.youtube.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://*.1c-bitrix.ru https://cdn.bitrix24.site; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.auvix.ru https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://yastatic.net https://www.googletagmanager.com https://www.youtube.com https://*.1c-bitrix.ru https://cdn.bitrix24.ru https://cdn-ru.bitrix24.ru https://bitrix.info/ba.js https://connect.facebook.net https://cp.unisender.com; style-src 'self' 'unsafe-inline' https://*.auvix.ru https://fonts.googleapis.com https://fonts.bitrix24.ru https://*.1c-bitrix.ru; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; 2 default-src 'self' data: ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com *.salesloft.com *.adroll.com *.cloudfront.net maps.googleapis.com d.adroll.mgr.consensu.org https://optimize.google.com *.licdn.com *.fullstory.com fullstory.com js.hs-banner.com https://tagmanager.google.com *.demandbase.com *.intercom.io *.intercomcdn.com https://play.vidyard.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.hsforms.net https://*.usercentrics.eu *.6sc.co *.6sense.com https://scripts.simpleanalyticscdn.com https://js.qualified.com *.mouseflow.com https://*.amplitude.com; img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com *.mouseflow.com https://*.amplitude.com; connect-src * 'self' data: *.hubspot.com https://optimize.google.com *.intercom.io *.intercomcdn.com *.intercomusercontent.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://*.qualified.com wss://*.qualified.com *.mouseflow.com https://*.amplitude.com; frame-src 'self' data: player.vimeo.com js.driftt.com learn.qualia.com www.youtube.com qualia.daily.co https://optimize.google.com https://cdn2.hubspot.net https://play.vidyard.com *.hsforms.com https://*.qualified.com *.mouseflow.com; style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com https://*.qualified.com https://*.amplitude.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com *.intercomcdn.com *.mouseflow.com; media-src 'self' data: www.qualia.com js.driftt.com *.intercomcdn.com *.hubspotusercontent00.net mediastream: https://*.qualified.com https://*.amplitude.com; manifest-src 'self' data: *.google.com; prefetch-src 'self' data: https://play.vidyard.com; child-src 'self' data: https://*.qualified.com *.mouseflow.com; object-src 'none'; upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://www.google.com https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; style-src 'self' 'unsafe-inline' https: data: https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: data: https://www.google.com https://www.gstatic.com https://*.auglio.com https://*.virtooal.com; media-src 'self' https: blob: data:; frame-src 'self' https: blob: data: https://www.google.com https://*.auglio.com https://*.virtooal.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://www.paypal.com https://virtooal.us7.list-manage.com https://www.facebook.com/tr/; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com:443 https://cdnjs.cloudflare.com:443; font-src 'self' https://fonts.gstatic.com:443 https://cdnjs.cloudflare.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 https://cdnjs.cloudflare.com:443; connect-src 'self' https://dpm.demdex.net:443; frame-src 'self' https://newsquestdigital.demdex.net:443; img-src 'self' https://dpm.demdex.net:443 https://prime-magazine.co.uk:443/assets/images/PrimeLogoOnWhite.jpg https://www.living-magazines.co.uk:443/assets/images/logo.png https://newsquestdigitalmedia.d2.sc.omtrdc.net:443 https://*:443/resources/images/sitelogo 2 default-src 'self'; frame-ancestors 'self'; frame-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com data:; media-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com; object-src 'none'; connect-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com https://cdn-fgicm.nitrocdn.com/ https://to.getnitropack.com/; script-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com blob: 'unsafe-eval' https://cdn-fgicm.nitrocdn.com/ https://nitroscripts.com/; style-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com blob: 'unsafe-eval' https://cdn-fgicm.nitrocdn.com/; font-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com https://cdn-fgicm.nitrocdn.com/; img-src * data: https://cdn-fgicm.nitrocdn.com/; report-to https://kmdg.report-uri.com/r/d/csp/wizard; worker-src 'self' blob: https://cdn-fgicm.nitrocdn.com/; child-src 'self' blob: 2 frame-ancestors 'self'; 2 default-src https: data: 'unsafe-eval' 'unsafe-inline' 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; 2 default-src 'self'; img-src 'self' data: *.importgenius.cn importgenius.cn *.importgenius.com importgenius.com *.website-files.com sb.scorecardresearch.com *.youtube.com i.vimeocdn.com ssl.google-analytics.com *.google-analytics.com *.swaychat.com *.cloudfront.net cdn.ampproject.org pbs.twimg.com ws.sharethis.com l.sharethis.com *.facebook.com *.ucarecdn.com ucarecdn.com maps.googleapis.com maps.gstatic.com *.doubleclick.net *.google.com.ph *.google.com.pk i.ytimg.com *.bing.com bing.com *.clarity.ms *.calendly.com googletagmanager.com www.googletagmanager.com *.albacross.com albacross.com *.zohopublic.com zohopublic.com *.zohocdn.com zohocdn.com *.zoho.com *.lfeeder.com lfeeder.com *.customer.io customer.io images.unsplash.com zohopagesense.nimbuspop.com *.ads.linkedin.com googleadservices.com *.googleadservices.com bat.bing.net *.bat.bing.net *.cloudflare.com ct.capterra.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; media-src 'self' *.importgenius.com *.google.com *.google-analytics.com cdn.prod.website-files.com ; frame-src 'self' *.zohopublic.com zohopublic.com static.zohocdn.com *.importgenius.com *.google.com *.swaychat.com *.googleapis.com www.youtube.com player.vimeo.com *.sharethis.com *.facebook.com *.firebaseio.com *.doubleclick.net recaptcha.net www.googletagmanager.com *.calendly.com calendly.com *.recaptcha.net recaptcha.net *.recurly.com recurly.com cdn.embedly.com *.schedulehero.io *.cloudflare.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: us-assets.i.posthog.com cdn.jsdelivr.net app.optibase.io *.website-files.com *.clarity.ms snap.licdn.com *.hotjar.com *.omappapi.com www.recaptcha.net edge.fullstory.com *.googletagmanager.com *.doubleclick.net polyfill-fastly.io *.gstatic.com cdn.ranksci.com *.importgenius.com *.importgenius.cn *.google.com ssl.google-analytics.com *.cloudfront.net *.googleapis.com firebaseio.com api.swayio.com *.firebaseio.com *.google-analytics.com www.gstatic.com *.swaychat.com *.googleadservices.com swaychat.firebaseio.com *.youtube.com s.ytimg.com cdn.ampproject.org *.sharethis.com connect.facebook.net recaptcha.net fullstory.com geocoder.api.here.com *.datadoghq-browser-agent.com *.bing.com *.zoho.com *.calendly.com *.albacross.com maillist-manage.com *.zohocdn.com zohocdn.com *.zohopublic.com zohopublic.com *.customer.io customer.io *.lfeeder.com lfeeder.com *.recurly.com recurly.com code.jquery.com cdn.pagesense.io js.usebasin.com unpkg.com cdnjs.cloudflare.com cdn.logr-ingest.com *.claydar.com assets.revenuehero.io ipinfo.io *.cloudflare.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; worker-src 'self' blob:; connect-src 'self' c.ba.contentsquare.net app.optibase.io videsigns-staging.co.uk raw.githubusercontent.com geocoder.api.here.com *.google-analytics.com *.ads.linkedin.com *.swayio.com *.importgenius.com wss://*.firebaseio.com *.swaychat.com *.googleapis.com l.sharethis.com *.ucarecdn.com ucarecdn.com *.sentry.io *.fullstory.com fullstory.com *.googletagmanager.com *.datadoghq.com analytics.google.com www.google.com google.com *.posthog.com *.clarity.ms clarity.ms salesiq.zohopublic.com wss://vts.zohopublic.com *.zohopublic.com vc.hotjar.io *.albacross.com *.doubleclick.net doubleclick.net *.recurly.com recurly.com api.omappapi.com omappapi.com *.facebook.com facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io pagesense-collect.zoho.com get.geojs.io webflow.com api.ipify.org r.logr-ingest.com googleadservices.com *.googleadservices.com *.analytics.google.com cdn.jsdelivr.net *.claydar.com bat.bing.net app.revenuehero.io *.bat.bing.net *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; font-src 'self' *.importgenius.com *.importgenius.cn data: cdn.prod.website-files.com *.webflow.com *.swaychat.com *.cloudfront.net fonts.gstatic.com *.googleapis.com css.zohocdn.com cdn2.importgenius.com webfonts.zoho.com static.zohocdn.com *.zohocdn.com ; style-src 'self' 'unsafe-inline' *.importgenius.com *.importgenius.cn *.website-files.com *.swaychat.com *.googleapis.com ws.sharethis.com *.google.com assets.calendly.com css.zohocdn.com *.zohocdn.com js.zohostatic.com *.zohostatic.com api.omappapi.com a.omappapi.com omappapi.com webfonts.zoho.com *.cloudflare.com cdn.jsdelivr.net ; manifest-src 'self' *.importgenius.com ; frame-ancestors 'self' *.importgenius.com ; object-src 'none'; 2 upgrade-insecure-requests; default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://cdn.ampproject.org/ https://www.googletagmanager.com/ https://ajax.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.jsdelivr.net/; img-src 'self' https://www.alsace.eu/ https://www.googletagmanager.com/ https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://tile.openstreetmap.org/ https://a.tile.openstreetmap.fr https://b.tile.openstreetmap.fr https://c.tile.openstreetmap.fr https://img.youtube.com; media-src 'self'; frame-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.bas-rhin.fr; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/ https://cdn.jsdelivr.net/; form-action 'self' ; connect-src 'self' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://data.geopf.fr/geocodage/completion https://platform.twitter.com/ https://api-adresse.data.gouv.fr/ https://nominatim.openstreetmap.org/; manifest-src 'self'; child-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com; object-src 'self'; 2 frame-ancestors 'self' https://dbrand.sanity.studio 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.googletagmanager.com *.youtube.com *.google-analytics.com *.licdn.com *.calendly.com; object-src 'self'; 2 default-src 'self' recrutement.orano.group oranoweb.cms.orano.group https://career-i18n.demo.cleverconnect.com career.demo.cleverconnect.com *.google.fr *.google.com *.google-analytics.com *.googletagmanager.com analytics.tiktok.com *.facebook.com *.sc-static.net snap.licdn.com insight.adsrvr.org googleads.g.doubleclick.net www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org code.jquery.com ws.facil-iti.com tag.aticdn.net www.googletagmanager.com www.google-analytics.com https://s4.ispring.eu https://11471784.fls.doubleclick.net https://secure.adnxs.com https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com https://logws1332.ati-host.net *.goldenbees.fr https://cdn.facil-iti.app https://ecb.qualquantsignals.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com snap.licdn.com https://api.smalk.ai https://www.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://unpkg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ws.facil-iti.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.xiti.com *.ati-host.net https://secure.adnxs.com *.blob.core.windows.net cdn.orano.group oranocms.azureedge.net *.adsrvr.org https://raw.githubusercontent.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.fr https://www.google.com https://ecb.qualquantsignals.com https://ws.facil-iti.com https://*.tile.openstreetmap.org https://*.tile.openstreetmap.fr https://tiles.stadiamaps.com https://px.ads.linkedin.com; media-src 'self' data: blob: *.ausha.co; frame-src https://cdn.streamlike.com https://ws.facil-iti.com 'self' https://oranoweb.cms.orano.group/ recrutement.orano.group *.youtube.com *.youtube.fr https://11471784.fls.doubleclick.net www.google.com https://cdn.facil-iti.app/ https://web-service.facil-iti.app/ https://www.googletagmanager.com/ https://orano.kantree.io/ https://td.doubleclick.net https://lookerstudio.google.com/ https://reservation.orano.group/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ws.facil-iti.com recrutement.orano.group https://reservation.orano.group/ blob:; connect-src 'self' https://career-i18n.demo.cleverconnect.com https://career.demo.cleverconnect.com accounts.google.com https://www.google.com https://googleads.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.xiti.com ws.facil-iti.com recrutement.orano.group www.googletagmanager.com www.google-analytics.com http://oranoweb.cms.orano.group https://s4.ispring.eu https://logws1332.ati-host.net https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://web-service.facil-iti.app https://dhllvtr.pa-cd.com wss://ws.hotjar.com https://content.hotjar.io https://px.ads.linkedin.com https://*.clarity.ms; 2 default-src https: 'unsafe-inline'; object-src 'none'; media-src https: data: blob:; font-src https: data:; img-src https: data:; 2 default-src blob: data: 'self' http://*.stash.com http://browser-intake-datadoghq.com http://videos.ctfassets.net http://www.youtube.com; connect-src blob: data: 'self' http://*.doubleclick.net http://*.stash.com http://analytics.google.com http://api.segment.io http://browser-intake-datadoghq.com http://cdn.segment.com http://www.facebook.com http://region1.analytics.google.com http://rum.browser-intake-datadoghq.com http://stats.g.doubleclick.net http://www.google-analytics.com https://experience.ninetailed.co https://ingest.insights.ninetailed.co https://assets.ctfassets.net https://maps.googleapis.com https://maps.gstatic.com; script-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline' http://*.stash.com http://browser-intake-datadoghq.com http://cdn.segment.com http://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com; script-src-elem 'unsafe-inline' 'self' http://*.stash.com http://analytics.google.com http://connect.facebook.net http://www.googletagmanager.com http://widget.trustpilot.com https://boards.greenhouse.io https://job-boards.greenhouse.io/ https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' http://*.stash.com 'unsafe-inline' https://fonts.googleapis.com; img-src blob: data: 'self' http://*.cloudfront.net http://*.stash.com http://*.wpengine.com http://images.ctfassets.net http://s3.amazonaws.com https://stashpublic.s3.amazonaws.com http://www.facebook.com http://www.google.ca http://www.google.co.in http://www.google.co.ug http://www.google.co.uk http://www.google.de http://www.google.ie http://www.google.it http://www.google.pt http://www.google.nl http://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com; font-src 'self' data: http://*.stash.com http://fonts.gstatic.com; object-src 'self' http://*.stash.com; base-uri 'self' http://*.stash.com; form-action 'self' http://*.stash.com; frame-src 'self' http://*.doubleclick.net http://*.stash.com http://www.youtube.com https://*.typeform.com http://widget.trustpilot.com https://boards.greenhouse.io https://job-boards.greenhouse.io/; frame-ancestors 'none'; 2 frame-ancestors 'self' https://app.storyblok.com http://app.storyblok.com/; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data: https://fast.wistia.net/ https://www.sjwoe.com; 2 img-src *.analytics.google.com/ *.bing.com/ *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.intercomcdn.com/ *.vimeocdn.com/ data: https://*.clarity.ms https://*.google-analytics.com/ https://d17lvj5xn8sco6.cloudfront.net https://downloads.intercomcdn.com https://i.ytimg.com/ https://logws1309.ati-host.net/ https://o.twimg.com https://pbs.twimg.com/ https://px.ads.linkedin.com https://ssl.gstatic.com https://static.intercomassets.com/ https://syndication.twitter.com https://www.buzzsprout.com/ https://www.google.co.uk https://www.google.com/ 'self' www.googletagmanager.com www.linkedin.com;connect-src *.analytics.google.com/ *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.googlesyndication.com/ apikeys.civiccomputing.com data: https://*.clarity.ms https://*.google-analytics.com/ https://*.in.applicationinsights.azure.com https://adservice.google.com/ https://api-iam.intercom.io/ https://cdn.linkedin.oribi.io https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://ka-f.fontawesome.com https://nexus-websocket-a.intercom.io/ https://nexus-websocket-b.intercom.io/ https://px.ads.linkedin.com https://ws.zoominfo.com/ https://www.google.co.uk https://www.google.com/ 'self' wss://nexus-websocket-a.intercom.io/ wss://nexus-websocket-b.intercom.io/;script-src *.doubleclick.net/ *.flippingbook.com *.googleadservices.com *.intercom.io *.vimeo.com *.youtube.com *.youtube-nocookie.com blob: cdn.jsdelivr.net cdnjs.cloudflare.com https://*.clarity.ms https://*.google-analytics.com/ https://ajax.googleapis.com https://apis.google.com https://cc.cdn.civiccomputing.com https://d33i2vgywgme2s.cloudfront.net https://js.intercomcdn.com/ https://js.monitor.azure.com https://js.zi-scripts.com/zi-tag.js https://kit.fontawesome.com https://logws1309.ati-host.net/ https://platform.twitter.com https://snap.licdn.com/li.lms-analytics/ https://syndication.twitter.com https://vimeo.com/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.nccgroup.com pi.pardot.com 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com;frame-src *.doubleclick.net/ *.flippingbook.com *.youtube-nocookie.com https://*.nccgroup.com/ https://export.highcharts.com/ https://intercom-sheets.com/ https://nccgroup.wavecast.io/ https://platform.twitter.com https://player.vimeo.com/ https://polaris.brighterir.com/ https://syndication.twitter.com https://videopress.com/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/ 'self' www.googletagmanager.com;default-src *.intercom.io *.vimeo.com *.vimeocdn.com/ *.youtube.com *.youtube-nocookie.com https://*.google-analytics.com/ https://pbs.twimg.com/ https://platform.twitter.com https://syndication.twitter.com 'self';font-src *.intercomcdn.com/ cdn.jsdelivr.net https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://js.intercomcdn.com/ https://ka-f.fontawesome.com 'self';frame-ancestors explore.tanium.com https://*.nccgroup.com/;style-src https://fonts.googleapis.com/ https://platform.twitter.com 'self' 'unsafe-inline';media-src https://js.intercomcdn.com/ https://pbs.twimg.com/ https://platform.twitter.com https://syndication.twitter.com 'self';object-src 'self' 2 default-src 'self' https: data: blob:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; frame-ancestors 'self' https:; base-uri 'self'; form-action 'self' https:; 2 frame-ancestors https://specialty-care-pavilion-latest.jefferson.edu https://specialty-care-pavilion.jefferson.edu https://specialty-care-pavilion-dev.jefferson.edu; 2 frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my; object-src 'none'; upgrade-insecure-requests; script-src 'self' rum.hlx.page assets.adobedtm.com *.googletagmanager.com *.google-analytics.com analytics.tiktok.com *.adsrvr.org tags.crwdcntrl.net connect.facebook.net *.doubleclick.net *.google.com *.innity.net *.outbrain.com *.hotjar.com *.onetrust.com *.line-scdn.net *.demdex.net *.omtrdc.net *.cimb.com.sg *.quantserve.com *.quantcount.com *.brand-display.com *.fontawesome.com *.pand.ai *.mookie1.com *.cimbclicks.com.my *.bbci.co.uk *.oracleinfinity.io *.oracle.com *.gstatic.com *.licdn.com *.recaptcha.net *.adobe.com *.cloudfront.net *.youtube.com *.googleusercontent.com *.youtube-nocookie.com *.azureedge.net *.blob.core.windows.net 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.google.com https://recaptcha.net https://www.recaptcha.net *.doubleclick.net *.brand-display.com *.googletagmanager.com *.adsrvr.org *.demdex.net *.forksurge.com *.crwdcntrl.net *.cloudfront.net youtube-nocookie.com *.youtube-nocookie.com https://*.fls.doubleclick.net players.brightcove.net *.youtube.com irs.tools.investis.com *.googleusercontent.com *.azureedge.net; 2 default-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; script-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://*.ada.support https://*.bing.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.launchdarkly.com https://optimize.google.com https://www.googleoptimize.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.pdst.fm https://tracker.adreadyclick.com https://www.googleadservices.com https://cdn.pbbl.co https://websdk.appsflyer.com https://banner.appsflyer.com https://www.youtube.com https://creatives-cdn.appsflyer.com https://googleads.g.doubleclick.net https://www.google.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://cdn.jsdelivr.net https://pixel.mathtag.com https://collector-20545.tvsquared.com https://*.google.com/; style-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://optimize.google.com https://cdn.jsdelivr.net https://banner.appsflyer.com https://creatives-cdn.appsflyer.com; frame-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://www.facebook.com https://cdn.pbbl.co https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://pixel.mathtag.com https://collector-20545.tvsquared.com; connect-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://stats.g.doubleclick.net https://www.google-analytics.com https://*.bing.com https://bam.nr-data.net https://www.facebook.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://us-central1-adaptive-growth.cloudfunctions.net https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://participant.connect.us-east-1.amazonaws.com https://wa.onelink.me https://wa.appsflyer.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://*.google.com/; img-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://secure.gravatar.com https://m1.com data: https://m1.com https://*.bing.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google.com https://www.googletagmanager.com https://optimize.google.com https://trkn.us https://t.co https://www.facebook.com https://secure.adnxs.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://analytics.twitter.com https://pixel.mathtag.com https://collector-20545.tvsquared.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://cdnappicons.appsflyer.com https://impressions.onelink.me https://*.google.com/; font-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://fonts.googleapis.com https://fonts.gstatic.com data: https://www.googletagmanager.com https://optimize.google.com https://cdn.appsflyer.com; object-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; media-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; 2 default-src http: https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src 'self' https:; 2 font-src *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.gstatic.com fonts.gstatic.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.google.com *.hotjar.com https://uat.tormach.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com https://js.hsforms.net https://js.klevu.com/core/v2/klevu.js https://js.klevu.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://static.elfsight.com *.elfsight.com td.doubleclick.net www.googletagmanager.com *.hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.tiktok.com *.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.klevu.com/ js.hsforms.net www.gstatic.com js.braintreegateway.com https://js.hscta.net https://cta-service-cms2.hubspot.com *.hubspot.com *.hubapi.com *.pinterest.com youtube.com https://www.youtube.com/ *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com https://meetanshi.com/media/logo.png *.meetanshi.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.gstatic.com https://forms-na1.hsforms.com/embed https://no-cache.hubspot.com *.hubspot.com https://perf.hsforms.com *.hsforms.com *.elfsight.com *.linkedin.com www.google.al *.bing.com bing.com *.facebook.com www.facebook.com *.ytimg.com ytimg.com connect.facebook.net stats.g.doubleclick.net *.doubleclick.net www.xtento.com cdn.xtento.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com *.meetanshi.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com https://js.klevu.com youtube.com *.pcapredict.com *.hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.tiktok.com *.facebook.net connect.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.hsforms.net https://js.klevu.com/ js.hsforms.net www.google.com www.gstatic.com https://static.elfsight.com *.elfsight.com https://js.hscta.net https://cta-service-cms2.hubspot.com *.hubspot.com *.pinterest.com *.googletagmanager.com *.taboola.com www.xtento.com cdn.xtento.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com fonts.googleapis.com www.gstatic.com *.hsforms.com https://js.hscta.net tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: https://tormach.com https://forms-na1.hsforms.com/embed *.linkedin.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klevu.com *.ksearchnet.com api.addressy.com *.meetanshi.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://forms.hsforms.com https://js.klevu.com/core/v2/klevu.js https://hubspot-forms-static-embed.s3.amazonaws.com statsjs.klevu.com forms.hsforms.com www.google.com https://cta-service-cms2.hubspot.com *.elfsight.com core.service.elfsight.com *.linkedin.com *.hubspot.com *.hscollectedforms.net td.doubleclick.net https://js.hsforms.net https://js.klevu.com https://static.elfsight.com *.googletagmanager.com *.hotjar.com wss://ws.hotjar.com hotjar.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.tiktok.com *.facebook.net *.inimg.com *.hs-analytics.net *.bing.com bing.com *.pinimg.com *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.doubleclick.net https://js.klevu.com/ js.hsforms.net www.gstatic.com js.braintreegateway.com https://js.hscta.net *.hubapi.com *.pinterest.com *.taboola.com *.hotjar.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self' lob.de *.lehmanns.de *.lehmanns.ch lehmannspro.de lehmannsbib.de *.socialnet.de; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.lehmanns.de *.lehmanns.ch *.googleapis.com *.google-analytics.com *.vr-pay-ecommerce.de vr-pay-ecommerce.de oppwa.com widgets.trustedshops.com 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; img-src 'self' https: data: https://i.ytimg.com https://i.vimeocdn.com https://www.buzzsprout.com https://s.ytimg.com; media-src 'self' https: https://www.buzzsprout.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.buzzsprout.com https://www.google.com; frame-ancestors 'self' https://www.youtube.com https://youtu.be https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.buzzsprout.com; child-src 'self' https://www.youtube.com https://youtu.be https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.buzzsprout.co; font-src 'self' https: data: https://fonts.gstatic.com; connect-src 'self' https://www.youtube.com https://youtu.be https://player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://www.buzzsprout.com https://s.ytimg.com https://www.youtube-nocookie.com; report-uri /report-csp-violation 2 default-src 'none'; connect-src 'self' https://cdn.linkedin.oribi.io https://forms.hsforms.com https://px.ads.linkedin.com https://nagra.matomo.cloud/; font-src 'self'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://forms.hsforms.com/; img-src 'self' data: https://px.ads.linkedin.com https://img.youtube.com https://forms.hsforms.com https://forms-na1.hsforms.com; manifest-src 'self'; media-src 'self'; script-src 'self' https://snap.licdn.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://nagra.matomo.cloud https://static.cloudflareinsights.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline' https://nagra.matomo.cloud/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; worker-src 'self'; base-uri 'self'; frame-ancestors 'self' 2 frame-ancestors 'self' https://dotcms.com/ https://auth.dotcms.dev/ https://corpsites-headless.dotcms.cloud/ https://new-dotcms-com.vercel.app/ 2 frame-ancestors 'self' https://cc-cms.videoland.com; 2 frame-ancestors 'self' cooper.fastcommand.com cooperhealth.org cooperhealth.edu *.cooperhealth.org *.cooperhealth.edu 2 default-src 'self' https://www.google.com/ https://code.jquery.com/jquery-3.6.0.min.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.savoirfairelinux.com https://piwik.savoirfairelinux.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/ https://code.jquery.com/jquery-3.6.0.min.js; style-src 'self' 'unsafe-inline' https://www.savoirfairelinux.com https://fonts.googleapis.com https://code.jquery.com/jquery-3.6.0.min.js; img-src 'self' data: https://www.savoirfairelinux.com; font-src 'self' https://fonts.gstatic.com https://www.savoirfairelinux.com; media-src 'self' data:; object-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://piwik.savoirfairelinux.net; 2 frame-ancestors 'self' userecho.com *.userecho.com userecho.ru *.userecho.ru; report-uri /tools/csp/ 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: *.crazyegg.com; upgrade-insecure-requests 2 frame-ancestors https://www.thefabulous.co https://*.thefabulous.co https://ai.thefabulous.co; 2 base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; style-src 'self' https: 'unsafe-inline' *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; font-src 'self' data: *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; connect-src 'self' *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; frame-src 'self' data: *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; frame-ancestors 'self' *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; object-src data: *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; media-src 'self' data: *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com; worker-src 'self' data: blob: *.adnxs.com *.ads-twitter.com *.adsymptotic.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bankofafrica.ma *.bing.com *.bing.net *.bizographics.com *.boomtrain.com *.byside.com *.capitalone.com *.clarity.ms cdnjs.cloudflare.com/ajax/libs/three.js/* *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.engagement.coremedia.cloud *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.masmovil.es *.masstack.com *.netmng.com *.onetrust.com *.optimizely.com *.orsac.net *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.segment.com *.segment.io *.speedtestcustom.com *.tally.so *.tiktok.com *.tiktokw.us *.twitter.com *.useinsider.com *.vwo.com *.vwo.io *.youtube-nocookie.com *.youtube.com *.zetaglobal.net *.abanca.com *.adyen.com *.apata.io *.bunq.com *.cardinalcommerce.com *.mastercard.com *.monext.fr *.n26.com *.nexigroup.com *.redsys.es *.revolut.com *.rsa3dsauth.co.uk *.sibs.com *.sibs.pt *.vinea.es *.visa.com 3ds.redsys.es cihbank.ma d1s6z24hqd2168.cloudfront.net events.eu1.segmentapis.com llamamegratis.es t.co wss://*.byside.com 2 script-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://edge.marker.io https://js.hscta.net https://tours.stg-silverfincom-stagingexp.kinsta.cloud https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.hubspot.com https://cdnjs.cloudflare.com https://apis.google.com https://js.hsforms.net https://js-na1.hs-scripts.com https://fast.wistia.net https://fast.wistia.com https://assets.calendly.com https://www.google.com/recaptcha/enterprise.js https://static.ads-twitter.com https://www.clarity.ms https://snap.licdn.com https://googleads.g.doubleclick.net https://www.gstatic.com https://tours.stg-silverfincom-stagingexp.kinsta.cloud https://cdn.jsdelivr.net https://bat.bing.com https://js.usemessages.com https://cta-service-cms2.hubspot.com https://scripts.clarity.ms https://tours.silverfin.com https://connect.facebook.net; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.silverfin.com https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com; object-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.silverfin.com https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://consentcdn.cookiebot.com https://tours.stg-silverfincom-stagingexp.kinsta.cloud https://static.ads-twitter.com https://td.doubleclick.net https://forms.hsforms.com https://kit.fontawesome.com https://js.hsforms.net https://app.hubspot.com https://www.googletagmanager.com https://tours.silverfin.com 2 frame-ancestors 'self' *.muse.ai 2 report-uri https://bandarbokep.cfd 2 frame-src https://tag.trovo-tag.com https://www.googletagmanager.com https://8eac-103-170-54-70.ngrok-free.app https://20331188.hs-sites.com https://shopify.dev.kubric.io https://mm.beta.kubric.io https://app.getmodemagic.com https://getmodemagic.com https://www.youtube.com https://*.typeform.com/ https://calendly.com/ https://*.arcade.software/ https://*.storylane.io https://*.hsforms.com/ https://open.spotify.com/ https://giphy.com/ https://media.kubric.io/ https://redditstatic.com/ https://events.reddit.com/; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: blob:; font-src 'self' data: https:; connect-src * 'unsafe-inline' https:; default-src *; img-src * data: 'unsafe-inline'; 2 frame-ancestors 'self' *.amplience.net www.europaweg.ch www.randa.ch 2 default-src 'self' https://*.hotjar.io https://media.cez.cz data:;frame-ancestors https://*.setrim.cz https://*.cez.cz http://*.cez.cz *.cezdata.corp https://*.cezdistribuce.cz https://www.dev.cez.cz;style-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://setrim.cz https://ceztipy.cz/ https://*.cez.cz http://*.cez.cz https://*.hotjar.com https://*.hotjar.io https://fonts.googleapis.com https://cdn.bezstavy.cz https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://www.cezdistribuce.cz https://api.bezstavy.cz *.luigisbox.com *.hospitalita.cz *.visualwebsiteoptimizer.com app.vwo.com https://tagmanager.google.com https://googletagmanager.com https://fonts.googleapis.com;frame-src *.cookiebot.com *.cookiebot.eu https://vars.hotjar.com https://www.cez.cz/ https://www.google.com https://www.youtube.com https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://dip.cezdistribuce.cz/ https://chatbot.cezdistribuce.cz/ https://wtgisweb.cezdata.corp/ https://api.bezstavy.cz *.adform.net *.seadform.net https://media.cez.cz https://geoportal.cezdistribuce.cz/ *.hospitalita.cz *.visualwebsiteoptimizer.com app.vwo.com https://www.dev.cez.cz *.googletagmanager.com widgets.refsite.info https://www.googletagmanager.com;font-src 'self' data: https://*.cez.cz https://fonts.gstatic.com *.hospitalita.cz;connect-src 'self' https://clc.cez.cz http://clc-test.cez.cz https://clc-test.cez.cz http://clc-test.cez.cz https://*.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com *.cookiebot.com *.cookiebot.eu https://*.google.com https://*.google.cz https://*.googletagmanager.com https://*.googleservices.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://plausible.io https://*.hotjar.com https://*.hotjar.io https://www.cezdistribuce.cz https://maps.googleapis.com wss://*.hotjar.com *.adform.net *.seadform.net https://www.test.bezstavy.cz https://www.dev.cezdistribuce.cz https://www.devpublic1.cez.cz https://www.devpublic3.cez.cz https://api.bezstavy.cz *.luigisbox.com *.hospitalita.cz http://public4.cez.cz http://www.svetenergie.cz http://svetenergie.cz *.visualwebsiteoptimizer.com app.vwo.com https://bat.bing.com https://bat.bing.net *.seznam.cz;img-src 'self' https://bat.bing.com https://setrim.cz https://ceztipy.cz/ https://www.cezdistribuce.cz https://googletagmanager.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://storage.googleapis.com https://*.g.doubleclick.net https://*.google.com https://c.seznam.cz https://*.google.cz https://recaptcha.net https://*.cez.cz https://img.bankid.cz https://www.facebook.com https://cx.atdmt.com https://*.hotjar.com https://*.hotjar.io https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com *.cookiebot.com *.cookiebot.eu https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://api.bezstavy.cz https://tile.openstreetmap.org https://streetviewpixels-pa.googleapis.com https://lh3.ggpht.com/ *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.adform.net *.seadform.net *.hospitalita.cz *.usercentrics.eu data: https://developers.google.com/ *.bing.net;script-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://www.google.com https://*.google-analytics.com https://storage.googleapis.com https://stats.g.doubleclick.net https://www.gstatic.com https://recaptcha.net https://c.imedia.cz *.adform.net *.seadform.net *.cez.cz https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.cookiebot.com *.cookiebot.eu https://connect.facebook.net https://*.persoo.cz https://*.persoo.ai https://*.hotjar.com https://*.seznam.cz https://plausible.io https://*.hotjar.com https://*.hotjar.io https://www.youtube.com https://maps.googleapis.com https://cdn.bezstavy.cz https://www.test.bezstavy.cz https://cdn-test.bezstavy.cz https://cdn.bezstavy.cz https://api.bezstavy.cz https://chatbot.cezdistribuce.cz https://unpkg.com/ https://www.cezdistribuce.cz *.visualwebsiteoptimizer.com https://bat.bing.com app.vwo.com *.vimeo.com *.luigisbox.com *.hospitalita.cz 'unsafe-inline' 'unsafe-eval';worker-src 'self' blob:;child-src 'self' blob: 2 frame-ancestors 'self' https://*.deuter.com https://*.gonso.de https://*.maier-sports.com https://*.ortovox.com https://*.arrabiata.de; 2 object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://www.vacaturesonline.nl https://www.werkzoeken.nl https://www.technicus.nl https://www.ictergezocht.nl; default-src blob: https://cdn.sleak.chat https://cdn.livechatinc.com https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.werkzoeken.nl https://*.technicus.nl https://vars.hotjar.com https://accounts.google.com https://www.youtube.com https://docs.google.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://www.gstatic.com https://fonts.googleapis.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://cdn.sleak.chat; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.clarity.ms https://scripts.clarity.ms https://bat.bing.com https://*.convertexperiments.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://connect.facebook.net https://cdn-cookieyes.com https://accounts.google.com https://maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://bat.bing.com https://ajax.cloudflare.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.licdn.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://*.doubleclick.net https://*.linkedin.com https://www.gstatic.com https://js.live.net https://www.google-analytics.com https://sjs.bizographics.com https://www.dropbox.com https://apis.google.com https://api.smooch.io https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://trackcmp.net https://cdn.sleak.chat; connect-src 'self' https://sst.werkzoeken.nl https://bat.bing.com https://*.googlesyndication.com https://www.google.com https://*.convertexperiments.com https://region1.google-analytics.com https://analytics-ipv6.tiktokw.us https://analytics.tiktok.com https://static.werkzoeken.nl https://www.facebook.com https://directory.cookieyes.com https://cdn-cookieyes.com https://log.cookieyes.com http://maps.googleapis.com https://www.google.nl https://api.livechatinc.com https://*.analytics.google.com https://api.maptiler.com https://*.microsoft.com https://*.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com https://*.vacaturesonline.nl https://*.ads.linkedin.com https://cdn.sleak.chat https://widget.sleak.chat https://j.clarity.ms; frame-src 'self' https://www.googletagmanager.com https://sst.werkzoeken.nl https://widget.sleak.chat https://secure.livechatinc.com https://*.google.com/ https://www.youtube.com https://vars.hotjar.com https://www.werkzoeken.nl https://www.ictergezocht.nl https://www.technicus.nl https://cdn.sleak.chat; font-src 'self' data: https://cdn.livechatinc.com https://*.werkzoeken.nl https://*.vacaturesonline.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.hotjar.com https://fonts.gstatic.com; img-src 'self' blob: data: https://*.googlesyndication.com https://db.sleak.chat https://cdn.sleak.chat https://img.youtube.com https://www.facebook.com https://cdn-cookieyes.com https://cdn.livechat-files.com https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://*.linkedin.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.nl https://*.doubleclick.net https://widget.sleak.chat https://sygpwnluwwetrkmwilea.supabase.co https://uploads-ssl.webflow.com/64558916e4efcf5c5355b1d1/ https://www.googletagmanager.com; 2 default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; 2 default-src 'self' https:; script-src 'self' 'nonce-PgzR4vVfu3io3LQ/Hr3IwA==' 'strict-dynamic' *.calibermind.com *.hs-scripts.com js.hs-analytics.net blob: *.hs-banner.com *.cookielaw.org *.hubspot.com js.hsadspixel.net pi.pardot.com tag.demandbase.com scripts.saltbox.tech player.vimeo.com go.rapidscale.net js.zi-scripts.com *.ads-twitter.com *.facebook.net *.licdn.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.jsdelivr.net *.cloudflare.com *.youtube.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com edge.marker.io cdn.polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.gstatic.com; img-src 'self' https: data:; frame-src 'self' *.commoninja.com *.genially.com *.googletagmanager.com *.vimeo.com *.company-target.com pixel.sitescout.com *.facebook.com *.adsrvr.org *.liadm.com *.doubleclick.net *.hsforms.com *.hsforms.net *.youtube.com *.google.com *.youtube-nocookie.com; form-action 'self' *.facebook.com *.hsforms.net *.hsforms.com; base-uri 'self'; connect-src 'self' *.calibermind.com *.commoninja.com google.com *.google.com *.hsforms.com *.liadm.com *.adsrvr.org *.clickagy.com *.linkedin.com api.hubapi.com *.hubspot.com ws.zoominfo.com *.onetrust.com *.demandbase.com *.company-target.com cdn.cookielaw.org js.zi-scripts.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.licdn.com *.hsforms.net; frame-ancestors 'self'; object-src 'none'; media-src 'self' https:; manifest-src 'self' https:; 2 frame-ancestors https://app.contentful.com https://contentpath.siemens.com https://content.sw.siemens.com 2 frame-ancestors capacitor://hybrid.etisalat.eg http://hybrid.etisalat.eg https://hybrid.etisalat.eg https://www.etisalat.eg https://etisalat.eg https://*.etisalat.eg http://www.etisalat.eg http://etisalat.eg http://*.etisalat.eg https://www.eand.com.eg https://eand.com.eg http://www.eand.com.eg http://eand.com.eg https://eandbusiness.com.eg http://eandbusiness.com.eg https://www.eandbusiness.com.eg http://www.eandbusiness.com.eg; 2 default-src *.antarctica.gov.au *.aad.gov.au *.marinemammals.gov.au use.typekit.net p.typekit.net cdn.plyr.io 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src *.antarctica.gov.au *.aad.gov.au *.marinemammals.gov.au data: blob: 2 default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com s7.addthis.com cdnjs.cloudflare.com; style-src 'self' https: 'unsafe-inline' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://login-ds.dotomi.com https://www.wkkellogg.ca https://www.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/api.js https://analytics.tiktok.com/i18n/pixel/events.js https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://analytics.google.com https://apps.bazaarvoice.com https://search.wkkellogg.com.pagescdn.com https://apps.dotter.me https://cdn.experience.adobe.net https://exc-unifiedcontent.experience.adobe.net https://experience.adobe.com https://analytics.tiktok.com https://klear.com https://app.viralsweep.com https://www.wkkellogg.com https://www.wkkellogg.ca; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.cookielaw.org https://cdn.experience.adobe.net https://exc-unifiedcontent.experience.adobe.net https://experience.adobe.com; img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://s7d9.scene7.com https://www.google.co.in https://publish-p137817-e1393960.adobeaemcloud.com https://cdn.cookielaw.org https://network-a.bazaarvoice.com https://apps.bazaarvoice.com https://content.dotter.me https://contentorigin.bazaarvoice.com https://photos-us.bazaarvoice.com https://cdn.dotter.me https://cdn.cpnscdn.com https://www.googletagmanager.com https://cdn.experience.adobe.net https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net; connect-src 'self' https://storelocator.dotter.me https://maps.googleapis.com https://www.google-analytics.com https://analytics.google.com https://prod-cdn.us.yextapis.com https://cdn.yextapis.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://apps.bazaarvoice.com https://wkkc-privacy.my.onetrust.com https://feeds.dotter.me https://api.ipgeolocation.io https://ga.dotter.me https://stats.g.doubleclick.net https://www.google.com/ccm/collect https://www.googleadservices.com https://www.google.com https://adobeid-na1.services.adobe.com https://exc-unifiedcontent.experience.adobe.net https://experience.adobe.io https://ims-na1.adobelogin.com https://telemetry.adobe.io https://edge.adobedc.net https://klear.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net/ https://www.google.com https://www.youtube.com https://alta-wkkco.my.salesforce-sites.com https://klear.com https://app.viralsweep.com; object-src https://login-ds.dotomi.com https://www.google.com https://www.gstatic.com; 2 default-src 'self' data: blob: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.chatbase.co/; connect-src 'self' http://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.ingest.sentry.io/ https://*.sentry.io/ wss://*.piesocket.com wss://*.ffrtz.com https://*.pingdom.net/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://*.izooto.com/ https://t.adcell.com/ https://*.ad4m.at https://*.trafficjunky.net/ wss://knpb-media.zammad.com/ https://*.vxcdn.org/ https://*.mmapiws.com/ wss://*.tantumpay.com/ https://*.chatbase.co/; font-src 'self' data: http://localhost http://localhost:3000 https://*.hotjar.com/ https://fonts.gstatic.com/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.chatbase.co/; frame-src 'self' antennapod-subscribe: castros: downcast: gpodder: icatcher: instacast: overcast: playerfm: pktc: podcastaddict: podcastguru: podcat: podkicker: rssradio: podcast: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://cdn.izooto.com https://*.hotjar.com/ https://ad.ad-srv.net/ https://*.tantumpay.com https://*.chatbase.co/; img-src 'self' data: blob: android-webview-video-poster: http://localhost:10001/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://via.placeholder.com/ https://source.unsplash.com/ https://images.unsplash.com/ https://loremflickr.com/ https://*.hotjar.com/ https://*.trafficjunky.net/ https://syndication.exoclick.com/ https://syndication.realsrv.com/ https://syndication.exdynsrv.com/ https://tsyndicate.com/ https://*.vxcdn.org/ https://*.chatbase.co/; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ http://mac.fritz.box http://mbpvonchristian.fritz.box https://www.gstatic.com/ https://*.sentry-cdn.com/ https://*.pingdom.net/ https://t.adcell.com/ https://www.adcell.de/ https://ad4m.at/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.izooto.com/ https://static.trafficjunky.com/ https://*.exoclick.com/ https://device.maxmind.com/ https://knpb-media.zammad.com/ https://*.tantumpay.com https://cdn.jsdelivr.net/npm/ua-parser-js/dist/ua-parser.min.js https://*.chatbase.co/; style-src 'self' 'unsafe-inline' data: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://knpb-media.zammad.com/ https://*.chatbase.co/; media-src 'self' blob: data: https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.vxcdn.org/; form-action 'self' https:; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://*.ffrtz.com; child-src 'self' 2 base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us www.googletagmanager.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob: https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2 frame-ancestors 'self' https://appgate.lookbookhq.com https://appgate.pathfactory.com https://ww3.appgate.com https://appgate.sharepoint.com https://appgate.pathfactory.com https://360fraud.pathfactory.com https://360fraud.lookbookhq.com https://www.360fraud.ai 2 frame-ancestors self https://cms.glassbox.com 2 default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob:; font-src * 'self' data:; 2 frame-ancestors *.plaync.com *.ncsoft.com *.plaync.com.tw *.ncsoft.jp *.ncvgames.com 2 default-src * 'self' blob: data: gap:; style-src * 'self' 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * 'self' 'unsafe-inline' blob: data: gap:; connect-src 'self' * 'unsafe-inline' blob: data: gap:; frame-src * 'self' blob: data: gap: 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.ed.gov http://*.ed.gov; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; object-src 'self' 'unsafe-eval' 'unsafe-inline' https:; script-src-elem 'unsafe-inline' blob: https:; 2 Upgrade-Insecure-Requests; default-src 'self' https: *.hotjar.com *.hotjar.io; connect-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: *.hotjar.com *.hotjar.io wss://*.hotjar.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net performance.typekit.net *.osano.com *.drift.com *.driftt.com *.driftcdn.com *.youtube.com *.peopleclick.com *.doubleclick.net *.zoominfo.com *.peopleclick.eu.com *.pardot.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.coherent.com *.google.com *.osano.com t.co lltrck.com; media-src 'self' blob: https: *.coherent.com; img-src 'self' data: https: *.coherent.com *.scene7.com *.ggpht.com *.ytimg.com *.google.com *.example.com *.linkedin.com *.facebook.com *.youtube.com *.google.com *.google-analytics.com *.imgix.net *.doubleclick.net *.pardot.com *.adsymptotic.com t.co; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; font-src 'self' data: https: *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.typekit.com *.hotjar.com *.hotjar.io *.gstatic.com *.google.com *.doubleclick.net *.coherent.com *.google-analytics.com *.pardot.com; object-src 'self' *.bioz.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' data: blob: https: *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.osano.com *.zoominfo.com *.facebook.net *.hotjar.com *.hotjar.io *.facebook.com *.linkedin.com *.searchcdn.com *.addsearch.com *.gstatic.com *.google.com *.googletagmanager.com *.driftt.com geoip-db.com *.wistia.net *.wistia.com *.googleapis.com *.coherent.com *.pardot.com *.google-analytics.com *.msecnd.net *.drift.com *.youtube.com *.licdn.com *.twitter.com *.ads-twitter.com *.googleadservices.com *.doubleclick.net *.peopleclick.com *.peopleclick.eu.com *.adsymptotic.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: https: *.googleapis.com *.google.com *.google-analytics.com *.cloudfront.net *.addsearch.com *.drift.com *.coherent.com *.pardot.com *.driftt.com *.osano.com *.googletagmanager.com; form-action 'self' https: *.coherent.com *.osano.com *.drift.com *.driftt.com *.driftcdn.com *.youtube.com *.peopleclick.com *.doubleclick.net *.zoominfo.com *.peopleclick.eu.com *.pardot.com *.google-analytics.com *.google.com *.facebook.net; frame-ancestors 'self' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com t.co *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com lltrck.com; base-uri 'self' 2 connect-src 'self' www.recaptcha.net consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com ingest.quantummetric.com rl.quantummetric.com www.greatamericaninsurancegroup.com p.typekit.net use.typekit.net maxcdn.bootstrapcdn.com play.vidyard.com www.linkedin.com px.ads.linkedin.com cdn.linkedin.oribi.io www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google.com translate.googleapis.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; font-src 'self' data: consent.trustarc.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net www.greatamericaninsurancegroup.com; form-action 'self' gaigauthor.gaig.com login.gaig.com; frame-ancestors 'self'; default-src 'self' play.vidyard.com; frame-src 'self' www.recaptcha.net consent-pref.trustarc.com players.brightcove.net td.doubleclick.net fast.wistia.net cloud.specialtypc.gaig.com mcrs18s4jyq010hs26x1kpc87hk8.pub.sfmc-content.com creators.spotify.com www.linkedin.com www.googletagmanager.com www.facebook.com anchor.fm platform.twitter.com play.vidyard.com www.google.com www.youtube.com www.google-analytics.com region1.google-analytics.com; img-src 'self' www.recaptcha.net consent-pref.trustarc.com consent.trustarc.com consent.truste.com region1.analytics.google.com www.google.co.ao analytics.google.com stats.g.doubleclick.net gaigauthor.gaig.com a.b0e8.com data: blob: a1.b0e8.com www.linkedin.com www.gstatic.com translate.google.com ssl.google-analytics.com syndication.twitter.com fonts.gstatic.com px.ads.linkedin.com region1.google-analytics.com px4.ads.linkedin.com p.typekit.net play.vidyard.com www.google-analytics.com www.google.com www.googletagmanager.com www.policysweet.com www.greatamericaninsurancegroup.com cdn.vidyard.com i.ytimg.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.caigo.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; script-src-elem 'self' www.recaptcha.net consent.trustarc.com cdn.quantummetric.com code.jquery.com bam.nr-data.net fast.wistia.net cdn.b0e8.com apis.google.com js-agent.newrelic.com snap.licdn.com ssl.google-analytics.com connect.facebook.net ajax.googleapis.com platform.twitter.com play.vidyard.com use.typekit.net www.google-analytics.com region1.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' www.youtube.com; style-src-elem 'self' data: p.typekit.net use.typekit.net www.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src-attr 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' consent.trustarc.com www.recaptcha.net cdn.quantummetric.com code.jquery.com fast.wistia.net bam.nr-data.net ajax.googleapis.com platform.twitter.com region1.google-analytics.com www.google-analytics.com www.gstatic.com snap.licdn.com cdn.b0e8.com www.google.com js-agent.newrelic.com connect.facebook.net www.googletagmanager.com use.typekit.net play.vidyard.com; style-src-attr 'unsafe-inline' www.greatamericaninsurancegroup.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net www.gstatic.com; object-src 'self'; media-src 'self' data: ssl.gstatic.com; child-src 'self' www.recaptcha.net play.vidyard.com www.google.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; report-uri https://greatamericaninsurancegroup.report-uri.com/r/t/csp/enforce 2 frame-ancestors www.wheels.com www2.wheels.com auth.wheels.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.medco.com *.express-scripts.com *.evernorth.com *.linkedin.com *.accredo.com *.adobedtm.com *.everestjs.net *.omtrdc.net *.qualtrics.com *.cigna.com *.google-analytics.com *.launchdarkly.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.s3.amazonaws.com *.branch.io app.link *.googleapis.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.adsrvr.org www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com alb.reddit.com; connect-src 'self' *.mktoresp.com *.brightcove.com dotsub.com *.prod.boltdns.net *.google-analytics.com *.s3.amazonaws.com *.112.2o7.net *.omtrdc.net *.qualtrics.com *.akamaihd.net *.demdex.net *.mktoutil.com *.nr-data.net *.facebook.com *.d41.co *.branch.io app.link *.express-scripts.com *.evernorth.com *.googleapis.com *.eloqua.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.demandbase.com api.company-target.com *.verint-cdn.com *.wevalueyourfeedback.com *.linkedin.com *.brightcovecdn.com *.google.com *.launchdarkly.com www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com alb.reddit.com *.doubleclick.net *.googleadservices.com unpkg.com *.adsrvr.org; font-src 'self' data: fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com *.marketo.com *.qualtrics.com *.evernorth.com *.express-scripts.com *.verint-cdn.com *.wevalueyourfeedback.com; frame-src 'self' static.addtoany.com *.marketo.com *.demdex.net *.doubleclick.net *.facebook.com *.brightcove.net *.s3.amazonaws.com *.qualtrics.com activitymap.adobe.com *.omniture.com *.google.com *.evernorthcaregroup.com s.company-target.com *.evernorth.com *.googletagmanager.com; img-src 'self' blob: data: *.google-analytics.com *.112.2o7.net *.brightcove.com pbs.twimg.com d8-es-rgadev-com.s3.amazonaws.com brightcove.hs.llnwd.net *.googletagmanager.com *.prod.boltdns.net brightcove.vo.llnwd.net *.omtrdc.net *.destinationrx.com *.qualtrics.com openbadges.blob.core.windows.net *.everesttech.net *.facebook.com *.linkedin.com *.adsymptotic.com t.co *.twitter.com *.demdex.net *.s3.amazonaws.com *.facebook.net *.marketo.com *.express-scripts.com *.evernorth.com *.doubleclick.net *.google.com *.branch.io app.link *.privacysandbox.googleadservices.com *.adsrvr.org *.googleapis.com maps.gstatic.com lh3.googleusercontent.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com id.rlcdn.com *.verint-cdn.com *.wevalueyourfeedback.com findoctave.com *.findoctave.com alb.reddit.com *.sondermind.com; media-src 'self' blob: *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.akamaihd.net *.s3.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.addtoany.com www.google-analytics.com *.adobedtm.com *.googletagmanager.com munchkin.marketo.net *.brightcove.com *.marketo.com *.mktoresp.com *.brightcove.net dotsub.com vjs.zencdn.net 112.2o7.net *.cloudflare.com *.qualtrics.com *.d41.co *.facebook.net *.licdn.com *.newrelic.com *.nr-data.net *.ads-twitter.com *.twitter.com *.s3.amazonaws.com unpkg.com *.rlcdn.com *.agkn.com www.googleadservices.com *.doubleclick.net activitymap.adobe.com *.branch.io app.link *.adsrvr.org *.googleapis.com tlt.cigna.com *.evernorthcaregroup.com cdn.cookielaw.org *.onetrust.com cdn.jsdelivr.net tag.demandbase.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com *.evernorth.com *.google.com www.redditstatic.com assets.adobedtm.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://mychart.evernorthcaregroup.com https://unpkg.com; style-src 'self' 'unsafe-inline' blob: static.addtoany.com fonts.googleapis.com fonts.gstatic.com *.marketo.com *.cloudflare.com *.s3.amazonaws.com *.evernorthcaregroup.com unpkg.com *.verint-cdn.com *.wevalueyourfeedback.com *.verint-api.com *.evernorth.com https://cdnjs.cloudflare.com; frame-ancestors 'self' *.medco.com *.express-scripts.com *.evernorth.com *.accredo.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com *.quantummetric.com https://www.google.com/recaptcha *; object-src 'none' ; connect-src *; font-src *; frame-ancestors https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://*.typekit.net https://sslwidgetmaster.investorroom.com/css *; img-src * 'self' data: blob:; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;worker-src blob:; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha *; child-src blob:; 2 frame-ancestors 'self' https://*.webjet.com.au https://*.webjet.co.nz https://webjettest.my.connect.aws https://offlinesales.my.connect.aws https://wj-ccaas-dev.my.connect.aws https://webjet-ccaas-prod.my.connect.aws; report-to csp-report; report-uri https://services.webjet.com.au/api/logger/log/platform/policy-csp 2 frame-ancestors 'self'; report-uri /csp-log.php 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.hotjar.com *.linkedin.com *.cloudfront.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com cdn.callrail.com *.helpscout.net *.atlassian.net *.marketo.net *.aciworldwide.com *.vimeo.com vimeo.com *.vimeocdn.com cdn.cookielaw.org geolocation.onetrust.com connect.facebook.net static.ads-twitter.com analytics.twitter.com bat.bing.com static.oktopost.com snap.licdn.com siteimproveanalytics.com *.6sc.co script.crazyegg.com *.doubleclick.net okt.to cdn.siteimprove.net *.omappapi.com platform.twitter.com *.twimg.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net secure.harm6stop.com js.callrail.com *.zoominfo.com unpkg.com *.unpkg.com *.crazyegg.com *.userback.io tag.demandbase.com js.hsadspixel.net js.hubspot.com www.clarity.ms cdn.jsdelivr.net *.hsforms.net *.hubspotuserContent-na1.net static.hsappstatic.net app.hubspot.com *.hubspotusercontent-na1.net scripts.clarity.ms;style-src 'self' 'unsafe-inline' *.myfonts.net *.atlassian.net *.marketo.net fonts.googleapis.com *.aciworldwide.com platform.twitter.com www.googletagmanager.com *.omappapi.com *.crazyegg.com *.typekit.net *.userback.io cdn.jsdelivr.net;img-src 'self' data: blob: *.gravatar.com embedwistia-a.akamaihd.net *.wistia.com wp-rocket.me www.google-analytics.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com analytics.google.com *.wpengine.com *.w.org *.aciworldwide.com *.awscloud.com *.vimeo.com *.vimeocdn.com t.co *.linkedin.com *.6sc.co *.siteimproveanalytics.io *.bing.com www.facebook.com *.adsymptotic.com *.omappapi.com *.twimg.com platform.twitter.com syndication.twitter.com *.truste.com track.hubspot.com okt.to qr-code.ithemes.com *.twitter.com cdn.cookielaw.org *.crazyegg.com id.rlcdn.com *.company-target.com c.clarity.ms *.hsforms.com *.hsforms.net hostedseal.trustarc.com placekitten.com;frame-src *.spotify.com www.googletagmanager.com *.flipsnack.com *.crazyegg.com *.aciworldwide.com aciworldwide.local *.wpengine.com player.vimeo.com *.libsyn.com *.cloudfront.net *.company-target.com *.doubleclick.net app.hubspot.com *.hsforms.com *.hsforms.net *.hs-sites.com blob:;worker-src 'self' blob:;object-src 'none'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clickhelp.com https://*.clickhelp.com https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.youtube.com https://*.ytimg.com https://*.google.com https://*.gstatic.com https://js.posthog.com https://*.recaptcha.net https://chimpstatic.com https://*.mailchimp.com https://*.calendly.com https://*.chatbase.co https://d3h3meckw07nf.cloudfront.net https://kit.fontawesome.com https://connect.facebook.net https://*.redditstatic.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://*.calendly.com; img-src 'self' data: https://*.google.com https://connect.facebook.net https://www.googletagmanager.com https://backend.chatbase.co https://www.facebook.com https://alb.reddit.com https://*.ytimg.com https://www.google.ru https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://*.mailchimp.com https://*.calendly.com; font-src 'self' data: https://*.googleusercontent.com/ https://*.gstatic.com https://*.fontawesome.com; connect-src 'self' https://www.googleadservices.com https://www.datadoghq.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://*.doubleclick.net https://*.facebook.com https://analytics.google.com https://*.analytics.google.com https://google-analytics.com https://*.google-analytics.com https://app.posthog.com https://api.posthog.com https://verifalia.com https://api.verifalia.com https://ka-p.fontawesome.com https://d3h3meckw07nf.cloudfront.net https://pixel-config.reddit.com https://www.redditstatic.com https://pagead2.googlesyndication.com https://www.google.com https://www.chatbase.co; frame-src https://clickhelp.com https://*.clickhelp.com https://www.googletagmanager.com https://www.google.com https://recaptcha.google.com https://calendar.google.com https://calendly.com https://*.calendly.com https://youtube.com https://*.youtube.com; form-action 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://clickhelp.com https://*.clickhelp.com https://*.google.com https://recaptcha.google.com https://calendar.google.com https://www.youtube.com https://*.calendly.com https://calendly.com; report-uri /wp-json/clickhelp/v1/csp-report 2 default-src 'self'; style-src https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://smartcaptcha.yandexcloud.net/ https://abs.firstdedic.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ wss://*.chathost.ru/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.1dedic.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://www.gstatic.com/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/ wss://mc.yandex.ru/ https://*.chathost.ru/ wss://*.chathost.ru/; frame-src 'self' https://smartcaptcha.yandexcloud.net/ https://mc.yandex.ru https://abs.firstdedic.ru/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com/ https://*.carrotquest.app/ data:; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors https://metrika.yandex.ru http://webvisor.com/; 2 default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: 'self' blob:; frame-src https: 'self' blob:; 2 default-src 'self' https://kraken.ottobock.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.ottobock.com https://events.ottobock.com https://kraken-qa.ottobock.com *.usercentrics.eu https://www.google-analytics.com/ http://www.googletagmanager.com http://www.googletagmanager.com https://maps.googleapis.com https://ajax.googleapis.com/ https://www.googleadservices.com https://www.google.com https://maps.gstatic.com https://www.youtube.com/ https://connect.facebook.net/ https://snap.licdn.com/ http://platform.massrelevance.com/js/massrel.js https://analytics.tiktok.com/ *.zoovu.com https://walls.io https://static.hotjar.com https://script.hotjar.com/ *.loyjoy.com *.clarity.ms *.smartassistant.com https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js https://visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://app.vwo.com *.optimonk.com https://onsite.optimonk.com https://cdn-asset.optimonk.com https://acsbapp.com/ https://api-prd.vidlab7.com; connect-src 'self' 'self' data: *.ottobock.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.usercentrics.eu *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com https://mapsresources-pa.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://tile.googleapis.com stats.g.doubleclick.net www.googleadservices.com td.doubleclick.net https://googleads.g.doubleclick.net/ region1.analytics.google.com https://analytics.tiktok.com/ https://*.in.applicationinsights.azure.com/ js.monitor.azure.com https://*.ctfassets.net/ https://res.cloudinary.com/ottobock-se/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ *.clarity.ms *.zoovu.com *.smartassistant.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.growthbook.io/ https://*.blackthorn.io https://api.openai.com *.loyjoy.com *.optimonk.com https://cdn-account.optimonk.com app.vwo.com *.visualwebsiteoptimizer.com https://frontend-dev.xima.ottobock.com https://cdn.acsbapp.com https://tiger-leadgen-fileupload.s3.eu-west-1.amazonaws.com https://api-prd.vidlab7.com; img-src 'self' * blob: data: *.loyjoy.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.zoovu.com https://kraken-qa.ottobock.com https://kraken.ottobock.com https://cdn-asset.optimonk.com *.loyjoy.com; font-src 'self' * data: *.loyjoy.com; frame-src 'self' www.ottobock.de www.ottobock.com www.ottobock.ch www.ottobock.at www.ottobock.it https://tm.ottobock.com tm.ottobock.com boforms.ottobock.com cloud.news.ottobockus.com ottobock-se-co-kgaa.massrel.io https://ttselector.ottobock.com https://www.ottobock-events.de/ https://cloud.info.ottobock.com/ https://www.googleadservices.com https://events.ottobock.com b2cforms.ottobock.com https://www.google.com *.googletagmanager.com https://td.doubleclick.net http://ottobock-se-co-kgaa.massrel.io https://ottobock-se-co-kgaa.massrel.io https://www.youtube.com/ http://www.youtube.com/ https://facebook.com https://events.blackthorn.io https://my.walls.io/ https://www.selection-guide.de/ https://*.loyjoy.com https://tm.ottobock.com/ https://studio.vidlab7.com/; frame-ancestors 'self' https://app.contentful.com https://events.ottobock.com https://orca-preview.zoovu.com; child-src 'self'; media-src 'self' blob: data: https://videos.ctfassets.net http://videos.ctfassets.net https://res.cloudinary.com/ottobock-se/ https://*.ottobock.com *.loyjoy.com https://storage.googleapis.com; worker-src 'self' blob: data:; 2 default-src 'self' webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com; block-all-mixed-content; connect-src 'self' use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com *.g.doubleclick.net www.facebook.com www.google-analytics.com *.analytics.google.com region1.analytics.google.com www.googletagmanager.com sc.lfeeder.com *.google.com *.googleadservices.com *.doubleclick.net www.google.fr plausible.io webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com www.datocms-assets.com *.rollbar.com; font-src 'self' data: cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com; frame-ancestors 'none'; frame-src 'self' webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com td.doubleclick.net; img-src 'self' https: data: cdn.scalingo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com cdn.mxpnl.com connect.facebook.net www.google-analytics.com apis.google.com plausible.io sc.lfeeder.com webforms.pipedrive.com pipedriveassets.com *.pipedriveassets.com *.rollbar.com; style-src 'self' 'unsafe-inline' cdn.scalingo.com *.googletagmanager.com use.typekit.net p.typekit.net fonts.gstatic.com font.googleapis.com; upgrade-insecure-requests 2 frame-ancestors *.xiaopeng.com *.xiaopeng.local 2 script-src 'self' https://chat.seznam.cz https://*.hit.gemius.pl https://www.stream.cz/static/embed/ https://h.seznam.cz https://c.imedia.cz; report-uri /cspreport; 2 default-src 'self' https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://www.jobapscloud.com https://api.uptimerobot.com https://*.nr-data.net https://*.curator.io browser-update.org https://*.reflector.workers.dev https://unpkg.com https://*.list-manage.com https://*.cot.workers.dev https://api.municode.com https://*.livestream.com https://*.ads.cot https://*.google.com https://*.monsido.com https://*.fontawesome.com https://pubsvc.tampagov.net https://stats.g.doubleclick.net https://apps.tampagov.net https://www.gstatic.com https://controlpanel.opengov.com https://www.arcgis.com/ https://kendo.cdn.telerik.com https://viewlicense.adobe.io https://cdn-images.mailchimp.com/ https://*.adobe.com; connect-src 'self' https://*.google-analytics.com https://*.twitter.com https://*.windows.net https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://www.jobapscloud.com https://api.uptimerobot.com https://*.nr-data.net https://*.curator.io browser-update.org https://*.reflector.workers.dev https://unpkg.com https://*.list-manage.com https://*.cot.workers.dev https://api.municode.com https://*.livestream.com https://*.ads.cot https://*.google.com https://*.monsido.com https://*.fontawesome.com https://pubsvc.tampagov.net https://stats.g.doubleclick.net https://apps.tampagov.net https://www.gstatic.com https://controlpanel.opengov.com https://www.arcgis.com/ https://kendo.cdn.telerik.com https://viewlicense.adobe.io https://cdn-images.mailchimp.com/ https://*.adobe.com https://www.google-analytics.com; font-src 'self' data: https:; frame-src 'self' https://*.tampa.gov https://*.tampagov.net https://www.youtube-nocookie.com https://*.google.com https://twitter.com https://platform.twitter.com https://livestream.com https://syndication.twitter.com https://tampa.maps.arcgis.com https://app.powerbigov.us https://*.recollect.net https://visualping.io https://www.youtube.com https://w3.mp.lura.live https://player.vimeo.com https://*.apptoto.com https://cityeconomy.org https://cityoftampa-my.sharepoint.com https://*.arcgis.com/ https://*.opengov.com/ https://api-us.one.network https://vimeo.com https://acrobatservices.adobe.com https://tip411.com https://stream.office.com https://www.microsoft365.com; img-src 'self' about: data: https: http://www.tampa.gov http://www.tampagov.net blob:; media-src 'self' https://*.livestream.com https://curator-assets.b-cdn.net https://video.twimg.com https://*.s3.amazonaws.com https://*.vimeo.com; object-src 'self' http://www.tampa.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.windows.net https://maps.floridadisaster.org https://*.tampa.gov https://*.tampagov.net https://*.google-analytics.com https://*.twitter.com https://*.googleapis.com https://www.googletagmanager.com https://serverapi.arcgisonline.com https://*.arcgis.com https://js-agent.newrelic.com https://cdn.syndication.twimg.com/ https://syndication.twitter.com https://bam.nr-data.net https://*.surveymonkey.com browser-update.org https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://*.list-manage.com https://*.google.com https://*.recollect.net https://pagecorrect.monsido.com https://spark.adobe.com https://cdn.apptoto.com blob: https://*.arcgis.com/ https://*.amazonaws.com/downloads.mailchimp.com/ https://kendo.cdn.telerik.com https://use.fontawesome.com/* https://*.vimeo.com https://connect.facebook.net/en_US/sdk.js acrobatservices.adobe.com cdn.jsdelivr.net https://app-script.monsido.com https://cdn.curator.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://controlpanel.opengov.com https://kit.fontawesome.com https://maps.googleapis.com https://polyfill-fastly.io https://translate.google.com https://unpkg.com https://use.fontawesome.com https://www.google.com maps.googleapis.com mdbootstrap.com; style-src 'self' 'unsafe-inline' https://cdn.curator.io https://translate.googleapis.com https://*.mailchimp.com https://recollect.a.ssl.fastly.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://apps.tampagov.net https://kendo.cdn.telerik.com https://vuetampaservices2.z13.web.core.windows.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://static2.sharepointonline.com https://unpkg.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' https://*.opengov.com; upgrade-insecure-requests 2 default-src 'self'; connect-src 'self' https://*.doubleclick.net/ https://*.googlesyndication.com/ https://analytics.google.com/ https://www.google-analytics.com/ https://api.hubapi.com/ https://csi.gstatic.com/ https://www.google.com/ccm/collect https://*.adtrafficquality.google/ https://www.google.com/recaptcha/; frame-src 'self' data: https://www.googleadservices.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.google.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://*.adtrafficquality.google/ https://www.instagram.com/ https://www.linkedin.com/; fenced-frame-src 'self' data:; media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.youtube.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.googletagservices.com/ https://diffuser-cdn.app-us1.com/ https://prism.app-us1.com/ https://trackcmp.net/ https://*.adtrafficquality.google/ https://www.instagram.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com/; img-src 'self' blob: data: https://api.eremedia.com/ https://googleads.g.doubleclick.net/ https://*.googlesyndication.com/ http://www.google.com/ https://i.ytimg.com/ https://www.googletagmanager.com/ https://fonts.gstatic.com/ https://*.adtrafficquality.google/; font-src 'self' https://fonts.gstatic.com/; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 2 script-src 'unsafe-eval' 'unsafe-inline' 'self' widget.trustpilot.com code.jquery.com maxcdn.bootstrapcdn.com js.createsend1.com ajax.googleapis.com maps.googleapis.com www.googleapis.com www.gstatic.com www.google.com analytics.google.com www.googletagmanager.com use.typekit.net www.google-analytics.com cse.google.com support.micron21.com www-2019.micron21.com www.micron21.com staging-2019.micron21.com www-2019.micron21.com staging.micron21.com support-staging.micron21.com cdnjs.cloudflare.com https://*.clarity.ms https://c.bing.com assets.calendly.com; style-src 'unsafe-inline' 'self' micron21.com www-2019.micron21.com www.micron21.com staging-2019.micron21.com staging.micron21.com maxcdn.bootstrapcdn.com cse.google.com support.micron21.com fonts.googleapis.com www.google.com cdnjs.cloudflare.com; img-src 'self' 'unsafe-inline' data: www.googletagmanager.com *; font-src 'self' data: maxcdn.bootstrapcdn.com support.micron21.com fonts.gstatic.com use.typekit.net; default-src 'self' widget.trustpilot.com www.youtube.com www.google.com support.micron21.com support-staging.micron21.com eform.pandadoc.com calendly.com https://*.clarity.ms https://c.bing.com; object-src 'none'; connect-src 'self' https://*.clarity.ms https://c.bing.com createsend.com support.micron21.com support-staging.micron21.com performance.typekit.net analytics.google.com www.google-analytics.com https://*.doubleclick.net https://*.google.com; worker-src 'self' widget.trustpilot.com maxcdn.bootstrapcdn.com www.google.com cse.google.com *.micron21.com; frame-src 'self' *.micron21.com widget.trustpilot.com www.google.com calendly.com *.youtube.com *.googletagmanager.com; frame-ancestors 'self' *.micron21.com 2 default-src 'self' https: data:; connect-src 'self' wss://*.tawk.to wss://ws.hotjar.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 2 default-src 'self' *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguardinvestor.co.uk *.vanguard.co.uk *.kampyle.com;base-uri 'self';font-src 'self' https: data: *.vanguard.com:* *.vgcontent.info:*;form-action 'self';frame-ancestors 'self';img-src 'self' data: vanguard.d2.sc.omtrdc.net *.amazon-adsystem.com www.facebook.com *.doubleclick.net www.google.com *.adservice.google.com *.ytimg.com sjs.bizographics.com *.linkedin.com snap.licdn.com P.adsymptotic.com insight.adsrvr.org *.vanguard.com:* *.vgcontent.info:* *.vanguard.com *.vanguard.co.uk ade.googlesyndication.com *.kampyle.com https://*.vanguardinvestor.co.uk https://alb.reddit.com https://match.adsrvr.org/ https://ib.adnxs.com;object-src 'none';script-src 'self' 'unsafe-inline' *.vgdynamic.info connect.facebook.net www.googleadservices.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net *.youtube.com/ *.vanguard.com:* *.vgcontent.info:* corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com *.kampyle.com https://*.vanguardinvestor.co.uk cdn.botframework.com/botframework-webchat/latest/webchat.js https://solutions.eu.invocacdn.com https://td.doubleclick.net https://www.redditstatic.com https://www.amcharts.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' *.vanguard.com:* *.vgcontent.info:* *.kampyle.com;connect-src *.demdex.net vanguard.d2.sc.omtrdc.net *.tt.omtrdc.net *.vanguard.com *.vanguard.co.uk static.vgcontent.info cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com corp-pmj.webt.vanguard.com corp-pmj-ukpi.web.vanguard.com corp-pmj-ukpi.webt.vanguard.com corp.etm.testassets.vgdynamic.info corp.etm.assets.vgdynamic.info corp.at2.assets.vgdynamic.info *.googlesyndication.com www.google.com googleads.g.doubleclick.net *.kampyle.com *.medallia.com *.medallia.eu 'self' https://*.vanguardinvestor.co.uk https://*.vanguardinvestor.com https://*.vanguard.com directline.botframework.com https://pnapi.eu.invoca.net https://ad.doubleclick.net https://google.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com;frame-src *.demdex.net *.youtube.com insight.adsrvr.org 'self' *.vanguard.com *.kampyle.com vanguard-pf-git-vgpf-prod-raindrop-tech.vercel.app vanguard-pf-git-vgpf-dev-raindrop-tech.vercel.app https://www.googletagmanager.com https://td.doubleclick.net https://4598102.fls.doubleclick.net https://13621799.fls.doubleclick.net;media-src;upgrade-insecure-requests 2 default-src 'self'; frame-ancestors 'self' https://prod-author.repsol.com/ https://www.todoluzygas.es/ areacliente.repsol.es waylet.es newdev-areacliente.cloudapp.repsol.com test-areacliente.cloudapp.repsol.com pre-areacliente.repsol.es pre-pidetubombona.repsol.es pidetubombona.repsol.es repsol.pt pro.areaclientemultienergia.es *.repsolluzugas.com *.repsol.com pre-beta-areacliente.klikinlabs.com; frame-src * ; media-src *; img-src * https://cdn.valuesportal.com https://log.adtraction.fail blob: data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://valuesportal.com https://cdn.adt356.com https://gtm.adt313.net https://cnv.adt632.com *.google-analytics.com *.analytics.google.com *.krxd.net www.google.com d3a.walmeric.com cdn.jsdelivr.net insight.adsrvr.org cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com sdk.inbenta.io up.pixel.ad static.ads-twitter.com secure-ds.serving-sys.com i.clarity.ms trc.taboola.com tr.outbrain.com bs.serving-sys.com embed.typeform.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com static-eu.oct8ne.com snap.licdn.com stories.adsocy.com 9000468.spxl.socy.es p1.socy.es repsol.my.site.com ai.trk42.net pro.areaclientemultienergia.es adtraction.net kwanko.com img.metaffiliation.com *.adobe.net jswebproduction.com Preciso.net 2trk.info cookieless-data.com sddan.com adnxs.com euob.isstarsbuilding.com c.amazon-adsystem.com obseu.isstarsbuilding.com s.kk-resources.com rum.hlx.page igodigital.com analytics.tiktok.com; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; object-src 'none' 2 default-src 'none'; img-src 'self'; 2 frame-ancestors 'self' https://*.acepta.com 2 frame-ancestors 'self' https://www.youtube.com/ 2 default-src 'none'; script-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.cookiebot.com *.cookiebot.eu *.marketo.net *.adition.com *.google.com assets.adobedtm.com connect.facebook.net snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com https://*.demdex.net https://*.youtube.com https://*.marketo.com https://cm.everesttech.net https://static.widget.trengo.eu https://stats.pusher.com https://assets.sitescdn.net https://assets.eu.sitescdn.net https://answers-embed.techem.de.pagescdn.com https://answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://*.mouseflow.com https://bat.bing.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://api.staging.pso-empfehlen.dev https://api.pso-empfehlen.net https://techem-empfehlen.de https://www.techem-empfehlen.de https://pso-empfehlen.staging.pso-vertrieb.de https://empfehlen-admin.pso-vertrieb.de https://*.etracker.com https://*.etracker.de https://static.xingcdn.com https://*.intuitioncreative-52.com https://fastly.jsdelivr.net https://cdn.jsdelivr.net https://podio.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.2o7.net *.omtrdc.net *.scene7.com *.techem.com https://*.marketo.com https://www.gstatic.com https://assets.sitescdn.net https://assets.eu.sitescdn.net; font-src 'self' *.2o7.net *.omtrdc.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.bunny.net https://cdn.jsdelivr.net data:; img-src 'self' *.2o7.net *.omtrdc.net blob: data: https: *.adspirit.de; frame-src 'self' *.2o7.net *.omtrdc.net *.cookiebot.com *.cookiebot.eu *.techem.com *.youtube.com *.yextpages.net *.marketo.com *.google.com *.googleadservices.com *.facebook.com https://*.demdex.net bid.g.doubleclick.net techem.prospective.de answers-embed.techem.de.pagescdn.com answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://techem-experts.rogsurvey.de https://techem-atlas.vercel.app https://podio.com blob:; manifest-src 'self'; connect-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.google.com *.googleadservices.com *.marketo.com *.facebook.com *.pusher.com *.friendlycaptcha.com *.mktoutil.com googleads.g.doubleclick.net https://cm.everesttech.net https://assets.adobedtm.com https://*.demdex.net https://*.mktoresp.com https://*.cookiebot.com https://*.cookiebot.eu https://*.trengo.eu https://*.amazonaws.com https://*.westeurope.logic.azure.com https://*.yext.com https://answers.yext-pixel.com https://cdn.linkedin.oribi.io https://*.mouseflow.com https://px.ads.linkedin.com https://analytics.techem.de https://www.eu.yextevents.com https://prod-cdn.eu.yextapis.com https://viewlicense.adobe.io/viewsdklicense/jwt https://*.etracker.de https://techem-empfehlen.de https://www.techem-empfehlen.de; media-src 'self' https://static.widget.trengo.eu https://*.scene7.com *.techem.com blob:; frame-ancestors 'self' https://techem.events.rooom.com https://www.rooom.com https://*.etracker.com *.edge.agora.io:6443 *.edge.agora.io:9591 *.edge.agora.io:9593 *.edge.sd-rtn.com:6443 *.edge.sd-rtn.com:9591 *.edge.sd-rtn.com:9593 webcollector-rtm.agora.io:6443 webcollector-rtm.agora.io:9591 webcollector-rtm.agora.io:9593 ; 2 connect-src 'self' wss://*.finance.yahoo.com/ https://*.cdn.yimg.com https://*.oath.com https://*.yahoo.com https://*.yahoo.net https://api.alyavista.com https://api.privacy-center.org https://bam.nr-data.net/ https://dpm.demdex.net/ https://guce.yahoofinance.com https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://s.yimg.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://smetrics.att.com/ https://files.quartr.com/streams/ https://b.trueanthem.com/ https://*.googlesyndication.com https://*.adtrafficquality.google https://*.3lift.com https://*.adsrvr.org https://*.casalemedia.com https://*.clean.gg https://*.criteo.com https://*.doubleclick.net https://*.indexww.com/ https://*.kueezrtb.com https://*.liadm.com https://*.lijit.com/ https://*.media.net https://*.openx.net https://*.pubmatic.com https://*.rubiconproject.com https://*.seedtag.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.yieldmo.com https://csi.gstatic.com https://pbs-yahoo-apac.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-us.ay.delivery https://static.criteo.net https://*.dns-finder.com https://api.rlcdn.com https://*.adnxs.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://s.yimg.com https://cdn.taboola.com; frame-ancestors 'self' https://www.aol.com https://www.aol.co.uk https://www.aol.de https://www.aol.ca https://*.ouryahoo.com https://local.cm.yahoo.com https://cm-ui.staging.yahoo.com https://cm-ui.yahoo.com; frame-src 'self' https://*.abcnews.go.com https://*.advertising.com https://*.bbc.co.uk https://*.chartbeat.com https://*.clicktivatedvideoplayer.com https://*.deezer.com https://*.delivery.vidible.tv https://*.dailymotion.com/ https://*.etonline.com https://*.facebook.com https://*.google.com https://*.hulu.com https://*.instagram.com https://*.jac.yahoosandbox.com https://*.livestream.com https://*.mtvnservices.com https://*.myfinance.com https://*.nbc.com https://*.nytimes.com https://*.oath.com https://*.reuters.com https://*.scribd.com https://*.smartasset.com https://*.soundcloud.com https://*.spotify.com https://*.ted.com https://*.theguardian.com https://*.tumblr.com https://*.turner.com https://*.usatoday.com https://*.vimeo.com https://*.washingtonpost.com https://*.wsj.com https://*.yahoo.com https://*.yahoo.net https://abcnews.go.com https://att.demdex.net/ https://bbc.co.uk https://cdn.yahoofinance.com/ https://chartbeat.com https://compass.pressekompass.net https://datawrapper.dwcdn.net https://delivery.vidible.tv https://embed.acast.com https://embed.music.apple.com https://embed.podcasts.apple.com https://embedder.wirewax.com https://flo.uri.sh/ https://flourish.studio https://guce.yahoofinance.com https://interactives.ap.org https://livestream.com https://platform.twitter.com https://s.yimg.com https://service.force.com/ https://smartasset.com https://tsdtocl.com/ https://view.ceros.com https://vimeo.com https://widget-yahoo.ofx.com https://www.bankrate.com https://www.credible.com https://www.surveymonkey.com https://www.youtube.com https://yahoo.crunchbaseembed.com https://yahoo.real-estate.hk https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.adtrafficquality.google https://www.googletagmanager.com https://*.1rx.io https://*.3lift.com https://*.a-mo.net https://*.adnxs.com https://*.adsrvr.org https://*.amazon-adsystem.com https://*.casalemedia.com https://*.cootlogix.com https://*.creativecdn.com https://*.criteo.com https://*.doubleclick.net https://*.emxdgt.com https://*.everesttech.net https://*.gumgum.com https://*.indexww.com https://*.kargo.com https://*.kueezrtb.com https://*.lijit.com https://*.media.net https://*.mediago.io https://*.openx.net https://*.pubmatic.com https://*.rfihub.com https://*.rubiconproject.com https://*.seedtag.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.trustedstack.com https://*.yellowblue.io https://*.yieldmo.com https://jadserve.postrelease.com/ https://yahoo-match.dotomi.com https://ad-delivery.net https://*.dns-finder.com; img-src 'self' data: blob: about: https://*.amazon-adsystem.com https://*.chartbeat.com https://*.chartbeat.net https://*.cloudfront.net/pixel.gif https://*.dotomi.com https://*.wc.yahoodns.net https://*.yahoo.com https://*.yahoo.net https://*.yimg.com https://media.zenfs.com https://o.aolcdn.com/images/dims https://pbs.twimg.com https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://platform.twitter.com https://public.flourish.studio/resources/ https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://s2.coinmarketcap.com/static/img/coins/ https://sb.scorecardresearch.com https://smetrics.att.com/b/ss/attnetprod/ https://syndication.twitter.com https://vop-yahoo.akamaized.net/pixel.gif https://www.facebook.com https://cdn.yodlee.com https://news-assets.stockstory.org https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://www.google.com/ads/measurement/l https://*.1rx.io https://*.3lift.com https://*.adnxs.com https://*.adsafeprotected.com/ https://*.adsrvr.org https://*.adtrafficquality.google https://*.casalemedia.com https://*.cootlogix.com https://*.creativecdn.com https://*.criteo.com https://*.disqus.com https://*.doubleclick.net https://*.emxdgt.com https://*.everesttech.net https://*.gumgum.com https://*.indexww.com/ https://*.kargo.com https://*.kueezrtb.com https://*.liadm.com https://*.lijit.com https://*.lijit.com/ https://*.media.net https://*.mediago.io https://*.openx.net https://*.pubmatic.com https://*.rfihub.com https://*.rubiconproject.com https://*.sharethrough.com https://*.sonobi.com https://*.taboola.com https://*.yellowblue.io https://*.yieldmo.com https://*.bidswitch.net https://api-taboola.com https://creativecdn.com https://prebid.a-mo.net https://ad-delivery.net https://*.dns-finder.com https://*.google-analytics.com https://*.googletagmanager.com; manifest-src 'self' https://s.yimg.com; media-src 'self' blob: https://s.yimg.com https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://files.quartr.com/streams/ https://vidstat.taboola.com; object-src 'none'; report-to csp-endpoint; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; sandbox allow-downloads allow-forms allow-modals allow-popups-to-escape-sandbox allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://launcher.spot.im https://*.oath.com https://*.salesforceliveagent.com/ https://*.yahoo.com https://*.yahoo.net https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/dcodeIO/protobuf.js/ https://ec.yimg.com/didomi/ https://jac.yahoosandbox.com/2.0.0/jac.js https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://openweb.jac.yahoosandbox.com/1.5.0/jac.js https://platform.twitter.com https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://s.yimg.com https://service.force.com/embeddedservice/5.0/ https://static.lightning.force.com/ https://static2.chartbeat.com https://*.adtrafficquality.google https://*.googlesyndication.com https://console.googletagservices.com/pubconsole/loader.js https://adservice.google.com/adsid/integrator.js https://cdn.ampproject.org/rtv/ https://www.googletagservices.com/activeview/js https://*.doubleclick.net https://*.taboola.com https://ads.pubmatic.com https://gum.criteo.com https://static.criteo.net https://wnsrvbjmeprtfrnfx.ay.delivery https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.yahoo.com https://cdn.taboola.com https://oathmembershipsupport.my.salesforce-sites.com/ https://platform.twitter.com https://s.yimg.com https://service.force.com/; worker-src 'self' blob: 2 default-src 'self'; script-src 'self' apis.mappls.com 'unsafe-eval' assets.adobedtm.com connect.facebook.net snap.licdn.com cdn.branch.io *.clarity.ms app.link 'unsafe-inline'; style-src 'self' apis.mappls.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' *.mapmyindia.com placehold.co media.tatacroma.com *.cloudfront.net data: blob: *.tatadigital.com *.clarity.ms cdn.sanity.io ik.imagekit.io px.ads.linkedin.com ad.doubleclick.net adservice.google.com c.bing.com media-ik.croma.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.mappls.com *.mapmyindia.com unpkg.com cdn.jsdelivr.net px.ads.linkedin.com *.api.sanity.io o4504451288334336.ingest.us.sentry.io *.branch.io *.clarity.ms *.tatadigital.com cdn.sanity.io; worker-src 'self' blob:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' vercel.live *.cookieyes.com cdn-cookieyes.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: blob: cdn.sanity.io *.cookieyes.com cdn-cookieyes.com; media-src 'self' data: blob: cdn.sanity.io; connect-src 'self' *.bfl.ai cdn.sanity.io *.api.sanity.io unpkg.com boards-api.greenhouse.io eu.i.posthog.com eu-assets.i.posthog.com eu.posthog.com *.cookieyes.com cdn-cookieyes.com; frame-src vercel.live *.cookieyes.com cdn-cookieyes.com; frame-ancestors 'none' 2 frame-ancestors 'self' 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.intercomcdn.com https://widget.intercom.io https://code.jquery.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://region1.analytics.google.com; child-src 'self'; media-src 'self'; frame-src 'self' https://www.google.com https://www.gstatic.com https://app.livestorm.co https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://*.datablocks.se https://*.addthis.com https://consent.cookiebot.com/ https://consent.cookiebot.eu/uc.js https://consentcdn.cookiebot.com https://websolutions.ne.cision.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://static.cloudflareinsights.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.datablocks.se https://cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.eu https://*.datablocks.se https://*.mfn.se https://google.se https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://publish.ne.cision.com https://*.analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cloudflareinsights.com; font-src 'self' data: https://*.datablocks.se https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.eu https://*.doubleclick.net https://consentcdn.cookiebot.com https://www.google.com https://player.vimeo.com; img-src 'self' data: https://*.datablocks.se https://secure.gravatar.com https://imgsct.cookiebot.com https://img.sct.eu1.usercentrics.eu https://pixel-geo.prfct.co https://www.google.com https://px.ads.linkedin.com https://*.lfeeder.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.se https://cloudflareinsights.com; manifest-src 'self'; media-src 'self' https://*.akamaized.net https://vimeo.com https://*.vimeo.com https://widget-v4.tidiochat.com; worker-src 'self' blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.milliman.com https://www.googletagmanager.com https://www.google-analytics.com https://www.buzzsprout.com https://bat.bing.com https://js.driftt.com https://js.adsrvr.org https://solutions.invocacdn.com https://milliman.aiproxies.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://analytics.cdn.aimediagroup.com https://pnapi.invoca.net https://googleads.g.doubleclick.net https://analytics.aimediagroup.com https://maps.googleapis.com https://snap.licdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://public.tableau.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://static.hotjar.com https://script.hotjar.com https://static.cloud.coveo.com https://siteimproveanalytics.com https://www.clarity.ms https://players.brightcove.net https://vjs.zencdn.net https://tagassistant.google.com https://unpkg.com/aos@next/ https://js.zi-scripts.com; img-src 'self' data: https://*.milliman.com https://assets.buzzsprout.com https://www.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://cf-images.us-east-1.prod.boltdns.net https://analytics.aimediagroup.com https://milliman.aiproxies.com https://www.google.com https://www.google.ca https://match.adsrvr.org https://maps.googleapis.com https://maps.gstatic.com *.googleapis.com *.ggpht https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://www.youtube.com https://public.tableau.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://*.siteimproveanalytics.io https://metrics.brightcove.com https://edge.sitecorecloud.io https://fonts.gstatic.com https://px4.ads.linkedin.com https://dashboard.aidps.xyz; style-src 'self' 'unsafe-inline' https://*.milliman.com https://fonts.googleapis.com https://cloud.typenetwork.com https://assets.buzzsprout.com https://platform.twitter.com https://ton.twimg.com https://edge-platform.sitecorecloud.io https://www.googletagmanager.com https://unpkg.com/aos@next/; font-src 'self' 'unsafe-inline' data: https://*.milliman.com https://fonts.gstatic.com https://cloud.typenetwork.com https://ton.twimg.com https://fastly-cloud.typenetwork.com; frame-src 'self' https://webforms-qa.milliman.com https://webforms.milliman.com https://www.arcgis.com https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://insight.adsrvr.org https://app.powerbi.com https://js.driftt.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://td.doubleclick.net/ https://twitter.com https://platform.twitter.com https://html5-player.libsyn.com https://bid.g.doubleclick.net https://www.youtube.com https://public.tableau.com https://vars.hotjar.com https://syndication.twitter.com https://milliman.aiproxies.com https://*.vimeo.com https://app.netlify.com/ https://www.googletagmanager.com; child-src 'self' https://webforms-qa.milliman.com https://webforms.milliman.com https://*.milliman.com https://players.brightcove.net https://www.buzzsprout.com https://app.powerbi.com https://milliman.maps.arcgis.com https://*.makeaclickablemap.com https://makeaclickablemap.com https://www.google.com https://assets.milliman.com https://milliman-milwaukee-reports.azurewebsites.net https://twitter.com https://www.twitter.com html5-player.libsyn.com https://bid.g.doubleclick.net blob:; connect-src 'self' https://millimanproductionmo4t0l69.org.coveo.com https://*.milliman.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://edge-platform.sitecorecloud.io https://assets5.lottiefiles.com https://*.analytics.org.coveo.com https://*.clarity.ms https://lottie.host https://assets9.lottiefiles.com https://millimannonproduction1gm81sp5s.org.coveo.com https://millimannonproduction1gm81sp5s.analytics.org.coveo.com https://millimanproductionmo4t0l69.org.coveo.com https://millimanproductionmo4t0l69.analytics.org.coveo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com https://pnapi.invoca.net https://bam.nr-data.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://usageanalytics.coveo.com https://platform.cloud.coveo.com https://www.milliman.com https://us.milliman.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://maps.googleapis.com https://milliman.aiproxies.com https://geolocation.onetrust.com https://secure.adnxs.com https://edge-platform.sitecorecloud.io https://edge.api.brightcove.com https://*.boltdns.net https://*.akamaihd.net https://edge.sitecorecloud.io https://www.google.com https://*.brightcovecdn.com https://js.zi-scripts.com https://ws.zoominfo.com; media-src 'self' https://*.milliman.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://*.brightcovecdn.com blob:; upgrade-insecure-requests; block-all-mixed-content; 2 default-src https:; img-src 'self' data: cdn.cookielaw.org cookie-cdn.cookiepro.com i.vimeocdn.com maps.gstatic.com *.googleapis.com *.ggpht.com *.linkedin.com *.google.com *.google.co.in *.google.com.sg *.crazyeggcdn.com *.crazyegg.com *.google.ca; script-src 'self' admin.ceros.com *.preview.ceros.com sharejs.ceros.com 104.18.33.58 172.64.154.198 172.64.144.4 104.18.43.252 view.ceros.com tools.euroland.com *.googleadservices.com *.google.com *.googleapis.com *.gstatic.com vimeo.com *.vimeo.com *.worley.com snap.licdn.com *.pardot.com *.googletagmanager.com *.doubleclick.net *.crazyegg.com cdn.cookielaw.org cookie-cdn.cookiepro.com 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' fonts.googleapis.com *.typekit.net *.crazyegg.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com *.typekit.net; media-src i.vimeocdn.com *.crazyegg.com; object-src i.vimeocdn.com; upgrade-insecure-requests; block-all-mixed-content; 2 upgrade-insecure-requests; frame-ancestors 'self' *.wso2.com choreo.dev; 2 img-src * data:; frame-ancestors 'self' 2 default-src 'none'; object-src 'none'; script-src 'self' https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud; style-src 'self' 'unsafe-inline' https://*.chargebee.com https://*.chargebeestatic.com; img-src 'self' data: https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com https://*.openproject.org https://openproject.org; media-src 'self' data: https://*.openproject.org https://openproject.org https://openproject-docs.s3.eu-central-1.amazonaws.com; frame-src 'self' https://js.chargebee.com https://www.youtube-nocookie.com https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud https://opf.github.io; font-src 'self'; connect-src 'self' https://api.github.com/repos/opf/openproject https://*.openproject.com https://*.openproject.org https://openproject.matomo.cloud 2 default-src 'self' telit.com *.telit.com telit.di.partsearch.oemsecretsapi.com *.oemsecrets.com blob: bing.com *.bing.com licdn.com google-analytics.com *.google-analytics.com demandbase.com *.demandbase.com company-target.com *.company-target.com *.licdn.com *.recaptcha.net recaptcha.net gstatic.com *.gstatic.com google.com youtube-nocookie.com *.youtube-nocookie.com youtube.com *.youtube.com ggpht.com *.ggpht.com googleapis.com *.googleapis.com ytimg.com *.ytimg.com *.doubleclick.net googletagmanager.com *.googletagmanager.com pardot.com *.pardot.com osano.com *.osano.com *.sharethis.com sharethis.com driftt.com *.driftt.com oribi.io *.oribi.io linkedin.com *.linkedin.com rlcdn.com *.rlcdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat gravatar.com *.gravatar.com w.org *.w.org wpengine.com *.wpengine.com yoast.com *.yoast.com jsdelivr.net *.jsdelivr.net wistia.com *.wistia.com helpscout.net *.helpscout.net *.litix.io litix.io cloudfront.net *.cloudfront.net *.devmobo.com cinterion.com *.cinterion.com securityscorecard.com *.securityscorecard.com *.googlesyndication.com googlesyndication.com *.facebook.net *.facebook.com *.alicdn.com *.typekit.net *.vimeo.com *.indeed.com *.killadsapi.com *.zi-scripts.com *.zoominfo.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://telit-newsletter.devmobo.com/l.php; base-uri 'self';frame-ancestors 'self' 2 frame-ancestors 'none'; report-uri https://prod-fhs-rn-csp-service.rbictg.com/csp; report-to csp-endpoint 2 default-src 'self' data: webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com px.ads.linkedin.com cdn.linkedin.oribi.io region1.analytics.google.com varta.matomo.cloud metrics.hotjar.io csmetrics.hotjar.com content.hotjar.io wss://ws.hotjar.com wss://wsp19.hotjar.com csmetrics.hotjar.com wss://ws32.hotjar.com wss://ws5.hotjar.com in.hotjar.com csp.withgoogle.com www.salesviewer.com salesviewer.org dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com www.facebook.com region1.google-analytics.com maps.googleapis.com stats.g.doubleclick.net www.google-analytics.com irs.tools.investis.com static.b-ite.com www.youtube.com jobs.b-ite.com config1.veinteractive.com cookiee1.veinteractive.com sessionapi.veinteractive.com dtrc.veinteractive.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: files.qualifio.com data: webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com snap.licdn.com script.hotjar.com static.hotjar.com clients1.google.com cse.google.com dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com connect.facebook.net maps.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net www.youtube.com static.b-ite.com cs-assets.b-ite.com config1.veinteractive.com https://partner.googleadservices.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; font-src 'self' 'unsafe-inline' data: dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com fonts.gstatic.com googleads.g.doubleclick.net; img-src 'self' 'unsafe-inline' data: https://stats.g.doubleclick.net biz2.service.varta-ag.com connect.facebook.net www.linkedin.com px.ads.linkedin.com region1.analytics.google.com cse.google.com clients1.google.com www.googleapis.com ssl.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com fonts.gstatic.com dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com www.varta-microbattery.com www.facebook.com biz.service.varta-consumer.com cs-assets.b-ite.com https://google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.de https://region1.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com; style-src https: 'unsafe-inline' dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com; frame-src 'self' dev-varta-ag.varta-ag.com www.varta-ag.com www.varta.de www.powerone-household.com dev-powerone-household.varta-ag.com www.v4smart.com clearon.qualifioapp.com driveuploader.com www.google.com irs.tools.investis.com www.youtube-nocookie.com www.youtube.com vartastoragegmbh.myfreshworks.com https://www.googletagmanager.com https://td.doubleclick.net; frame-ancestors 'self' dev-varta-ag.varta-ag.com www.varta-ag.com https://varta-sales-spot.hald.de https://sales-spot.varta-ag.com; child-src blob: 'self' vars.hotjar.com cse.google.com dev-varta-ag.varta-ag.com www.varta-ag.com dev.varta-ag.com www.youtube-nocookie.com www.youtube.com config1.veinteractive.com www.google.com cdn.matomo.cloud irs.tools.investis.com webform-euc.freshsales.io euc-assets.freshsales.io vartastoragegmbh.myfreshworks.com; connect-src https://www.powerone-household.com https://dev-powerone-household.varta-ag.com https://www.youtube-nocookie.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://px.ads.linkedin.com https://salesviewer.org https://www.varta-ag.com https://dev-varta-ag.varta-ag.com https://jobs.b-ite.com https://content.hotjar.io wss://ws.hotjar.com https://www.youtube.com/iframe_api; 2 frame-ancestors 'self' https://www.steris.com https://ww1.steris.com https://healthcaredesign.steris.com https://gateway.steris.com https://sitecore-healthcare-xm-centralus-prod-cd.azurewebsites.net/; 2 script-src *.buckaroo.io https://*.cookiebot.com/ https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hsadspixel.net/ https://*.hs-banner.com/ https://*.hsforms.net/ https://*.hs-scripts.com/ https://*.hubspot.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'self' 'unsafe-eval' 'unsafe-inline';img-src *.buckaroo.io *.clarity.ms *.googlesyndication.com *.gstatic.com data: https://*.cookiebot.com/ https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hsforms.com https://*.hubspot.com/ https://*.usercentrics.eu/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://px.ads.linkedin.com https://via.placeholder.com/ https://www.facebook.com/ https://www.google.nl https://www.google-analytics.com/ https://www.googletagmanager.com/ 'self';script-src-elem *.clarity.ms *.googleadservices.com *.kapa.ai https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.hotjar.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://*.hs-banner.com/ https://*.hscta.net/ https://*.hsforms.net/ https://*.hs-scripts.com/ https://*.hubspot.com/ https://*.leadinfo.net/ https://*.marketingautomation.services/ https://*.usemessages.com/ https://connect.facebook.net/ https://snap.licdn.com https://unpkg.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'self' 'unsafe-inline';connect-src *.clarity.ms *.googlesyndication.com *.kapa.ai https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.formstack.io/ https://*.google.com/ https://*.google-analytics.com https://*.hsforms.com https://*.hubapi.com https://*.hubspot.com/ https://*.leadinfo.com/ https://*.leadinfo.net/ https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app/ https://lottie.host https://px.ads.linkedin.com https://www.facebook.com/ https://www.google.nl 'self';frame-src *.hsforms.net https://*.cookiebot.com/ https://*.cookiebot.eu https://*.doubleclick.net/ https://*.google.com/ https://*.hsforms.com https://*.hubspot.com/ https://new10.com/ https://player.vimeo.com/ https://www.googletagmanager.com/ https://www.youtube.com/ 'self';font-src data: https://designlibrary.tres.nl/ https://fonts.gstatic.com/ 'self';style-src https://*.formstack.io/ https://fonts.googleapis.com/ 'self' 'unsafe-inline';base-uri 'self';default-src 'self';manifest-src 'self';media-src 'self';report-uri https://buckaroo.report-uri.com/r/t/csp/reportOnly 2 script-src 'self' *.amnhealthcare.com dl.episerver.net maps.googleapis.com www.youtube.com unpkg.com script.crazyegg.com *.cloudfront.net *.cookielaw.org d10lpsik1i8c69.cloudfront.net secure.quantserve.com api.amnhealthcare.io bat.bing.com app.leadsrx.com *.americanmobile.com rules.quantcount.com *.pardot.com js.adsrvr.org snap.licdn.com dev.visualwebsiteoptimizer.com www.google.com assets.adobedtm.com www.googletagmanager.com js.zi-scripts.com www.gstatic.com twin-iq.kickfire.com www.rumiview.com *.amnhealthcare.com www.medtargetsystem.com match.deepintent.com trc.lhmos.com newton.newtonsoftware.com recruitingbypaycor.com apply.indeed.com cdn.botframework.com ajax.googleapis.com connect.facebook.net static.ads-twitter.com ssl.luckyorange.com analytics.click2apply.net adservice.google.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com analytics.tiktok.com tag.demandbase.com ct.pinterest.com *.formsite.com cdn.optimizely.com js.monitor.azure.com www.clarity.ms *.cdn.optimizely.com cdn-assets-prod.s3.amazonaws.com app.optimizely.com apps.usw2.pure.cloud scripts.clarity.ms 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: 'unsafe-inline'; worker-src 'self' blob:; 2 default-src 'self' *.fontawesome.com *.cloudflare.com https://www.youtube.com https://destinilocators.com *.typekit.net *.gstatic.com data:; frame-src 'self' https://* *.sitescout.com *.knotch.it *.adobedtm.com *.amazon-adsystem.com *.pinterest.com *.doubleclick.net *.addtoany.com *.addthis.com *.addthisedge.com *.adsrvr.org https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com https://destinilocators.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.linkedin.com *.sitescout.com *.tysonfoodservice.com *.tyson.com *.youtube.com www.facebook.com *.gstatic.com *.googleapis.com *.pinterest.com www.google.com www.google.com.mx www.googletagmanager.com www.google-analytics.com *.typekit.net i.ytimg.com data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.marketo.com https://www.googleoptimize.com *.cloudflare.com *.adobedtm.com *.pinimg.com *.hotjar.com *.amazonaws.com *.addtoany.com *.moatads.com https://connect.facebook.net https://assets.pinterest.com https://rawgit.com https://unpkg.com *.googleapis.com *.addthisedge.com *.addthis.com https://mpsnare.iesnare.com https://code.jquery.com *.adsrvr.org https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com *.typekit.net https://destinilocators.com data:; connect-src 'self' 'unsafe-inline' data: https://* *.swiftype.com *.demdex.net *.pinterest.com *.hotjar.io *.googleapis.com *.doubleclick.net *.amazonaws.com www.google-analytics.com; style-src 'self' 'unsafe-inline' blob: data: https://* *.fontawesome.com *.typekit.net *.jsdelivr.net *.typography.com *.cloudflare.com *.bootstrapcdn.com *.cloudfare.com *.myfonts.net *.googleapis.com; base-uri 'self'; form-action 'self'; 2 frame-ancestors 'self' https://*.axfood.se https://*.willys.se https://*.hemkop.se 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: ; worker-src 'self' blob: ; 2 frame-ancestors 'self' *.ag2rlamondiale.fr *.ppalm.fr; report-uri /csp-rapport; 2 connect-src 'self' https://* http://* wss://* 2 default-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; style-src 'self' *.sprinklr.com 'sha256-xM5aT+st2wk4RUcvDSyRgoWcTmBzODNcHHg+JKm7FtI=' 2 default-src http: data: 'unsafe-inline' 'unsafe-eval' wss://ws.hotjar.com 2 frame-ancestors 'self' https://bisav2.baloise.lu/ https://acc-bisav2.baloise.lu/ https://int-bisaapp-lu.balgroupit.com/ 2 frame-ancestors 'self'; report-uri https://www.ge.com/report-uri/enforce 2 default-src 'self' *.6sc.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com apis.google.com *.cloudflare.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api *.pardot.com *.demandbase.com my.hellobar.com snap.licdn.com bat.bing.com *.doubleclick.net *.healthstream.com *.crazyegg.com *.driftt.com *.zoominfo.com *.clarity.ms www.clickcease.com *.ceros.com scout-cdn.salesloft.com https://cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js *.mountain.com https://js-agent.newrelic.com *.cookiebot.com www.youtube.com www.googleadservices.com www.google.com/jsapi www.gstatic.com healthstream.formstack.com sdk.signupgenius.com https://dec.azureedge.net cdn.ampproject.org *.cloudfront.net cdn.prod.website-files.com cdn.prod.website-files.com https://www.google.com/recaptcha/api.js https://cdn.jsdelivr.net https://cdn.intellimize.co/snippet/117301488.js j.6sc.co tr.capterra.com cdn.propensity.com https://cdn.propensity.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.google.com *.googleapis.com *.gstatic.com *.crazyegg.com https://dec.azureedge.net my.hellobar.com *.typekit.net web-chat.nativechat.com cdn.prod.website-files.com cdn.prod.website-files.com; img-src 'self' data: blob: *.gstatic.com *.google-analytics.com *.google.com *.googleapis.com *.google.ca www.googletagmanager.com www.facebook.com www.linkedin.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png px.ads.linkedin.com *.crazyegg.com *.ads.linkedin.com *.clarity.ms c.bing.com bat.bing.com bat.bing.net aorta.clickagy.com tr-rc.lfeeder.com https://dec.azureedge.net imgsct.cookiebot.com *.healthstream.com brand-assets.capterra.com *.hellobar.com click.s12.exacttarget.com googleads.g.doubleclick.net *.ytimg.com cdn.prod.website-files.com cdn.prod.website-files.com connect.facebook.net b.6sc.co; font-src 'self' data: fonts.gstatic.com go.pardot.com cdn.prod.website-files.com cdn.prod.website-files.com use.typekit.net; frame-src 'self' data: *.googletagmanager.com *.pardot.com *.healthstream.com *.doubleclick.net *.google.com consentcdn.cookiebot.com *.crazyegg.com *.facebook.com *.g2.com *.ceros.com https://healthstream.formstack.com healthstream.tfaforms.net *.driftt.com datainsights-cdn.dm.aws.gartner.com https://www.youtube.com *.signupgenius.com cdn.embedly.com 117301488.intellimizeio.com; connect-src 'self' accounts.google.com *.google-analytics.com www.google.com *.doubleclick.net *.crazyegg.com hs.healthstream.com go.pardot.com *.clarity.ms cdn.linkedin.oribi.io ws.zoominfo.com analytics.google.com pagead2.googlesyndication.com px.ads.linkedin.com scout.salesloft.com www.redditstatic.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 bam.nr-data.net google.com *.cookiebot.com *.bing.com googletagmanager.com api.hellobar.com pro.ip-api.com sugapi.signupgenius.com sdk.signupgenius.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.11/iframeResizer.map https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js.map *.algolia.net www.facebook.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.1/iframeResizer.map https://*.intellimize.co/ https://bat.bing.net/ c.6sc.co ipv6.6sc.co *.6sense.com ct.capterra.com https://analytics.propensity-abm.com https://a.usbrowserspeed.com; media-src 'self' data: blob: *.youtube.com; child-src 'self' blob: https://www.youtube.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com; form-action 'self' healthstream--hstm.my.salesforce.com webto.salesforce.com *.facebook.com; frame-ancestors 'self' 2 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; connect-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; media-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream: blob:; manifest-src *; navigate-to *; base-uri *; upgrade-insecure-requests 2 base-uri 'self'; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://maps.gstatic.com https://script.hotjar.com/ https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://picsum.photos https://rs.fullstory.com https://edge.fullstory.com https://edge.eu1.fullstory.com https://fullstory.com https://*.fullstory.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://static.hotjar.com https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://cloudflareinsights.com https://rs.fullstory.com https://edge.fullstory.com https://edge.eu1.fullstory.com https://fullstory.com https://*.fullstory.com ws://localhost:24678/; frame-src 'self' https://www.youtube.com/ https://td.doubleclick.net https://www.googletagmanager.com; script-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://static.hotjar.com https://script.hotjar.com/ https://in.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io/ https://vc.hotjar.io/ https://metrics.hotjar.io/ https://static.cloudflareinsights.com https://rs.fullstory.com https://edge.fullstory.com https://edge.eu1.fullstory.com https://fullstory.com https://*.fullstory.com 'unsafe-inline' 'unsafe-eval' 2 block-all-mixed-content; frame-ancestors 'self' *.securityscorecard.com *.securityscorecard.camp *.cookiebot.com https://job-boards.greenhouse.io; default-src 'self'; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: *.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com *.cookiebot.com *.datadoghq-browser-agent.com https://job-boards.greenhouse.io blob: data: https:; style-src 'self' 'unsafe-inline' *.qualified.com https:; font-src 'self' *.securityscorecard.com *.securityscorecard.camp *.auryc.com data: https:; frame-src 'self' *.qualified.com www.googletagmanager.com https: https://job-boards.greenhouse.io; connect-src 'self' *.securityscorecard.com *.securityscorecard.camp *.crazyegg.com *.cookiebot.com *.qualified.com wss://*.qualified.com *.auryc.com *.browser-intake-datadoghq.com https: https://job-boards.greenhouse.io; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src *.qualified.com https://job-boards.greenhouse.io; 2 frame-ancestors 'self' *.zs.com https://zsprize.zs.com/; frame-src https://app.altrulabs.com/ *.surveymonkey.com https://acdn.adnxs.com/ *.google.com *.ampproject.org *.vimeo.com *.adobe.com *.zs.com *.hotjar.com *.doubleclick.net *.facebook.com *.demdex.net *.youtube.com *.buzzsprout.com *.ceros.com *.company-target.com https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googletagmanager.com/; img-src https://tag.simpli.fi/ *.adnxs.com https://acdn.adnxs.com/ https://i.vimeocdn.com/ *.zs.com 'self' https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com *.bing.com https://www.googleadservices.com *.clarity.ms *.smassets.net *.twitter.com *.cookielaw.org *.ampproject.org *.scene7.com *.company-target.com https://match.prod.bidr.io *.doubleclick.net *.google.com *.google.co.in *.linkedin.com *.google-analytics.com *.facebook.com https://t.co *.adsymptotic.com *.akamaihd.net https://zs.sc.omtrdc.net *.everesttech.net *.ytimg.com *.googletagmanager.com *.demdex.net *.rlcdn.com; style-src 'self' 'unsafe-inline' https://www.google.co.in/ https://acdn.adnxs.com/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.jsdelivr.net *.ampproject.org *.buzzsprout.com *.zs.com; font-src 'self' https://www.google.co.in/ https://acdn.adnxs.com/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acdn.adnxs.com/ https://player.vimeo.com/ https://code.jquery.com/jquery-3.5.0.min.js https://i.simpli.fi/ https://pixel.byspotify.com/ping.min.js https://tag.simpli.fi/ *.clarity.ms *.bing.com *.googleapis.com https://cdn.jsdelivr.net https://flow.cience.com *.surveymonkey.com *.go-mpulse.net *.gstatic.com *.google.com *.ampproject.org *.zs.com *.adobe.com *.adobedtm.com *.googletagmanager.com *.demandbase.com https://www.googleadservices.com *.youtube.com *.doubleclick.net *.licdn.com *.google-analytics.com *.ads-twitter.com https://s.ytimg.com *.facebook.net *.hotjar.com *.cookielaw.org *.marketo.net https://analytics.twitter.com *.onetrust.com *.akamaihd.net *.buzzsprout.com https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com *.ceros.com *.zs.com; connect-src https://pixels.spotify.com/ *.adnxs.com https://www.google.co.in/ https://www.faceook.com/ https://acdn.adnxs.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://pagead2.googlesyndication.com https://assets.adobedtm.com *.linkedin.com *.clarity.ms 'self' *.akstat.io/ *.go-mpulse.net *.bing.com https://vimeo.com/ https://flow.cience.com https://flow.cience.com/api/v1/event* https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.facebook.com/privacy_sandbox/topics/registration* https://bat.bing.net/actionp/0?ti=343128404&Ver=2&mid=e17b58ce-5a61-4fbe-b4d4-11b0dee2e440&bo=2&evt=consent&src=default&cdb=AQET&asc=D https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt* *.demandbase.com *.linkedin.oribi.io *.google.com *.ampporject.org *.ampproject.org *.company-target.com *.tt.omtrdc.net *.cookielaw.org *.mktoresp.com *.google-analytics.com *.hotjar.com *.doubleclick.net *.demdex.net *.omtrdc.net *.hotjar.io https://google.com/; worker-src blob:; 2 frame-ancestors 'self'; default-src https: data: blob: wss:; object-src 'none'; upgrade-insecure-requests; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; connect-src https: wss:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; worker-src 'self' blob:; 2 frame-ancestors 'self' https://teams.microsoft.com ; 2 default-src 'none' ; script-src 'self' 'unsafe-inline' https://princestrust-opa--upgrade.custhelp.com https://partner-tools.moneyadviceservice.org.uk https://debt-advice-locator.moneyhelper.org.uk https://tool.moneyhelper.org.uk https://tools.moneyhelper.org.uk https://static.hotjar.com https://script.hotjar.com https://cc.cdn.civiccomputing.com https://www.gstatic.com https://www.google.com https://kit.fontawesome.com https://princestrust.widget.custhelp.com https://js.stripe.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://snap.licdn.com https://s7.addthis.com https://static.hotjar.com https://static.hotjar.io https://script.hotjar.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.silktide.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://www.rnengage.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://fonts.googleapis.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://princestrust.widget.custhelp.com; img-src 'self' data: https://i.ytimg.com https://www.fundraisingregulator.org.uk https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://www.linkedin.com https://downloads.ctfassets.net https://images.ctfassets.net https://downloads.ctfassets.net https://maps.gstatic.com https://maps.googleapis.com https://img.youtube.com https://www.google.co.uk https://www.google.co.in https://www.google.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.rnengage.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://fonts.gstatic.com; connect-src 'self' https://analytics-ipv6.tiktokw.us https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://metrics.hotjar.io https://surveystats.hotjar.io https://ask.hotjar.io https://static.hotjar.io https://static.hotjar.com https://www.google.com https://candidateportal.kingstrust.org.uk https://api.getthedata.com https://www.googleapis.com https://clapi.civiccomputing.com https://apikeys.civiccomputing.com https://candidateportal.princestrust.org.uk https://pagead2.googlesyndication.com https://graphql.contentful.com https://downloads.ctfassets.net https://images.ctfassets.net https://ka-p.fontawesome.com https://api.stripe.com https://drzyrklbmz-dsn.algolia.net https://drzyrklbmz-1.algolianet.com https://drzyrklbmz-2.algolianet.com https://drzyrklbmz-3.algolianet.com https://maps.googleapis.com https://fonts.gstatic.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.tiktok.com https://cdn.linkedin.oribi.io https://vc.hotjar.io https://a.eu.silktide.com wss://ws.hotjar.com https://content.hotjar.io https://princestrust-opa--uat.custhelp.com https://princestrust--uat.custhelp.com https://princestrust-opa.custhelp.com https://js.stripe.com https://px.ads.linkedin.com; frame-src https://debt-advice-locator.moneyhelper.org.uk https://tool.moneyhelper.org.uk https://tools.moneyhelper.org.uk https://www.googletagmanager.com https://www.google.com https://princestrust-opa--uat.custhelp.com https://princestrust-opa.custhelp.com https://princes-trust-digital.co.uk https://js.stripe.com https://hooks.stripe.com https://partner-tools.moneyadviceservice.org.uk https://r1.dotdigital-pages.com https://www.youtube.com https://*.doubleclick.net https://www.getmyfirstjob.co.uk https://www.facebook.com/ *.google.com; media-src https://assets.ctfassets.net https://videos.ctfassets.net; 2 default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 2 frame-ancestors 'self' *.quattropod.com quattropod.com *.quattropod.com.cn quattropod.com.cn ezcast-pro.com 2 frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com https://play.vidyard.com/ https://td.doubleclick.net/ https://*.api.useinsider.com/; 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src *; img-src * 'self' http: https: data:; frame-src *; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self' *.hsforms.com; object-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 2 frame-ancestors 'self' recaptcha.net www.recaptcha.net csp.withgoogle.com withgoogle.com play.google.com https://play.google.com youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk sgtm.axa.co.uk https://sgtm.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com open.spotify.com https://open.spotify.com spotify.com https://insight.adsrvr.org insight.adsrvr.org https://match.adsrvr.org match.adsrvr.org; frame-src 'self' recaptcha.net www.recaptcha.net csp.withgoogle.com withgoogle.com https://a247752487.cdn.optimizely.com https://247752487.cdn.optimizely.com https://a247752487.cdn-pci.optimizely.com sgtm.axa.co.uk https://sgtm.axa.co.uk/ https://play.google.com youtube.com www.youtube.com https://www.youtube.com cloud.mail.axa.co.uk soundcloud.com w.soundcloud.com api.soundcloud.com https://www.google.com widget.trustpilot.com open.spotify.com https://open.spotify.com spotify.com https://insight.adsrvr.org insight.adsrvr.org https://match.adsrvr.org match.adsrvr.org https://v4in1-ti.click4assistance.co.uk https://csp.withgoogle.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com; 2 frame-ancestors *.trabajando.com *.trabajando.cl *.gpsrrhh.com wlogger.trabajando.com; 2 default-src https: wss: ws: data: blob: 'self'; script-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; style-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; frame-src 'self' blob: https:; object-src 'self' blob:; 2 default-src 'self'; script-src 'self' *.livechatinc.com *.mouseflow.com https://*.googletagmanager.com https://challenges.cloudflare.com https://maps.googleapis.com https://fonts.google.com; connect-src 'self' *.livechatinc.com *.mouseflow.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleapis.com https://maps.googleapis.com https://ipapi.co controlpanel.voipfone.co.uk api.voipfone.co.uk controlpanel.voipfone.co.uk api.voipfone.co.uk controlpanel.voipfone.co.uk api.voipfone.co.uk controlpanel.voipfone.co.uk api.voipfone.co.uk controlpanel.voipfone.co.uk api.voipfone.co.uk; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; child-src 'self' *.livechatinc.com; frame-src 'self' *.livechatinc.com https://*.google.com https://challenges.cloudflare.com https://www.youtube.com; frame-ancestors 'none'; font-src 'self' https://fonts.gstatic.com; report-uri https://api.voipfone.co.uk/v1/csp-report; report-to csp-report 2 default-src 'self'; connect-src 'self' https://api.newsletter2go.com; frame-ancestors 'self'; form-action 'self'; img-src 'self' https://files.newsletter2go.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.newsletter2go.com; style-src 'self' 'unsafe-inline'; 2 frame-ancestors 'self' lhg.hubwoo.com; 2 frame-ancestors 'self' https://picnic.app https://jobs.picnic.app 2 default-src 'self' https: data: blob:; frame-ancestors 'self' https://web.telegram.org https://*.t.me https://*.telegram.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://telegram.org https://*.telegram.org https:; connect-src 'self' https: wss:; img-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https:; 2 frame-ancestors 'self' https://codepen.io https://cdpn.io https://qatarairways.com https://qatarairways.com.qa https://*.qatarairways.com https://*.qatarairways.com.qa https://www.katara.net https://genevamotorshow.com https://*.discoverqatar.qa https://discoverqatar.qa https://dq-staging-b2b.vibe.travel https://dq-staging-b2c.vibe.travel https://*.qf.org.qa https://staging-czg5cuhcbfd4a7fc.z01.azurefd.net https://educationcity.qa https://mappdev.educationcity.qa https://*.decc.qa https://www.the-afc.com https://www.katarahospitality.com https://qnb.com 2 default-src https: 'self' blob:;script-src https: 'unsafe-inline' 'unsafe-eval' 'self';script-src-elem https: 'self' 'unsafe-inline';object-src https: 'self' blob:;frame-src 'self' blob: https:;style-src 'unsafe-inline' https: data: 'self';font-src https: data:;img-src * data: 'self';connect-src https: wss://*.liveperson.net wss://tsock.us1.twilio.com/v3/wsconnect wss://*.usw2.pure.cloud wss://intercept-api.questionpro.com; frame-ancestors https://embed.questionpro.com; 2 frame-ancestors 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://ssl.google-analytics.com http://maps.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.plyr.io https://www.youtube.com https://pennyelectra.com https://*.azureedge.net https://*.dynamics.com https://snap.licdn.com https://*.hotjar.com; object-src *; style-src 'self' data: 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.typekit.net https://*.bootstrapcdn.com https://cdn.plyr.io https://pennyelectra.com https://*.azureedge.net https://*.dynamics.com; media-src * blob:; frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://consentcdn.cookiebot.com https://maps.google.com https://vimeo.com https://*.azureedge.net https://*.dynamics.com https://forms.microsoft.com https://www.googletagmanager.com https://cdn.forms-content-1.sg-form.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.typekit.net https://*.googleapis.com; connect-src 'self' data: https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://consentcdn.cookiebot.com https://api.openai.com https://api.getimg.ai https://cdn.plyr.io https://noembed.com https://*.pennyelectra.com https://*.azureedge.net https://*.dynamics.com https://*.google.com https://px.ads.linkedin.com https://px.ads.linkedin.com wss://ws.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://pagead2.googlesyndication.com; worker-src blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms data: https://webapi.charisma.ir https://www.clarity.ms https://c.bing.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://cdn.matomo.cloud https://websitecharisma.matomo.cloud https://analytics.charisma.ir http://analytics.charisma.ir/ https://ma-cdn.pegah.tech https://audience.yektanet.com https://ua.yektanet.com https://cdn.yektanet.com https://widget.formaloo.com https://api.formaloo.com https://googleads.g.doubleclick.net https://cdn.tavoos.net https://sniper.tavoos.net https://n1.sanjagh.com https://s1.mediaad.org https://api.mediaad.org https://van.najva.com https://mediacdn.mediaad.org https://cdn.goftino.com https://www.goftino.com wss://ws2.goftino.com https://pec.shaparak.ir https://cpg-api-stage.charisma.digital *.charisma.ir *.porsline.ir https://www.google.com *.google.com *.najva.com *.adexo.ir; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.charisma.ir https://www.googletagmanager.com https://cdn.porsline.ir https://www.goftino.com https://cdn.goftino.com https://clarity.ms *.tavoos.net *.najva.com *.yektanet.com https://s1.mediaad.org https://live-chat.charisma.ir/ https://googleads.g.doubleclick.net *.clarity.ms *.adexo.ir https://live-chat-dev.charisma.digital/; style-src 'self' 'unsafe-inline' https://cdn.goftino.com https://widget.formaloo.com https://van.najva.com; font-src 'self' 'unsafe-inline' data: https://cdn.goftino.com https://fonts.gstatic.com; img-src 'self' data: https://s3.ir-tbz-sh1.arvanstorage.com https://s3.ir-thr-at1.arvanstorage.com https://s3.ir-tbz-sh1.arvanstorage.ir https://cdn-website.s3.ir-thr-at1.arvanstorage.ir https://cdn-website.s3.ir-tbx-sh1.arvanstorage.ir https://trustseal.enamad.ir https://cdn.goftino.com https://ua.yektanet.com https://www.google.com data: *.afranet.net *.tile.openstreetmap.org https://widget.formaloo.com https://c.clarity.ms *.bing.com https://www.google.de; frame-src https://app.charismabime.com https://td.doubleclick.net https://mediacdn.mediaad.org https://ua.yektanet.com/ https://survey.porsline.ir/ https://www.googletagmanager.com https://sniper.tavoos.net https://live-chat.charisma.ir/ https://live-chat-dev.charisma.digital/ *.adexo.ir; media-src s3.ir-tbz-sh1.arvanstorage.com cdn-website.s3.ir-thr-at1.arvanstorage.ir s3.ir-tbz-sh1.arvanstorage.ir https://cdn.goftino.com/ https://charisma.ir; object-src 'self'; 2 frame-ancestors 'self' https://app.storyblok.com https://www.pinterest.com 2 default-src 'none'; script-src 'self' 'sha256-m7Sc32V4VtwcCJmXRju0QGxnkd9Rb+yXPtPycoExsSI='; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; media-src 'self' data: blob:; object-src 'self'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self' https://docs.immerda.ch/de/search; base-uri 'self'; manifest-src 'none'; report-uri https://csp-report.immerda.ch/report.php; upgrade-insecure-requests; block-all-mixed-content 2 connect-src 'self' cookie.wieni.be www.google-analytics.com widget.usersnap.com 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com api.dnsbelgium.be webwhois.nic.vlaanderen webwhois.nic.brussels cdn.linkedin.oribi.io dnsbelgium.matomo.cloud pagead2.googlesyndication.com; default-src 'self' static.dnsbelgium.be; font-src 'self' data: use.fontawesome.com fonts.gstatic.com; frame-src 'self' www.google.com maps.google.com www.youtube.com player.vimeo.com notfound-static.fwebservices.be *.youtube-nocookie.com consentcdn.cookiebot.com calendar.google.com accounts.google.com *.medialaancdn.be www.facebook.com www.toll-net.be s.pointerpro.com https://flo.uri.sh/ survey.dnsbelgium.be datawrapper.dwcdn.net e.infogram.com youtu.be https://www.googletagmanager.com/; img-src wmimages.dnsbelgium.be 'self' data: www.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.usernap.com www.countryflags.io static.dnsbelgium.be www.facebook.com i.ytimg.com *.ads.linkedin.com imgsct.cookiebot.com; media-src 'self' www.youtube.com youtu.be vimeo.com player.vimeo.com static.dnsbelgium.be; object-src 'self'; script-src 'self' cookie.wieni.be www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com 'sha256-n0qo0a+uNS3EBowOxlDJeqRRacNxVgew48Omj0IYROY=' api.usersnap.com resources.usersnap.com widget.usersnap.com cdn.usersnap.com 'sha256-3UZnJiUmLKDbXEjPsm9EHc0R7InC5uAtj5O1u68mBzM=' 'sha256-9JLcNkvDbyx27cZsDQUfhAXctCUn8uKZhZo7K5s+cZY=' 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.youtube.com s.ytimg.com static.dnsbelgium.be snap.licdn.com www.toll-net.be/h5p/wp-content/plugins/h5p/h5p-php-library/js/h5p-resizer.js https://cdn.matomo.cloud/dnsbelgium.matomo.cloud/matomo.js s.pointerpro.com survey.dnsbelgium.be pagead2.googlesyndication.com 'sha256-7b0CKEQkvadz7B/pYgEMs74upd57DoxBlXRIWY8pdRg=' 'sha256-XlGJBFdn9wZ3QRSQmE5hz2h94YBoRCV09VOA9PNwEc4=' 'sha256-7jDSgL9/dTEn7w83QbKH2DxAZSXWTe5+pNgp0l6xaGI=' 'sha256-cyhAnyf/da35tv9DMBPcWxiXKF8KRetd7+NRa8ylykg=' 'sha256-A3Dbl/cByN6GbFswAlXt66hMeUW5GNI1G4g6LzsRv0o=' 'sha256-0RBExtvEZO5CsGJ2YygQGmydb+opVDaeBuMtzkrktFw='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com cookie.wieni.be tagmanager.google.com use.fontawesome.com; worker-src 'self' 2 upgrade-insecure-requests; frame-ancestors 'self' https://app.storyblok.com 2 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none', frame-ancestors 'self' https://*.facebook.com, frame-ancestors 'self' https://*.facebook.com 2 frame-ancestors 'self' https://app.rewire.to https://app3.rewire.to 2 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *;base-uri 'self' *;form-action 'self' *; font-src * data:; 2 frame-ancestors 'self' https://sensors.olighthk.com; 2 default-src * 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: mailto:; img-src * 'self' data: https:; 2 default-src *.myidx.cloud 'self' px.ads.linkedin.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk analytics.google.com www.google.com www.google-analytics.com naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk cdn.jsdelivr.net cdnjs.cloudflare.com www.google.com code.jquery.com geoid.investisdigital.com www.googletagmanager.com www.connectidfeed.com static.cloudflareinsights.com; img-src *.myidx.cloud 'self' 'unsafe-inline' data: px4.ads.linkedin.com cf-images.eu-west-1.prod.boltdns.net metrics.brightcove.com www.linkedin.com www.lfeeder.com fonts.gstatic.com naspers-corp-v2.cm.invdcloud-is.co.uk px.ads.linkedin.com tr-rc.lfeeder.com i.vimeocdn.com i.ytimg.com www.youtube-nocookie.com naspers-corp-v2.cm.idxcloud.co.uk google-analytics.com tr.lfeeder.com naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.google.com www.google.co.in viz.tools.investis.com www.brightcove.com www.boltdns.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com www.connectidfeed.com p.typekit.net; frame-src *.myidx.cloud 'self' www.youtube-nocookie.com td.doubleclick.net player.vimeo.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk www.zscaler.net www.zscalerone.net www.zscalertwo.net www.zscalerthree.net www.zscloud.net naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk otp.tools.investis.com cdn.jsdelivr.net www.youtube.com cdnjs.cloudflare.com www.google.com code.jquery.com www.google-analytics.com fonts.googleapis.com www.googletagmanager.com www.connectidfeed.com irs.tools.investis.com; style-src *.myidx.cloud assets.investisdigital.com 'self' 'unsafe-inline' 'unsafe-eval' p.typekit.net naspers-corp-v2.cm.invdcloud-is.co.uk fonts.googleapis.com www.googletagmanager.com naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.zscaler.net www.zscalerone.net www.zscalertwo.net www.zscalerthree.net www.zscloud.net viz.tools.investis.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com use.typekit.net assets.investisdigital.com; script-src *.myidx.cloud www.linkedin.com px.ads.linkedin.com snap.licdn.com player.vimeo.com f.vimeocdn.com www.youtube-nocookie.com sc.lfeeder.com staticcontents.investisdigital.com static.cloudflareinsights.com analytics.google.com www.google.com www.google-analytics.com www.amazonaws.com assets.investisdigital.com www.zscaler.net www.zscalerone.net www.zscalertwo.net www.zscalerthree.net www.zscloud.net 'self' 'unsafe-inline' otp.tools.investis.com www.youtube.com connect.facebook.net 'unsafe-eval' unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com viz.tools.investis.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com use.typekit.net irs.tools.investis.com; media-src *.myidx.cloud 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com www.linkedin.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.brightcovecdn.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com fonts.googleapis.com www.connectidfeed.com; connect-src *.myidx.cloud jzkss3k18d.execute-api.eu-west-1.amazonaws.com edge.api.brightcove.com www.linkedin.com px.ads.linkedin.com www.youtube-nocookie.com analytics.google.com www.google.com www.google-analytics.com www.amazonaws.com assets.investisdigital.com viz.tools.investis.com www.naspers.com naspers-corp-v2.cm.invdcloud-is.co.uk naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk stats.g.doubleclick.net www.connectidfeed.com www.brightcove.com geoid.investisdigital.com region1.google-analytics.com cookiemanager.investisdigital.com www.youtube.com fonts.googleapis.com; font-src *.myidx.cloud 'self' naspers-corp-v2.cm.invdcloud-is.co.uk fonts.gstatic.com naspers-corp-v2.cm.idxcloud.co.uk naspers-corp-v2.cd.invdcloud-is.co.uk naspers-corp-v2.cd.idxcloud.co.uk www.connectidfeed.com www.googletagmanager.com use.typekit.net; object-src 'none'; base-uri 'self'; 2 style-src 'self' https: 'report-sample' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.google.com cdn.jsdelivr.net www.googletagmanager.com https://www.netsurion.com; img-src 'self' https: data: https://bat.bing.com https://clients1.google.com https://px.ads.linkedin.com https://tribl.io https://www.google-analytics.com https://www.google.com https://www.netsurion.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.netsurion.com/ https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://assets.calendly.com https://www.google.com https://cse.google.com https://clients1.google.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://analytics.google.com/ https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js https://apis.google.com https://www.recaptcha.net https://recaptcha.net https://www.gstatic.cn/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com https://snap.licdn.com https://bat.bing.com https://ajax.googleapis.com https://ws.zoominfo.com https://www.netsurion.com https://www.google.co.uk https://www.google.nl https://www.google.de https://www.google.fr https://www.google.co.in https://www.google.pl https://www.google.com.au https://www.google.co.id https://www.google.it https://www.google.co.il https://www.google.com.ph https://www.google.ie https://www.google.be https://www.google.ru https://www.google.se https://www.google.co.nz https://www.google.com.co https://www.google.com.mx https://www.google.pt https://www.google.co.th https://www.google.com.ng https://www.google.ca https://www.google.es https://www.google.no https://www.google.dk https://www.google.com.bd https://www.google.ch https://www.google.com.my https://www.google.co.za https://www.google.cz https://www.google.com.pk https://www.google.co.ma https://www.google.si https://www.google.com.tr https://www.google.com.tw https://www.google.com.br https://www.google.bg https://www.google.co.kr https://www.google.com.ua https://www.google.co.cr https://www.google.com.pe https://www.google.fi https://www.google.lt https://www.google.ge https://www.google.com.ar https://www.google.com.pr https://www.google.com.sg https://www.google.gr https://www.google.lk https://www.google.co.jp https://www.google.ae https://www.google.com.eg https://www.google.com.sa https://www.google.com.do https://www.google.com.pa https://www.google.ro https://www.google.hu https://www.google.cl https://www.google.hr https://www.google.lv https://www.google.at https://www.google.com.ec https://www.google.com.vn https://www.google.cn https://www.google.com.hk https://www.google.rs https://www.google.com.cy https://www.google.al https://www.google.com.py https://www.google.co.ke https://www.google.ee https://www.google.com.sv https://www.google.com.np https://www.google.co.ug https://www.google.kz https://www.google.com.jm https://www.google.lu https://www.google.mu https://www.google.com.kw https://www.google.iq https://www.google.com.gh https://www.google.by https://www.google.mk https://www.google.co.mz https://www.google.com.uy https://www.google.sk https://www.google.md https://www.google.hn https://www.google.jo https://www.google.dz https://www.google.com.et https://www.google.am https://www.google.co.ve https://tribl.io https://scout-cdn.salesloft.com www.google.com/jsapi https://partner.googleadservices.com/gampad/cookie.js https://tags.clickagy.com/data.js https://pi.pardot.com https://info.netsurion.com https://j.6sc.co/6si.min.js; connect-src 'self' https://px.ads.linkedin.com/wa/ https://csp.withgoogle.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://bat.bing.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com https://adservice.google.com/ https://analytics.google.com/ https://www.netsurion.com https://scout.salesloft.com/ https://cdn.linkedin.oribi.io/ https://aorta.clickagy.com https://hemsync.clickagy.com https://secure.adnxs.com/getuidj https://c.6sc.co/ https://ipv6.6sc.co/; frame-src 'self' blob: https://www.netsurion.com/latest-news https://www.netsurion.com/latest-news/news https://www.google.com/recaptcha/ https://cse.google.com/ https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com/ https://player.vimeo.com/ https://www.youtube-nocookie.com/ https://cdn.embedly.com/ https://tribl.io https://www.netsurion.com/ https://info.netsurion.com/ https://td.doubleclick.net/; child-src https://www.googletagmanager.com/ns.html; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self' https://www.netsurion.com; worker-src 'none';form-action 'self' https://www.netsurion.com/assessments/gap-analysis https://www.netsurion.com/campaigns/ppc-gap-analysis https://www.netsurion.com/campaigns/cmit-gap-analysis; 2 frame-ancestors 'self' landmarkglobal.be; 2 frame-ancestors https://*.x-cart.com 2 default-src 'self'; media-src 'self' b.peatio.com assets.peatio.com assets.big.zone static.big.zone static.peatio.com static.zdassets.com data: blob:; img-src 'self' b.peatio.com assets.peatio.com assets.big.zone static.big.zone static.peatio.com mixin-images.zeromesh.net images.mixin.one storage.googleapis.com static.geetest.com static.geevisit.com v2assets.zopim.io bigone.zendesk.com static.zdassets.com www.google-analytics.com fourier.alibaba.com blob: data: https://assets.coingecko.com/coins/images/ https://s3.bmp.ovh/imgs/ https://parachains.info/images/; font-src 'self' b.peatio.com at.alicdn.com data:; frame-ancestors 'self'; frame-src 'self' bridge-loaded.b1.run bigone-queue-message.b1.run www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net/recaptcha/ recaptcha.net/recaptcha/; style-src 'self' 'unsafe-inline' static.big.zone static.peatio.com assets.peatio.com b.peatio.com static.geetest.com static.geevisit.com; script-src-elem 'self' static.big.zone assets.peatio.com static.peatio.com b.peatio.com storage.googleapis.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net/recaptcha/ recaptcha.net/recaptcha/ static.zdassets.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com s.go-mpulse.net s2.go-mpulse.net go-mpulse.net www.datadoghq-browser-agent.com g.alicdn.com/AWSC/ retcode.alicdn.com widget-mediator.zopim.com cf.aliyun.com/nocaptcha/ ynuf.aliapp.org/w/ 8ldr8y.tdum.alibaba.com; script-src-attr 'none'; connect-src 'self' bigone.com big.one info.big.one info.bigone.com info.b1.zone info.big.zone outerlands.b1.zone mixin-api.zeromesh.net api.mixin.one c.go-mpulse.net browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com rum.browser-intake-datadoghq.com monitor.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com yumchina.geetest.com www.google-analytics.com ekr.zdassets.com bigone.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com api.blockchair.com/bitcoin/stats www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net/recaptcha/ recaptcha.net/recaptcha/ www.googletagmanager.com https://api.qiniu.com https://uplog.qbox.me https://upload-z2.qiniup.com; form-action 'self' https://account.volet.com; 2 frame-ancestors 'self' arthrex.com *.arthrex.com orthoillustrated.com *.jointpreservation.com *.orthoillustrated.com surgicaloutcomesystem.com *.surgicaloutcomesystem.com arthrex-celltherapy.com *.arthrex-celltherapy.com arthrex.xyz *.arthrex.xyz arthrex.io *.mwprod.arthrex.io *.arthrex.io orthopedia.com *.orthopedia.com anklesprain.com *.anklesprain.com arthrex.virtualevents-hub.com arthrexemea.sharepoint.com arthrex.sharepoint.com myarthrex.sharepoint.com arthrexapac.sharepoint.com bunionpain.com *.bunionpain.com shoulderreplacement.com *.shoulderreplacement.com acltear.com *.acltear.com arthrex-russia.ru arthrex.at arthrex.be arthrex.co.jp arthrex.co.uk arthrex.com.au arthrex.cz arthrex.dk arthrex.fr arthrex.it arthrex.mx arthrex.nl arthrex.pl arthrex.pt arthrex.se *.arthrex-russia.ru *.arthrex.at *.arthrex.be *.arthrex.co.jp *.arthrex.co.uk *.arthrex.com.au *.arthrex.cz *.arthrex.dk *.arthrex.fr *.arthrex.it *.arthrex.mx *.arthrex.nl *.arthrex.pl *.arthrex.pt *.arthrex.se hallux-valgus-behandlung.de *.hallux-valgus-behandlung.de mis-bunion-patient-site.webflow.io arthroplasty-narrative-home.webflow.io discover.acp-therapie.de mis-bunion-patient-site.webflow.io mis-bunion-surgeon-site-c07373b5fb6b0bc.webflow.io arthrex-design-system-4dd8ae96a06c10be9.webflow.io anklesprain.webflow.io srlp.webflow.io arthroplasty-narrative-home.webflow.io korea-global-landing-page.webflow.io global-landingpage-mexico.webflow.io inc-acltear-patient-en-working.webflow.io arthrex-jobs-site.webflow.io marketingintakeportal.webflow.io orthopedia-landing-page1.webflow.io arthrex-history.webflow.io arthrex-design-system.webflow.io arthrex-design-system-de8e093c0a3bf70d8.webflow.io arthrex-endoscopy.webflow.io case-reports.webflow.io synergy-integrated-or.de *.synergy-integrated-or.de arthrex.kr *.arthrex.kr gmbh-pct.webflow.io *.gmbh-pct.webflow.io sis-preview-03-809ae25532a090913a51d7a6.webflow.io *.sis-preview-03-809ae25532a090913a51d7a6.webflow.io arthrex-technical-support-services.webflow.io *.arthrex-technical-support-services.webflow.io digital-agenda-emea.webflow.io *.digital-agenda-emea.webflow.io thenanoexperience.com *.thenanoexperience.com arthrexmexico.webflow.io arthrexbrazil.webflow.io arthrex-australia.webflow.io arthrex.com.br *.arthrex.com.br arthrex-joint-pres.webflow.io jointpreservation.arthrex.com arthrex-synergy-staging-bdaff93973d3e28.webflow.io jointpreservation.com synergynew.arthrex.com.s3-website-us-east-1.amazonaws.com sternalclosure.arthrex.com.s3-website-us-east-1.amazonaws.com synergynewdev.arthrex.com.s3-website-us-east-1.amazonaws.com sternalclosuredev.arthrex.com.s3-website-us-east-1.amazonaws.com s3.amazonaws.com/synergynewdev.arthrex.com s3.amazonaws.com/sternalclosuredev.arthrex.com s3.amazonaws.com/synergynew.arthrex.com s3.amazonaws.com/sternalclosure.arthrex.com arthrex-synergy.webflow.io synergy.arthrex.com *.arthrexendoscopicspine.com arthrex-spine.webflow.io arthrexendoscopicspine.com branch--home-arthrex-spine-6a28ac.webflow.io *.branch--home-arthrex-spine-6a28ac.webflow.io shoulder-replacement.webflow.io aesthetics.arthrex.com *.aesthetics.arthrex.com case-reports.arthrex.com arthrex-emea-joint-preservation-surgeon.webflow.io *.arthrex-emea-joint-preservation-surgeon.webflow.io joint-preservation.de *.joint-preservation.de gmbh-pct-b390519d0b438c360cdf2e4a5ad25b.webflow.io *.gmbh-pct-b390519d0b438c360cdf2e4a5ad25b.webflow.io *.case-reports.webflow.io dev-arthrex-arthroplasty.webflow.io *.shoulderarthroplasty.arthrex.de *.arthrex-spine-staging.webflow.io arthrex-spine-staging.webflow.io *.spine.arthrex.com spine.arthrex.com *.dev-acp-therapie-arthrex.webflow.io dev-acp-therapie-arthrex.webflow.io *.acp-therapie.de acp-therapie.de *.arthrex-aesthetics.webflow.io arthrex-aesthetics.webflow.io aesthetics-arthrex.webflow.io *.aesthetics-arthrex.webflow.io anklesprain-5d00c1acac14e85faef249f081.webflow.io *.anklesprain-5d00c1acac14e85faef249f081.webflow.io *.acl-solutions.arthrex.com acl-solutions.arthrex.com acl-solutions.arthrex.io *.acl-solutions.arthrex.io; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.rexx-recruitment.com https://cdn.jsdelivr.net/ cdnjs.cloudflare.com https://*.rexx-systems.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://*.youtube.com https://www.google-analytics.com https://sas.ikb.at https://*.branchly.io https://cdn.matomo.cloud https://www.googleadservices.com https://ajax.googleapis.com https://www.gstatic.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com/recaptcha https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline' https://cdn.honey.io https://sas.ikb.at https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdnjs.cloudflare.com https://api.branchly.io https://yoast.com https://*.googleadservices.com https://region1.analytics.google.com https://*.googletagmanager.com wss://sas.ikb.at https://*.google.it https://*.google.co.il https://*.google.com https://www.google.es https://www.google.ch https://google.com https://www.facebook.com https://www.google.com https://www.google.de https://www.google.at https://maps.googleapis.com https://branchly-api.azurewebsites.net https://*.doubleclick.net https://doubleclick.net https://api.holzweg.tv https://ikb.matomo.cloud https://prod.spline.design https://unpkg.com https://*.hotjar.io https://*.hotjar.io:443 https://services.infeo.at https://sas.ikb.at https://www.google-analytics.com https://www.google.lv; frame-src 'self' https://api.lapis-analytics.com https://player.simplecast.com https://player.vimeo.com https://www.lightpollutionmap.info https://www.eversports.at https://ikb.viewer.cit-fusion.com https://gis.ikb.at https://docs.google.com https://www.google.com https://*.rexx-systems.com https://*.youtube.com https://*.feratel.com https://www.googletagmanager.com https://sas.ikb.at https://ocilion.com https://www.facebook.com https://*.doubleclick.net https://emobility.ikb.at https://www.e-laden-tirol.at; frame-ancestors 'self' https://www.e-laden-tirol.at https://emobility.ikb.at; media-src 'self' data:; report-to csp-endpoint; report-uri https://hw-api.holzweg.tv/csp; 2 img-src 'self' cdn.redoc.ly data: maps.googleapis.com maps.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' maps.gstatic.com; script-src 'self' www.google.com www.googletagmanager.com www.gstatic.com cdn.redoc.ly 'unsafe-inline' maps.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src *.google-analytics.com 'self' maps.googleapis.com; default-src 'self'; worker-src 'self' blob:; frame-src 'self' www.google.com 'unsafe-inline' 2 default-src 'self'; script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' metager.org metager.de 2 frame-ancestors 'self' *.luxair.lu *.luxairtours.lu 2 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.plyr.io https://*.tradingview.com https://*.hubspot.com https://www.tickcounter.com https://*.wisekey.com https://*.hsleadflows.net https://*.certifyid.com https://www.brighttalk.com https://cdn.jsdelivr.net https://unpkg.com https://*.tradingview.com https://js.hsforms.net https://forms.hsforms.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://js.hsadspixel.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net/ https://z.moatads.com https://www.google-analytics.com https://www.googletagmanager.com https://*.addthis.com/ https://cdnjs.cloudflare.com/ https://*.twitter.com/ https://*.twimg.com https://s.ytimg.com https://*.google.com https://rawgit.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.facebook.net https://*.youtube.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://cdn.plyr.io https://*.tradingview.com https://unpkg.com https://cdnjs.cloudflare.com/ https://*.twimg.com https://*.twitter.com https://*.bootstrapcdn.com https://*.googleapis.com https://cdn.wisekey.com; img-src 'self' data: https://*.tradingview.com https://www.googletagmanager.com https://*.linkedin.com https://*.hsforms.com https://www.google.com.vn https://*.certifyid.com https://api.mapbox.com https://unpkg.com https://maps.googleapis.com https://maps.google.com https://forms.hubspot.com https://perf.hsforms.com https://www.google.com https://px.ads.linkedin.com https://secure.gravatar.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com https://ml-eu.globenewswire.com/ https://hugin.info https://track.hubspot.com https://forms.hsforms.com https://*.twimg.com https://*.twitter.com https://*.facebook.com https://*.youtube.com https://*.gstatic.com https://cdn.wisekey.com; font-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com/ https://*.gstatic.com https://*.bootstrapcdn.com https://d3o11irj9639cz.cloudfront.net https://cdn.wisekey.com https://*.googleapis.com; frame-src 'self' https://*.tradingview.com https://www.tickcounter.com https://cdnapisec.kaltura.com https://*.doubleclick.net https://*.certifyid.com https://www.brighttalk.com https://app.eu.veertly.com https://www.recaptcha.net/ https://s.tradingview.com https://forms.hsforms.com https://js.hsforms.net https://webcasts.weforum.org/ https://s7.addthis.com/ https://twitter.com htps://js.hsforms.net https://*.twitter.com https://*.facebook.com https://*.youtube-nocookie.com/ https://*.youtube.com https://*.google.com https://livestream.com https://*.wisekey.com; form-action 'self' https://*.twitter.com https://cdn.wisekey.com/ https://forms.hsforms.com; connect-src 'self' https://cta-service-cms2.hubspot.com https://px.ads.linkedin.com https://*.googlesyndication.com https://*.hscollectedforms.net https://cdn.linkedin.oribi.io https://js.hs-banner.com https://forms.hsforms.com https://api.hubapi.com https://m.addthis.com https://*.twitter.com https://www.google-analytics.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com; media-src 'self' https://*.wisekey.com; object-src 'self' https://*.certifyid.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.tradingview.com; 2 default-src 'self' https://download-video.akamaized.net https://vod-progressive.akamaized.net https://link.mail.movado.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://*.riskified.com https://player.vimeo.com https://vod-progressive-ak.vimeocdn.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.movado.com https://*.movadocompanystore.com https://id5-sync.com https://cdn.cookielaw.org https://*.gstatic.com https://*.espssl.com https://*.joinclyde.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://*.tangiblee.com https://cdn-swell-assets.yotpo.com; connect-src 'self' https://api.ipify.org https://restcountries.com https://www.googletagmanager.com https://link.mail.movado.com https://*.tangiblee.com https://*.googleapis.com https://*.paypal.com https://cdnjs.cloudflare.com https://analytics.pangle-ads.com wss://*.inside-graph.com https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://*.rakuten.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://google.com https://*.espssl.com https://*.gstatic.com https://*.youtube.com https://youtu.be https://*.vimeo.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com https://*.doubleclick.net https://*.pinterest.com https://*.instagram.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://facebook.net https://s.pinimg.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://*.bidr.io https://*.yahoo.com https://*.google.co.in https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.movado.com https://*.movadocompanystore.com https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://*.tangiblee.com https://maps.googleapis.com https://google.com/pay https://t.lt02.net; img-src 'self' 'unsafe-inline' data: blob: https://www.facebook.com https://link.mail.movado.com https://*.gstatic.com https://*.tangiblee.com https://*.paypalobjects.com https://*.adyen.com https://checkoutshopper-test.adyen.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.instagram.com https://maps.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.tangiblee.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.movado.com https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://*.inside-graph.com https://*.bidr.io https://*.joinclyde.com https://www.youtube.com https://*.movadocompanystore.com https://staging.movado.com https://staging-vsf.movadocompanystore.com https://*.oliviaburton.com https://*.mvmt.com https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.tiktok.com https://link.mail.movado.com https://maps.googleapis.com https://*.inside-graph.com https://*.listrakbi.com https://bl.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.riskified.com https://*.tangiblee.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.yotpo.com https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.movado.com https://*.movadocompanystore.com https://*.cquotient.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://fonts.googleapis.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://www.facebook.com https://link.mail.movado.com https://*.adyen.com https://*.amazon.com https://*.tangiblee.com https://*.paypal.com; font-src 'self' data: https://cdn.builder.io https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com https://*.movado.com https://*.movadocompanystore.com https://*.typekit.net https://*.affirm.com https://*.joinclyde.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://link.mail.movado.com https://*.paypal.com https://*.adyen.com https://*.joinclyde.com https://*.tangiblee.com https://checkoutshopper-test.adyen.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://*.instagram.com https://maps.googleapis.com https://platform.twitter.com https://*.snapchat.com https://*.movado.com https://*.movadocompanystore.com https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://www.googletagmanager.com https://*.adsrvr.org https://*.pointmediatracker.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.equalweb.com https://link.mail.movado.com https://*.luckyorange.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.facebook.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.joinclyde.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://bl.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.movadocompanystore.com https://*.googletagmanager.com https://*.tangiblee.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.collect.igodigital.com https://*.adyen.com https://www.google.com https://www.instagram.com https://www.twitter.com https://www.pinterest.com https://www.youtube.com https://maps.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://t.lt02.net; script-src-elem 'self' 'unsafe-inline' https://*.youtube.com https://link.mail.movado.com https://*.pointmediatracker.com https://cdn.blisspointmedia.com https://*.adsrvr.org https://*.paypal.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.tangiblee.com https://*.self-veri.com https://*.evgnet.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.thomsonreuters.com https://acsbapp.com https://*.riskified.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://*.movado.com https://*.movadocompanystore.com https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.pinterest.com https://*.instagram.com https://maps.googleapis.com https://*.googleapis.com https://*.gstatic.com https://static-na.payments-amazon.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net https://*.joinclyde.com https://*.linksynergy.com; style-src-elem 'self' 'unsafe-inline' https://*.inside-graph.com https://link.mail.movado.com https://maps.googleapis.com https://*.equalweb.com https://*.riskified.com https://www.googletagmanager.com https://*.tangiblee.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.movado.com https://*.movadocompanystore.com https://*.typekit.net https://*.linksynergy.com https://*.cloudflare.com https://*.joinclyde.com https://*.listrakbi.com https://bl.listrakbi.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.movado.com https://*.movadocompanystore.com https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-modals allow-top-navigation allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation; frame-ancestors 'self' https://builder.io https://*.builder.io https://link.mail.movado.com https://test.adyen.com/hpp/skipDetails https://*.movado.com https://*.movadocompanystore.com https://*.cookielaw.org https://*.googleapis.com https://www.youtube.com https://www.facebook.com https://*.instagram.com https://*.pinterest.com https://*.tangiblee.com https://*.yotpo.com; worker-src blob: 'self' https://*.movado.com https://*.movadocompanystore.com; https://farmer.vuestorefront.cloud 2 frame-ancestors 'self'; object-src 'self'; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.tailwindcss.com www.google.com www.gstatic.com fonts.gstatic.com ajax.googleapis.com cdn.jsdelivr.net region-resource.optoma.com code.jquery.com; 2 frame-ancestors 'self' https://*.microsoft.com https://*.instructure.com https://*.schoology.com https://*.brightspace.com; 2 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://*.wistia.net https://*.wistia.com https://beacon-v2.helpscout.net https://cdnjs.cloudflare.com https://f.vimeocdn.com https://fast.wistia.com https://forms.hsforms.com https://googletagmanager.com https://js.hubspot.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://player.vimeo.com https://static.hsappstatic.net https://src.litix.io https://secure.gravatar.com https://tagmanager.google.com https://www.vimeo.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: https://*.cloudwaysapps.com https://cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fast.wistia.com secure.gravatar.com tagmanager.google.com www.googletagmanager.com;object-src embedwistia-a.akamaihd.net;child-src 'self' blob: https://*.doubleclick.net https://*.vimeo.com https://app.hubspot.com https://forms.hsforms.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hsadspixel.net https://vimeo.com https://www.googletagmanager.com; form-action 'self' forms.hubspot.com forms.hsforms.com; worker-src 'self' blob:; 2 frame-ancestors 'self' https://*.pospal.cn https://*.pospal.ai 2 frame-ancestors canvas.mdu.se https://eu.smartsigncloud.com; 2 default-src 'none'; script-src 'self' piwik.bildung-rp.de https://static.b-ite.com https://cs-assets.b-ite.com https://karriere.pl.bildung-rp.de/ https://player.vimeo.com/api/player.js 'unsafe-inline' https://maps.rlp.de; connect-src 'self' https://maps.rlp.de https://piwik.bildung-rp.de https://jobs.b-ite.com; img-src 'self' data: https://sgx.geodatenzentrum.de; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' http://*.bildung.rlp.de/ https://secure2.bildung-rp.de/; frame-src 'self' https://www.youtube-nocookie.com/ https://w.soundcloud.com https://rp.db-schulkinowochen.de/ https://player.vimeo.com/video/ https://vimeo.com/event/ https://video.rlp-media.de/videos/; font-src 'self'; manifest-src 'self' 2 default-src 'self'; block-all-mixed-content ; child-src blob:; connect-src 'self' data https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.googleadservices.com https://stats.g.doubleclick.net https://*.hscollectedforms.net https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://js.zi-scripts.com https://analytics.inzynk.io https://collector4.leadinfo.net https://collector.leadinfo.net https://api.leadinfo.com https://ws.zoominfo.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; font-src 'self' data: data fonts.gstatic.com; frame-src https://*.youtube.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://prod1.solutions.webfg.ch https://*.google.com https://td.doubleclick.net https://www.coface.fr https://pwm-image.trendmicro.com https://edge.media-server.com; img-src 'self' data: data blob https://tr.line.me https://*.lfeeder.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.linkedin.com https://*.licdn.com https://*.hsforms.com https://*.hubspot.com https://www.google.at https://www.google.be https://www.google.bg https://www.google.hr https://www.google.cz https://www.google.dk https://www.google.fi https://www.google.fr https://www.google.de https://www.google.gr https://www.google.hu https://www.google.is https://www.google.ie https://www.google.it https://www.google.lv https://www.google.lt https://www.google.lu https://www.google.mt https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.sk https://www.google.si https://www.google.es https://www.google.se https://www.google.ch https://www.google.co.uk https://www.google.com.tr https://www.google.tn https://www.google.dz https://www.google.ma https://www.google.co.il https://www.google.ae https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google.com.br https://www.google.com.ar https://www.google.com.ec https://www.google.cl https://www.google.com.pe https://www.google.co.za https://www.google.co.in https://www.google.co.jp https://www.google.cn https://www.google.com.hk https://www.google.com.tw https://www.google.co.kr https://www.google.com.sg https://www.google.co.th; object-src 'none'; script-src 'self' blob 'sha256-r5XNBZKG5SuRALRop397WzCpL6A7PPnVeJHjxu4dYoM=' 'sha256-PvjejqLYd3NWAQbuI5ztPkrH0+NbIyvfHcohUy/cDgY=' 'sha256-ixt9cJSW7l/TjcAHQwIkthvmNXKVhbctw0KIBmfT3vI=' 'sha256-TBFB22YzPYBT6rIyeICABgKnf6AS2XlCon7PlKpqwx0=' 'sha256-Mdr7Elzu0r9o/uLCgHaqqkGF/Cjybl8xHE3xxAJOpvE=' 'sha256-Fac3ZJh9Y/mUcXMm30RrYwSt3wFvJ7dvzNvifF3wz9o=' 'sha256-j7hX0Eb40FknxDtJlw+/vJUvnDRI62XPkRyAgR5yDPs=' 'sha256-7vg2+gdz1/ftFJq3ZBimCuYwW04BTLPk0Z8E7kVeGHY=' 'sha256-VyY8SEWR8lMYk6OETYa7fhiLcLnQwdZtN03ECJL48t0=' 'sha256-XbnphNbfccFW7zQZOKk1NECfmmjWeq0cg1FwHrMZZ3A=' 'sha256-nVZbCRzRQSuWk+9W2ls61mQODCppOVf74kz9tIVcvD8=' 'sha256-oIOkXW3jJVB3WzdBAFDW1Y+ploUa4qVp1mqHQeZ7U+Q=' 'sha256-uILB4C9XYyBWeOx5+XQDrAjrU4EsdqN9Ms3lKdPVl58=' 'sha256-fEneWIDmgpMHym15EtxErZC6ZUMtKxivpJeC0XmqQGc=' 'sha256-tAWD8lytuBP8gEXDAj+ZibUssoc3mxK0Qpx5aFn8TT4=' https://*.lfeeder.com https://tags.inzynk.io https://cdn.leadinfo.net https://plugin.sopro.io https://d.line-scdn.net https://js.zi-scripts.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.privacy-center.org https://googleads.g.doubleclick.net https://*.gstatic.com https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hs-scripts.com https://*.linkedin.com https://*.licdn.com https://*.google.com https://*.google.fr; style-src 'self' 'unsafe-inline'; worker-src blob: 2 default-src 'self' https://www.citybankplc.com/ https://docs.google.com/ https://ibank.citybankplc.com/ https://www.google-analytics.com/ https://www.citytouch.com.bd/ https://www.google.com https://www.youtube.com/ https://stats.g.doubleclick.net/ https://lankabd.com/ https://analytics.google.com/; script-src 'self' https://cdn.datatables.net/ https://www.citybankplc.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.datatables.net/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' data: https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://fonts.gstatic.com/; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com/ https://lankabd.com/ https://www.citytouch.com.bd/ https://ibank.thecitybank.com/ https://docs.google.com/; img-src 'self' data: https://www.google-analytics.com/ https://img.youtube.com/ https://www.google.com.bd/ https://www.facebook.com/ https://cityalo.com/; 2 frame-ancestors https://admin.devby.io https://devby.io 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: filesystem:; 2 upgrade-insecure-requests; frame-src 'self' https://www3.mogroup.com https://www3.metso.com https://irs.tools.investis.com https://otp.tools.investis.com https://viz.tools.investis.com https://secure.flife.de https://browserapps.mogroup.com https://browserapps.metso.com https://service.force.com https://vars.hotjar.com https://www.google.com https://www.youtube.com https://player.youku.com https://www.facebook.com https://live.mogroup.com https://live.metso.com https://cloud.mc.metso.com *.doubleclick.net *.videosync.fi *.maze.co https://metso--dev.sandbox.my.salesforce.com https://metso--uat.sandbox.my.salesforce.com https://metso.my.salesforce.com https://www.googletagmanager.com 2 default-src 'self' ka-p.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com connect.facebook.net *.doubleclick.net *.linkedin.com *.licdn.com *.criteo.com *.criteo.net kit.fontawesome.com consent.cookiebot.eu consentcdn.cookiebot.eu; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; img-src 'self' data: *.google.com *.gwallet.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.it *.googletagmanager.com *.doubleclick.net hicmobile.go2cloud.org track.hicmobile.com www.facebook.com imgsct.cookiebot.com ciphercoin.com img.sct.eu1.usercentrics.eu; frame-src 'self' *.google.com *.googletagmanager.com *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.elegantthemes.com *.yousign.com *.criteo.com www.facebook.com consentcdn.cookiebot.eu app.powerbi.com; font-src 'self' data: fonts.gstatic.com ka-p.fontawesome.com; connect-src 'self' sst.bbbell.it *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com ka-p.fontawesome.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net *.doubleclick.net consentcdn.cookiebot.eu; 2 frame-ancestors 'self' https://banner.interactivmanager.net 2 frame-ancestors 'self' https://*.sherweb.com https://cumulus.sherweb.com https://cloudmanagerportal.com https://cumulus.ismgrid.com https://techdata.sherweb.com https://control.intellam.com https://cumulus.fusenetworks.com https://cloud.itpartners.com https://portal.massiveit.com https://control.careservtech.com https://billing.rak4cloud.com https://control.gocareserv.help 2 default-src 'self' *.amh.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amh.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.facebook.net *.launchdarkly.com *.stripe.com *.plaid.com *.levelaccess.net *.cdn.levelaccess.net *.crazyegg.com *.instagram.com *.skypack.dev *.meetelise.com *.blob.core.windows.net; style-src 'self' 'unsafe-inline' *.amh.com *.googleapis.com *.typekit.net; img-src 'self' data: blob: *.amh.com *.umbraco.io *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.facebook.com *.instagram.com *.pinterest.com widgets.pinterest.com *.stripe.com *.plaid.com *.crazyegg.com *.box.com *.boxcloud.com *.youtube-nocookie.com *.insidemaps.com *.zillow.com; font-src 'self' *.amh.com *.gstatic.com *.typekit.net; connect-src 'self' ws: *.amh.com *.signalr.net *.launchdarkly.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.applicationinsights.azure.com *.plaid.com *.levelaccess.net *.cdn.levelaccess.net *.umbraco.io *.meetelise.pubnubapi.com *.grafana.net *.box.com *.boxcloud.com *.windows.net *.microsoft.com *.crazyegg.com; media-src 'self' blob: *.amh.com *.vimeo.com *.vimeocdn.com *.youtube-nocookie.com *.boxcloud.com *.box.com; frame-src 'self' *.amh.com *.facebook.com *.youtube-nocookie.com *.vimeo.com *.box.com *.insidemaps.com *.stripe.com *.pinterest.com *.zillow.com *.plaid.com *.myworkdayjobs.com *.paymentus.io *.sandbox.boompay.app *.boompay.app; object-src 'none'; base-uri 'self'; form-action 'self' *.rcashqa.com; upgrade-insecure-requests; block-all-mixed-content; 2 default-src 'self' www.youtube-nocookie.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg dsk.ventures; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com consent.cookiebot.eu consentcdn.cookiebot.eu https://consentcdn.cookiebot.eu/ https://secure.adnxs.com *.doubleclick.net www.googleadservices.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js http://eadsrv.com/js/px.js https://snap.licdn.com/li.lms-analytics/insight.min.js www.youtube.com www.googletagmanager.com https://bat.bing.com http://dskbank.webim.chat https://dskbank.webim.chat http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg *.hotjar.com www.redditstatic.com https://static.addtoany.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg https://uat.dskbank.bg https://snap.licdn.com https://bg.search.etargetnet.com https://unpkg.com https://www.clarity.ms https://bg.hit.gemius.pl https://maxcdn.bootstrapcdn.com/ consent.cookiebot.com consentcdn.cookiebot.com https://consentcdn.cookiebot.com/ dsk.ventures *.equalweb.com 'self' *.eloqua.com *.en25.com cdn.ampproject.org web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com dskam.bg dskbank.bg dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg https://cdn.jsdelivr.net dsk.ventures *.equalweb.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.google.bg https://www.google.com *.youtube.com *.doubleclick.net *.linkedin.com dskbank.bg eadsrv.com secure.adnxs.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com dskam.bg https://bat.bing.com http://dskbank.webim.chat https://dskbank.webim.chat http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg https://alb.reddit.com https://stats.addtoany.com *.googlesyndication.com dskpremium.bg dskmobile.bg dskdom.bg dsktranssecurity.bg dskrodina.bg www.googletagmanager.com https://ib.adnxs.com dsk.ventures https://imgsct.cookiebot.com/ https://c.clarity.ms/ authoring-otpleasing.dsk.grp authoring-sitefinity.dsk.grp authoring-dskdom.dsk.grp authoring-dskam.dsk.grp authoring-dskrodina.dsk.grp authoring-dskventures.dsk.grp *.equalweb.com 'self' *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: http://dskbank.webim.chat https://chatbot.dskbank.bg https://tchatbot.dskbank.bg *.equalweb.com; frame-ancestors 'self'; connect-src accounts.google.com *.google-analytics.com https://isic.bg/api/v1/dsk/discounts *.mktoresp.com www.google-analytics.com stats.g.doubleclick.net https://consentcdn.cookiebot.com http://dskbank.webim.chat https://dskbank.webim.chat http://maps.googleapis.com https://maps.googleapis.com http://tchatbot.dskbank.bg https://tchatbot.dskbank.bg http://chatbot.dskbank.bg https://chatbot.dskbank.bg https://consentcdn.cookiebot.eu *.hotjar.com https://stats.addtoany.com *.googlesyndication.com wss://ws28.hotjar.com *.google.com https://googleads.g.doubleclick.net https://cdn.linkedin.oribi.io https://uat.dskbank.bg https://*.hotjar.io wss://ws.hotjar.com *.equalweb.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src consentcdn.cookiebot.com https://www.youtube-nocookie.com/ www.google.com https://consentcdn.cookiebot.eu *.hotjar.com *.doubleclick.net https://static.addtoany.com wss://ws28.hotjar.com 'self' web-chat.nativechat.com; frame-src https://www.youtube-nocookie.com/ https://consentcdn.cookiebot.eu/ https://www.facebook.com/ https://12090499.fls.doubleclick.net/ https://www.google.com/ https://www.youtube.com/ https://td.doubleclick.net https://bg.hit.gemius.pl www.google.com https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ *.equalweb.com 'self' web-chat.nativechat.com forms.hsforms.com 2 frame-ancestors 'self' https://digizone.sacombank.local https://digizone.sacombank.com 2 default-src 'self';connect-src 'self' *.acsbapp.com acsbapp.com *.bing.com bing.com *.clarity.ms clarity.ms *.convertexperiments.com convertexperiments.com *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.google-analytics.com google-analytics.com *.googlesyndication.com googlesyndication.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.hotjar.io hotjar.io *.onetrust.com onetrust.com *.oribi.io oribi.io *.tiktok.com tiktok.com *.tiktokw.us tiktokw.us *.trustindex.io trustindex.io *.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.google.com *.google.ca *.google.ru *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.pl *.google.se *.google.ch *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.mx *.google.com.ua adservice.google.com api.segment.io app.vwo.com cdn-cookieyes.com cdn.segment.com forms.daliajobs.com google.com https://nominatim.openstreetmap.org maps.googleapis.com px.ads.linkedin.com stats.g.doubleclick.net www.googleadservices.com;font-src 'self' *.trustindex.io trustindex.io data: fonts.gstatic.com;frame-src 'self' *.amazonaws.com amazonaws.com *.careerplug.com careerplug.com *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.vimeo.com vimeo.com *.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.youtube.com youtube.com app.vwo.com www.google.com;img-src 'self' *.acsbapp.com acsbapp.com *.amazonaws.com amazonaws.com *.analytics.google.com analytics.google.com *.bing.com bing.com *.clarity.ms clarity.ms *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.facebook.net facebook.net *.google-analytics.com google-analytics.com *.googlesyndication.com googlesyndication.com *.googletagmanager.com googletagmanager.com *.googleusercontent.com googleusercontent.com *.gravatar.com gravatar.com *.gstatic.com gstatic.com *.linkedin.com linkedin.com *.thelearningexperience.com thelearningexperience.com *.trustindex.io trustindex.io *.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.ytimg.com ytimg.com *.google.com *.google.ca *.google.ru *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.pl *.google.se *.google.ch *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.mx *.google.com.ua app.vwo.com data: maps.googleapis.com pixel.wp.com useruploads.vwo.io www.googleadservices.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.acsbapp.com acsbapp.com *.amazonaws.com amazonaws.com *.bing.com bing.com *.clarity.ms clarity.ms *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.net facebook.net *.google-analytics.com google-analytics.com *.google.com google.com *.googleadservices.com googleadservices.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.hotjar.com hotjar.com *.licdn.com licdn.com *.premion.com premion.com *.segment.com segment.com *.tctm.co tctm.co *.trustindex.io trustindex.io *.visualwebsiteoptimizer.com visualwebsiteoptimizer.com *.winnie.com winnie.com analytics.tiktok.com app.vwo.com blob: cdn-4.convertexperiments.com connect.facebook.net data: forms.daliajobs.com maps.googleapis.com media.winnie.com static.hotjar.com static.smartrecruiters.com stats.wp.com www.clarity.ms www.gstatic.com www.smartrecruiters.com www.txt180.com yoast.com;style-src 'self' 'unsafe-inline' *.trustindex.io trustindex.io *.visualwebsiteoptimizer.com visualwebsiteoptimizer.com app.vwo.com fonts.googleapis.com static.smartrecruiters.com tagmanager.google.com;media-src 'self' *.amazonaws.com amazonaws.com;worker-src 'self' blob:; 2 default-src 'self' deskline.net 'unsafe-inline' 'unsafe-eval' https: data: blob: 2 script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 2 upgrade-insecure-requests; report-to https://www.codium.ai; report-uri https://www.codium.ai; 2 font-src 'self'; object-src 'none'; base-uri 'self'; 2 frame-ancestors 'self' *.vietgiaitri.com *.vgt.vn 2 frame-ancestors 'self' https://www.google.com; 2 frame-ancestors 'self' tau2904.com *.tau2904.com *.ttbbank.com *.ttbdirect.com *.9fftech.com https://*.9fftech.com https://*.tau2904.com https://*.ttbdirect.com https://*.ttbbank.com dev-web-tmbwowoneapp.azurewebsites.net stg-web-tmbwowoneapp.azurewebsites.net https://dev-web-tmbwowoneapp.azurewebsites.net https://stg-web-tmbwowoneapp.azurewebsites.net cms.ttbbank.local cmspilot.ttbbank.local *.tep.ttbbank.local 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app https://www.googletagmanager.com https://js.hsforms.net https://f.vimeocdn.com https://embed.lu.ma https://www.clarity.ms https://*.contentsquare.net http://*.contentsquare.net https://www.chatbase.co https://static.reo.dev; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://embed.lu.ma; img-src * blob: data:; media-src *; connect-src * https://api.reo.dev; font-src * 'self'; frame-src * giscus.app youtube.com; worker-src 'self' blob:; frame-ancestors 'self' https://signoz.io https://*.us.signoz.cloud https://*.in.signoz.cloud https://*.eu.signoz.cloud; 2 default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://sampatapi.areeo.ac.ir https://cdn.goftino.com *.goftino.com https://cdn.userway.org https://cdn77.api.userway.org https://panel.sofiamind.ir; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://panel.sofiamind.ir https://analytics.ihcs.ac.ir http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://*.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://*.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://*.goftino.com https://panel.sofiamind.ir https://cdn.userway.org https://widget-react.raychat.io https://analytics.ihcs.ac.ir; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com https://*.google-analytics.com www.google-analytics.com *.google-analytics.com https://analytics.ihcs.ac.ir data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com https://*.google-analytics.com www.google-analytics.com *.google-analytics.com https://samta.samt.ac.ir https://sampatapi.areeo.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com wss://*.goftino.com https://panel.sofiamind.ir https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com https://analytics.ihcs.ac.ir; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://panel.sofiamind.ir https://analytics.ihcs.ac.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 2 img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschcarservice.com *.dxtservice.com *.bosch.com *.snap.licdn.com *.licdn.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.translate.google.com *.google.com; object-src 2 base-uri 'self';frame-ancestors 'self'; 2 default-src https: data: 'unsafe-inline'; 2 frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.npfsb.ru https://npfsberbanka.ru https://*.sbernpf.ru https://mc.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://st.top100.ru https://top-fwz1.mail.ru/js/code.js https://bitrix.info; 2 default-src *.myidx.cloud 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; script-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com cdnjs.cloudflare.com js.hs-banner.com js.hs-analytics.net js.hsadspixel.net js.hubspot.com https://*.clarity.ms https://scripts.clarity.ms/0.8.27/clarity.js https://www.clarity.ms/tag/svc9v0m76w widget.prod.equally.ai https://widget.prod.equally.ai/equally-widget.min.js *.hsforms.net unpkg.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com sc.lfeeder.com googleads.g.doubleclick.net www.googletagmanager.com *.posthog.com app.posthog.com snap.licdn.com connect.facebook.net ajax.googleapis.com www.youtube.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com *.invdcloud-is.co.uk *.vimeocdn.com f.vimeocdn.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' widget.prod.equally.ai unpkg.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com *.invdcloud-is.co.uk; object-src 'none'; connect-src *.myidx.cloud 'self' *.clarity.ms unpkg.com https://region1.analytics.google.com cdn.jsdelivr.net api.hubapi.com cta-service-cms2.hubspot.com www.facebook.com static.hsappstatic.net cdnjs.cloudflare.com https://pagead2.googlesyndication.com widget.prod.equally.ai https://lb.prod.equally.ai/ https://www.facebook.com/tr/ https://analytics.google.com google.com *.hsforms.com *.posthog.com *.amazonaws.com https://www.google.com *.linkedin.com idxjobs-api.connectid.cloud https://signin.ultipro.com *.openweathermap.org stats.reciteme.com api.reciteme.com https://api.weatherapi.com/v1/current.json stats.g.doubleclick.net edge.api.brightcove.com google-analytics.com www.google-analytics.com *.google-analytics.com viz.tools.investis.com cookiemanager.investisdigital.com *.investisdigital.com; base-uri 'self'; form-action 'self' *.hsforms.com; font-src *.myidx.cloud 'self' 'unsafe-inline' *.hsforms.com api.reciteme.com fonts.googleapis.com use.typekit.net google-analytics.com fonts.gstatic.com *.investisdigital.com * data: application; frame-src *.myidx.cloud 'self' *.hsforms.com *.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.doubleclick.net adfs.justretirement.com www.googletagmanager.com viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com; img-src *.myidx.cloud 'self' 'unsafe-inline' * data: www.w3.org;; media-src *.myidx.cloud 'self' *.investis.com; 2 frame-ancestors 'self' https://*.storyblok.com/ 2 default-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.wesalute.com https://*.wesaluteapis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://performance.radar.cloudflare.com https://challenges.cloudflare.com https://cdn.kustomerapp.com https://browser.sentry-cdn.com https://connect.facebook.net https://cdn.segment.com https://cdn.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://transcend-cdn.com https://www.google.com https://www.gstatic.com https://apis.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://snap.licdn.com https://www.redditstatic.com https://js.stripe.com https://cdn.sprig.com https://cdn.userleap.com https://embed.bookingvault.com https://secure.rezserver.com https://js-agent.newrelic.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://assets.calendly.com; connect-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://cloudflareinsights.com https://adservice.google.com https://www.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://www.google.com https://bat.bing.com https://bat.bing.net https://*.kustomerapp.com https://*.pndsn.com https://s3.amazonaws.com/kustomer-prod1-attachments https://cdn.jsdelivr.net https://sentry.io https://o287038.ingest.sentry.io https://api.segment.io https://cdn.segment.com https://*.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://transcend-cdn.com https://telemetry.us.transcend.io https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://apis.google.com https://*.googleapis.com https://us-central1-veterans-advantage-arsenal.cloudfunctions.net https://www.facebook.com/ https://api.sprig.com https://api.bookingvault.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.reddit.com https://www.redditstatic.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' https://*.wesalute.com https://fonts.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://embed.bookingvault.com https://transcend-cdn.com https://cdnjs.cloudflare.com https://assets.calendly.com; font-src 'self' data: https://*.wesalute.com https://cdn.honey.io https://cdn.ivaws.com https://cdn.kustomerapp.com https://fonts.gstatic.com https://themes.googleusercontent.com https://embed.bookingvault.com; img-src blob: data: https:; media-src blob: data: https:; object-src 'none'; frame-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://challenges.cloudflare.com https://*.kustomer.help https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.c-span.org/video/standalone/ https://www.googletagmanager.com https://www.google.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10165061.fls.doubleclick.net https://www.facebook.com https://js.stripe.com https://transcend-cdn.com https://calendly.com https://veterans-advantage-arsenal.firebaseapp.com; frame-ancestors 'self' https://*.wesalute.com; report-uri https://o287038.ingest.sentry.io/api/1865718/security/?sentry_key=33c7a6dee3b040bc9bc48cd898e2dd9b&sentry_environment=prod 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.chatvisor.com *.clic2buy.com *.dynamicyield.com *.ecn-ldr.de *.econda-monitor.de *.facebook.net *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hellweg.test hibitaro.de *.hibitaro.de *.idealo-partner.com *.jsdelivr.net *.loadbee.com *.payments-amazon.com *.paypal.com *.pay1.de *.searchhub.io *.tp-de.net *.trustedshops.com *.usercentrics.eu; frame-src *.econda-monitor.de *.google.com *.googletagmanager.com *.hellweg.test hibitaro.de *.hibitaro.de *.idealo-partner.com *.loadbee.com *.paypal.com secure.pay1.de *.tp-de.net *.usercentrics.eu *.youtube.com *.youtube-nocookie.com; 2 default-src 'self' https://*.learningcaregroup.com https://*.lapetite.com *.agkn.com *.datasteam.io *.dca0.com dca0.com https://*.addevent.com https://*.adroll.com https://*.bing.com https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.com https://*.foresee.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.hotjar.io https://*.hubspot.com https://*.jquery.com https://*.learningcaregroup.com https://*.mpeasylink.com https://*.youtube.com https://www.google-analytics.com wss://*.hotjar.com https://api.segment.io https://*.demdex.net https://*.clarity.ms https://pixel.sitescout.com https://cdn.linkedin.oribi.io https://www.googletagmanager.com resonate.com https://ds.reson8.com/v1/p https://ds.reson8.com/v1/i https://ds.reson8.com/v1/t https://cdn.segment.com/analytics.js/v1/ https://cdn.resonate.com https://tags.srv.stackadapt.com/events.js https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ https://*.googleadservices.com https://*px.ads.linkedin.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.learningcaregroup.com https://media.winnie.com https://cdn.segment.com/ *.dca0.com dca0.com https://*.adroll.com https://*.agkn.com https://*.bing.com https://*.cloudfront.net https://*.cluep.com https://*.convertlanguage.com https://*.datasteam.io https://*.dialogtech.com https://*.everestjs.net https://*.facebook.net https://*.foresee.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.mpeasylink.com https://*.simpli.fi https://*.youtube.com https://addevent.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com https://s.ytimg.com https://www.googletagmanager.com https://api.segment.io https://*.clarity.ms https://*.invocacdn.com https://*.invoca.net https://*.zoominfo.com https://*.licdn.com https://*.resonate.com https://ds.reson8.com/v1/p https://tags.srv.stackadapt.com/events.js ;style-src 'self' 'unsafe-inline' https://*.learningcaregroup.com https://*.foresee.com https://*.googleapis.com https://*.jquery.com https://*.mpeasylink.com ;img-src 'self' http://* https://* data: ; 2 default-src 'none'; font-src https: data:; img-src https:; script-src-elem https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; connect-src https:; frame-src https:; script-src https:; 2 default-src 'self';style-src 'self' 'unsafe-eval' 'unsafe-inline' *.usercentrics.eu www.dachser.com translate.googleapis.com;object-src 'self';base-uri 'self';font-src 'self' data: fonts.gstatic.com github.com player.podigee-cdn.net pouch-global-font-assets.s3.eu-central-1.amazonaws.com static3.avast.com;frame-src 'self' dachser-warehouse.atrivio.net app.usercentrics.eu veronline.me players.brightcove.net player.podigee-cdn.net players.brightcove.net dachser-warehousekapazitaeten.atrivio.net;img-src 'self' data: https://px.ads.linkedin.com *.usercentrics.eu *.dachser.ch cf-images.eu-west-1.prod.boltdns.net metrics.brightcove.com app.usercentrics.eu www.dachser.com www.gstatic.com translate.google.com images.podigee-cdn.net www.dachser.com.tr www.etracker.de webtr.dachser.com www.facebook.com;manifest-src 'self';media-src blob: 'self';worker-src blob: ;connect-src mailto: 'self' www.dachser.com maps.googleapis.com bcboltbde696aa-a.akamaihd.net manifest.prod.boltdns.net edge.api.brightcove.com *.usercentrics.eu www.etracker.de webtr.dachser.com dachser-locations.atrivio.net www.google-analytics.com www.googletagmanager.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' webtr.dachser.com code.etracker.com app.usercentrics.eu edge.api.brightcove.com vjs.zencdn.net api.signalize.com players.brightcove.net maps.googleapis.com www.dachser.com 3001.scriptcdn.net s3-us-west-2.amazonaws.com s3.amazonaws.com www.google-analytics.com www.googletagmanager.com www.pagespeed-mod.com 2508t.dsp7c.com connect.facebook.net maps.googleapis.com www.dachser.com www.etracker.de webtr.dachser.com https://code.etracker.com/t.js https://dmr-notification.atrivio.net/js/main.js https://maps.googleapis.com/maps/api/js https://static.etracker.com/code/e.js https://www.etracker.de/cntcc;script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com webtr.dachser.com www.googletagmanager.com edge.api.brightcove.com vjs.zencdn.net api.signalize.com players.brightcove.net app.usercentrics.eu cdn.podigee.com player.podigee-cdn.net maps.googleapis.com najiwu.xeyutezepo.com www.dachser.com dmr-notification.atrivio.net static.etracker.com www.etracker.de data1.pamurt.com bopati.xuyobidexe-vipopucec.com code.etracker.com data1.scopich.com images.podigee-cdn.net www.dachser.com.tr www.etracker.de www.facebook.com www.gstatic.com;style-src-attr 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' webtr.dachser.com player.podigee-cdn.net www.dachser.com cdn.podigee.com; report-uri https://atrivio.report-uri.com/r/d/csp/reportOnly https://atrivio.report-uri.com/r/d/csp/wizard; 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' *.dtvp.de *.cookiebot.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.xing-share.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.linkedin.com *.podigee.com *.podigee-cdn.net *.podlove.org *.cleverpush.com *.outbrain.com *.flockler.com *.seobility.net maps.google.com track.ewe.de chat.ato.botario.com chat.ewe.botario.com *.consentmanager.net *.doubleclick.net *.ewe.com; media-src 'self' blob: data:; base-uri 'self' track.ewe.de; object-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' track.ewe.de *.consentmanager.net *.ewe.com; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com plugins.flockler.com www.youtube-nocookie.com www.facebook.com b2b.ewe.de *.consentmanager.net *.doubleclick.net *.googletagmanager.com 2 frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 2 default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2 default-src 'self' https://logrhythm.com https://*.exabeam.com https://*.cookieyes.com https://*.6sc.co https://*.6sense.com; connect-src 'self' https://logrhythm.com https://*.exabeam.com wss://ws.hotjar.com https://*.hotjar.io https://ws.zoominfo.com https://analytics3.wpmudev.com https://directory.cookieyes.com https://cdn-cookieyes.com https://log.cookieyes.com https://js.zi-scripts.com https://cdn-app.pathfactory.com https://epsilon-cloudfront.6sense.com https://cdn.jsdelivr.net https://unpkg.com https://*.wovn.io https://www.googleadservices.com https://secure.adnxs.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://epsilon-globalaccelerator.6sense.com https://*.6sense.com https://google.com https://cdn.linkedin.oribi.io https://www.google.com https://px.ads.linkedin.com https://*.privacymanager.io https://epsilon.6sense.com https://*.6sc.co https://analytics.google.com https://*.googlesyndication.com https://bat.bing.com https://spcollector.pathfactory.com https://adservice.google.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://stats.g.doubleclick.net https://*.yoast.com https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.exabeam.com https://*.typekit.net https://*.sharepointonline.com https://fonts.gstatic.com https://cdn-app.pathfactory.com https://*.fontawesome.com https://www.gartner.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com https://*.exabeam.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://js.zi-scripts.com https://static.hotjar.com https://script.hotjar.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://analytics.wpmucdn.com https://www.gstatic.com https://*.wovn.io https://f.vimeocdn.com https://*.vimeocdn.com https://*.exabeam.com https://cdn-cookieyes.com https://*.trustarc.com https://launchpad.privacymanager.io https://launchpad-wrapper.privacymanager.io https://jobs.jobvite.com https://yoast.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.exabeam.com https://*.wovn.io https://gtranslate.io https://app-abc.marketo.com https://fonts.bunny.net https://*.fontawesome.com https://yoast.com https://cdn-app.pathfactory.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://www.gartner.com https://*.googleapis.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://brighttalk.com https://player.captivate.fm https://demostack.app https://*.trustarc.com https://*.exabeam.com https://app-abc.marketo.com https://*.doubleclick.net https://www.googletagmanager.com https://player.vimeo.com https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://forms.office.com https://jobs.jobvite.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; frame-ancestors 'self' explore.logrhythm.com https://*.pathfactory.com explore.exabeam.com https://www.g2.com https://*.logrhythm.com https://*.exabeam.com; 2 default-src 'none'; style-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self' 2 frame-ancestors https://wpp-wdcee.wirecard.com 2 frame-ancestors 'self' https://www.anyvan.com 2 child-src 'self'; frame-src 'self' *; frame-ancestors 'self' https://cloud.also.mp also.ch *.also.ch *.also.com also.com chrome-extension://*; connect-src 'self' https://stats.also.ch https://stats.also.pt *.also.com also.com *.usercentrics.eu *.mateti.net *.mktoresp.com https://*.hpcloud.hp.com https://d75j3d3y2ihvh1.cloudfront.net https://also01.wt-eu02.net https://px.ads.linkedin.com https://*.user.com wss://alsopolska.user.com https://*.n-able.com https://toolbox.solarwindsmsp.com https://www.google.com https://www.googleadservices.com analytics.google.com www.google-analytics.com https://stats.g.doubleclick.net https://fonts.googleapis.com whatfix.com *.whatfix.com *.parcellab.com https://locationservice.posti.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://esel.heronos.com; style-src 'self' 'unsafe-inline' *.also.com also.com https://fonts.googleapis.com https://cdn.cs.1worldsync.com https://*.hpcloud.hp.com *.cnetcontent.com cdnjs.cloudflare.com *.parcellab.com cdn.datatables.net maxcdn.bootstrapcdn.com rsms.me https://pages.solarwindsmsp.com https://*.n-able.com https://cdn1.heronos.com; font-src 'self' https://www.also.com *.1worldsync.com https://fonts.gstatic.com *.cnetcontent.com rsms.me booster.webtradecenter.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://*.hpcloud.hp.com https://whatfix.com; img-src 'self' also.com *.also.com *.alsolatvia.lv https://stats.also.ch https://stats.also.pt filesalso.dk https://media.user.com https://static.user.com https://*.1worldsync.com https://cdn.whatfix.com https://whatfix.com https://videos.whatfix.com data: https://www.google.com https://www.google.de analytics.google.com www.google-analytics.com www.facebook.com *.mateti.net *.usercentrics.eu *.cnetcontent.com https://*.hpcloud.hp.com *.www8-hp.com also01.wt-eu02.net *.parcellab.com *.wcfbc.net www.plugilo.com *.webtradecenter.com i.ytimg.com https://px.ads.linkedin.com https://d2xsch6h2vuht1.cloudfront.net https://cdn1.heronos.com; 2 default-src 'self'; img-src 'self' data: https://web-solutions.com.pl https://web-solutions.eu https://chat.web-solutions.eu https://*.w.org https://www.google.com https://bat.bing.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://*.google.com; frame-src 'self' https://www.google.com; connect-src 'self' https://web-solutions.eu https://web-solutions.com.pl https://clients.web-solutions.eu https://cdn.jsdelivr.net https://bat.bing.com https://*.google-analytics.com; object-src 'none' 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; font-src * data: 2 default-src 'self' ;script-src 'self' 'unsafe-inline' data: *.googleapis.com *.twitter.com *.facebook.net www.googleadservices.com www.gstatic.com www.google.com google.com google.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com storage.bannernow.com c.bannerflow.net https://boost.box;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com cdn-images.mailchimp.com use.fontawesome.com fonts.bunny.net;img-src 'self' * data:;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.bunny.net use.fontawesome.com;connect-src 'self' fonts.googleapis.com insights.hotjar.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;frame-src 'self' www.google.com vars.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io storage.bannernow.com c.bannerflow.net https://app.boost.box/;worker-src 'self' self blob: 'unsafe-inline'; 2 default-src 'self' *.kyriba.com *.platformsh.site *.rainfocus.com *.treasury-factory.com *.kyriba.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kyriba.com blob: *.mountain.com *.drda.io *.company-target.com *.googletagmanager.com *.iubenda.com *.terminusplatform.com *.bing.com *.licdn.com *.ads-twitter.com *.demandbase.com *.facebook.net *.googleadservices.com https://googleads.g.doubleclick.net *.pardot.com *.storylane.io *.typeform.com *.calconic.com *.rainfocus.com *.kyribalive.com *.gstatic.com *.ckeditor.com *.visualwebsiteoptimizer.com app.vwo.com *.qualified.com *.zi-scripts.com *.zoominfo.com *.treasury-factory.com *.kyriba.io https://app.qualified.com *.6sc.co *.redditstatic.com *.dreamdata.cloud; connect-src 'self' *.kyriba.com *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.googlesyndication.com *.facebook.com *.6sc.co *.platformsh.site *.google-analytics.com *.doubleclick.net *.iubenda.com *.terminus.services https://gtm-t6gnrfj-njq1m.uc.r.appspot.com *.google.com wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://api.company-target.com *.demandbase.com *.storylane.io https://segments.company-target.com *.typeform.com *.calconic.com *.visualwebsiteoptimizer.com *.vwo.com *.kyribalive.com *.rainfocus.com https://bat.bing.com *.zi-scripts.com *.zoominfo.com *.treasury-factory.com *.kyriba.io https://*.qualified.com wss://*.qualified.com *.redditstatic.com *.dreamdata.cloud *.reddit.com; style-src 'self' 'unsafe-inline' *.kyriba.com https://fonts.googleapis.com *.googletagmanager.com *.typeform.com *.calconic.com *.rainfocus.com *.kyribalive.com *.treasury-factory.com *.kyriba.io https://*.qualified.com; img-src 'self' *.kyriba.com *.platformsh.site *.googletagmanager.com blob: data: *.google-analytics.com *.linkedin.com *.facebook.com *.doubleclick.net *.google.by *.googleusercontent.com *.google.com *.google.es *.google.it *.googleadservices.com *.iubenda.com *.cloudfront.net *.rlcdn.com *.bing.com *.co *.twitter.com *.storylane.io *.mountain.com *.google.no *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.rainfocus.com *.kyribalive.com *.gstatic.com *.ckeditor.com *.company-target.com *.zi-scripts.com *.zoominfo.com *.qualified.com *.treasury-factory.com *.kyriba.io *.reddit.com; frame-src 'self' *.kyriba.com https://youtu.be https://kyriba-prod.highspot.com *.appspot.com *.platformsh.site *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.iubenda.com *.doubleclick.net *.company-target.com *.storylane.io *.typeform.com *.calconic.com *.visualwebsiteoptimizer.com app.vwo.com *.treasury-factory.com *.kyriba.io https://*.qualified.com; font-src 'self' *.kyriba.com data: https://fonts.gstatic.com *.gstatic.co; object-src 'none'; base-uri 'self' *.kyriba.com *.rainfocus.com *.kyribalive.com *.treasury-factory.com *.kyriba.io; media-src 'self' *.kyriba.com https://*.qualified.com; form-action 'self' *.kyriba.com; frame-ancestors 'self' *.kyriba.com *.platformsh.site https://kyriba-prod.highspot.com https://afpinteractive.splashthat.com/ *.typeform.com *.calconic.com *.treasury-factory.com *.kyriba.io; worker-src 'self' *.kyriba.com blob:; upgrade-insecure-requests; 2 frame-ancestors 'self' https://*.facebook.com 2 object-src 'none';base-uri 'self';script-src 'nonce-Us1U54jx0YpP9VtoGXUIrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/honest_dns/1_0;frame-ancestors 'none' 2 frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/ 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://bat.bing.net https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz wss://endpoint-prod.scon.schwarz https://*.simplesurance.com 'unsafe-inline' https://*.adyen.com https://*.lidl.ch data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com https://link.tink.com https://manuals.sit-connect.com 'unsafe-inline' https://*.adyen.com https://*.lidl.ch; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.criteo.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.lidlplus.com https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://sync.targeting.unrulymedia.com https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://lidl.media.schwarz https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://mycliplister.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz https://media.sit-connect.com https://api.scon-assets.schwarz 'unsafe-inline' https://*.adyen.com https://*.lidl.ch data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://manuals.sit-connect.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.adsrvr.org https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.criteo.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.criteo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com https://partnersbenefits-uat-we.k8s.scrm.apps.schwarz 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net https://payments.lidlplus.com; 2 frame-ancestors 'self' https://dvag.test.dlstages01.dvag.de https://dvag.dev.dlstages01.dvag.de https://static.test.dlstages01.dvag.de https://static.dev.dlstages01.dvag.de https://static-career.test.dlstages01.dvag.de https://static-career.dev.dlstages01.dvag.de https://berater.finanzanalyse.dvag https://uat.berater.finanzanalyse.dvag https://staging.berater.deutschefin.tech https://vpd.finanzanalyse.dvag https://uat.vpd.finanzanalyse.dvag https://www.finanzanalyse.dvag https://uat.finanzanalyse.dvag https://benutzerkonto.abnahme.dvag https://benutzerkonto.dvag https://catalog.finanzanalyse.dvag https://uat.catalog.finanzanalyse.dvag 2 frame-ancestors 'self' https://www.herroom.com https://www.hisroom.com; 2 frame-ancestors 'self' *.inforcloudsuite.com 2 frame-ancestors https://*.singlestore.com https://*.contentstack.com; 2 default-src 'self' pghub.io; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com *.pg.com blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com *.pg.com blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.fonts.net https://privacytermsprod.azureedge.net https://consumersupport.pg.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.pg.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; font-src 'self' https://fonts.gstatic.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com *.ctfassets.net *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.pg.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com data: blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://images.ctfassets.net https://privacytermsprod.azureedge.net https://consumersupport.pg.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.pg.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com data: blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; frame-src https://www.googletagmanager.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com https://pg-lex.my.salesforce-sites.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com *.pg.com data: blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://privacytermsprod.azureedge.net https://consumersupport.pg.com https://*.analytics.google.com https://*.googletagmanager.com *.bazaarvoice.com *.youtube.com *.algolia.net *.algolianet.com *.pricespider.com *.crazyegg.com *.iesnare.com *.cloudflare.com *.mapbox.com *.cookielaw.org *.onetrust.com https://maxcdn.bootstrapcdn.com https://click2cart.com https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com *.click2cart.com *.agkn.com *.amazonaws.com *.pg.com data: blob: pghub.io https://feed.pghub.io https://gateway.zscalertwo.net *.jebbit.com *.pepperjam.com https://*.adsrvr.org https://analytics.crest.com https://js.adsrvr.org *.tp88trk.com *.affirm.com https://*.attn.tv *.swaven.com *.lightboxcdn.com *.google.com https://*.attentivemobile.com https://pandg.tapad.com; 2 script-src 'unsafe-inline' data: blob: http: https: https://www.homeagain.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.homeagain.com/; worker-src 'self' data: blob: http: https: https://www.homeagain.com/; img-src data: blob: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self' data: blob: http: https: https://www.homeagain.com/; font-src 'self' data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.zuora.com *.google.com *.googletagmanager.com cloud.emailca.merck-animal-health-usa.com cloud.email3.homeagain.com cl.s11.exct.net webto.salesforce.com csxd.contentsquare.net *.trustpilot.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' form.lidl.com *.youtube.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net cdn.cookielaw.org ibe.uphotel.agency https://www.google.com https://www.gstatic.com *.virtualearth.net *.bing.com unpkg.com *.pagestrip.com onepagebooking.com cdnjs.cloudflare.com *.walls.io walls.io connect.facebook.net snap.licdn.com *.azureedge.net hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com web-sdk.cdn.cmp.schwarz; img-src 'self' data: *.object.storage.eu01.onstackit.cloud *.google-analytics.com *.google.de www.googletagmanager.com googleads.g.doubleclick.net *.google.com fonts.gstatic.com form.lidl.com *.google-analytics.com ibe-frontend-production-frontend.s3-eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.tile.openstreetmap.org *.tiles.virtualearth.net *.bing.com http://*.tile.osm.org unpkg.com *.pagestrip.com cdn.cookielaw.org onepagebooking.com api.scon-assets.schwarz www.facebook.com px.ads.linkedin.com img.schwarz hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com form.lidl.com *.fonts.net ibe.uphotel.agency https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.bing.com unpkg.com *.pagestrip.com onepagebooking.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com form.lidl.com ibe.uphotel.agency *.pagestrip.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com; frame-src 'self' 'unsafe-inline' www.youtube.com form.lidl.com *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.google.com *.walls.io walls.io form.schwarz-digits.de form.beschaffung.schwarz; connect-src 'self' www.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.googleadservices.com stats.g.doubleclick.net form.lidl.com *.uphotel.agency cdn.cookielaw.org *.onetrust.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.openstreetmap.org https://www.bing.com pagestrip.com *.pagestrip.com *.scon.schwarz wss://endpoint-prod.scon.schwarz scon-assets-hub-prod.apps.01.cf.eu01.stackit.cloud api.scon-assets.schwarz px.ads.linkedin.com *.azureedge.net *.dynamics.com hrplattformprod-rocketapply-prod-scos-rocketapply.cfapps.eu20.hana.ondemand.com api.friendlycaptcha.com banner-api.cdn.cmp.schwarz; frame-ancestors 'self' *.googletagmanager.com form.lidl.com *.google-analytics.com; worker-src 'self' blob:; 2 default-src https: *.hotjar.com *.hotjar.io *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: *.hotjar.com *.hotjar.io client.crisp.chat *.wistia.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: *.hotjar.com *.hotjar.io client.crisp.chat image.crisp.chat storage.crisp.chat *.tawk.to cdn.jsdelivr.net tawk.link *.iubenda.com *.wistia.com *.wistia.net data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com *.wistia.com *.wistia.net *.tawk.to cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src https: *.litix.io *.wistia.com *.tawk.to wss://*.tawk.to client.crisp.chat storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src https: 'self' blob: *.hotjar.com *.hotjar.io *.tawk.to fast.wistia.com fast.wistia.net game.crisp.chat; style-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com fast.wistia.com client.crisp.chat *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; media-src * blob: data: https: *.wistia.com *.wistia.net client.crisp.chat 'self' 'unsafe-inline' 'unsafe-eval'; 2 frame-ancestors 'self' *.humacom.com *.iofbonehealth.org *.osteoporosis.foundation 2 frame-ancestors 'self' https://mgx.dev; 2 frame-ancestors 'self';default-src 'self';base-uri 'self';manifest-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' data: blob: https: chrome-extension: moz-extension: safari-web-extension:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' data: blob: https: chrome-extension: moz-extension: safari-web-extension:;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: blob: https: http:;font-src 'self' data: https:;connect-src 'self' https: wss: ws: chrome-extension: moz-extension: safari-web-extension: wss://relay.walletconnect.com https://relay.walletconnect.com https://rpc.walletconnect.com https://explorer-api.walletconnect.com https://*.walletconnect.com wss://*.walletconnect.com;frame-src 'self' https: https://verify.walletconnect.com chrome-extension: moz-extension: safari-web-extension:;worker-src 'self' blob: chrome-extension: moz-extension: safari-web-extension:;child-src 'self' blob: chrome-extension: moz-extension: safari-web-extension:;media-src 'self' data: blob: https:;object-src 'none';form-action 'self';block-all-mixed-content;upgrade-insecure-requests 2 default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' *.cdw.com *.cdw.ca *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.akamaihd.net *.google.com *.justuno.com *.demdex.net *.d41.co *.cxense.com pactsafe.io *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com *.youtube.com *.go-mpulse.net *.linkedin.com *.cloudfront.net *.bluecore.com blob: data.g2.com *.g2crowd.com *.spexlive.net *.gstatic.com *.turnto.com *.licdn.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hsadspixel.net *.hubapi.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com accessibilityserver.org *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.stackadapt.com *.administrateweblink.com *.stripe.com *.pactsafe.io *.sketchfab.com *.fiservapps.com sierra.chat *.algorecs.com *.officeperceptioninstinct.com *.oktapreview.com *.okta.com *.jst.ai *.onelink-edge.com justone.ai p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.cdw.ca *.needle.com *.googleapis.com *.justuno.com *.amazonaws.com *.cloudfront.net blob: *.typekit.net *.spexlive.net *.turnto.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.stackadapt.com *.administrateweblink.com *.stripe.com *.sketchfab.com sierra.chat;img-src 'self' *.cdw.com *.cdw.ca *.qualtrics.com *.optimizely.com *.needle.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.akamaihd.net *.google.com *.justuno.com *.demdex.net *.cxense.com *.googletagmanager.com *.googletagservices.com *.ytimg.com *.youtube.com *.amazonaws.com *.linkedin.com *.facebook.com *.cloudfront.net *.adobecqms.net *.everesttech.net *.bluecore.com cdn.optimizely.com data: *.spexlive.net *.windows.net *.turnto.com *.edgecastcdn.net *.licdn.com *.hsforms.com *.hubspot.com *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.redditstatic.com *.reddit.com *.scene7.com *.vidyard.com *.vimeocdn.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.stackadapt.com *.pactsafe.io *.administratehq.com *.sketchfab.com sierra.chat *.officeperceptioninstinct.com *.oktapreview.com *.okta.com *.jst.ai *.hubspotusercontent-na1.net justone.ai;frame-src 'self' *.cdw.com *.cdw.ca *.qualtrics.com *.needle.com *.doubleclick.net *.google.com *.justuno.com *.demdex.net *.cxense.com *.googletagmanager.com *.googletagservices.com *.youtube.com *.facebook.com *.cloudfront.net *.cdwemail.com *.kingston.com *.spexlive.net *.swcontentsyndication.com *.exacttarget.com *.exct.net *.simplecast.com *.hsforms.com *.userway.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.administrateweblink.com *.stripe.com *.sketchfab.com *.fiservapps.com *.microsoft.com justone.ai;font-src * data:;connect-src 'self' *.cdw.com *.cdw.ca *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.akamaihd.net *.google.com *.justuno.com *.demdex.net *.d41.co *.cxense.com *.googletagmanager.com *.googletagservices.com *.go-mpulse.net *.linkedin.com *.facebook.com *.cloudfront.net *.bluecore.com *.akstat.io data.g2.com *.g2crowd.com *.spexlive.net *.turnto.com *.hubapi.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com accessibilityserver.org *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.stackadapt.com *.administrateweblink.com *.pactsafe.io *.administratehq.com *.sketchfab.com sierra.chat *.algorecs.com *.onelink-edge.com p11.techlab-cdn.com;object-src 'self' *.cdw.com *.scene7.com;media-src 'self' *.cdw.com *.youtube.com blob: *.spexlive.net *.userway.org *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob:; 2 object-src 'none'; frame-ancestors 'none'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://api.openai.com https://*.boxever.com https://*.coveo.com https://global.ketchcdn.com https://cdn.ketchjs.com https://public.tableau.com https://*.cloudfront.net https://*.bound360.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.getsmartcontent.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.litix.io https://*.pardot.com https://*.questionpro.com https://*.rfihub.com https://*.rfihub.net https://*.sitecorecontenthub.cloud https://*.vizientinc.com https://*.wistia.com https://*.wistia.net https://ad.ipredictive.com https://ajax.googleapis.com https://analytics.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cnv.event.prod.bidr.io https://code.jquery.com https://connect.facebook.net https://*.sitecorecloud.io https://match.adsrvr.org https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://static.ads-twitter.com https://cm.vizient.localhost http://www.vizient.localhost http://www.vizient.localhost:* ws://www.vizient.localhost:* http://localhost http://localhost:* ws://localhost:* https://t.co https://tracking.intentsify.io https://vhatv.vha.com https://vitals.vercel-insights.com https://www.cvent.com https://www.ethosce.com https://www.facebook.com https://www.google.ca https://www.google.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.thinglink.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://tag.demandbase.com https://api.company-target.com https://company.target.com https://rlcdn.com https://id.rlcdn.com https://scripts.demandbase.com https://segments.company-target.com https://tag-logger.demandbase.com https://www.juicer.io https://www.podbean.com https://datawrapper.dwcdn.net https://embed.acast.com https://assets.juicer.io https://static.juicer.io https://media.licdn.com https://a.usbrowserspeed.com https://img.genially.com https://view.genially.com https://view.genial.ly https://*.simpli.fi https://cdn.knightlab.com https://vizient.wispform.com https://*.6sc.co https://secure.adnxs.com https://epsilon.6sense.com https://embed.podcasts.apple.com https://app.powerbi.com https://s.company-target.com https://unpkg.com https://vizient-chatbot.vercel.app; media-src 'self' data: blob: https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; 2 connect-src *.doubleclick.net *.linkedin.com *.google.com *.motork.io *.getwarmly.com *.iubenda.com *.google-analytics.com; default-src 'self'; font-src 'self' *.typekit.net; frame-src *.youtube.com *.google.com *.motork.io *.facebook.com; img-src 'self' *.drata.com *.lfeeder.com *.linkedin.com t.co *.twitter.com *.google.com *.google.it *.facebook.com *.googletagmanager.com; script-src 'unsafe-inline' 'self'; script-src-elem 'unsafe-inline' 'self' *.typekit.net *.iubenda.com *.motork.io *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.hotjar.com *.licdn.com *.ads-twitter.com *.facebook.net *.lfeeder.com *.head3high.com *.getwarmly.com *.doubleclick.net; style-src 'unsafe-inline' 'self'; style-src-elem 'unsafe-inline' 'self' *.typekit.net *.motork.io; worker-src 'self' blob:; 2 frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.npodoc.nl *.2doc.nl *.vprogids.nl *.brainwash.nl vpro.matomo.cloud omroephuman.matomo.cloud; 2 default-src https: 'unsafe-inline'; frame-ancestors 'none' 2 default-src 'self'; img-src * blob: data: https://*.google-analytics.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com; style-src-elem 'self' 'unsafe-inline' data: https://*.gstatic.com https://*.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.usercentrics.eu https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.usercentrics.eu https://*.gstatic.com https://dialogflow.cloud.google.com; frame-src 'self'; object-src 'none'; 2 frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2 frame-ancestors https://app.zoominfo.com 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: data: * 2 frame-src https://challenges.cloudflare.com https://www.googletagmanager.com https://privacyassure.force.com https://sbx-privacyassure.cs219.force.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://www.youtube.com https://ustglobalinc.jifflenow.com https://js.hsforms.net https://view.ceros.com https://player.vimeo.com https://download-video.akamaized.net https://app.hubspot.com https://vars.hotjar.com https://ustglobal.demdex.net https://app.hubspot.com https://13505543.fls.doubleclick.net https://s.company-target.com https://td.doubleclick.net https://form.typeform.com https://resources.digital-cloud-west.medallia.com https://ust-gen.eu.ada.support; frame-ancestors 'self' 2 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report; 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://static.hotjar.com https://maps.googleapis.com https://www.googletagmanager.com https://connect.facebook.net https://www.clarity.ms https://analytics.tiktok.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://td.doubleclick.net https://stats.g.doubleclick.net https://www.surveygizmo.com https://www.gstatic.com https://go.botmaker.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://zn9gkcxz5j9zpe4fu-swissbrand.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://script.hotjar.com https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms;connect-src 'self' https://metrics.hotjar.io https://maps.googleapis.com https://www.google.com https://analytics.google.com https://analytics.tiktok.com https://googleads.g.doubleclick.net https://mobileqa.swissmedical.com.ar https://mobilepre.swissmedical.com.ar https://mobile.swissmedical.com.ar https://stats.g.doubleclick.net https://api.whatsapp.com https://go.botmaker.com https://sgi.swissmedical.com.ar https://smed.beygoo.me https://swissbrand.qualtrics.com https://swissmedical.jobs2web.com https://swissmedicalgroup.sharepoint.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com wss://ws.botmaker.com https://storage.googleapis.com https://m-infra.appspot.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms;img-src 'self' data: https://smed.beygoo.me https://www.facebook.com https://www.google.com.ar https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://imagenes.swissmedical.com.ar https://analytics.google.com https://www.clarity.ms https://c.clarity.ms https://maps.gstatic.com https://maps.googleapis.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar https://connect.facebook.net;media-src 'self' https://www.youtube.com https://player.vimeo.com https://cdnjs.cloudflare.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;frame-src 'self' https://www.google.com https://www.googletagmanager.com https://td.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.swissmedical.com.ar https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://forms.office.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;worker-src 'self' blob: https://www.clubswiss.com.ar https://www.swissmedical.com.ar;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://storage.googleapis.com https://www.clubswiss.com.ar https://www.swissmedical.com.ar;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 2 frame-ancestors 'self'; frame-src *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.versio.nl *.freshdesk.com *.freshchat.com *.typeform.com *.hsforms.com *.doubleclick.net *.yourhosting.nl *.cookiebot.com 2 frame-ancestors 'self' https://*.obsbot.com 2 default-src 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com disqus.com translations.signapsesolutions.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' js.sitesearch360.com cdn.sitesearch360.com translations.signapsesolutions.com js.monitor.azure.com disqus.com c.disquscdn.com https://*.clarity.ms https://c.bing.com highwaysagency.disqus.com emea3.recruitmentplatform.com s.ytimg.com www.youtube.com maps.googleapis.com unpkg.com apis.google.com www.google-analytics.com widgets.flickr.com wsstatic.govmetric.com www.gstatic.com cdn.syndication.twimg.com platform.twitter.com embedr.flickr.com www.google.com www.googletagmanager.com wsstatic.servmetric.com ajax.aspnetcdn.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net hitcounter.govmetric.com cdn.jsdelivr.net jsdelivr.net websurveys2.govmetric.com websurveys2.servmetric.com www.browsealoud.com; style-src 'unsafe-inline' 'report-sample' 'self' wsstatic.servmetric.com cdn.jsdelivr.net jsdelivr.net c.disquscdn.com emea3.recruitmentplatform.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com p.typekit.net use.typekit.net websurveys2.govmetric.com websurveys2.servmetric.com; object-src 'none'; base-uri 'self'; connect-src 'self' www.googletagmanager.com js.monitor.azure.com global.sitesearch360.com insights.sitesearch360.com cdn.sitesearch360.com i0lne9atrk.execute-api.eu-west-2.amazonaws.com o4506903028891648.ingest.us.sentry.io uksouth-1.in.applicationinsights.azure.com https://*.clarity.ms https://c.bing.com region1.google-analytics.com maps.googleapis.com clapi.civiccomputing.com hitcounter.govmetric.com stats.g.doubleclick.net www.google-analytics.com emea3.recruitmentplatform.com plusqa.browsealoud.com www.browsealoud.com speech.speechstream.net embedr.flickr.com apikeys.civiccomputing.com plus.browsealoud.com; font-src 'self' emea3.recruitmentplatform.com fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net; frame-src 'self' player.vimeo.com green-hill-00bcb1d03.4.azurestaticapps.net podcasters.spotify.com web.powerva.microsoft.com anchor.fm app.powerbi.com content.googleapis.com www.arcgis.com *.arcgis.com arcgis.com disqus.com websurveys2.govmetric.com w.soundcloud.com www.google.com syndication.twitter.com platform.twitter.com www.facebook.com www.youtube.com; img-src data: 'self' i.vimeocdn.com insights.sitesearch360.com cdn.sitesearch360.com *.youtube.com img.youtube.com fonts.gstatic.com c.disquscdn.com referrer.disqus.com www.googletagmanager.com emea3.recruitmentplatform.com maps.gstatic.com maps.googleapis.com websurveys2.servmetric.com www.browsealoud.com stats.g.doubleclick.net abs.twimg.com www.google-analytics.com ton.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com live.staticflickr.com i.ytimg.com websurveys2.govmetric.com; manifest-src 'self'; media-src 'self' blob: prod-sign-backend-signapisinterpretationwebtransl-1qw8ws199jmxo.s3.eu-west-2.amazonaws.com; worker-src 'none'; 2 default-src: 'none' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unless.com https://*.unless.com https://beamanalytics.b-cdn.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://unless.com https://*.unless.com https://fonts.googleapis.com; connect-src 'self' https://unless.com https://*.unless.com wss://*.unless.com https://*.beamanalytics.io https://*.algolianet.com https://*.algolia.net; font-src 'self' https://unless.com https://*.unless.com https://fonts.gstatic.com; frame-src 'self' https://unless.com https://*.unless.com https://calendar.google.com https://www.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: https://unless.com https://*.unless.com https://images.ctfassets.net https://i.ytimg.com; object-src 'none'; base-uri 'none'; 2 frame-ancestors 'self' *.senecacollege.ca *.senecapolytechnic.ca; 2 frame-ancestors 'self' https://*.foodinfluencersunited.nl https://*.foodinfluencersunited.com 2 frame-ancestors 'self' *.checkout.com; 2 script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://api.exponea.com https://bat.bing.com https://connect.facebook.net https://fat.financeads.net/fpc.js https://utt.impactcdn.com https://analytics.tiktok.com https://js.intercomcdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.cloudflareinsights.com https://static.hotjar.com https://unpkg.com/web-vitals/ https://widget.intercom.io/widget/ivgiir6y https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.clarity.ms https://www.googletagmanager.com https://www.dwin1.com/22001.js https://script.hotjar.com https://lantern.roeyecdn.com https://*.sustain-impact.de https://sc.lfeeder.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://p.teads.tv/teads-fellow.js https://*.reddit.com https://redditstatic.com https://*.redditstatic.com https://amazon-adsystem.com https://*.amazon-adsystem.com https://*.doubleclick.net https://*.googlesyndication.com; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com https://analytics.google.com https://*.google-analytics.com https://www.google.com/ccm/collect https://www.google.com/pagead/ https://*.analytics.google.com https://api-iam.intercom.io https://api.exponea.com https://bat.bing.com https://mapi.finom.co https://mapi.finom.dev https://*.ingest.sentry.io https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://*.doubleclick.net wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io https://*.sustain-impact.de *.sentry.io https://*.teads.tv https://analytics.tiktok.com https://*.googlesyndication.com https://*.amazon-adsystem.com https://*.paa-reporting-advertising.amazon https://*.reddit.com https://redditstatic.com https://*.redditstatic.com https://www.facebook.com https://www.googletagmanager.com; font-src 'self' https://fonts.intercomcdn.com; frame-src 'self' https://eu.id.group-ib.com http://eu.id.group-ib.com https://widget.trustpilot.com https://td.doubleclick.net https://player.vimeo.com https://intercom-sheets.com https://www.youtube.com https://fledge.teads.tv https://accounting.finom.co https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://js.intercomcdn.com; worker-src 'none' 2 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.epichosted.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.jsdelivr.net yoast.com maps.googleapis.com *.formsite.com formsite.com *.callrail.com *.epichosted.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: www.albanymed.org maps.googleapis.com maps.gstatic.com i.ytimg.com i.vimeocdn.com secure.gravatar.com ps.w.org yoa.st yoast.com; connect-src 'self' *.algolia.net *.algolia.io *.algolianet.com analytics.google.com *.doubleclick.net my.yoast.com maps.googleapis.com *.callrail.com *.epichosted.com; frame-src 'self' *.doubleclick.net www.youtube.com player.vimeo.com *.formsite.com formsite.com; 2 default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self' 2 default-src 'self'; script-src 'self' www.googletagmanager.com www.googleadservices.com maps.googleapis.com www.redditstatic.com appleid.cdn-apple.com *.g.doubleclick.net static.ads-twitter.com platform.iteratehq.com tagmanager.google.com googletagmanager.com connect.facebook.net www.facebook.com cdnjs.cloudflare.com/ajax/libs/snowplow/ snippet.maze.co *.smooch.io *.verygoodvault.com *.gladly.com api.mapbox.com cdn.segment.com cdn.plaid.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net analytics.tiktok.com websdk.appsflyer.com static.elfsight.com universe-static.elfsightcdn.com fpnpmcdn.net static.visible.xyz *.taboola.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' static.visible.xyz fonts.googleapis.com tagmanager.google.com *.gladly.com 'unsafe-inline'; img-src 'self' www.google.com www.google.pt www.google.com.ua www.googletagmanager.com www.googleadservices.com www.facebook.com connect.facebook.net *.g.doubleclick.net static.visible.xyz t.co *.twitter.com *.gstatic.com *.amazonaws.com *.event.prod.bidr.io *.reddit.com *.gladly.com *.smooch.io *.adyen.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net assets.wisepops.net *.ytimg.com files.elfsightcdn.com sync.intentiq.com *.taboola.com analytics.tiktok.com blob: data:; connect-src 'self' https://api.rent.app/api/ google.com www.google.com maps.googleapis.com analytics.google.com *.analytics.google.com *.google-analytics.com *.g.doubleclick.net iteratehq.com *.reddit.com *.tiktokw.us connect.facebook.net www.facebook.com www.redditstatic.com conversions-config.reddit.com wa.onelink.me prompts.maze.co www.googletagmanager.com www.googleadservices.com googletagmanager.com assets.visible.xyz *.smooch.io *.verygoodvault.com gladly-production.sinter-collect.com *.gladly.com *.gladly.chat *.mapbox.com *.segment.io *.segment.com browser-intake-us5-datadoghq.com auth.rent.app *.auth0.com events.launchdarkly.com app.launchdarkly.com clientstream.launchdarkly.com *.adyen.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net ads.tiktok.com analytics.tiktok.com *.appsflyer.com *.elfsight.com api.fpjs.io *.api.fpjs.io api-js.mixpanel.com *.taboola.com ws:; font-src 'self' static.visible.xyz fonts.gstatic.com *.gladly.com analytics.tiktok.com data:; frame-src 'self' www.google.com www.googletagmanager.com www.facebook.com td.doubleclick.net *.verygoodvault.com *.plaid.com auth.rent.app *.auth0.com notifications.wisepops.com wisepops.net *.adyen.com calendly.com youtube.com www.youtube.com www.m.youtube.com tsdtocl.com blob:; object-src 'self' blob:; media-src *.gladly.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; worker-src blob:; block-all-mixed-content; upgrade-insecure-requests; report-uri /_/csp-reports; 2 default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://oebb.celum.cloud https://chcloudoebbexportprod.blob.core.windows.net https://chcloudoebbprod.blob.core.windows.net https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://*.nightjet.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://cdn.botframework.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io https://*.traumgutscheine.com https://myincert.com https://*.myincert.com https://jrrsxh.obb-italia.com https://8fhpe4.oebb.at; connect-src 'self' blob: https://*.oebb.at https://*.nightjet.com https://obc.railcargo.com https://oebb.celum.cloud https://*.playertec.de https://api.siteimprove.com https://directline.botframework.com https://europe.directline.botframework.com wss://europe.directline.botframework.com wss://directline.botframework.com https://powerva.microsoft.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://*.eu.omnichannelengagementhub.com https://go-eu.trouter.teams.microsoft.com https://*.communication.azure.com https://eu-mobile.events.data.microsoft.com https://*.trouter.teams.microsoft.com wss://*.trouter.teams.microsoft.com https://teams.microsoft.com https://api.userback.io https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at https://jrrsxh.obb-italia.com https://8fhpe4.oebb.at; img-src 'self' data: blob: https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://chcloudoebbexportprod.blob.core.windows.net https://chcloudoebbprod.blob.core.windows.net https://*.ytimg.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; media-src data:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.streaming.media.azure.net https://*.microsoftstream.com https://www.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://*.playertec.de https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://*.dynamics.com https://live.virtual-events.at https://service.studiobaff.com https://live.brame-gamification.com https://www.komoot.de https://wien.radelt.at https://rcg.flave.world https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://comms.omnichannelengagementhub.com https://www.traumgutscheine.com https://railtours.traumgutscheine.com https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at https://staging.svv.app.simdle.mobi; frame-ancestors 'self' https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com https://*.railcargo.com https://oebb-test.hafas.de; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://res-1.cdn.office.net https://res.cdn.office.net; child-src blob: https://*.oebb.at https://www.traumgutscheine.com https://railtours.traumgutscheine.com; worker-src blob: https://*.oebb.at; 2 default-src 'self' ; style-src https: 'unsafe-inline'; script-src https://*.ispserver.com/ https://*.ispserver.ae/ https://ispserver.ae/ https://ispserver.ru/ https://ispserver.com/ wss://*.chathost.ru/ https://*.chathost.ru/ https://*.carrotquest.app/ https://chat.hoztnode.net:3000 https://chat.ispsystem.net:3001 https://www.googletagmanager.com/ https://www.google.com/ https://my.ispserver.ru/ https://my.ispserver.com/ https://my.ispserver.ae/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://tag.marinsm.com/ https://mc.yandex.ru/ https://top-fwz1.mail.ru/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pixel-geo.prfct.co/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ wss://*.chathost.ru/ https://*.chathost.ru/ https://*.carrottrack.io/ https://chat.hoztnode.net:3000/ wss://chat.hoztnode.net:3000/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://top-fwz1.mail.ru/ https://mc.yandex.ru/; frame-src 'self' https://www.google.com/ https://bid.g.doubleclick.net/; font-src 'self' https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'self'; frame-ancestors 'self' https://metrika.yandex.ru; 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://cobertura.cwpanama.com https://cwpanama.speedtestcustom.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://prodgis.lla.com https://api.retargetly.com https://cookieless-campaign.prd-00.retargetly.com https://analytics.libertycr.com https://www.googletagmanager.com; form-action *; worker-src * blob:; 2 default-src 'self' data: *.dv.socure.io *.adobedc.net google.com *.googletagmanager.com *.trustarc.com *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self' *.googletagmanager.com *.trustarc.com; child-src 'self' ujet.co google.com *.adobedc.net *.ujet.co *.truste.com *.trustarc.com *.googletagmanager.com blob:; script-src 'self' https://secure.walmartmoneycard.com 'unsafe-inline' 'unsafe-eval' google.com https://first.iovation.com/* https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms *.licdn.com *.adobedc.net *.dv.socure.io *.truste.com *.consent.trustarc.com *.googletagmanager.com *.trustarc.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.stackadapt.com *.tags.srv.stackadapt.com *.redditstatic.com *.forter.com tags.stackadapt.com https://mpsnare.iesnare.com https://share.walmartmoneycard.com *.go2bank.com *.go2financial.com *.go2bankonline.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://*.decibelinsight.net https://*.decibel.com blob: https://api.cloudsponge.com analytics.tiktok.com https://cdnjs.cloudflare.com https://acdn.adnxs.com/dmp/up/pixie.js https://ib.adnxs.com/pixie; connect-src 'self' https://secure.walmartmoneycard.com *.linkedin.com google.com https://pie-secure-gdrewardsdev.nextestate.com/ https://qa-secure-gdrewardsdev.nextestate.com *.adobedc.net *.googletagmanager.com *.dv.socure.io *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com *.google-analytics.com *.walmartmoneycard.com/events *.appsflyer.com *.go2bank.com *.go2bankonline.com *.go2financial.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://*.extole.io https://*.xtlo.net analytics.tiktok.com https://maps.googleapis.com https://analytics.pangle-ads.com https://pagead2.googlesyndication.com kvicxs.walmartmoneycard.com https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms; img-src 'self' data: https://secure.walmartmoneycard.com google.com https://arttrk.com https://trkn.us https://rdcdn.com *.linkedin.com p.alocdn.com *.dv.socure.io *.adobedc.net aa.trkn.us i.ytimg.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.reddit.com *.rdcdn.com *.mdhv.io *.go2bank.com *.go2bankonline.com *.go2financial.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms data: blob: https://*.extole.io https://*.xtlo.net https://www.clarity.ms/* https://*.clarity.ms/* https://*.clarity.ms *.clarity.ms data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.adobedc.net *.dv.socure.io google.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.go2bankonline.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com use.typekit.net *.typekit.net https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: *.dv.socure.io *.adobedc.net kampyle.com google.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com *.dv.socure.io *.adobedc.net google.com *.googletagmanager.com *.trustarc.com *.truste.com *.adnxs.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' *.dv.socure.io google.com *.adobedc.net https://*.greendot.com https://*.go2bank.com https://*.go2financial.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 2 default-src 'self' play.vidyard.com; connect-src 'self' *.kampyle.com play.vidyard.com stats.g.doubleclick.net www.google-analytics.com; media-src 'self' play.vidyard.com; font-src 'self' use.fontawesome.com fonts.gstatic.com use.typekit.net data:; style-src 'self' *.kampyle.com *.readyclassroomcentral.com *.i-readycentral.com 'unsafe-inline' use.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net http://*.i-readycentral.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com use.typekit.net *.eloqua.com img.en25.com play.vidyard.com www.googletagmanager.com *.kampyle.com www.google-analytics.com http://*.i-readycentral.com; img-src 'self' *.i-readycentral.com ps.w.org cdn.vidyard.com play.vidyard.com *.eloqua.com *.googletagmanager.com *.kampyle.com www.google.com www.google-analytics.com secure.gravatar.com s.w.org data:; frame-src *.i-readycentral.com play.vidyard.com *.kampyle.com; frame-ancestors 'self' 2 default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://upload.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://embed.tawk.to; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; upgrade-insecure-requests; block-all-mixed-content; 2 default-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' www.gstatic.com cdn.evgnet.com *.evergage.com wompi.us-6.evergage.com https://cdn.jsdelivr.net https://npmcdn.com https://www.googletagmanager.com https://www.google.com http://www.googletagmanager.com https://snap.licdn.com http://www.google-analytics.com https://connect.facebook.net https://static.zdassets.com;media-src 'self' https://static.zdassets.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net galatea-dev.apps.ambientesbc.com;frame-src 'self' www.google.com *.evergage.com wompi.us-6.evergage.com cdn.evgnet.com *.email.wompi.com recaptcha.google.com youtube.com https://td.doubleclick.net https://www.youtube.com blob: data:; img-src 'self' https://wompi.com *.email.wompi.com public-assets.wompi.com https://www.linkedin.com data: https://www.googletagmanager.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com.co; font-src 'self' data: galatea-dev.apps.ambientesbc.com wompi.us-6.evergage.com; object-src 'self'; base-uri 'self';form-action 'self'; frame-ancestors 'self' *.evergage.com wompi.us-6.evergage.com *.email.wompi.com cdn.evgnet.com; connect-src 'self' ekr.zdassets.com cdn.evgnet.com wompi.us-6.evergage.com www.google.com https://*.wompi.co https://*.wompi.dev https://zendesk-eu.my.sentry.io https://wompipa.zendesk.com https://www.google-analytics.com https://www.google-analytics.com www.google-analytics.com px.ads.linkedin.com analytics.google.com ekr.zdassets.com https://px.ads.linkedin.com/wa wompi.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net https://www.google.com.co https://hook.us1.make.com;report-to https://api.wompi.co/v1/csp-report;report-uri https://api.wompi.co/v1/csp-report; 2 default-src 'self' https://mw-ar-recom-prod.pgapi.io/; media-src https://videos.ctfassets.net; style-src 'self' 'unsafe-inline' *; img-src https://* 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors * 'self' data: https: blob: 2 frame-ancestors 'self' *.upc.ch *.upc.biz *.sunrise.net ocpretailconfiguratorupc.ch *.ocpretailconfiguratorupc.ch tcx.ch *.upctv.ch *.sunrise.ch *.privent.ch *.upc-print.ch safeavenue.f-secure.com sunrisemoments.ch www.ticketcorner.ch; 2 frame-ancestors 'self' https://*.lexus.eu https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2 : default-src 'self'; 2 manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content;, frame-ancestors 'self'; 2 frame-ancestors 'self' https://next.adabra.com/ https://my.adabra.com/ https://app.blendee.com/ 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: https:; report-uri /report-csp-violation 2 default-src 'self' https://*.bitrix24.ru wss://*.bitrix24.com:* https://googleads.g.doubleclick.net https://mc.yandex.ru https://www.google-analytics.com/ https://bitrix.info/ https://api-maps.yandex.ru/ https://yastatic.net/ https://www.youtube.com/ https://rutube.ru/ https://vk.com/ https://*.vk.com/ ; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bitrix24.ru https://*.bitrix24.com https://www.googletagmanager.com https://code.jquery.com/ https://bitrix.info/ https://www.google-analytics.com https://maps.google.com https://*.gstatic.com:* https://*.googleapis.com https://mc.yandex.ru https://api-maps.yandex.ru/ https://yastatic.net/ https://www.youtube.com/ https://rutube.ru/ https://vk.com/ https://*.vk.com/ ; style-src 'self' 'unsafe-inline' https://*.bitrix24.ru https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://api-maps.yandex.ru/; img-src 'self' data: https://*.bitrix24.ru https://mc.yandex.ru:* https://*.googleapis.com https://*.gstatic.com:* https://www.google-analytics.com https://api-maps.yandex.ru:* https://*.maps.yandex.net:*; font-src 'self' https://*.bitrix24.ru https://*.gstatic.com:* ; object-src 'none' ; 2 default-src 'self' *.sulzer.com; img-src * data: blob: 'unsafe-inline' 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com http://sulzer.com *.google-analytics.com *.analytics.google.com https://*.gleap.io; font-src 'self' data: https://fonts.gstatic.com; style-src 'unsafe-inline' 'self' https://fast.fonts.net https://s93ds-prod.app-platform.tech/index.css https://s93lc-prod.app-platform.tech/index.css https://s93ln-prod.app-platform.tech/index.css; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://pi.pardot.com/analytics https://go.sulzer.com/analytics https://pi.pardot.com/pd.js http://cdn.pardot.com/pd.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflnjBBxk/www-widgetapi.js https://s.ytimg.com https://cdn.cookielaw.org *.hotjar.com *.hotjar.io *.callrail.com https://go.sulzer.com/pd.js https://s93ds-prod.app-platform.tech/contact-finder.js https://s93ds-prod.app-platform.tech/index.js https://s93lc-prod.app-platform.tech/locator.js https://s93lc-prod.app-platform.tech/index.js https://s93ln-prod.app-platform.tech/location.js https://s93ln-prod.app-platform.tech/index.js https://js-eu1.hs-scripts.com/145309032.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-banner.com/v2/145309032/banner.js https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hs-analytics.net https://js-eu1.hubspot.com/web-interactives-embed.js https://*.gleap.io; connect-src 'self' https://www.google-analytics.com https://mybusiness.googleapis.com https://stats.g.doubleclick.net https://analytics.google.com https://cdn.cookielaw.org https://maps.googleapis.com *.google-analytics.com *.analytics.google.com https://geolocation.onetrust.com https://privacyportal-ch.onetrust.com https://www.google.ch *.hotjar.io https://s93ds-prod.app-platform.tech https://api.country.is https://s93lc-prod.app-platform.tech https://s93ln-prod.app-platform.tech https://s93ln-int.app-platform.tech https://js-eu1.hs-banner.com/v2/cf-location https://js-eu1.hs-banner.com/cookie-banner-public/v2/cf-location https://js-eu1.hs-banner.com/v2/geolocation-reporting https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json https://cta-eu1.hubspot.com https://*.gleap.io wss://ws.gleap.io; child-src 'self' https://www.platform-viewer.v-ex.com https://www.google.com https://sulzer.us6.list-manage.com http://www.sulzerpumpsmexico.com https://app.xtremelocator.com https://ir.tools.investis.com https://www.youtube.com http://8826991.fls.doubleclick.net/ https://sulzer-pump-types.v-ex.app/ https://app.xtremelocator.com/ *.doubleclick.net https://*.gleap.io; media-src 'self' https://youtu.be https://www.youtube.com https://*.gleap.io 2 default-src * data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2 frame-ancestors 'self' https://*.myatproperties.com/ https://*.myansleyatlanta.com https://*.mychristiesre.com/; 2 frame-ancestors https://*.letsdoeit.com 2 frame-ancestors https:; 2 style-src 'self' 'unsafe-inline' https: data: ; script-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: blob: https: ; font-src 'self' https: data: ; media-src 'self' http: blob: ; connect-src 'self' wss: https: blob: ; object-src 'self' blob:; frame-src 'self' *.vimeo.com https: ; 2 base-uri 'none'; font-src 'self' https: data: https://heapanalytics.com; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https: images.ctfassets.net https://heapanalytics.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' https://heapanalytics.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' https://cdn.heapanalytics.com https://heapanalytics.com; upgrade-insecure-requests; default-src 'self'; frame-src 'self' https:; worker-src blob:; connect-src 'self' https: http://cdn.cookielaw.org wss: https://heapanalytics.com; media-src blob: 'self' https:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.useinsider.com https://www.google.com https://ads.nextdoor.com https://www.googletagmanager.com https://*.secureprivacy.ai/ https://analytics.tiktok.com https://connect.facebook.net https://js.adsrvr.org https://c.amazon-adsystem.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://bat.bing.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.googleoptimize.com/optimize.js https://code.jquery.com/jquery-3.2.1.slim.min.js https://www.google-analytics.com/analytics.js https://ad.doubleclick.net https://snap.licdn.com https://code.jquery.com https://secure-ds.serving-sys.com https://js.web-2-tel.com https://up.pixel.ad https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://secure-ds.serving-sys.com https://js.web-2-tel.com https://bs.serving-sys.com https://maps.googleapis.com https://maps.gstatic.com https://www.googleadservices.com https://www.youtube.com; img-src 'self' data: https://s.gravatar.com https://bat.bing.net https://*.useinsider.com https://*.secureprivacy.ai/ https://*.wp.com/cdn.auth0.com/avatars https://arttrk.com https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://www.google.com https://www.google.co.in https://px.ads.linkedin.com https://pixel.sitescout.com https://www.googletagmanager.com https://attribution.sitescout.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://googleads.g.doubleclick.net https://cm.g.doubleclick.net https://match.adsrvr.org/ https://www.google-analytics.com/ https://ad.doubleclick.net https://ib.adnxs.com/ https://pixel.rubiconproject.com/ https://i.ytimg.com https://clickserv.sitescout.com/ https://fonts.gstatic.com https://www.linkedin.com https://px4.ads.linkedin.com https://www.speedwaydigest.com https://speedwaydigest.com https://www.interstatebatteries.com/ https://interstatebatteries.com/ https://quickstart.interstatebatteries.com/ https://qa.home.interstatebatteries.com/; style-src 'self' 'unsafe-inline' https://*.useinsider.com https://fonts.googleapis.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.googletagmanager.com; font-src 'self' 'unsafe-inline' https://*.useinsider.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; connect-src 'self' https://bat.bing.net https://www.google.com https://www.googleapis.com https://*.google-analytics.com https://*.useinsider.com https://s.amazon-adsystem.com https://analytics.tiktok.com https://*.secureprivacy.ai/ https://ara.paa-reporting-advertising.amazon https://maps.googleapis.com https://analytics.interstatebatteries.com https://analytics.google.com https://googleads4.g.doubleclick.net https://stats.g.doubleclick.net https://px.ads.linkedin.com https://secure-ds.serving-sys.com https://lm.serving-sys.com https://js.web-2-tel.com https://bat.bing.com https://www.facebook.com https://web-2-tel.com https://insight.adsrvr.org https://ad.doubleclick.net; frame-src 'self' https://*.useinsider.com https://analytics.interstatebatteries.com/ https://www.googletagmanager.com https://s.amazon-adsystem.com/ https://www.youtube.com https://insight.adsrvr.org https://www.google.com https://td.doubleclick.net https://pixel-sync.sitescout.com https://match.adsrvr.org/ https://www.facebook.com https://*.doubleclick.net; media-src 'self' data:; upgrade-insecure-requests; 2 frame-ancestors 'self' https://prd-cd-01-mdc-us-ce.wsf-e-loreal.com https://prd-cd-01-mdc-us-tc.wsf-e-loreal.com https://prd-cd-01-mdc-us-us.wsf-e-loreal.com https://prd-cd-mdc-us-ce.wsf-e-loreal.com https://prd-cd-mdc-us-tc.wsf-e-loreal.com https://prd-cd-mdc-us-us.wsf-e-loreal.com https://www.makeup.com https://www.skincare.com 2 base-uri 'self'; default-src 'self'; connect-src 'self' https://*.ads.linkedin.com https://*.clarity.ms https://*.dyflexis.com https://google.com https://*.google.com https://bat.bing.com https://bat.bing.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://vod-adaptive-ak.vimeocdn.com https://www.facebook.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://*.trustpilot.com https://www.googleadservices.com; font-src 'self' https://*.wp.com https://fonts.bunny.net https://fonts.gstatic.com data:; frame-ancestors 'self' https://*.dyflexis.com; frame-src 'self' https://*.dyflexis.com https://*.fls.doubleclick.net https://10996528.fls.doubleclick.net https://*.google.com https://*.trustpilot.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://player.vimeo.com https://anchor.fm https://td.doubleclick.net https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.youtube.com; img-src 'self' https://*.ads.linkedin.com https://*.analytics.google.com https://*.dyflexis.com https://*.googleadservices.com https://google.com https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vu https://*.google.ws https://*.googleusercontent.com https://*.clarity.ms https://api.taggrs.io https://*.w.org https://appwiki.nl https://bat.bing.com https://bat.bing.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://img.sct.eu1.usercentrics.eu https://secure.gravatar.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data:; media-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.activehosted.com https://*.adform.net https://*.clarity.ms https://*.google.com https://*.trustpilot.com https://bat.bing.com https://bat.bing.net https://cdnjs.cloudflare.com https://connect.facebook.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://diffuser-cdn.app-us1.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://player.vimeo.com https://prism.app-us1.com https://snap.licdn.com https://trackcmp.net https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data:; script-src-elem 'self' 'unsafe-inline' https://*.activehosted.com https://*.adform.net https://*.clarity.ms https://*.cloudflare.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://connect.facebook.net https://*.trustpilot.com https://*.trustpilot.com https://bat.bing.com https://bat.bing.net https://connect.facebook.net https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://diffuser-cdn.app-us1.com https://fonts.bunny.net https://googleads.g.doubleclick.net https://player.vimeo.com https://prism.app-us1.com https://snap.licdn.com https://trackcmp.net https://unpkg.com https://www.googleadservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com data: 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.trustpilot.com https://fonts.bunny.net https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.trustpilot.com https://fonts.bunny.net; worker-src 'self' blob:; report-uri https://webwhales.nl?gdsih-csp-report; report-to csp-endpoint 2 frame-src 'self' https://www.floridahealth.gov https://www.youtube.com https://www.google.com https://forms.office.com https://fdoh.maps.arcgis.com https://www.facebook.com https://web.facebook.com https://www.twitter.com https://platform.twitter.com https://analytics.analytics-egain.com https://qlik.floridahealth.gov https://maps.google.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.3lift.com *.acuityplatform.com *.adadvisor.net *.adform.net *.adgrx.com *.admission.net *.admixer.net *.adnxs.com *.adotmob.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.agkn.com *.alcmpn.com *.amazon-adsystem.com *.amazonaws.com *.apxlv.com *.arcgis.com *.betweendigital.com *.bfmio.com *.bidr.io *.bidswitch.net *.bluekai.com *.bootstrapcdn.com *.brandcdn.com *.cdc.gov *.choozle.com *.cloudflare.com *.cloudfront.net *.cogocast.net *.company-target.com *.contextweb.com *.crazyegg.com *.crwdcntrl.net *.demdex.net *.docscores.com *.domdex.com *.dotomi.com *.doubleclick.net *.eloqua.com *.emailsrvr.com *.en25.com *.ensighten.com *.entitytag.co.uk *.epichosted.com *.everesttech.net *.exelator.com *.facebook.com *.facebook.net *.fg8dgt.com *.force.com *.fwmrm.net *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.healthgrades.com *.mercuryhealthcare.com *.imrworldwide.com *.insightexpressai.com *.intentiq.com *.ipredictive.com *.jumptap.com *.krxd.com *.krxd.net *.liadm.com *.libsyn.com *.licdn.com *.lijit.com *.linkedin.com *.linksynergy.com *.mathtag.com *.mdhv.io *.medtouch.com *.ml314.com *.ml314.com *.moatads.com *.mookie1.com *.ngrok.io *.nrchealth.com *.openx.net *.placelocal.com *.prfct.com *.pro-market.net *.pubmatic.com *.quantserve.com *.reson8.com *.rfihub.com *.rkdms.com *.rlcdn.com *.rubiconproject.com *.rundsp.com *.salesforce.com *.scorecardresearch.com *.semasio.net *.sharethis.com *.simpli.fi *.siteimproveanalytics.com *.siteimproveanalytics.io *.sitescout.com *.spotify.com *.spotxchange.com *.stickyadstv.com *.sundaysky.com *.survata.com *.swarminteractive.com *.tapad.com *.thrtle.com *.tidaltv.com *.tinypic.com *.tremorhub.com *.tribalfusion.com *.trueleadid.com *.truoptik.com *.turn.com *.twitter.com *.twimg.com *.undertone.com *.universityhealthsystem.com *.universityhealth.com *.universityhealthsystemsc.dev.local *.viewmedica.com *.vindicosuite.com *.w55c.net *.walmart.com *.web-2-tel.com *.xspadvertising.com *.yahoo.com *.youtube.com *.vimeo.com *.vimeocdn.com *.yextpages.net *.perfalytics.com https://freshpaint-cdn.com https://perfalytics.com https://addevent.com http://siteimproveanalytics.com https://oxblue.com https://pippio.com https://siteimproveanalytics.com https://thrtle.com https://uhs-portal.com https://universityhealthsystemsc.dev.local https://viewmedica.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://rg-uh-corpcomm-sitecore-pr-288890-cd.azurewebsites.net/ https://rg-uh-corpcomm-sitecore-pr-288890-cm.azurewebsites.net/ https://searchcloud-2-us-east-1.searchstax.com/ https://static.searchstax.com https://analytics-us.searchstax.com; 2 frame-ancestors https://tiger-corporation.com https://*.tiger-corporation.com https://community.tigerbottles.com; 2 default-src; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; prefetch-src * 'self'; child-src * 'self'; frame-src * 'self'; worker-src * 'self'; frame-ancestors *.uaionline.edu.ar uaionline.edu.ar *.uai.edu.ar uai.edu.ar *.uai.edu.ar:8084 uai.edu.ar:8084 *.vaneduc.edu.ar vaneduc.edu.ar; form-action * 'self'; base-uri * 'self'; manifest-src * 'self'; plugin-types */*; report-uri; report-to 2 frame-ancestors 'self' http://localhost:8080 https://api-internal-magnolia-author-dev.alpitour.it https://api-internal-magnolia-author-test.alpitour.it https://api-internal-magnolia-author-prod.alpitour.it 2 frame-ancestors http://wolfteam.softnyx.com 2 upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' object-src ‘none’; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.pay1.de api.deepl.com api-free.deepl.com https://*.googleapis.com https://*.google.com https://*.gstatic.com t.adcell.com containertags.belboon.de containertags.belboon.com https://*.r.akipam.com https://*.r.jakuli.com https://*.r.lafamo.com https://*.r.niwepa.com https://*.r.powuta.com https://cdn.logico3c.com https://pix.hyj.mobi https://s.retargeted.co https://maytrics.marvellousmachine.net tr.fatmedia.io as.ad4m.at ad4m.at https://*.adform.net bsmartdata.com fatmedia.io ad.ad-srv.net lekkerads.nl marvellousmachine.net https://*.gsitrix.com mediards.com https://*.mediards.com pikkasrv.com ad.ad-srv.net https://*.redintelligence.net https://*.adform.net https://*.redintelligence.net https://*.gsitrix.com https://*.adc-srv.net https://*.ad-srv.net https://*.mediards.com a.twiago.com ad.doubleclick.net ad.yieldlab.net ad13.adfarm1.adition.com ad4m.at adscale.de apptracker.stream bsmartdata.com dsum-sec.casalemedia.com https://*.fatmedia.io lekkerads.nl marvellousmachine.net pikkasrv.com r.adserver01.de r.adserver01.de r.df-srv.de rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com trc.taboola.com tr.mediards.de https://s.marvellousmachine.net https://trk.cytelligence.io/ https://sdk-set1.com/ bat.bing.com sync.targeting.unrulymedia.com sync.1rx.io static.criteo.net sslwidget.criteo.com dynamic.criteo.com connect.facebook.net www.facebook.com cm.g.doubleclick.net adservice.google.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com https://*.google-analytics.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js s.pinimg.com ct.pinterest.com api.sovendus.com *.adsrvr.org widgets.trustedshops.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://youtube.com https://www.youtube.com https://applepay.cdn-apple.com; connect-src 'self' https://eu1-search.doofinder.com api.deepl.com api-free.deepl.com pro.ip-api.com 'self' data: blob: https://*.googleapis.com https://*.google.com https://*.gstatic.com t.adcell.com https://tr.fatmedia.io https://api.retargeted.co bat.bing.com measurement-api.criteo.com www.econda-monitor.de stats.g.doubleclick.net https://www.google.de/ads/ https://*.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com/ ct.pinterest.com https://www.pinterest.com https://*.sovendus.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com api.trustedshops.com logging.trustbadge.com https://shops-si.trustedshops.com https://guarantee-log.trustedshops.com/v2/trustcard https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: i.ytimg.com data: https://*.googleapis.com https://*.google.com https://*.gstatic.com kraeuterhaus-nocookie.de www.kraeuterhaus-nocookie.de https://t.adcell.com https://janus.r.jakuli.com/ https://img.youtube.com https://ads.yieldmo.com https://sync.1rx.io https://as.ad4m.at https://ih.adscale.de https://dsum-sec.casalemedia.com https://a.twiago.com https://sync.targeting.unrulymedia.com bat.bing.com gum.criteo.com x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com c1.adform.net dpm.demdex.net dis.criteo.com www.facebook.com https://connect.facebook.net www.google.com www.google.de https://*.g.doubleclick.net adservice.google.com cm.g.doubleclick.net https://server.seadform.net www.googletagmanager.com https://public-prod-dspcookiematching.dmxleo.com ct.pinterest.com widgets.trustedshops.com https://static.hotjar.com https://script.hotjar.com i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' mailto: secure.pay1.de www.youtube-nocookie.com https://*.google.com https://t.adcell.com hal9000.redintelligence.net pixel.bsmartdata.com ads.lekkerads.nl ad.ad-srv.net s.marvellousmachine.net https://containertags.belboon.com https://analytics.bestofluck.io https://roxxtraxx.de https://ad4m.at https://c1.adform.net https://*.ad-srv.net/ https://cm.g.doubleclick.net https://ban.tangooserver.com *.mediards.com gum.criteo.com fledge.eu.criteo.com connect.facebook.net www.facebook.com https://*.fls.doubleclick.net https://td.doubleclick.net/ ct.pinterest.com https://*.sovendus.com https://www.sovendus-connect.com https://vars.hotjar.com https://youtube.com https://www.youtube.com; media-src 'self'; base-uri 'self'; form-action 'self' login.microsoftonline.com www.facebook.com; upgrade-insecure-requests; 2 default-src https:;connect-src https:;font-src https: data:;frame-src https:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 2 frame-ancestors 'self' https://portal.fibe.in/ https://webapp.fibe.in/ https://webapp-uat.fibe.in/ https://portal-test.fibe.in/ https://webportal.fibe.in/ https://webapp-v2.fibe.in/ https://webportal-v2.fibe.in/ https://lamf.fibe.in/ https://portal-qa.fibe.in/ 2 base-uri zonapagos.com *.zonapagos.com 2 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com *.cookielaw.org https://polyfill.io *.addthis.com *.moatads.com *.addthisedge.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://pi.pardot.com https://go.btireland.com https://snap.licdn.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.typekit.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com web-chat.nativechat.com https://img.youtube.com/ *.cookielaw.org https://alb.reddit.com/ https://px.ads.linkedin.com/ https://www.google.com https://www.google.es https://www.google.ie https://px4.ads.linkedin.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net; frame-src 'self' go.btireland.com s7.addthis.com www.google.com *.youtube.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.cookielaw.org *.addthis.com *.btireland.com *.doubleclick.net *.onetrust.com *.linkedin.orbi.io *.oribi.io *.analytics.google.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com web-chat.nativechat.com *.addthis.com; form-action 'self' go.btireland.com 2 default-src 'self' privacy-policy.truste.com truste.com *.google.com/ccm/ googleads.g.doubleclick.net cdn.mouseflow.com *.mouseflow.com pi.pardot.com leapevent.tech go.leapevent.tech static.cloudflareinsights.com *.licdn.com rdcdn.com *.ads.linkedin.com *.cloudflareinsights.com *.google-analytics.com api.marker.io/ fonts.gstatic.com *.gravatar.com browser.sentry-cdn.com player.vimeo.com ajax.cloudflare.com *.cloudflare.com assets.apollo.io *.cloudflareinsights.com *.google.com aplo-evnt.com *.google.com.au alocdn.com *.liadm.com *.googletagmanager.com d-code.liadm.com edge.marker.io huemor.rocks *.googleapis.com *.jsdelivr.net *.trustarc.com *.floridapanthers.com *.exacttarget.com 'unsafe-inline' 'unsafe-eval' data: blob: 2 base-uri 'self'; connect-src 'self' data: https: static.billets.ca *.billets.ca *.tickets.ca *.cookieyes.com cdn-cookieyes.com connect.facebook.net www.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com *.g.doubleclick.net *.google.ca *.google.fr *.google.com.mx *.google.co.uk pagead2.googlesyndication.com *.googleadservices.com *.googleapis.com *.gstatic.com www.linkedin.com snap.licdn.com *.ads.linkedin.com p.adsymptotic.com *.linkedin.oribi.io sjs.bizographics.com bat.bing.com; default-src 'self' data:; font-src 'self' data: https: static.billets.ca *.billets.ca *.tickets.ca fonts.gstatic.com; form-action 'self' https: www.facebook.com; frame-ancestors 'none'; frame-src 'self' https: www.facebook.com td.doubleclick.net *.googletagmanager.com *.google.com; img-src 'self' data: blob: https: static.billets.ca *.billets.ca *.tickets.ca cdn-cookieyes.com www.facebook.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca *.google.fr *.google.com.mx *.google.co.uk googleads.g.doubleclick.net pagead2.googlesyndication.com *.googleadservices.com *.googleapis.com *.gstatic.com *.googleusercontent.com ssl.gstatic.com www.gstatic.com www.linkedin.com *.ads.linkedin.com bat.bing.com; manifest-src 'self' https: static.billets.ca *.billets.ca *.tickets.ca; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: static.billets.ca *.billets.ca *.tickets.ca cdn-cookieyes.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' https: static.billets.ca *.billets.ca *.tickets.ca fonts.googleapis.com googletagmanager.com tagmanager.google.com www.gstatic.com; worker-src 'self' blob: data:; report-uri https://o1428952.ingest.us.sentry.io/api/6779447/security/?sentry_key=8b5fda394a3642e9a3bf42710a029851&environment=production&release=19334594170 2 frame-ancestors 'none';object-src 'none' 2 default-src 'self' data: blob: *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 2 default-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; child-src 'self' 'unsafe-inline'; frame-src 'self' https:; connect-src 'self' blob: https: http://platforms-info.jelastic.com/api/GetCurrency; img-src 'self' blob: https: data: 2 default-src 'self' https://*.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.google-analytics.com/ https://tagmanager.google.com/ https://*.googletagmanager.com/; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com/ https://*.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/ ; img-src 'unsafe-inline' 'self' https://*.google-analytics.com https://ssl.gstatic.com/ https://*.googletagmanager.com/ data:; font-src 'self' 'unsafe-inline' https://pro.fontawesome.com/ https://fonts.gstatic.com/ data:; connect-src 'self' https://*.google-analytics.com https://ssl.gstatic.com/ https://*.google.com data:;frame-ancestors self http://tohyve.iventic.com ; frame-src 'self' https://*.googletagmanager.com/; 2 frame-ancestors 'self' cmwlab.com metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr *.webvisor.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self' 2 child-src 'self'; connect-src 'self' https://*.analytics.google.com https://*.aptrinsic.com/ https://*.cookiereports.com https://*.data-crypt.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.linkedin.com https://*.monitor.azure.com https://*.mottmac.com https://*.optimizely.com https://*.qualtrics.com https://*.shorthand.com https://*.unsplash.com https://d1igp3oop3iho5.cloudfront.net https://dc.services.visualstudio.com https://siteintercept.qualtrics.com https://zn2qs6vrp6mppl1rp-mottmac.siteintercept.qualtrics.com/; font-src 'self' https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.typekit.net/; frame-src 'self' https://*.blubrry.com https://*.doubleclick.net https://*.idio.episerver.net https://*.optimizely.com https://*.qualtrics.com https://*.shorthand.com https://*.spotify.com/ https://*.sproutsocial.com https://*.youtube-nocookie.com https://*.youtube.com https://flo.uri.sh/ https://mmal01mstr91jlbprep.dxcloud.episerver.net/ https://player.vimeo.com https://public.flourish.studio/ https://www.podbean.com/; img-src 'self' data: https://*.analytics.google.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.co.uk https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.lfeeder.com https://*.linkedin.com https://*.mottmac.com https://*.optimizely.com https://*.qualtrics.com https://*.shorthandstories.com https://*.siteimproveanalytics.io https://*.ytimg.com https://maps.gstatic.com https://optimizely-public-design-assets.s3.amazonaws.com https://siteintercept.qualtrics.com; manifest-src 'self'; media-src 'self' https://*.idio.episerver.net https://*.mottmac.com https://*.optimizely.com https://*.shorthandstories.com; script-src-elem 'self' 'unsafe-inline' https://*.cloudfront.net https://*.cookiereports.com https://*.data-crypt.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.idio.episerver.net https://*.lfeeder.com https://*.optimizely.com https://*.qualtrics.com https://*.shorthand.com https://*.shorthandstories.com https://*.youtube.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/dist/feather.min.js https://cdn.jsdelivr.net/npm/feather-icons/dist/feather.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://code.jquery.com/jquery-3.2.1.slim.min.js https://flo.uri.sh/ https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://news.files.bbci.co.uk https://player.vimeo.com https://public.flourish.studio/ https://siteimproveanalytics.com https://siteintercept.qualtrics.com https://snap.licdn.com https://web-sdk-eu.aptrinsic.com/api/aptrinsic.js https://zn2qs6vrp6mppl1rp-mottmac.siteintercept.qualtrics.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.cookiereports.com https://*.googletagmanager.com https://*.idio.episerver.net https://*.qualtrics.com https://cdn.optimizely-cmp-analytics.com https://js.monitor.azure.com https://optimizely-cmp-analytics.com/ https://public.flourish.studio/; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.shorthandstories.com https://*.typekit.net/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://web-sdk-eu.aptrinsic.com/style.css; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src-attr 'unsafe-inline' https://*.idio.episerver.net; worker-src blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onenorth.com *.ropesgray.com *.cookielaw.org *.google.com *.gstatic.com *.googletagmanager.com https://cdn.iframe.ly *.sharethis.com siteimproveanalytics.com *.passle.net *.linkedin.com *.licdn.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.lfeeder.com *.vimeo.com *.twitter.com; img-src 'self' data: *.onenorth.com *.ropesgray.com *.sharethis.com *.googletagmanager.com *.linkedin.com *.siteimproveanalytics.io *.adsymptotic.com *.lfeeder.com *.google.com *.google-analytics.com *.doubleclick.net *.twitter.com *.passle.net *.cookielaw.org *.ropesgray.com *.onenorth.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.myfonts.net *.sharethis.com *.passle.net *.cloudflare.com *.cloudfront.net *.typekit.net *.googleapis.com; font-src 'self' 'unsafe-inline' data: *.bootstrapcdn.com *.myfonts.com *.cloudfront.net *.typekit.net *.gstatic.com; frame-src 'self' 'unsafe-inline' *.ropesgray.com https://cdn.iframe.ly *.sharethis.com *.passle.net *.taleo.net *.brightcove.net *.google.com *.youtube.com *.vimeo.com *.yoshki.com *.twitter.com *.transistor.fm https://datawrapper.dwcdn.net https://www.googletagmanager.com; connect-src 'self' 'unsafe-inline' *.cookielaw.org *.onetrust.com *.sharethis.com *.google-analytics.com *.doubleclick.net *.passle.net *.crwdcntrl.net *.oribi.io https://www.google.com; upgrade-insecure-requests; block-all-mixed-content; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' px.ads.linkedin.com *.ads.linkedin.com *.cookiebot.com *.facebook.com *.facebook.net *.g.doubleclick.net *.gigya.com *.go-mpulse.net *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.ivoclar.com *.ivoclarvivadent.com *.ownid.com *.pardot.com *.purechat.com *.purechatcdn.com *.vimeo.com *.youtube.com api.ipify.org cdn.fusedeck.net challenges.cloudflare.com g.doubleclick.net io.fusedeck.net js.hsforms.net script.hotjar.com service.excentos.com snap.licdn.com static.hotjar.com www.eventbrite.com www.googletagmanager.com www.linkedin.com yastatic.net *.stackadapt.com qvdt3feo.com tags.srv.stackadapt.com *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net iytimg.com www.clarity.ms *.qualtrics.com fd.ivoclar.com server.fillout.com;img-src 'self' data: px.ads.linkedin.com cdn.jsdelivr.net *.ivoclar.com *.ivoclarvivadent.com *.gigya.com *.google.com google.com *.google.at *.gstatic.com *.googleapis.com *.google-analytics.com *.purechat.com *.purechatcdn.com *.googleapis.com *.facebook.net *.facebook.com *.google-analytics.com *.pardot.com *.google.co.uk *.g.doubleclick.net g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.youtube.com *.ads.linkedin.com *.vimeo.com *.excentos.com excentos.com *.google.com.sa google.com.sa *.google.de google.de cdn01.basis.net *.stackadapt.com qvdt3feo.com tags.srv.stackadapt.com *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net yastatic.net iytimg.com *.cookiebot.com *.clarity.ms *.siteintercept.qualtrics.com fd.ivoclar.com;style-src 'self' data: blob: 'unsafe-inline' px.ads.linkedin.com cdn.jsdelivr.net *.google.com *.googleapis.com *.ivoclarvivadent.com *.ivoclar.com *.google.co.uk *.g.doubleclick.net g.doubleclick.net *.googleadservices.com *.googlesyndication.com cdn.fusedeck.net *.youtube.com *.vimeo.com *.excentos.com cdn01.basis.net tags.srv.stackadapt.com www.google.co.th *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net yastatic.net iytimg.com *.clarity.ms *.siteintercept.qualtrics.com fd.ivoclar.com;object-src 'self';upgrade-insecure-requests ;frame-ancestors 'self' data: px.ads.linkedin.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.gigya.com *.cookiebot.com *.purechat.com *.purechatcdn.com *.googleapis.com *.google-analytics.com *.go-mpulse.net *.ivoclarvivadent.com *.ivoclar.com *.vimeo.com challenges.cloudflare.com *.clarity.ms *.siteintercept.qualtrics.com fd.ivoclar.com;connect-src 'self' wss: https:;default-src https: mailto:;base-uri 'self';form-action 'self' https:; 2 default-src 'none'; script-src 'self' https://cackle.me https://*.doubleclick.net https://addtocalendar.com https://*.googletagmanager.com https://*.google-analytics.com https://kudamoscow.ru https://i2.wp.com https://gravatar.com https://cackle.me https://*.cackle.me https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://api-maps.yandex.ru https://*.maps.yandex.ru https://maps.yandex.ru https://yastatic.net https://an.yandex.ru https://mc.yandex.ru https://matchid.adfox.yandex.ru https://top-fwz1.mail.ru https://counter.rambler.ru https://www.gstatic.com https://yandex.ru https://*.yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; frame-src https://vk.com https://vkvideo.ru https://*.vk.com https://www.google.com https://cackle.me https://kinescope.io https://vimeo.com https://*.vimeo.com https://rutube.ru https://*.rutube.ru https://*.doubleclick.net/ https://*.cackle.me/ https://www.youtube.com/ https://*.yastatic.net/ https://yastatic.net/ https://*.yandex.ru https://*.yandex.com; object-src 'none'; base-uri 'self'; form-action 'self' https://kudamoscow.ru; frame-ancestors 'none'; manifest-src 'self' https://kudamoscow.ru/favicon/site.webmanifest; connect-src 'self' https://*.rambler.ru https://*.google.com wss://*.cackle.me https://cackle.me https://analytics.google.com https://*.yandex.ru https://yandex.ru https://*.yandex.com https://*.yandex.net https://*.google-analytics.com https://analytics.google.com https://*.doubleclick.net/; media-src 'self' https://cackle.me https://*.yandex.ru https://*.yandex.net https://*.yandex.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 2 default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; connect-src 'self' google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; script-src-elem 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ *.bing.com *.clarity.ms 'sha256-OV+W5aN+wXLQMwrLt6Me/DVM/QLZyWr6AqI2ONGntw8='; img-src 'self' google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com *.bing.com *.clarity.ms; style-src 'self' 'unsafe-hashes' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc='; frame-ancestors 'self'; form-action 'self'; manifest-src 'self'; font-src 'self'; frame-src 'self' *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.google.com https://www.gstatic.com/recaptcha/ 2 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.knorr-bremse.com:* https://cdn.cookielaw.org https://responder.wt-safetag.com https://fbc.wcfbc.net https://*.gstatic.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://n0c357rmy1njbuit2friqwu.blob.core.windows.net; frame-ancestors 'self' https://www.threesixty-events.de/selectron_innotrans/; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.sepidarsystem.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com tagmanager.google.com fonts.googleapis.com *.doubleclick.net *.clarity.ms *.gravatar.com *.hotjar.com *.aparat.com *.mediaad.org *.tavoos.net *.yektanet.com *.sanjagh.com *.sabavision.com *.najva.com *.jsdelivr.net *.googleapis.com *.pegah.tech *.w.org *.wp.com *.openstreetmap.org gravityforms.s3.amazonaws.com *.dezhino.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeocdn.com; style-src 'self' http: 'unsafe-inline' *.googleapis.com; img-src 'self' data: *; frame-src mailto: *.doubleclick.net *.vimeo.com *.youtube.com *.arri.com *.facebook.com *.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' blob: *.licdn.com *.doubleclick.net *.pingdom.net *.6sc.co *.crazyegg.com *.facebook.net *.gstatic.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.googleapis.com unpkg.com *.arri.com *.youtube.com; connect-src 'self' *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.usercentrics.eu *.6sc.co *.ads.linkedin.com *.crazyegg.com *.6sense.com *.doubleclick.net *.pingdom.net *.googleapis.com *.arri.com *.facebook.com *.facebook.net *.vimeocdn.com *.google-analytics.com; worker-src 'self' blob: 2 frame-ancestors 'self';upgrade-insecure-requests; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https: wss: ws:; frame-src 'self' https:; child-src 'self' https:; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; media-src 'self' https: data:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://adexofiles.ir https://sentry.hamravesh.com https://ma-cdn.pegah.tech *.analytics.google.com *.google-analytics.com *.googleapis.com *.goftino.com *.googletagmanager.com https://heapanalytics.com *.heapanalytics.com *.adtodate.ir *.microsoft.com *.amazonaws.com https://deemanetwork.com *.mediaad.org *.shab.codes *.shab.ir *.shab.trial *.shab.demo *.shab.travel *.shab.rentals *.shabtravel.com *.intrack.ir *.gstatic.com *.clarity.ms *.bing.com *.yektanet.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.goftino.com *.doubleclick.net; img-src 'self' blob: data: *.shab.ir *.shab.codes *.shab.travel *.shab.rentals *.shabtravel.com *.googletagmanager.com *.shab.trial *.shab.demo *.shab.cloud *.googleapis.com *.tile.openstreetmap.org *.goftino.com *.yektanet.com https://heapanalytics.com *.heapanalytics.com *.microsoft.com *.amazonaws.com *.intrack.ir *.dezhino.com *.cloudfront.net *.doubleclick.net *.google-analytics.com *.clarity.ms *.bing.com https://sentry.hamravesh.com https://www.google.de https://www.google.nl https://www.google.de https://www.google.ae https://www.google.fr https://www.google.ca https://www.google.co.uk https://www.google.com.au https://www.google.se https://*.google.com; media-src 'self' blob: *.shab.systems *.shab.ir *.goftino.com *.doubleclick.net; connect-src 'self' wss://socket.shab.ir https://sentry.pegah.tech https://ma-cdn.pegah.tech https://sentry.hamravesh.com https://panel.adexo.ir *.google.com https://*.yektanet.com *.google-analytics.com *.googleapis.com *.shab.cloud *.goftino.com ws://*.goftino.com wss://*.goftino.com https://gateway.zibal.ir https://heapanalytics.com *.heapanalytics.com https://clarity.microsoft.com *.bing.com https://deemanetwork.com https://gate.dezhino.com *.shab.codes *.shab.ir *.shab.travel *.shab.rentals *.shabtravel.com *.shab.trial *.shab.demo *.mediaad.org *.intrack.ir *.doubleclick.net *.clarity.ms; font-src 'self' *.gstatic.com *.goftino.com data:; frame-src 'self' https://sentry.hamravesh.com *.goftino.com https://*.yektanet.com *.aparat.com *.intrack.ir https://mediacdn.mediaad.org *.googletagmanager.com *.doubleclick.net; object-src 'none'; base-uri 'self'; form-action https://*.shab.ir https://api.shab.travel https://api.shab.rentals https://api.shabtravel.com 'self' https://bpm.shaparak.ir https://ipg.toman.ir https://asan.shaparak.ir https://credit.mellatinsurance.ir https://gateway.zibal.ir https://sep.shaparak.ir https://live-test-develop-merchant-growth.apps.public.okd4.teh-1.snappcloud.io https://api.snapppay.ir https://payment.snapppay.ir https://paym.basa.ir;frame-ancestors 'self';worker-src 'self' blob:;child-src 'self' blob:; 2 frame-ancestors 'self' facebook.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com/ https://www.youtube.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://app-script.monsido.com/ https://cdn-apac.onetrust.com/ https://u.heatmap.it/ https://cdn.yellowmessenger.com/ https://www.google.com/ https://www.gstatic.com/ https://static.elfsight.com/platform/platform.js https://elfsightcdn.com/platform.js https://www.petronas.com/608242b4-6b3e-4aff-8979-014519414d0c https://app-script.monsido.com/ https://static.elfsight.com/ https://api.swiftype.com/ https://geotargetly-api-1.com/ https://g10498469755.co/ https://code.jquery.com/; object-src 'none'; upgrade-insecure-requests 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.octapharma.com https://app.storyblok.com; 2 frame-ancestors 'self' versapay.com staging.versapay.com; 2 require-trusted-types-for 'script';report-uri /_/ChromeWebStoreConsumerFeUi/cspreport 2 frame-ancestors 'self' https://slfscreen.wsl.ch 2 frame-ancestors bibliotekanauki.pl pon.edu.pl 2 default-src 'self' https:; object-src 'none'; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.blackbaudhosting.com; frame-ancestors *.webnl.nl; font-src 'self' *.googleapis.com *.gstatic.com; frame-src https:; worker-src blob:; 2 default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self' https://storable.my.salesforce.com https://storable.lightning.force.com; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 2 default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://signrequest.com https://cdn.signrequest.com https://signrequest-static.s3.amazonaws.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://apis.google.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.stripe.com https://*.zapier.com https://zapier.com https://www.dropbox.com https://*.cookiebot.com https://ct.capterra.com https://connect.facebook.net https://static.zdassets.com https://62vqqh6qv58h.statuspage.io https://snap.licdn.com https://survey.survicate.com https://surveys-static.survicate.com https://trackcmp.net https://diffuser-cdn.app-us1.com https://prism.app-us1.com ; style-src 'self' 'unsafe-inline' https://signrequest-static.s3.amazonaws.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://zapier.com https://*.webflow.com ; img-src * data:; font-src 'self' data: https://signrequest-static.s3.amazonaws.com https://assets.website-files.com https://assets-global.website-files.com https://*.website-files.com https://*.webflow.com https://fonts.gstatic.com; report-uri https://sentry.sr-staging-1.com/api/2/security/?sentry_key=a6f9acd3a2264908b8efd53f59f51fe3 2 frame-ancestors *.getjobber.com getjobber.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' blob: cdn-cookieyes.com *.bugherd.com *.pusher.com https://*.googletagmanager.com https://*.google-analytics.com https://*.youtube.com https://*.pardot.com https://code.jquery.com https://cdn.jsdelivr.net https://cdn.plyr.io https://stackpath.bootstrapcdn.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://*.clearbitscripts.com https://snap.licdn.com https://go.specterops.io https://googleads.g.doubleclick.net https://unpkg.com https://sessionize.com https://js.zi-scripts.com https://stats.wp.com https://cdn.parsely.com https://trk.techtarget.com/tracking.js https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js https://cdnjs.cloudflare.com/ajax/libs/jspdf/2.5.1/jspdf.umd.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://sessionize.com https://sessionize.blob.core.windows.net; img-src 'self' cdn-cookieyes.com data: blob: https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://*.pardot.com https://*.google.com https://*.google.ca https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://www.linkedin.com https://*.ads.linkedin.com https://cdn-images-1.medium.com https://medium.com https://secure.gravatar.com https://i.ytimg.com *.bugherd.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com https://pixel.wp.com https://lh7-rt.googleusercontent.com https://learn.microsoft.com https://www.microsoft.com https://media3.giphy.com https://miro.medium.com https://specterops.husldigital.com https://p1.parsely.com; font-src 'self' https://fonts.gstatic.com https://s0.wp.com https://s1.wp.com https://s2.wp.com data:; connect-src 'self' *.cookieyes.com cdn-cookieyes.com *.pusher.com sessions.bugsnag.com *.bugherd.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://*.google.ca https://*.ads.linkedin.com https://stackpath.bootstrapcdn.com https://cdn.plyr.io https://cdn.jsdelivr.net https://sessions.bugsnag.com https://js.zi-scripts.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://*.pardot.com https://noembed.com https://lottie.host https://unpkg.com https://sessionize.com https://pagead2.googlesyndication.com https://ws.zoominfo.com https://p1.parsely.com https://ibc-flow.techtarget.com https://api.parsely.com; frame-src 'self' *.bugherd.com https://widgets.wp.com https://www.googletagmanager.com https://wordpress.com https://www.youtube.com https://www.loom.com https://demo.arcade.software https://open.spotify.com https://player.vimeo.com https://*.pardot.com https://cdn.embedly.com; object-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'none'; base-uri 'self'; 2 base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://app.usercentrics.eu https://connect.facebook.net https://dmp.theadex.com https://maps.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://console.googletagservices.com https://*.adtrafficquality.google https://*.google.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com; frame-src 'self' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.safeframe.googlesyndication.com https://api.theadex.com https://app.usercentrics.eu https://tpc.googlesyndication.com https://pagead2.googlesyndication.com *.googletagservices.com https://*.googletagmanager.com https://*.adtrafficquality.google; frame-ancestors 'self'; form-action 'self'; default-src 'self'; worker-src 'self'; object-src 'none'; img-src * 'self' data:; manifest-src 'self'; connect-src 'self' https://*.analytics.google.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.at https://*.google.de https://*.googleapis.com https://*.marktguru.at https://*.marktguru.de https://*.usercentrics.eu https://csi.gstatic.com https://mppx.marktguru.at https://mppx.marktguru.de https://pagead2.googlesyndication.com https://*.adtrafficquality.google https://dmp.theadex.com https://*.googleadservices.com https://*.googletagservices.com https://www.facebook.com; font-src 'self' https://fonts.gstatic.com; 2 frame-ancestors www.happymeal.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lndo.site *.suno.com.br *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.onesignal.com https://onesignal.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.hotjar.com *.getblue.io *.g.doubleclick.net ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.hs-scripts.com *.licdn.com *.facebook.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hubapi.com *.hubspot.com *.twitter.com *.twimg.com *.hsforms.net https://unpkg.com *.googleapis.com *.hsforms.com *.amazonaws.com *.validity.com *.youtube.com *.newrelic.com *.nr-data.net *.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js http://localhost:3000 *.getwisp.co *.cloudfront.net https://js.hubspotfeedback.com/feedbackweb-new.js *.analytics.tiktok.com https://www.googleoptimize.com/optimize.js https://td.doubleclick.net https://npmcdn.com/flatpickr/dist/l10n/pt.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js https://cdn.jsdelivr.net/npm/swiper@6.3.3/swiper-bundle.min.js https://app.powerbi.com/ *.funnelytics.io cdn.wisepops.com loader.wisepops.com app.getwisp.co activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net notifications.wisepops.com *.wisepops.com *.wisepops.net *.clarity.ms https://tag.goadopt.io/injector.js https://disclaimer-api.goadopt.io/api/tag/get-consent https://membros-api-gateway.suno.com.br/api/v1/events/register-data https://static.ads-twitter.com/uwt.js https://www.google.com.br/ads/ga-audiences *.goadopt.io https://forms.hubspot.com https://tag.curiosidadesdigitais.com/suno_suno.9999.js http://cdn.stape.io https://sunoresearch-com-br-7171354.hs-sites.com/ *.cloudflareaccess.com https://cdn.jsdelivr.net/npm/echarts@5.4.1/dist/echarts.min.js https://suno-marketdata-api.suno.com.br/ https://staging-marketdata-api-blfrlxkj30sx2blh.suno.com.br/; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com https://onesignal.com *.ampproject.org http://localhost:3000/styles/frontend.css *.code.jquery.com http://localhost:3000/styles/admin.css http://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css; img-src * data: cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net; font-src * data:; connect-src 'self' https://suno-noticias-staging.suno-noticias.svc.cluster.local http://suno-noticias.lndo.site *.suno.com.br *.google.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net *.wisepops.com *.clarity.ms https://forms.hubspot.com https://api.hubspot.com/ https://js.hs-banner.com/ https://cta-service-cms2.hubspot.com/ https://googleads.g.doubleclick.net/ https://cdn.ampproject.org *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.facebook.com *.twitter.com *.twimg.com *.googleapis.com *.amazonaws.com *.youtube.com *.newrelic.com *.cloudfront.net https://disclaimer-api.goadopt.io http://cdn.stape.io *.hubapi.com https://sunoresearch-com-br-7171354.hs-sites.com/ *.cloudflareaccess.com; object-src 'none'; base-uri 'self' 2 default-src 'self'; font-src 'self' data:; base-uri 'self'; connect-src 'self' multimedia.gsb.bund.de *.materna.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.itzbund.de lbb-hb.de; style-src 'self' 'unsafe-inline' *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io piwik.itzbund.de vimeo.com *.sli.do *.jsdelivr.net; object-src 'self' multimedia.gsb.bund.de *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do *.lbb-hb.de; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io vimeo.com *.sli.do lbb-hb.de; frame-src *.google.com *.google.de *.gstatic.com *.youtube.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplattform.com *.strivetech.io mindandvision.tv 2021.mindandvision.tv *.jwplayer.com vimeo.com *.sli.do player.vimeo.com; img-src 'self' data: *.materna.de *.google.com *.gstatic.com *.youtube.com *.twimg.com twemoji.maxcdn.com *.readspeaker.com *.unitylivestream.com *.unityrealtime.chat *.jwplayer.com *.strivetech.io *.sqat.eu piwik.itzbund.de vimeo.com yommaserver.synology.me:5001 *.sli.do; frame-ancestors 'self'; 2 default-src https: http: blob: 'unsafe-inline' 'unsafe-eval' data:; 2 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com *.fontawesome.com https://fonts.bunny.net *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.payments-amazon.com *.trackedlink.net magefan.com cm.magefan.com *.disqus.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk google.de google.se google.fr googleadservices.com doubleclick.net *.doubleclick.net *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com https://img.youtube.com https://firebasestorage.googleapis.com https://maps.gstatic.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.avln.me/t.js *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com *.disqus.com https://cdn.jsdelivr.net *.hub-box.com *.doubleclick.net *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com js.stripe.com *.avada.io *.shopify.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com https://cdn.jsdelivr.net *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com *.fontawesome.com https://fonts.bunny.net unsafe-inline assets.braintreegateway.com *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src *.vimeo.com 'self' 'unsafe-inline'; media-src *.adobe.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeo.com *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.hub-box.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.facebook.com *.facebook.net *.google.co.uk *.analytics.google.com *.zippopotam.us kingsumo.com *.hotjar.com *.termly.io *.google-analytics.com *.pcapredict.com *.googlesyndication.com *.google.com *.hotjar.io *.vimeocdn.com *.gstatic.com *.dwin1.com *.awin1.com lantern.roeyecdn.com *.zenaps.com *.postcodeanywhere.co.uk *.wepowerconnections.com lantern.roeye.com stats.g.doubleclick.net googleads.g.doubleclick.net *.clarity.ms c.bing.com cdn.noibu.com *.inov8.com input.noibu.com placehold.co widget.trustpilot.com *.stripe.com *.noibu.com wss://input.noibu.com *.hub-box.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; font-src 'self' cdn.taxsee.com cdn.taxsee.ru cdn.taxseedriver.ir fonts.gstatic.com https://*.gstatic.com data: fonts.gstatic.com *.imgsmail.ru *.mail.ru *.mradx.net cdn.taxsee.ru; frame-src 'self' https://*.doubleclick.net blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.youtube.com www.google.com mediacdn.mediaad.org *.yektanet.com *.fls.doubleclick.net www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com mail.ru ok.ru vk.com challenges.cloudflare.com sgtm.taxseepro.com sgtm.taxsee.pro; img-src 'self' data: cdn.taxsee.com cdn.taxsee.ru cdn.taxseedriver.ir *.gstatic.com https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md data: www.google.com www.google.ru www.google.kz log.adtimaserver.vn analytics.pangle-ads.com *.imgsmail.ru *.mail.ru mail.ru trustseal.enamad.ir t.co analytics.twitter.com; script-src 'self' 'unsafe-inline' https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.doubleclick.net https://top-fwz1.mail.ru https://analytics.tiktok.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://*.youtube.com 'unsafe-eval' *.yektanet.com *.mediaad.org unpkg.com www.gstatic.com *.yandex.net *.google.ru *.google.kz *.g.doubleclick.net gstatic.com s.zzcdn.me www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.odnoklassniki.ru *.relap.io *.vk.com mail.ru vk.com *.ads-twitter.com challenges.cloudflare.com; media-src 'self' https://*.youtube.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com data: mail.ru ok.ru vk.com; child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://top-fwz1.mail.ru https://analytics.tiktok.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md www.google.com https://*.doubleclick.net *.yektanet.com api.mediaad.org ma-cdn.pegah.tech log.adtimaserver.vn analytics.pangle-ads.com *.dzen.ru *.imgsmail.ru *.mail.ru *.mradx.net *.relap.io *.vk.com mail.ru relap.io vk.com sgtm.taxseepro.com sgtm.taxsee.pro; form-action 'self'; manifest-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.taxsee.com cdn.taxsee.ru cdn.taxseedriver.ir fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com unpkg.com *.imgsmail.ru *.mail.ru *.mradx.net; worker-src 'self'; frame-ancestors DENY; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 2 frame-ancestors 'self' file: https://*.toyota.eu https://*.toyota.pl https://*.toyota.cz https://*.toyota.hu https://*.toyota.sk https://*.toyota-europe.com https://player.adobescreens.com https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com https://localhost:24502 http://localhost:24502 https://127.0.0.1:24502 http://127.0.0.1:24502 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com wss: ws: https: http: *.microsoft.com login.microsoftonline.com; img-src https: http: data: *.kerio.com; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' api.smulderstextiel.nl beheer.smulderstextiel.nl static.smulderstextiel.nl static.smulderstextiel.be static.smulderstextiles.be static.smulderstextiles.fr www.smulderstextiel.nl www.smulderstextiel.be www.smulderstextiles.be www.smulderstextiles.fr www.smulderstextiles.com activate.smulderstextiel.nl activate.smulderstextiel.be activate.smulderstextiles.be activate.smulderstextiles.fr *.kameleoon.com *.kameleoon.io *.kameleoon.eu www.mollie.com squeezely.tech bat.bing.com bat.bing-int.com c.clarity.ms p.clarity.ms www.clarity.ms cdn.mouseflow.com static.hotjar.com script.hotjar.com chimpstatic.com dynamic.criteo.com fledge.eu.criteo.com gum.criteo.com measurement-api.criteo.com sslwidget.criteo.com fonts.googleapis.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com stats.g.doubleclick.net td.doubleclick.net tpc.googlesyndication.com www.google.com www.google.nl www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com tr.snapchat.com www.facebook.com connect.facebook.net ct.pinterest.com s.pinimg.com sc-static.net static.ads-twitter.com t.co analytics.twitter.com analytics.tiktok.com; frame-ancestors 'self' https://app.kameleoon.com https://kameleoon.com https://www.kameleoon.com; 2 default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' https://*.moodyscre.com/ https://*.moodysanalytics.com https://*.maregdev.com/; 2 frame-ancestors 'self' https://www.komatsu.com https://mykomatsu.komatsu 2 frame-ancestors 'self' *.martech.zone 2 frame-ancestors 'self' https://dev-74906-baby-and-me-mexico.pantheonsite.io 2 default-src data: 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' *; 2 upgrade-insecure-requests; frame-ancestors 'self' https://chatbotsence.policomp.com; 2 default-src 'self' 'unsafe-eval' http: https: ws: wss: data: blob: 'unsafe-inline'; 2 default-src 'self' data: blob: *.chaoxing.com *.conac.cn *.bdimg.com *.360eol.com *.gov.cn *.jiathis.com *.baidu.com *.map.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2 upgrade-insecure-requests; frame-ancestors 'self' *.empro.com.br *.riopreto.sp.gov.br; 2 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' * 2 default-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; connect-src https: http: wss: ws:; 2 default-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2 default-src 'self'; script-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' https://static.lightning.force.com/ https://service.force.com/ https://bicx.secure.force.com/ https://bi.force.com/ https://cdn-ukwest.onetrust.com/scripttemplates/ https://dl.episerver.net/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn.siteimprove.net/ https://ajax.googleapis.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://*.vo.msecnd.net/ https://player.vimeo.com/ http://login.edialog24.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ http://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.no/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://d8ejoa1fys2rk.cloudfront.net/ https://siteimproveanalytics.com/ https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://res.cloudinary.com/gobi-technologies-as/ https://api.useberry.com/ blob: https://app-bino-prod.azurewebsites.net/ https://app-bino-prod-staging.azurewebsites.net/ https://www.bi.no/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://external-bi-prod.azureedge.net/ https://d.la1-c1-cdg.salesforceliveagent.com/ https://widget.gobistories.com/ https://bicx.my.site.com/ https://api.useberry.com/ https://*.linkedin.com/; style-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' https://static.lightning.force.com/ https://service.force.com/ https://bicx.secure.force.com/ https://bi.force.com/ https://cdn-ukwest.onetrust.com/scripttemplates/ https://dl.episerver.net/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn.siteimprove.net/ https://ajax.googleapis.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://*.vo.msecnd.net/ https://player.vimeo.com/ https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl3m9ZW-/www-widgetapi.js http://login.edialog24.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ http://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.no/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://d8ejoa1fys2rk.cloudfront.net/ https://siteimproveanalytics.com/ https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://cdn.jsdelivr.net/ https://app-bino-prod.azurewebsites.net/ https://app-bino-prod-staging.azurewebsites.net/ https://www.bi.no/ https://bicx.my.site.com/eswsbino/; object-src 'none'; base-uri 'self'; connect-src 'self' https://sgtm.bi.no/ https://*.applicationinsights.azure.com/ https://bicx.secure.force.com/ https://static.lightning.force.com/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://*.global.siteimproveanalytics.io/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-uk.onetrust.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://www.google.com/ https://www.google.no/ https://region1.google-analytics.com/ https://www.google-analytics.com/ https://vimeo.com/ https://player.vimeo.com/ https://dc.services.visualstudio.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://d8ejoa1fys2rk.cloudfront.net/ https://sentry10.bynder.cloud/ https://media.bi.no/ https://jsonplaceholder.typicore.com/ https://easycruit.com/ https://api.gobistories.com/ https://media-proxy.gobistories.com/ https://pagead2.googlesyndication.com/ https://esp-eu.aptrinsic.com/rte/v1/configuration/ https://googleads.g.doubleclick.net/ https://easycruit.com/api/ https://www.easycruit.com/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/ https://res.cloudinary.com/gobi-technologies-as/ https://bilogin.b2clogin.com/ https://bicx.my.salesforce-scrt.com/; font-src 'self' data: https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/npm/bi-web-components@latest/ https://d8ejoa1fys2rk.cloudfront.net/ https://dl.episerver.net/ https://dhm5hy2vn8l0l.cloudfront.net/graphik/ https://dhm5hy2vn8l0l.cloudfront.net/lato/ https://app-bino-prod.azurewebsites.net/ https://app-bino-prod-staging.azurewebsites.net https://www.bi.no; frame-src 'self' https://sgtm.bi.no/ https://bicx--compoc.sandbox.my.site.com/ https://bicx--compoc.sandbox.lightning.force.com/ https://bicx--compoc.sandbox.my.salesforce.com/ https://service.force.com/ https://bicx.secure.force.com/ https://bi.force.com/ http://play.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://5995713.fls.doubleclick.net/ https://my2.siteimprove.com/ https://bi.easycruit.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://www.linkedin.com/ https://bicx.my.site.com/ https://bicx.file.force.com/; img-src 'self' data: https://media.bi.no/ https://www.bi.no/ https://6000471.global.siteimproveanalytics.io/ https://d2csxpduxe849s.cloudfront.net/ https://img.youtube.com/ https://i.ytimg.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.no/ https://dl.episerver.net/ https://media-proxy.gobistories.com/ https://cdn-ukwest.onetrust.com/ https://www.bynder.com/ https://ad.doubleclick.net/ http://www.w3.org/2000/svg/ https://res.cloudinary.com/gobi-technologies-as/ https://www.linkedin.com/ https://app-bino-prod.azurewebsites.net/ https://app-bino-prod-staging.azurewebsites.net/; manifest-src 'self'; media-src 'self' https://res.cloudinary.com/gobi-technologies-as/ https://media-proxy.gobistories.com/ blob:; report-uri https://631adb1029ad77a9b5a12c7b.endpoint.csper.io/?v=0/; worker-src blob:; 2 font-src https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com https://fonts.googleapis.com https://cnxc.wpenginepowered.com https://gallery.concentrix.com https://lottiefiles.com data www.concentrix.com https://cdn.knightlab.com/; frame-ancestors 'self' https://*; 2 img-src 'self' 'unsafe-inline' https://*.cmhc-schl.gc.ca/ https://*.azureedge.net/ https://www.google.com https://*.linkedin.com https://*.facebook.com https://*.youtube.com https://*.reddit.com https://*.twitter.com https://*.google-analytics.com https://www.google.ca https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com https://*.siteimproveanalytics.io https://www.googletagmanager.com https://t.co https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.google.co.in https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://*.googleadservices.com https://*.cmhc-schl.gc.ca/ https://*.facebook.net https://*.msecnd.net https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.azureedge.net/ https://*.cloud.coveo.com/ https://siteimproveanalytics.com/ https://*.redditstatic.com https://*.ads-twitter.com https://*.licdn.com https://*.hotjar.com/ https://*.googleapis.com https://*.cloudflare.com https://cdn.jsdelivr.net https://*.b2clogin.com https://www.googletagmanager.com/ https://*.linkedin.com/ https://*.twitter.com/ https://www.google.com https://ajax.googleapis.com/ https://www.gstatic.com https://cdn.cookielaw.org https://*.onetrust.com https://analytics-ca.clickdimensions.com https://*.cloudfront.net https://pixel.byspotify.com https://*.curator.io; style-src 'self' 'unsafe-inline' https://*.youtube.com https://*.cmhc-schl.gc.ca/ https://*.azureedge.net/ https://*.typekit.net https://*.cloud.coveo.com/ https://*.googleapis.com https://*.jquery.com https://use.typekit.net https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.youtube.com https://*.cmhc-schl.gc.ca/ https://*.typekit.net https://*.azureedge.net/ https://*.cloud.coveo.com/ https://*.blob.core.windows.net/ https://cdn.cookielaw.org https://*.onetrust.com https://*.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; object-src 'none'; 2 default-src 'self' *.nrw.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net; font-src data: *; img-src data: *; frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; worker-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de; frame-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de; object-src 'self'; connect-src 'self' *.nrw.de svc.webspellchecker.net; media-src *; upgrade-insecure-requests; 2 font-src * data: 'self';default-src *.2o7.net *.activitymap.adobe.com *.adnxs.com *.adobe.com *.ads-twitter.com *.cookielaw.org *.demdex.net *.eploy.net *.facebook.com *.facebook.net *.gstatic.com *.indeed.com *.linkedin.com *.omtrdc.net *.onetrust.com *.sc-static.net *.snapchat.com *.tiktok.com *.trendmicro.com *.twimg.com *.twitter.com *.vimeo.com *.vimeocdn.com *.x.com *.youtube.com ajax.googleapis.com assets.adobedtm.com callto: careers.aldirecruitment.co.uk careers.aldirecruitment.ie mailto: sc-static.net 'self' skype: snap.licdn.com stagingcareers.aldirecruitment.co.uk stagingcareers.aldirecruitment.ie tel: 'unsafe-eval' 'unsafe-inline' ws: www.google.com;frame-ancestors *.eploy.net careers.aldirecruitment.co.uk careers.aldirecruitment.ie 'self' stagingcareers.aldirecruitment.co.uk stagingcareers.aldirecruitment.ie 2 upgrade-insecure-requests; frame-ancestors *.brigitte.de *.stern.de *.gala.de *.guj.digital *.guj.rocks *.schoener-wohnen.de *.livingathome.de *.urbia.de *.vorname.com; frame-src *; 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net data: fonts.googleapis.com *.hotjar.com *.zopim.com *.userway.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.alphaecommerce.gr *.cardlink.gr *.facebook.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.boxnow.gr *.boxnow.cy *.klarna.com js.mollie.com *.weltpixel.com *.cookiebot.com *.facebook.com *.facebook.net *.addtoany.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.klarna.com *.klarnaevt.com *.klarnacdn.net https://firebasestorage.googleapis.com https://www.mollie.com *.facebook.com *.userway.org *.cookiefirst.com *.cookiebot.com *.1rx.io *.cookielaw.org *.windows.net *.google.com *.google.gr *.contactpigeon.com *.klarnaservices.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.criteo.com *.id5-sync.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.bing.net *.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.attrattivo.com *.alethenonusualcasual.com *.ale.cy *.attrattivo.cy *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.adman.gr trustmark.gr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com https://maps.googleapis.com *.googleapis.com *.gstatic.com *.boxnow.gr *.boxnow.cy *.klarna.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.avada.io *.shopify.com js.mollie.com *.alphaecommerce.gr *.cardlink.gr *.cookiebot.com cdn.simpler.so sdk.local.simpler.so https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.facebook.com *.userway.org *.addtoany.com *.cookielaw.org *.cookiefirst.com *.doubleclick.net *.paypal.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.contactpigeon.com *.linkwi.se *.tiktok.com *.bing.com *.sentry-cdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.onecode.gr blob: *.google.gr *.cloudflareinsights.com *.adman.gr trustmark.gr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com https://fonts.bunny.net tagmanager.google.com *.userway.org *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.cookiefirst.com *.contactpigeon.com assets.braintreegateway.com *.googletagmanager.com *.adman.gr *.trustmark.gr 'self' 'unsafe-inline'; object-src *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com https://maps.googleapis.com https://player.vimeo.com *.googleapis.com *.boxnow.gr *.boxnow.cy *.klarnaevt.com *.klarnacdn.net x.klarnacdn.net *.klarnaservices.com *.klarna.com https://get.geojs.io *.avada.io *.cookiebot.com button.simpler.so analytics.simpler.so button.local.simpler.so *.facebook.net *.userway.org *.tiktok.com *.facebook.com *.cookielaw.org *.doubleclick.net *.criteo.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.feedbackcompany.com *.clarity.ms *.datatrics.com *.cookiefirst.com *.bing.net *.bing.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.contactpigeon.com *.youtube.com *.google.gr *.youtube-nocookie.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.adman.gr *.grxchange.gr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors https://app.kontent.ai; 2 default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net https://cdnjs.cloudflare.com/ ; script-src 'self' 'unsafe-inline' *.invocacdn.com pnapi.invoca.net *.invoca.net *.bridgestoneresources.com *.bridgestonetire.com hub.firestonecompleteautocare.com https://www.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.contentsquare.net *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/ https://js-cdn.dynatrace.com/ https://snap.licdn.com/ https://s.go-mpulse.net/ https://ct.pinterest.com ; img-src * data: blob: https://s7d1.scene7.com; connect-src * data: ; frame-src *; font-src 'self' https://*.fonts.net https://fonts.bridgestoneresources.com/ data: 2 default-src * 'unsafe-inline' 'unsafe-eval';frame-ancestors *; 2 frame-ancestors 'self' https://*.tableau.com 2 frame-ancestors 'self' *.edumoov.com *.educartable.com *.kidiquest.com; 2 frame-ancestors https://*.wika.com/ 'self'; 2 ... 2 frame-ancestors 'self' https://*.kameleoon.com https://h7vcu8taur.kameleoon.eu https://dtvktbn6qk.kameleoon.eu https://*.kameleoon.io https://portal.decibel.com 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;font-src 'self' data: https:;connect-src 'self' https: wss: blob:;manifest-src 'self' blob:;media-src 'self' data: https: blob:;object-src 'none';child-src 'self' https: data: blob:;form-action 'self' https: 2 connect-src 'self' https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.hsforms.com https://*.hsforms.net https://*.onetrust.com/ https://*.podigee-cdn.net https://cdn.cookielaw.org https://cdn.plyr.io https://consentcdn.cookiebot.com https://f.vimeocdn.com https://geolocation.onetrust.com https://noembed.com https://player.vimeo.com https://px.ads.linkedin.com https://region1.google-analytics.com https://vimeo.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; default-src 'self' 'unsafe-inline' http://www.w3.org https://cdn.plyr.io/3.5.10/plyr.svg https://consentcdn.cookiebot.com https://imgsct.cookiebot.com https://noembed.com https://px.ads.linkedin.com https://region1.google-analytics.com https://vimeo.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' https://*.hsforms.com https://*.hsforms.net https://*.onetrust.com https://*.podigee-cdn.net https://cdn.cookielaw.org https://consent.cookiebot.com https://consentcdn.cookiebot.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://player.vimeo.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://va.vercel-scripts.com https://www.google-analytics.com/analytics.js https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.podigee-cdn.net https://cdn.jsdelivr.net https://fast.fonts.net; font-src 'self' https://fast.fonts.net https://*.podigee-cdn.net; frame-src 'self' https://*.hsforms.com https://*.hsforms.net https://consentcdn.cookiebot.com https://player.podigee-cdn.net https://*.podigee.io https://player.vimeo.com https://td.doubleclick.net/ https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://www.w3.org https://*.hsforms.com https://*.hsforms.net https://*.onetrust.com/ https://cdn.cookielaw.org https://i.vimeocdn.com https://i.ytimg.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'self'; frame-ancestors https://app.kontent.ai 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://*.azure.com https://*.clarity.ms https://*.convertexperiments.com https://*.cookiebot.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.be https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://analytics-eu.clickdimensions.com https://api.uk.exponea.com https://assets-eu-01.kc-usercontent.com https://c.bing.com https://cdn-eu.clickdimensions.com https://connect.facebook.net https://dc.services.visualstudio.com https://discoverireland-f5cnbffec6cca8cn.a03.azurefd.net https://fonts.gstatic.com https://googleapis.com https://maps.gstatic.com https://preview-assets-eu-01.kc-usercontent.com https://www.facebook.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com wss://*.hotjar.com/api/v2/client/ws wws://*.hotjar.com/api/v2/client/ws; img-src 'self' data: blob: https://*.cloudfront.net https://*.crowdriff.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://*.analytics.google.com https://*.azure.com https://*.clarity.ms https://*.convertexperiments.com https://*.cookiebot.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.be https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://analytics-eu.clickdimensions.com https://api.uk.exponea.com https://assets-eu-01.kc-usercontent.com https://c.bing.com https://cdn-eu.clickdimensions.com https://connect.facebook.net https://dc.services.visualstudio.com https://discoverireland-f5cnbffec6cca8cn.a03.azurefd.net https://fonts.gstatic.com https://googleapis.com https://maps.gstatic.com https://preview-assets-eu-01.kc-usercontent.com https://www.facebook.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com wss://*.hotjar.com/api/v2/client/ws wws://*.hotjar.com/api/v2/client/ws; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com; 2 default-src 'self'; script-src 'self' 'unsafe-eval' https://*.cookiebot.eu https://consentcdn.cookiebot.com https://consent.cookiebot.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.bidtheatre.com https://*.proact.co.uk https://*.proact.nl https://*.proact.de https://*.proact.se https://widget.datablocks.se https://*.hotjar.com https://player.vimeo.com https://yoast.com https://*.facebook.net/ https://www.google.com https://*.gstatic.com https://*.licdn.com/ https://*.yourwoo.com https://*.albacross.com https://*.cision.com https://*.pardot.com https://cdnjs.cloudflare.com/ajax/ https://*.cookiebot.com https://*.cookiebot.eu https://*.conoa.se https://*.proact.eu https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://widget.datablocks.se https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://hub.mfn.se/ https://widget.datablocks.se wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://vimeo.com https://www.facebook.com https://cdn.linkedin.oribi.io https://*.albacross.com https://*.yoast.com https://*.cision.com https://consentcdn.cookiebot.com https://*.cookiebot.eu https://*.google.com https://*.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self' blob: https://proactcalculator.hut3staging.com https://www.google.com https://www.facebook.com https://*.cookiebot.eu https://consentcdn.cookiebot.com https://go.proact.eu https://player.vimeo.com; frame-ancestors 'self'; img-src 'self' data: https://*.doubleclick.net https://*.adsrvr.org https://*.casalemedia.com https://*.adswizz.com https://*.adnxs.com https://*.adform.net https://*.pubmatic.com https://*.smartadserver.com https://*.bidtheatre.com https://*.rubiconproject.com https://*.stickyadstv.com https://*.smartclip.net https://storage.mfn.se https://widget.datablocks.se https://*.cookiebot.eu https://*.cookiebot.com https://*.facebook.com https://*.linkedin.com https://*.yourwoo.com https://*.albacross.com https://*.proact.eu https://*.cision.com https://i.vimeocdn.com https://s.w.org https://www.google-analytics.com www.google.com google.com www.google.de google.de www.google.se google.se www.google.co.uk google.co.uk www.google.nl google.nl https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 2 frame-ancestors 'self' *.ariba.com *.gn.com 2 default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com 'unsafe-inline' 'unsafe-eval' app.tuotempo.com https://unpkg.com https://tpc.googlesyndication.com *.clinicaalemana.cl *.omnitok.com https://esencial.omnitok.com esencial.omnitok.com edz87dzoqc.execute-api.us-east-1.amazonaws.com *.googleoptimize.com *.salesforceliveagent.com *.salesforce.com service.force.com *.force.com *.googletagmanager.com https://js.captcha-display.com https://js.datadome.co w.usabilla.com *.usabilla.com *.auth0.com alemana-poc.auth0.com cdn.auth0.com *.cloudfront.net static.zdassets.com v2.zopim.com *.fontawesome.com *.doubleclick.net *.adnxs.com *.mathtag.com *.googleadservices.com *.hotjar.com www.alemana.cl *.alemana.cl *.lfi.cl *.jquery.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://www.youtube.com/iframe_api *.google.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.contactshub.cl:* https://contactshub.cl:* contactshub.cl/sdk.js.php https://sdk.examedi.com:* cdnjs.cloudflare.com https://bat.bing.com *.clarity.ms https://q.clarity.ms/collect https://alemanaseguros1.my.site.com:* web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.aspnetcdn.com *.fontawesome.com *.google.com *.alemana.cl *.lfi.cl *.jquery.com use.fontawesome.com *.cloudfront.net *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://dec.azureedge.net tagmanager.google.com https://alemanaseguros1.my.site.com:* web-chat.nativechat.com https://cdn.insight.sitefinity.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.fontawesome.com * googleads.g.doubleclick.net *.google.cl *.alemana.cl stats.g.doubleclick.net *.google.com *.youtube.com www.google.com s3alemana.s3.amazonaws.com *.s3.amazonaws.com lfi.lfi.cl *.lfi.cl alemana.cl www.alemana.cl i.stack.imgur.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cloudfront.net web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: c1.sfdcstatic.com d6tizftlrpuof.cloudfront.net *.hotjar.com v2.zopim.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com; frame-src 'self' portal.alemana.cl * *.clinicaalemana.cl *.lfi.cl *.alemana.cl https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io web-chat.nativechat.com; connect-src 'self' accounts.google.com *.google-analytics.com https://*.googleapis.com/ app.tuotempo.com www.google.com adservice.google.com solicat.calemanatemuco.cl *.clinicaalemana.cl portal-backend-dev.clinicaalemana.cl *.amazonaws.com c9a41d223g.execute-api.us-east-1.amazonaws.com somosesencial.cl www.somosesencial.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.force.com uat-chatservicepoc.cs214.force.com *.alemana.io gtw-prod.alemana.io gtw-dev.alemana.io https://analytics.google.com https://www.facebook.com https://www.googletagmanager.com https://cdn.ampproject.org wss://*.hotjar.com https://accounts.spotify.com https://api.spotify.com https://api-js.datadome.co api.usabilla.com *.cloudfunctions.net *.fontawesome.com *.auth0.com *.cloudfront.net *.alemana.cl wss://widget-mediator.zopim.com ekr.zdassets.com ws1.hotjar.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net www.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://*.dec.sitefinity.com *.mktoresp.com https://api.sbif.cl:* *.contactshub.cl:* wss://sofix6xmbk.execute-api.us-east-1.amazonaws.com https://q.clarity.ms/collect wss://sjm3jibuni.execute-api.us-east-1.amazonaws.com/prod https://alemanaseguros1.my.site.com:* https://alemanaseguros1.my.salesforce-scrt.com:* https://a.clarity.ms:* https://d.clarity.ms/* https://d.clarity.ms/collect wss://sjm3jibuni.execute-api.us-east-1.amazonaws.com/* https://k.clarity.ms/ https://j.clarity.ms/collect https://*.insight.sitefinity.com; media-src 'self' data: blob: *.cloudfront.net; child-src 'self' blob: www.clinicaalemanatemuco.cl *.clinicaalemana.cl *.mathtag.com *.hotjar.com *.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com web-chat.nativechat.com; frame-ancestors 'self' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com alemana.cl *.alemana.cl portal.alemana.cl somosesencial.cl www.somosesencial.cl https://www.somosesencial.cl/ 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.googletagmanager.com https://api.firststreet.org https://events.statsigapi.net https://statsigapi.net https://plausible.io https://featuregates.org https://googleads.g.doubleclick.net https://*.js.stripe.com https://connect-js.stripe.com https://js.stripe.com https://checkout.stripe.com https://api.hcaptcha.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://pagead2.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.youtube.com https://s.ytimg.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-forms.com https://js.hscollectedforms.net https://api.hubapi.com https://track.hubspot.com https://js.hsforms.net https://forms.hubspot.com https://forms.hsforms.com https://api.hsforms.com https://cdn2.hubspot.net https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://forms-na1.hsforms.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.pointdrive.linkedin.com; child-src 'self' blob: https://www.googleadservices.com https://www.youtube.com https://youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: blob: https://raw.githubusercontent.com https://assets.firststreet.org https://assets.riskfactor.com https://*.stripe.com http://www.w3.org/2000/svg https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.com https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://assets.floodfactor.com https://i.ytimg.com https://img.youtube.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-forms.com https://js.hscollectedforms.net https://api.hubapi.com https://track.hubspot.com https://js.hsforms.net https://forms.hubspot.com https://forms.hsforms.com https://api.hsforms.com https://cdn2.hubspot.net https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://forms-na1.hsforms.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.pointdrive.linkedin.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://connect-js.stripe.com https://checkout.stripe.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://api.hcaptcha.com https://www.googletagmanager.com https://www.google.com https://td.doubleclick.net https://www.googleadservices.com https://bid.g.doubleclick.net https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://js.hs-forms.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-forms.com https://js.hscollectedforms.net https://api.hubapi.com https://track.hubspot.com https://js.hsforms.net https://forms.hubspot.com https://forms.hsforms.com https://api.hsforms.com https://cdn2.hubspot.net https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://forms-na1.hsforms.com; frame-ancestors 'none'; media-src 'self' https://assets.firststreet.org https://assets.riskfactor.com https://www.youtube.com https://youtube.com https://youtu.be; connect-src 'self' https://*.riskfactor.com https://*.riskfactor.dev https://maps.googleapis.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com/pagead/ https://www.google.com/ccm/collect https://api.firststreet.org https://plausible.io https://*.doubleclick.net https://www.google-analytics.com https://api.stripe.com https://checkout.stripe.com https://*.firststreet.org https://*.firststreet.dev https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://td.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://*.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.youtube.com https://youtube.com https://youtu.be https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-forms.com https://js.hscollectedforms.net https://api.hubapi.com https://track.hubspot.com https://js.hsforms.net https://forms.hubspot.com https://forms.hsforms.com https://api.hsforms.com https://cdn2.hubspot.net https://static.hsappstatic.net https://48752163.fs1.hubspotusercontent-na1.net https://forms-na1.hsforms.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.pointdrive.linkedin.com https://featureassets.org https://events.statsigapi.net https://statsigapi.net https://api.statsig.com https://featuregates.org https://beyondwickedmapping.org wss://realtime.statsigapi.net https://api.statsigcdn.com https://prodregistryv2.org https://cloudflare-dns.com https://assetsconfigcdn.org https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://youtu.be https://img.youtube.com https://i.ytimg.com https://s.ytimg.com; report-uri https://o96591.ingest.sentry.io/api/4507611656159232/security/?sentry_key=42354ebeb5d22fbb2bb3100a5c58c995; worker-src 'self' blob: https://localhost:3000 https://*.riskfactor.dev https://*.firststreet.dev https://*.firststreet.org 2 font-src 'self' https://*.googleapis.com/ *.bootstrapcdn.com *.gstatic.com *.fontawesome.com *.jsdelivr.net ; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com *.criteo.com *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com test1.maksuturva.fi payments.maksuturva.fi www.maksuturva.fi *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com amc.demdex.net js.playground.klarna.com js.klarna.com e.issuu.com *.facebook.com *.hotjar.com *.hotjar.io *.criteo.com *.googlesyndication.com *.userneeds.com *.doubleclick.net *.googletagmanager.com *.google.analytics.com *.google-analytics.com *.googleusercontent.com *.googleapis.com *.googleadservices.com *.gstatic.com plugins.flockler.com checkoutapistage.svea.com/ batterylookupfi.yuasa.co.uk apps.ikh.fi *.giosg.com *.giosgusercontent.com map.karttapalvelut.fi *.maplet.com *.captcha-delivery.com td.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://firebasestorage.googleapis.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ * *.giosg.com *.giosgusercontent.com *.cookiefirst.com *.google-analytics.com *.googletagmanager.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com *.googleadservices.com *.google.com google.com *.maksuturva.fi *.facebook.com *.reddit.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com ajax.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.shopify.com https://api.unifaun.com data: www.google.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com js-agent.newrelic.com bam.nr-data.net js.playground.klarna.com js.klarna.com api.custobar.com connect.facebook.net *.criteo.net *.criteo.com payments.maksuturva.fi *.googlesyndication.com *.hotjar.com *.hotjar.io gstatic.com *.confirmit.com *.doubleclick.net plugins.flockler.com *.cdn.flockler.com checkoutapistage.svea.com/ cdn.cookielaw.org *.giosg.com *.giosgusercontent.com magento-recs-sdk.adobe.net *.clarity.ms *.cookiefirst.com js.datadome.co ct.captcha-delivery.com *.licdn.com *.maksuturva.fi *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net tagmanager.google.com *.cdn.flockler.com/ *.giosg.com *.giosgusercontent.com consent.cookiefirst.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.googleapis.com https://get.geojs.io *.avada.io env-6410208.paas.datacenter.fi bam.nr-data.net eu.klarnaevt.com eu.playground.klarnaevt.com *.g.doubleclick.net api.custobar.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io payments.maksuturva.fi *.criteo.com *.confirmit.com *.userneeds.com *.doubleclick.net *.googletagmanager.com plugins.flockler.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com maps.googleapis.com/ *.giosg.com *.giosgusercontent.com *.clarity.ms www.maksuturva.fi//GetPaymentMethods.pmt *.cookiefirst.com api-js.datadome.co *.analytics.google.com pagead2.googlesyndication.com *.googleadservices.com ad.doubleclick.net *.facebook.com *.linkedin.com *.maksuturva.fi *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.run.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.giosg.com *.giosgusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 upgrade-insecure-requests; frame-ancestors https:; 2 default-src 'self' *.onetrust.com/ *.trustpilot.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.com/ *.google.co.uk/ *.matomo.cloud/ *.google-analytics.com/ *.clarity.ms/ *.doubleclick.net/ *.hotjar.io/ *.hotjar.com/ wss://ws.hotjar.com/ cdn.linkedin.oribi.io/ *.googlesyndication.com/ *.pardot.com/ *.optimizely.com/ *.facebook.com/ *.facebook.net/ cloud8-cc-geo.8x8.com/ *.jsdelivr.net/ https://featureassets.org/ https://prodregistryv2.org/ https://statsigapi.net/ https://cloudflare-dns.com/ *.visualwebsiteoptimizer.com/; frame-src calendly.com/ *.8x8.com/ *.speedtestcustom.com/ gigaclearltd.statuspage.io *.doubleclick.net/ *.cdn.optimizely.com/ *.pardot.com/ *.youtube.com/ *.gigaclear.com/ *.visualwebsiteoptimizer.com/ *.vwo.com/ *.statsigapi.net/ featureassets.org/ *.featureassets.org/ prodregistryv2.org/ *.prodregistryv2.org/ *.jsdelivr.net/ *.statsigapi.net/; style-src 'unsafe-inline' 'self' *.typekit.net/; font-src 'self' data: *.typekit.net/; img-src 'self' data: *.amazonaws.com/ *.8x8.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.co.uk *.google.com/ *.onetrust.com/ *.linkedin.com/ analytics.twitter.com/ bat.bing.com/ t.co/ *.facebook.com/ *.facebook.net/ *.nextdoor.com/ *.doubleclick.net/ *.clarity.ms/ *.bing.com/ *.google.pl/ *.visualwebsiteoptimizer.com/; media-src 'self' *.amazonaws.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gigaclear.net/ *.gigaclear.com/ *.googletagmanager.com/ *.doubleclick.net/ *.pagesense.io/ *.visualwebsiteoptimizer.com *.vwo.com *.statsigapi.net/ featureassets.org/ *.featureassets.org/ prodregistryv2.org/ *.prodregistryv2.org/ *.jsdelivr.net/ *.statsigapi.net/; child-src static.zohocdn.com/; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' *.gigaclear.net/ *.gigaclear.com/ *.onetrust.com/ *.trustpilot.com/ *.8x8.com/ *.googletagmanager.com/ bat.bing.com/ static.ads-twitter.com/ snap.licdn.com/ *.facebook.net/ *.facebook.com/ *.dwin1.com/ *.google-analytics.com/ *.nextdoor.com/ *.hotjar.com/ *.matomo.cloud/ *.clarity.ms/ *.doubleclick.net/ smct.co/ *.optimizely.com/ *.pardot.com/ *.pagesense.io/ *.flowxo.com/ *.youtube.com/ *.googleoptimize.com/ *.visualwebsiteoptimizer.com/ *.vwo.com/ *.statsigapi.net/ featureassets.org/ prodregistryv2.org/ *.prodregistryv2.org/ *.jsdelivr.net/ *.statsigapi.net/; 2 frame-ancestors 'self' https://georgestore.erstebank.hu https://georgestorefat.erstebank.hu https://georgestoreperf.erstebank.hu https://georgestoreperf3.erstebank.hu https://store.erstebank.hu https://store.erste.hu https://storelt1.erste.hu https://storelt1.erstebank.hu https://storeint.erste.hu https://george.ersteinvestment.hu/ https://georgeinteg.ersteinvestment.hu/ https://georgetest.ersteinvestment.hu/ https://tablet-sales-tool.apps.prd.openshift.erste.hu/ https://tablet-sales-tool.d6.dev.openshift.erste.hu/ https://tablet-sales-tool.d10.dev.openshift.erste.hu/ https://tablet-sales-tool.ffx.tst.openshift.erste.hu/ https://tablet-sales-tool.int.tst.openshift.erste.hu/ https://tablet-sales-tool.lt1.tst.openshift.erste.hu/ https://tablet-sales-tool.t10.tst.openshift.erste.hu/ https://ltp.erstebank.hu/ https://login.erstebank.hu https://loginperf.erstebank.hu https://loginperf3.erstebank.hu https://loginfat2.erstebank.hu https://georgeadmin.erste.hu https://georgeadminfat.erste.hu https://georgeadminperf.erste.hu https://georgeadminperf3.erste.hu https://george.erstebank.hu https://georgefat2.erstebank.hu https://georgeperf.erstebank.hu https://georgeperf3.erstebank.hu https://api.erstebank.hu https://apifat2.erstebank.hu https://apiperf.erstebank.hu https://apiperf3.erstebank.hu https://tablet-sales-tool-mikro.d6.dev.openshift.erste.hu https://tablet-sales-tool-mikro.d10.dev.openshift.erste.hu/ https://tablet-sales-tool-mikro.ffx.tst.openshift.erste.hu/ https://tablet-sales-tool-mikro.lt1.tst.openshift.erste.hu/ https://tablet-sales-tool-mikro.int.tst.openshift.erste.hu/ https://tablet-sales-tool-mikro.apps.prd.openshift.erste.hu/ https://remote-advisory.dev.aks.azu.erste.hu; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: 'self' blob:; 2 frame-ancestors 'self' https://backoffice.shoppster.com 2 frame-ancestors 'self' https://*.unanet.com https://*.cosential.com https://*.unanetuniversity.com https://unanet.pathfactory.com https://*.pathfactory.com https://unanet.partnerpage.io https://*.partnerpage.io https://*.championsconference.com; upgrade-insecure-requests 2 frame-ancestors 'self' https://cdn.evgnet.com https://cdn.evergage.com https://comercialdportenissadecv.us-7.evergage.com; 2 frame-ancestors 'self' https://boobyday.com https://preprod.boobyday.com https://payment.morning.cat 2 frame-ancestors 'self' https://www.pornbl.com https://www.pornbl2cn.com https://www.pornblindia.pro 2 default-src 'self' mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src 'self' blob: 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2 frame-ancestors 'self' *.adnxs.com 2 default-src 'self'; connect-src 'self' matomo.sib.swiss noembed.com cdn.plyr.io sentry.sib.swiss www.vital-it.ch *.skynettechnologies.com *.skynettechnologies.us; font-src 'self' fonts.bunny.net cdn.jsdelivr.net *.skynettechnologies.com *.skynettechnologies.us fonts.gstatic.com cdnjs.cloudflare.com data: ; img-src 'self' www.sib.swiss matomo.sib.swiss data: i.ytimg.com *.twitter.com wayf.switch.ch infozentrum.ethz.ch https://raw.githubusercontent.com/sib-swiss/ ui-avatars.com https://www.gstatic.com *.skynettechnologies.com *.skynettechnologies.us blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss cdn.plyr.io www.youtube.com https://cdn.jsdelivr.net wayf.switch.ch cdnjs.cloudflare.com code.jquery.com static.filestackapi.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net *.skynettechnologies.com *.skynettechnologies.us cdn.datatables.net ajax.googleapis.com player.vimeo.com; style-src 'self' 'unsafe-inline' cdn.plyr.io fonts.bunny.net wayf.switch.ch cdnjs.cloudflare.com cdn.jsdelivr.net *.skynettechnologies.com fonts.googleapis.com cdn.datatables.net; frame-src 'self' www.youtube-nocookie.com https://www.google.com https://www.recaptcha.net https://e.issuu.com player.vimeo.com; frame-ancestors 'self' https://sibcloud.sharepoint.com/ https://intranet.sib.swiss/; worker-src 'self' blob: ; media-src 'self' blob:; 2 default-src 'self' :data; script-src 'self' 'unsafe-inline' stats.hft-stuttgart.de web.cmp.usercentrics.eu app.usercentrics.eu privacy-proxy.usercentrics.eu *.b-ite.com; font-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: assets.kununu.com widgets.kununu.com uct.service.usercentrics.eu app.usercentrics.eu privacy-proxy-server.usercentrics.eu data: stats.hft-stuttgart.de; connect-src 'self' stats.hft-stuttgart.de *.usercentrics.eu *.b-ite.com; frame-src 'self' web.cmp.usercentrics.eu app.usercentrics.eu *.youtube-nocookie.com *.vimeo.com *.hft-stuttgart.de 2 upgrade-insecure-requests; frame-ancestors 'self' pcsoft.fr *.pcsoft.fr windev.com *.windev.com windev.es *.windev.es pcsoft-windev-webdev.com *.pcsoft-windev-webdev.com 2 default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.privacy-center.org *.cloudflareinsights.com *.criteo.com *.googlesyndication.com *.snapchat.com *.r66net.net *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.adform.net https://rules.quantcount.com https://secure.quantserve.com/ https://js.adsrvr.org https://stage-data.hipay.com https://mpsnare.iesnare.com https://libs.hipay.com https://mpsnare.iesnare.com/time.mp3 wss://mpsnare.iesnare.com/star https://mpsnare.iesnare.com/star https://rules.quantcount.com/ https://secure.quantserve.com/ https://js.adsrvr.org https://cdn.sticky.io https://mpsnare.iesnare.com https://libs.hipay.com https://mpsnare.iesnare.com/time https://marketing.hachette-partworks.com https://cdn.wishpond.net/connect.js https://u.videostep.com https://analytics.tiktok.com https://www.clarity.ms https://static.r66net.com https://k.r66net.com https://ks.invibes.com https://www.paypalobjects.com https://tag.aticdn.net https://cdn3.actito.com/legacy/actito-goal/goal.js https://www.awin1.com/ https://www.dwin1.com/ https://www.paypal.com https://geolocation.onetrust.com/ https://fevoki.wejekihota.com https://apis.google.com https://cdn.cookielaw.org https://www.googletagmanager.com https://connect.facebook.net https://ws1.postescanada-canadapost.ca https://cdnjs.cloudflare.com https://cdn.doofinder.com https://cdn.hachette-collections.com https://www.google-analytics.com https://www.google.com https://script.hotjar.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://autroliner.com https://cilkonlay.com https://bat.bing.com https://s.pinimg.com https://sp.analytics.yahoo.com https://s.yimg.com https://www.redditstatic.com https://www3.actito.com https://widget.trustpilot.com https://invitejs.trustpilot.com; style-src 'self' 'unsafe-inline' https://libs.hipay.com/ https://www.hachette-collections.com/ https://www.googletagmanager.com https://fonts.googleapis.com https://ws1.postescanada-canadapost.ca https://cdn.hachette-collections.com https://hachettepartworks.com https://www.hachettecollections.com; img-src 'self' data: *.invibes.com *.b26net.com *.snapchat.com *.r66net.net *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.google.pl https://adservice.google.com *.googlesyndication.com https://ad.doubleclick.net https://pixel.quantserve.com *.bing.com *.xiti.com *.clarity.ms https://fonts.gstatic.com https://www.paypalobjects.com https://analytics.tiktok.com https://s.videostep.com https://ks.b26net.com https://ks.invibes.com https://tbs.tradedoubler.com https://tbl.tradedoubler.com https://t.paypal.com https://www.hachette-collections.com https://cdn.cookielaw.org https://www.google.co.il https://www.facebook.com https://ws1.postescanada-canadapost.ca https://hachettepartworks.com https://www.hachettecollections.com https://cdn.hachette-collections.com https://bat.bing.com https://www.google.be https://www.google.com https://www.gstatic.com https://www.google.fr https://www.google-analytics.com https://www.google.ca https://autroliner.com https://www.googletagmanager.com https://www.google.ch https://ct.pinterest.com https://www.google.de https://www.google.co.uk https://www.google.lu https://www.google.it https://www.google.pt https://www.google.co.ma https://scontent-cdg2-1.cdninstagram.com https://alb.reddit.com https://googleads.g.doubleclick.net https://www.google.dk https://scontent-cdt1-1.cdninstagram.com https://info.hachette-collections.com https://www.google.gr https://www.google.tn; font-src 'self' https://www.hachette-collections.com/ https://fonts.gstatic.com https://cdn.hachette-collections.com https://static3.avast.com; media-src 'self' data: https://mpsnare.iesnare.com/ https://cdn.hachette-collections.com https://www.hachette-collections.com https://workbench-www.hachette-collections.com https://hachettepartworks.com https://www.hachettecollections.com; connect-src 'self' *.trustpilot.com *.googletagmanager.com https://www.hachette-collections.com https://analytics-ipv6.tiktokw.us https://privacyportal-de.onetrust.com *.googleadservices.com *.snapchat.com *.r66net.net *.r66net.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon https://sc-static.net *.kolekcja-poezja.pl *.yottacapi.pl *.google.pl https://data.hipay.com/checkout-data wss://mpsnare.iesnare.com/star *.doubleclick.net *.googlesyndication.com *.redditstatic.com *.reddit.com https://adservice.google.com https://pixel.quantcount.com https://google.com https://secure-gateway.hipay-tpp.com https://hachettepartworks.sticky.io https://marketing.hachette-partworks.com *.xiti.com *.google.fr *.analytics.google.com https://content.hotjar.io *.google-analytics.com wss://*.hotjar.com *.hotjar.com *.clarity.ms *.invibes.com/ https://analytics.tiktok.com https://region1.google-analytics.com https://geolocation.onetrust.com https://www.sandbox.paypal.com https://www.paypal.com https://privacyportal-eu.onetrust.com https://privacyportal-fr.onetrust.com https://1637314617.rsc.cdn77.org https://cdn.cookielaw.org https://stage-secure2-vault.hipay-tpp.com https://ws1.postescanada-canadapost.ca https://eu1-search.doofinder.com https://secure2-vault.hipay-tpp.com https://bat.bing.com https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://s.yimg.com https://vc.hotjar.io https://www.facebook.com; frame-src 'self' *.criteo.com *.snapchat.com *.saferpay.com *.psp-solutions.com *.googletagmanager.com *.doubleclick.net https://td.doubleclick.net https://ad.doubleclick.net https://cdn.sticky.io https://cdn.wishpond.net/ https://libs.hipay.com https://www.paypalobjects.com/ https://www.facebook.com/ https://tbs.tradedoubler.com/ https://www.pinterest.fr/ https://www.pinterest.com/ https://www.sandbox.paypal.com https://www.paypal.com https://checkout.slimpay.net https://checkout.preprod.slimpay.com https://accounts.google.com https://www.youtube.com *.moneris.com *.sticky.io https://w.soundcloud.com https://vars.hotjar.com https://bid.g.doubleclick.net https://aax-eu.amazon-adsystem.com https://widget.trustpilot.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri /report.php 2 default-src 'self' https://*.mhh.de chrome-extension; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mhh.de https://*.youtube.com https://*.youtube-nocookie.com https://cdnjs.cloudflare.com https://spenden.twingle.de ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.mhh.de https://*.youtube.com https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://cdnjs.cloudflare.com https://spenden.twingle.de ; script-src-attr 'self' 'unsafe-inline' https://*.mhh.de; connect-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://spenden.twingle.de; style-src 'self' 'unsafe-inline' https://*.mhh.de; img-src 'self' data: https://*.mhh.de https://*.ytimg.com ; frame-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://gbo-app-znc.nintex.io https://spenden.twingle.de; child-src 'self' https://*.mhh.de https://*.youtube-nocookie.com https://mh-hannover-390466.workflowcloud.com https://gbo-app-znc.nintex.io https://spenden.twingle.de; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; report-uri https://www.mhh.de/_mc/csp; report-to https://www.mhh.de/_mc/csp 2 default-src * 'self' data: 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com/recaptcha/api.js https://*.recaptcha.net https://recaptcha.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://clarity.ms https://*.clarity.ms https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://cms-front.s3.eu-west-1.amazonaws.com https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://cdn.plyr.io https://player.vimeo.com https://player.vimeo.com/api/player.js https://purecatamphetamine.github.io https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://snap.licdn.com; font-src 'self' data: https://*.gstatic.com https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://snap.licdn.com; connect-src 'self' wss://app.allfunds.com https://allfunds.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://clarity.ms https://*.clarity.ms https://intranet.allfunds.com https://app.allfunds.com https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://myconnect.allfunds.com https://telemetrics-widgets.allfunds.dev https://myconnect.allfunds.dev https://dashboard-v2.allfunds.dev https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://cms-front.s3.eu-west-1.amazonaws.com https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://cdn.plyr.io https://player.vimeo.com https://player.vimeo.com/api/player.js https://purecatamphetamine.github.io https://md8jnn29kj.execute-api.eu-west-1.amazonaws.com https://*.go-mpulse.net; frame-src 'self' https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com/recaptcha/api.js https://*.recaptcha.net https://recaptcha.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://intranet.allfunds.com https://app.allfunds.com https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://myconnect.allfunds.com https://telemetrics-widgets.allfunds.dev https://myconnect.allfunds.dev https://dashboard-v2.allfunds.dev https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://cms-front.s3.eu-west-1.amazonaws.com https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://cdn.plyr.io https://player.vimeo.com https://player.vimeo.com/api/player.js https://purecatamphetamine.github.io; img-src 'self' data: *.allfunds.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://cloudfunctions.net https://*.cloudfunctions.net https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://cms-front.s3.eu-west-1.amazonaws.com https://purecatamphetamine.github.io; media-src 'self' data: *.allfunds.com https://app.allfunds.com/docs/cms/header_web_5d4b57c95f.mp4 https://*.googleapis.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://apis.google.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://linkedin.com https://*.linkedin.com https://snap.licdn.com https://*.amplitude.com https://amplitude.com https://cms-front.s3.eu-west-1.amazonaws.com https://purecatamphetamine.github.io; frame-ancestors 'self' https://*.allfunds.com https://allfunds.com http://localhost:* https://localhost:* http://127.0.0.1:* https://127.0.0.1:* https://80.28.51.168:* chrome-extension://admira.com https://*.admira.com/ https://admira.com/ file:; object-src 'none'; 2 style-src 'unsafe-inline' 'self' https://*.typekit.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.hospitalitysem.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.vizergy.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.googleapis.com https://*.clarity.ms; default-src 'self' https://*.typekit.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://*.demdex.net https://*.everesttech.net https://*.vizergy.com https://*.hospitalitysem.com https://player.vimeo.com https://*.googletagmanager.com https://*.doubleclick.net https://*.twitter.com https://*.pinterest.com https://*.sorryapp.com https://*.fontawesome.com https://*.googleapis.com https://*.fbcdn.net https://*.cdninstagram.com https://*.googleusercontent.com https://www.youtube.com https://*.clarity.ms data: 2 frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://svanalytics.containers.piwik.pro/2479d5f4-1a62-42bf-91c4-e6075dc3f52b.js https://svanalytics.containers.piwik.pro/ppms.js https://*.rekai.se https://*.readspeaker.com https://maps.googleapis.com https://micc.gotland.se https://map-embed.naturkartan.se https://player.vimeo.com https://mfstatic.com https://www.youtube.com https://s.ytimg.com https://static.ws.apsis.one https://code.highcharts.com/highcharts.js https://reseplanerare.resrobot.se; frame-src 'self' https://*.vimeo.com https://*.youtube.com https://youtube.com https://*.spotify.com https://*.podbean.com https://*.screen9.com https://*.gotland.se https://*.inviewer.se https://*.svt.se https://*.naturkartan.se https://play.google.com https://datawrapper.dwcdn.net https://svanalytics.piwik.pro https://app-eu.readspeaker.com https://menu.matildaplatform.com/ https://code.highcharts.com/ https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://micc.gotland.se https://mfstatic.com; connect-src 'self' https://*.googleapis.com https://alme.inadra.se/login https://vimeo.com/api/ https://rekai.se https://*.rekai.se https://svanalytics.containers.piwik.pro https://svanalytics.piwik.pro https://*.readspeaker.com https://*.youtube.com https://youtube.com https://play.screen9.com https://mule03.gotland.se https://play.google.com https://mfstatic.com https://*.mediaflow.com https://micc.gotland.se https://api.kolada.se https://reseplanerare.resrobot.se; style-src-elem 'self' 'unsafe-inline' https://*.readspeaker.com https://micc.gotland.se https://svanalytics.containers.piwik.pro https://mfstatic.com https://reseplanerare.resrobot.se; font-src 'self' data: https://micc.gotland.se https://mfstatic.com https://reseplanerare.resrobot.se; media-src 'self' blob: https://play.boxcast.com https://mfstatic.com https://*.inviewer.se https://m.mediaflow.com https://*.googlevideo.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://cdn-eu.readspeaker.com https://i.vimeocdn.com https://www.w3.org https://gotland.se https://reseplanerare.resrobot.se https://www.svtstatic.se https://mfstatic.com https://*.inviewer.se https://assets.mediaflowpro.com; 2 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src blob:; font-src https: data:; connect-src https: wss://api.eu.residency.elevenlabs.io; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com cognitoforms.com *.cognitoforms.com typekit.net *.typekit.net static.srcspot.com; frame-ancestors 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; frame-src 'self' data: blob: swissport.com *.swissport.com cookiebot.com *.cookiebot.com googleapis.com *.googleapis.com cloudflareinsights.com *.cloudflareinsights.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com facebook.net facebook.net *.facebook.net facebook.com *.facebook.com licdn.com *.licdn.com tiktok.com *.tiktok.com google.de *.google.de google.com *.google.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com linkedin.com *.linkedin.com doubleclick.net *.doubleclick.net youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com flockler.com *.flockler.com flockler.app *.flockler.app matterport.com *.matterport.com; img-src * data: blob: 'unsafe-inline'; report-uri /nelmio/csp/report 2 frame-ancestors 'self' https://social.zalopay.vn https://socialstg.zalopay.vn https://socialdev.zalopay.vn https://h5.zdn.vn 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.formstack.com; frame-ancestors 'self'; img-src 'self' data: https://res.cloudinary.com https://images.contentstack.io https://cdn.userway.org https://api.mapbox.com *.mouseflow.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' *.mouseflow.com; upgrade-insecure-requests; 2 frame-ancestors 'self' https://www.p3tips.com/ https://www.p3campus.com/ https://tips.sandyhookpromise.org/; 2 frame-ancestors 'self' www.amway.com.au www.amway.co.nz www.amway.com.vn www.amway.my www.amway.sg www.amway.com.bn www.amway.com.ph admin.amway.my admin.amway.sg admin.amway.com.bn 2 frame-ancestors https://app.mieru-ca.com/; upgrade-insecure-requests 2 default-src 'self';base-uri 'self';connect-src 'self' www.oogarden.com www.oogarden.be www.oogarden.de www.gardented.com www.oogarden.com:8091 www.oogarden.com:8092 www.gardented.com:8091 www.gardented.com:8092 *.76310.fr api.gls-group.net cdnjs.cloudflare.com *.facebook.com *.facebook.net *.iadvize.com *.datadome.co *.captcha-delivery.com *.pinterest.com bat.bing.com bat.bing.net www.google.com www.google.fr *.doubleclick.net pagead2.googlesyndication.com tss.oogarden.com www.googleadservices.com *.adtrafficquality.google *.analytics.google.com *.google-analytics.com *.tiktok.com *.tiktokw.us *.clarity.ms *.sensefuel.live;font-src 'self' cdn.oogarden.net cdn.gardented.net *.iadvize.com fonts.gstatic.com *.sensefuel.live;form-action 'self' sogecommerce.societegenerale.eu sherlocks-payment-webinit.secure.lcl.fr payment-webinit.mercanet.bnpparibas.net *.facebook.com *.facebook.net;frame-ancestors 'self' *.datadome.co *.captcha-delivery.com ooerpbi.oogarden.com:8124 ooerpbi.oogarden.com:8125 ooerp.oogarden.com:8124 ooerp.oogarden.com:8125 *.oogarden.com *.oogarden.be *.oogarden.de *.gardented.com cdn.oogarden.net cdn.gardented.net api.gls-group.net;frame-src 'self' media.oogarden.com cdn.oogarden.net cdn.gardented.net *.captcha-delivery.com api.gls-group.net *.facebook.com *.facebook.net *.pinterest.com www.google.com www.google.fr *.adtrafficquality.google pagead2.googlesyndication.com tss.oogarden.com www.googletagmanager.com www.youtube.com *.sensefuel.live;img-src 'self' data: media.oogarden.com cdn.oogarden.net cdn.gardented.net *.facebook.com *.facebook.net *.iadvize.com bat.bing.com bat.bing.net www.google.com www.google.fr *.analytics.google.com *.google-analytics.com www.googletagmanager.com *.adtrafficquality.google www.googleadservices.com *.doubleclick.net pagead2.googlesyndication.com *.openstreetmap.org t4.my-probance.one tss.oogarden.com i.ytimg.com *.sensefuel.live;media-src 'self' media.oogarden.com cdn.oogarden.net cdn.gardented.net *.sensefuel.live;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' www.oogarden.com www.oogarden.be www.oogarden.de www.gardented.com media.oogarden.com cdn.oogarden.net cdn.gardented.net *.76310.fr api.gls-group.net cdnjs.cloudflare.com *.facebook.com *.facebook.net *.iadvize.com *.datadome.co *.captcha-delivery.com bat.bing.com bat.bing.net cmodul.solutenetwork.com *.adtrafficquality.google *.doubleclick.net pagead2.googlesyndication.com *.analytics.google.com *.google-analytics.com t4.my-probance.one tss.oogarden.com www.google.com www.google.fr www.googletagmanager.com www.gstatic.com www.youtube.com *.pinterest.com *.tiktok.com *.tiktokw.us s.pinimg.com *.clarity.ms *.sensefuel.live;style-src 'self' 'unsafe-eval' 'unsafe-inline' media.oogarden.com cdn.oogarden.net cdn.gardented.net cdnjs.cloudflare.com fonts.googleapis.com *.iadvize.com www.googletagmanager.com *.sensefuel.live;upgrade-insecure-requests;worker-src 'self' blob:; 2 frame-ancestors 'self' *.youtube.com *.vimeo.com; 2 frame-ancestors 'self' https://*.princesscasino.ro https://bingo-sw360.pragmaticplay.net 2 frame-ancestors https://awards.ratingruneta.ru 2 frame-ancestors 'self' https://twinrivers.catapultcms.com 2 default-src 'unsafe-inline' 'unsafe-eval' 'self' data:; frame-src 'self' https://www.youtube.com/embed/qYp89jjpv4M; style-src 'self' 'unsafe-inline' data:; img-src 'self' data: https://*.usom.gov.tr;script-src 'self' 'unsafe-inline' 'unsafe-eval';media-src 'self' https://*.usom.gov.tr https://*.siberyildiz.com 2 frame-ancestors 'self' nationaalarchief.sr *.nationaalarchief.sr; report-uri /report-csp-violation 2 default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.widget.cloud.opta.net omo.akamai.opta.net code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.youtube.com s.ytimg.com platform.twitter.com syndication.twitter.com www.google.com www.gstatic.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net munchkin.marketo.net connect.facebook.net sync.ecal.com l.getsitecontrol.com s2.getsitecontrol.com cdn.funnelytics.io pagead2.googlesyndication.com analytics.tiktok.com static.ads-twitter.com www.instagram.com www.redditstatic.com tradablebits.com;connect-src 'self' adservice.google.com www.google.com *.doubleclick.net www.google-analytics.com analytics.google.com ipinfo.io *.mktoresp.com ws://localhost:12387/ l.getsitecontrol.com analytics.tiktok.com track-v2.funnelytics.io events.getsitectrl.com analytics-ipv6.tiktokw.us pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com conversions-config.reddit.com https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js.map https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js.map https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.5/js/swiper.min.js.map https://s2.getsitecontrol.com/widgets/release-2x/es6/runtime.03de77c.js.map; img-src 'self' data: secure.widget.cloud.opta.net *.ytimg.com img.youtube.com syndication.twitter.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com www.google.co.nz www.facebook.com t.co analytics.twitter.com m2.getsitecontrol.com alb.reddit.com;media-src 'self';style-src 'self' 'unsafe-inline' secure.widget.cloud.opta.net tagmanager.google.com fonts.googleapis.com cdnjs.cloudflare.com fonts.googleapis.com pro.fontawesome.com sync.ecal.com cdn.jsdelivr.net;manifest-src 'self'; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com pro.fontawesome.com fonts.gstatic.com; frame-ancestors 'self';frame-src 'self' https://nzr-qa.livelikeapp.com https://nzr.livelikeapp.com/ platform.twitter.com www.youtube.com www.youtube-nocookie.com *.doubleclick.net stats.g.doubleclick.net www.google.com www.googletagmanager.com bid.g.doubleclick.net sync.ecal.com www.instagram.com tradablebits.com https://www.facebook.com/; upgrade-insecure-requests; 2 default-src 'self'; connect-src 'self' *.siteimprove.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://stats.g.doubleclick.net https://transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://pagead2.googlesyndication.com/ https://www.google-analytics.com https://www.googletagmanager.com https://search.service.eu-live.vportal.ee/v1/search/transpordiamet https://search.service.eu-live.vportal.ee/v1/globalsearch/total https://form.service.eu-live.vportal.ee/v1/ https://search.service.eu-live.vportal.ee/v1/events/transpordiamet https://inaadress.maaamet.ee https://search.service.eu-live.vportal.ee/v1/sanctions/transpordiamet; font-src 'self' data: https://fonts.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://www.transpordiamet.ee/ www.transpordiamet.ee https://digiajakiri.transpordiamet.ee/ www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://transpordiamet.ee https://v.postimees.ee/ https://public.tableau.com/app/profile/transpordiamet/viz/Ktused/Ktusekulukoond https://public.tableau.com/ https://gis.transpordiamet.ee/ https://droonid.transpordiamet.ee/ https://turvavoo.transpordiamet.ee/ https://kaalautos.transpordiamet.ee/ https://www.googletagmanager.com/ https://public.tableau.com/views/Ktused/Ktusekulukoond https://public.tableau.com/app/profile/transpordiamet/viz/Sadamateklastus/Vikelaevadegasaabunudinimesed https://public.tableau.com/app/profile/transpordiamet/viz/Sadamateklastus/Vikelaevadeklastusandmed https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com www.fbcdn.net www.cdninstagram.com www.facebook.com https://pixabay.com/ https://www.pexels.com/ http://www.w3.org/ http://www.bohemiancoding.com/sketch/* www.transpordiamet.ee https://stats.g.doubleclick.net/* https://www.transpordiamet.ee/ https://search.google.com/search-console https://www.facebook.com/ https://connect.facebook.net https://transpordiamet.ee https://www.googletagmanager.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org www.facebook.com https://search.google.com/search-console https://www.facebook.com/ https://connect.facebook.net https://transpordiamet.ee/ www.transpordiamet.ee https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org www.facebook.com https://search.google.com/search-console https://transpordiamet.ee www.transpordiamet.ee https://www.facebook.com https://pixabay.com/ https://www.pexels.com https://www.transpordiamet.ee/ https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://connect.facebook.net/ https://connect.facebook.net/en_US/fbevents.js https://public.tableau.com/ cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://static.addtoany.com/menu/svg/icons.30.svg.css https://www.transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://transpordiamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://maanteeamet.maps.arcgis.com https://arcg.is https://www.arcgis.com https://static.addtoany.com/menu/svg/icons.30.svg.css https://www.transpordiamet.ee www.transpordiamet.ee www.facebook.com https://www.facebook.com https://connect.facebook.net https://search.google.com/search-console https://pixabay.com/ https://www.pexels.com https://transpordiamet.ee https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors 'self' https://public.tableau.com/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net https://*.kampyle.com https://*.medallia.com http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv http://claro.clientcampaigns.live https://*.google.com.mx https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://tags.bkrtx.com https://stags.bluekai.com https://programarcita.claro.com.hn https://*.google-analytics.com https://*.acuityplatform.com https://*.google.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.facebook.com https://*.facebook.net https://digitasgt.com https://*.ads-twitter.com https://*.cloudflare.com https://*.twitter.com https://t.co https://*.gstatic.com https://*.jquery.com https://*.conversionsapigateway.com https://*.doubleclick.net https://clarity.ms https://*.bing.com https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.sv https://*.clarodigital.net https://*.ytimg.com https://stackpath.bootstrapcdn.com https://*.claro.com.hn https://*.clarity.ms https://cdn.agentbot.net https://*.amazonaws.com https://*.aivo.co https://cdn.jsdelivr.net https://ajax.aspnetcdn.com https://universalplus.com https://*.googleadservices.com https://*.google.com.gt https://hn.mipagoclaro.com https://paquetes.miclaro.com.hn https://*.teads.tv https://*.tiktok.com https://claro.clientcampaigns.live https://*.dearflip.com https://*.zencdn.net; media-src mediastream: https://*.amazonaws.com; worker-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: https://*.claro.com.hn https://*.dearflip.com; 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-ancestors 'self' https://a.cms.omniupdate.com https://sjcdedu.sharepoint.com 2 frame-ancestors 'self' https://*.citplatform.com https://partners.dizzion.com 2 object-src data:; base-uri 'self' studio.plasmic.app analytics.plasmic.app; frame-ancestors 'self' studio.plasmic.app analytics.plasmic.app partners.abnormalsecurity.com partners.abnormal.ai cms.abnormalsecurity.com cms.abnormal.ai staging-cms.abnormalmarketing.dev getpeel.ai 2 frame-ancestors https://punchoutcommerce.com https://*.openordering.de https://openolat.akad.ch https://*.unibas.ch https://s1-eu.ariba.com https://*.es.srgssr.ch 'self'; 2 frame-ancestors *.uniphore.com 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com/ https://www.gstatic.com/ https://va.vercel-scripts.com/ https://player.vimeo.com/ https://widget.trustpilot.com/ https://vercel.live/ https://*.org.coveo.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://cdn.cookielaw.org/ https://*.youtube.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net/ https://ad.doubleclick.net/ https://ade.googlesyndication.com/ https://adservice.google.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://www.datadoghq-browser-agent.com https://*.crazyegg.com https://js.hsforms.net https://*.liveperson.net https://*.lpsnmedia.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com/ https://js.hscollectedforms.net https://js.hubspot.com https://*.qualtrics.com https://bat.bing.com https://static.hsappstatic.net https://ajax.googleapis.com https://*.hubspotusercontent-na1.net https://google.com https://recaptcha.net; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ https://googletagmanager.com/ https://tagmanager.google.com/ https://*.crazyegg.com; img-src 'self' blob: data: https://*.sitecorecloud.io https://wst-p-001.sitecorecontenthub.cloud https://cdn.cookielaw.org http://*.googletagmanager.com/ https://*.gstatic.com/ https://*.google-analytics.com/ https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://ad.doubleclick.net/ https://googleads.g.doubleclick.net/ https://google.com/ https://ade.googlesyndication.com/ https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://px.ads.linkedin.com/ https://www.linkedin.com https://www.facebook.com/ https://*.crazyegg.com https://forms-na1.hsforms.com https://lpcdn.lpsnmedia.net https://teanabroad.org https://*.hsforms.com https://track.hubspot.com https://iad1.qualtrics.com https://siteintercept.qualtrics.com https://bat.bing.com/; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com/ https://*.vimeo.com https://widget.trustpilot.com https://vercel.live/ https://*.youtube.com http://www.googletagmanager.com https://*.doubleclick.net https://www.facebook.com https://*.crazyegg.com https://viewer.mapme.com/ https://js.hsforms.net https://lpcdn.lpsnmedia.net https://va-s.c.liveperson.net https://www.instagram.com https://www.juicer.io https://lookerstudio.google.com/ https://outlook.office.com/ https://www.podbean.com https://*.qualtrics.com https://forms.hsforms.com https://google.com; connect-src 'self' https://*.sitecorecloud.io https://platform.cloud.coveo.com https://analytics.cloud.coveo.com https://*.org.coveo.com https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com http://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://px.ads.linkedin.com https://www.facebook.com https://browser-intake-us3-datadoghq.com https://*.crazyegg.com https://api.zippopotam.us https://privacyportal.onetrust.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://img.youtube.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://*.qualtrics.com https://ad.doubleclick.net https://bat.bing.com/ https://accdn.lpsnmedia.net https://google.com; object-src 'none'; media-src 'self' https://lpcdn.lpsnmedia.net; manifest-src 'self'; worker-src blob:; base-uri 'self'; form-action 'self' https://*.worldstrides.net https://*.worldstrides.com/ https://*.explorica.com/ https://*.explorica.ca/ https://portail.educatours.com/ https://www.facebook.com https://worldstrides.qualtrics.com https://forms.hsforms.com; frame-ancestors 'self' https://*.sitecorecloud.io/ ; upgrade-insecure-requests; block-all-mixed-content; report-uri /cspreports.xml; 2 frame-ancestors 'self' https://jobsearch.createyourowncareer.com https://www.benet.bertelsmann.com https://www.benet.bertelsmann.de; 2 frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 2 frame-ancestors 'self' localhost:* *.tason.com http://localhost:3000 https://www.targetmarketing.co.kr https://mktplatform.tason.com https://dev-mktplatform.tason.com 2 default-src 'none'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; media-src 'self'; frame-ancestors 'none'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; object-src 'self'; 2 default-src *; font-src *;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' https://api.ipify.org https://www.google-analytics.com https://stats.g.doubleclick.net *; style-src 'unsafe-inline' *; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://api.qooqie.com https://cdn.leadinfo.net https://infimv.com https://infirc.com https://sc.lfeeder.com https://static.cloudflareinsights.com https://snap.licdn.com https://s.ksrndkehqnwntyxlhgto.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' https://cdnjs.cloudflare.com https://tailwindcss.com https://tr.lfeeder.com https://tr-rc.lfeeder.com data: https://www.google.nl https://www.google.com https://px.ads.linkedin.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://region1.analytics.google.com https://collector.leadinfo.net https://api.leadinfo.com https://api.qooqie.com wss://api.qooqie.com https://https.overbridgenet.com https://sc.lfeeder.com https://overbridgenet.com https://region1.google-analytics.com https://www.googletagmanager.com https://region1.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://process.iconnode.com https://p.ksrndkehqnwntyxlhgto.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.recaptcha.net https://www.googletagmanager.com https://www.linkedin.com; object-src 'none'; 2 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com http://*.webvisor.com https://webvisor.com http://webvisor.com 2 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; connect-src 'self' https:; frame-ancestors 'self'; 2 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: ;frame-src 'self' *;frame-ancestors 'self' *; worker-src 'self' * blob:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readwhere.app *.readwhere.com *.cloudflare.com *.bootstrapcdn.com *.googletagmanager.com *.gstatic.com *.facebook.net *.twitter.com googleads.g.doubleclick.net *.doubleclick.net *.rwadx.com *.google.com *.google.co.in *.facebook.com *.epapr.in static.xx.fbcdn.net scontent.fdel72-1.fna.fbcdn.net *.google-analytics.com use.fontawesome.com *.pinterest.com *.jquery.com *.cloudfront.net *.googleapis.com data: sb.scorecardresearch.com *.googlesyndication.com 2 frame-ancestors 'self' *.punchlist.com 2 frame-ancestors 'self' https://twitter.com; 2 default-src 'self' https://api.ibep-dev.com wss://u0f66ngvbb.execute-api.us-east-2.amazonaws.com/dev cms.ibep-dev.com diebibel-auth.ibep-dev.com https://api.ibep-prod.com wss://hd0agw1xri.execute-api.us-east-2.amazonaws.com/prod cms.ibep-prod.com diebibel-auth.ibep-prod.com https://api.ibep-staging.com wss://cny3wvor6f.execute-api.us-east-2.amazonaws.com/staging cms.ibep-staging.com diebibel-auth.ibep-staging.com https://api.ibep-test.com wss://e5cbjrq6gk.execute-api.us-east-2.amazonaws.com/test cms.ibep-test.com diebibel-auth.ibep-test.com www.youtube.com www.youtube-nocookie.com player.vimeo.com open.spotify.com public-player-widget.webradiosite.com streamyard.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-sites-eu1.com hubspot-forms-static-embed-eu1.s3.amazonaws.com forms.office.com *.jotform.com developers.kakao.com *.kakaocdn.net story.kakao.com kapi.kakao.com *.kakao.com digiaccess.org *.eu.mautic.net *.digiaccess.org matomo.rackfish.com *.acast.com *.die-bibel.de static.ads-twitter.com nexus.ensighten.com td.doubleclick.net stats.g.doubleclick.net spenden.twingle.de *.customgpt.ai *.licdn.com www.gstatic.com www.google.com surveys.enalyzer.com *.omappapi.com optinmonster.com http://engage.biblijosdraugija.lt https://engage.biblijosdraugija.lt code.etracker.com www.etracker.de facebook.com *.facebook.com connect.facebook.net cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com file-examples.com www.googletagmanager.com www.bytesroute.com app.bytesroute.com bytesroute-backend.herokuapp.com use.typekit.net *.typekit.net *.google-analytics.com analytics.google.com *.analytics.google.com *.ingest.sentry.io d1weibdish4e0y.cloudfront.net d3t5ogzx22a7ri.cloudfront.net d1hkpuz2o5a2xw.cloudfront.net d1bxy2pveef3fq.cloudfront.net mautic.bijbelgenootschap.nl fonts.googleapis.com www.google.pt fonts.gstatic.com prezi-nocookies.com *.prezicdn.net wss://ws.hotjar.com *.hotjar.com *.hotjar.io buzzsprout.com www.buzzsprout.com cdn.onesignal.com onesignal.com bytesroute.com *.bytesroute.com *.webradiosite.com widget.spreaker.com *.spreaker.com *.canva.com *.clarity.ms m.debijbel.nl ofertas.sbb.org.br docs.google.com forms.clickup.com app-cdn.clickup.com 'unsafe-inline'; img-src * data:; frame-src 'self' https://api.ibep-dev.com wss://u0f66ngvbb.execute-api.us-east-2.amazonaws.com/dev cms.ibep-dev.com diebibel-auth.ibep-dev.com https://api.ibep-prod.com wss://hd0agw1xri.execute-api.us-east-2.amazonaws.com/prod cms.ibep-prod.com diebibel-auth.ibep-prod.com https://api.ibep-staging.com wss://cny3wvor6f.execute-api.us-east-2.amazonaws.com/staging cms.ibep-staging.com diebibel-auth.ibep-staging.com https://api.ibep-test.com wss://e5cbjrq6gk.execute-api.us-east-2.amazonaws.com/test cms.ibep-test.com diebibel-auth.ibep-test.com www.youtube.com www.youtube-nocookie.com player.vimeo.com open.spotify.com public-player-widget.webradiosite.com streamyard.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-sites-eu1.com hubspot-forms-static-embed-eu1.s3.amazonaws.com forms.office.com *.jotform.com developers.kakao.com *.kakaocdn.net story.kakao.com kapi.kakao.com *.kakao.com digiaccess.org *.eu.mautic.net *.digiaccess.org matomo.rackfish.com *.acast.com *.die-bibel.de static.ads-twitter.com nexus.ensighten.com td.doubleclick.net stats.g.doubleclick.net spenden.twingle.de *.customgpt.ai *.licdn.com www.gstatic.com www.google.com surveys.enalyzer.com *.omappapi.com optinmonster.com http://engage.biblijosdraugija.lt https://engage.biblijosdraugija.lt code.etracker.com www.etracker.de facebook.com *.facebook.com connect.facebook.net cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com file-examples.com www.googletagmanager.com www.bytesroute.com app.bytesroute.com bytesroute-backend.herokuapp.com use.typekit.net *.typekit.net *.google-analytics.com analytics.google.com *.analytics.google.com *.ingest.sentry.io d1weibdish4e0y.cloudfront.net d3t5ogzx22a7ri.cloudfront.net d1hkpuz2o5a2xw.cloudfront.net d1bxy2pveef3fq.cloudfront.net mautic.bijbelgenootschap.nl fonts.googleapis.com www.google.pt fonts.gstatic.com prezi-nocookies.com *.prezicdn.net wss://ws.hotjar.com *.hotjar.com *.hotjar.io buzzsprout.com www.buzzsprout.com cdn.onesignal.com onesignal.com bytesroute.com *.bytesroute.com *.webradiosite.com widget.spreaker.com *.spreaker.com *.canva.com *.clarity.ms m.debijbel.nl ofertas.sbb.org.br docs.google.com forms.clickup.com app-cdn.clickup.com 2 form-action 'self' https://forms.hsforms.com; 2 default-src https: wss: ws: data: blob: 'self'; script-src https: 'self' https://cache.exmo.club 'unsafe-inline'; style-src https: 'self' https://cache.exmo.club 'unsafe-inline'; frame-src 'self' blob: https:; object-src 'self' blob:; 2 child-src 'self'; connect-src 'self' https://*.googlesyndication.com https://*.hsforms.com https://*.hubspot.com https://api.hubspot.com https://api.leadinfo.com https://api.ldnfrpl.com https://cdn.linkedin.oribi.io https://collector.leadinfo.net https://consentcdn.cookiebot.com https://content.hotjar.io https://forms.hubspot.com https://google.com https://www.google.com https://googleads.g.doubleclick.net https://in.hotjar.com https://li-replay.s3-accelerate.amazonaws.com https://metrics.hotjar.io https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vc.hotjar.io https://vimeo.com https://x.clarity.ms wss://ws.hotjar.com; default-src 'self'; font-src 'self' data:; frame-src 'self' https://backend.anewspring.prod.verveagency.com https://*.hs-sites.com https://app.hubspot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://forms.hsforms.com https://player.vimeo.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.googletagmanager.com/ https://s.pointerpro.com; img-src 'self' data: https://*.ads.linkedin.com https://*.hsforms.com https://*.hubspot.com https://facebook.com https://www.facebook.com https://google.com https://google.nl https://googleads.g.doubleclick.net https://googletagmanager.com https://i.vimeocdn.com https://i.ytimg.com https://imgsct.cookiebot.com https://static.hsappstatic.net/ https://track.hubspot.com https://www.google.com https://www.google.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' http://*.googlesyndication.com http://js.hs-scripts.com https://cdn.leadinfo.net https://cdn.ldnfrpl.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://google.com https://google.nl https://googleads.g.doubleclick.net https://i.vimeocdn.com https://i.ytimg.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com/web-interactives-embed.js https://js.usemessages.com https://player.vimeo.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.clarity.ms https://www.facebook.com https://www.google.com https://www.google.nl https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline'; 2 block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz govtbookings.airnewzealand.co.nz txn.apac.paywithpoli.com online.asb.co.nz bank.westpac.co.nz checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.airnewzealand.co.nz musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com *.demdex.net www.everestjs.net oc-cdn-public-oce.azureedge.net https://unpkg.com/acs_webchat-chat-adapter@0.0.35-beta.20/dist/chat-adapter.js www.googleadservices.com www.google.com www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.google-analytics.com analytics.google.com tagmanager.google.com *.doubleclick.net static.hotjar.com script.hotjar.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com upgrade.plusgrade.com s.swiftypecdn.com s.wayin.com xd.wayin.com x.wayin.com eu-x.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com yourir.info www.youtube.com s.ytimg.com; style-src 'unsafe-inline' p-airnz.com 'self' oc-cdn-public-oce.azureedge.net fonts.googleapis.com tagmanager.google.com static.hotjar.com script.hotjar.com upgrade-cdn-prd.plusgrade.com upgrade-prod-cdn.plusgrade.com s.swiftypecdn.com yourir.info; img-src https: data: blob: ad.doubleclick.net ade.googlesyndication.com adservice.google.com www.googletagmanager.com www.google.com static.hotjar.com script.hotjar.com *.kampyle.com i.ytimg.com; font-src p-airnz.com 'self' *.cdn.office.net fonts.googleapis.com fonts.gstatic.com script.hotjar.com data: dhm5hy2vn8l0l.cloudfront.net; media-src 'self' p-airnz.com data:; frame-src 'self' txn.apac.paywithpoli.com online.asb.co.nz bank.westpac.co.nz sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com test.adyen.com airnz-cargo.chooose.today airnz-corporate.chooose.today emissions-platform.airnewzealand.co.nz airpointscalculator.co.nz *.airnewzealand.co.nz hotels.airnewzealand.co.nz *.demdex.net www.everestjs.net pixel.everesttech.net au-connect.authsignal.com auth.identity.airnewzealand.com identity.airnewzealand.com oc-cdn-public-oce.azureedge.net blob: comms.omnichannelengagementhub.com customervoice.microsoft.com www.googletagmanager.com td.doubleclick.net *.google.com *.doubleclick.net vars.hotjar.com nebula-cdn.kampyle.com *.cdn-pci.optimizely.com nz.fltmaps.com xd.wayin.com x.wayin.com eu-x.wayin.com display.engagesciences.com airnz.wufoo.com www.youtube.com; worker-src blob:; connect-src 'self' api.airnz.io api.airnz.ai p-airnz.com sec.windcave.com uat.windcave.com checkoutshopper-test.adyen.com checkoutshopper-live-au.adyen.com muscula.herokuapp.com tourismnz.sc.omtrdc.net *.demdex.net *.tt.omtrdc.net identity.airnewzealand.com unq0355446423e84eb397bc71189d78d-crm6.omnichannelengagementhub.com browser.pipe.aria.microsoft.com *.omnichannelengagementhub.com *.au.omnichannelengagementhub.com https://*.trouter.skype.com wss://*.trouter.skype.com edge.skype.com *.communication.azure.com ocsdk-prod.azureedge.net blob: pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com ad.doubleclick.net *.googleapis.com *.google.com *.gstatic.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://widget.timatic.iata.org/api/ md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com analytics-fe.digital-cloud-syd1.medallia.com.au cdn-au.onetrust.com geolocation.onetrust.com privacyportal-au.onetrust.com *.optimizely.com https://*.sentry.io s.swiftypecdn.com search-api.swiftype.com yourir.info; object-src 'none'; frame-ancestors 'self' www.airnewzealand.com.au www.airnewzealand.com www.airnewzealand.ca www.airnewzealand.co.uk www.airnewzealand.eu www.airnewzealand.co.jp www.airnewzealand.jp www.airnewzealand.com.sg www.airnewzealand.pf www.airnewzealand.cn www.airnewzealand.com.cn www.airnewzealand.hk www.airnewzealand.com.hk www.airnewzealand.tw www.airnewzealand.com.tw www.airnewzealand.co.kr www.airnewzealand.kr www.grabaseat.co.nz flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.jp flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.co.nz govtbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.eu flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.kr flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.grabaseat.co.nz; report-uri /csp-report 2 default-src * https: ws: blob: data: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' 'unsafe-inline' *.sernet.de *.usercentrics.eu; style-src 'self' 'unsafe-inline'; img-src 'self' *.usercentrics.eu *.prive.eu; frame-ancestors 'self' 2 frame-ancestors 'self' https://app.kameleoon.com https://app.contentful.com; 2 font-src *.klaviyo.com *.bootstrapcdn.com *.gstatic.com *.yotpo.com *.klarnacdn.net *.klarna.com data: static.urkompagniet.dk static.klockor.com static.superstar.dk static.klockgiganten.se static.klokkegiganten.no static.zegarkowygigant.pl static.horlogegigant.nl static.justoatiempo.es static.kellad.ee static.kellot.fi static.ure.dk static.klockor.se static.laikrodis.lt static.watchia.dk static.watchia.fi static.watchia.no static.watchia.se static.watchia.be static.watchia.com static.devm2.urkompagniet.dk static.devm2-watchia.urkompagniet.dk *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://maps.google.com/ *.dibspayment.eu *.doubleclick.net *.scratcher.io *.pinterest.com *.google.com https://bid.g.doubleclick.net *.vimeo.com *.playground.klarnaevt.com *.klarna.com *.facebook.com *.trustpilot.com *.paypal.com *.sleeknote.com *.appspot.com *.flipsnack.com *.kustom.co *.weltpixel.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.dibs.se *.pinterest.com blob: *.yotpo.com *.klaviyo.com *.googleusercontent.com *.klarnaevt.com *.google.com *.google.com.ua *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net https://www.facebook.com *.facebook.net *.sleeknote.com *.magentocommerce.com *.playground.klarnaevt.com *.klarna.com *.fastly.net *.syndication.tiekinetix.net *.popupsmart.com *.nr-data.net *.trackmytarget.com *.google.no *.ytimg.com *.cloudfront.net *.clarity.ms *.bing.com *.kustom.co media.urkompagniet.dk media.klockor.com media.superstar.dk media.klockgiganten.se media.klokkegiganten.no media.zegarkowygigant.pl media.horlogegigant.nl media.justoatiempo.es media.kellad.ee media.kellot.fi media.ure.dk media.klockor.se media.laikrodis.lt media.watchia.dk media.watchia.fi media.watchia.no media.watchia.se media.watchia.be media.watchia.com static.urkompagniet.dk static.klockor.com static.superstar.dk static.klockgiganten.se static.klokkegiganten.no static.zegarkowygigant.pl static.horlogegigant.nl static.justoatiempo.es static.kellad.ee static.kellot.fi static.ure.dk static.klockor.se static.laikrodis.lt static.watchia.dk static.watchia.fi static.watchia.no static.watchia.se static.watchia.be static.watchia.com static.devm2.urkompagniet.dk static.devm2-watchia.urkompagniet.dk media.devm2.urkompagniet.dk media.devm2-watchia.urkompagniet.dk flagpedia.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com 'self' data: data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://*.dibspayment.eu *.answerly.io *.scratcher.io *.pinimg.com *.tiktok.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.google.com *.gstatic.com *.clerk.io vimeo.com *.ytimg.com *.yotpo.com *.klaviyo.com *.authorize.net *.bing.com *.facebook.net *.klarna.com *.sleeknote.com *.doubleclick.net *.playground.klarnaevt.com *.syndication.tiekinetix.net *.emaerket.dk *.trustpilot.com *.fastly.net *.popupsmart.com *.newrelic.com *.connectpos.com *.nr-data.net *.trackmytarget.com *.elevio.io *.elev.io *.zdassets.com *.clarity.ms *.kustom.co static.urkompagniet.dk static.klockor.com static.superstar.dk static.klockgiganten.se static.klokkegiganten.no static.zegarkowygigant.pl static.horlogegigant.nl static.justoatiempo.es static.kellad.ee static.kellot.fi static.ure.dk static.klockor.se static.laikrodis.lt static.watchia.dk static.watchia.fi static.watchia.no static.watchia.se static.watchia.be static.watchia.com static.devm2.urkompagniet.dk static.devm2-watchia.urkompagniet.dk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.reaktion.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.dibspayment.eu data: *.googleapis.com *.yotpo.com *.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.klaviyo.com *.playground.klarnaevt.com *.klarna.com *.doubleclick.net *.syndication.tiekinetix.net *.fastly.net *.bootstrapcdn.com static.urkompagniet.dk static.klockor.com static.superstar.dk static.klockgiganten.se static.klokkegiganten.no static.zegarkowygigant.pl static.horlogegigant.nl static.justoatiempo.es static.kellad.ee static.kellot.fi static.ure.dk static.klockor.se static.laikrodis.lt static.watchia.dk static.watchia.fi static.watchia.no static.watchia.se static.watchia.be static.watchia.com static.devm2.urkompagniet.dk static.devm2-watchia.urkompagniet.dk https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.answerly.io *.dibspayment.eu *.googlesyndication.com *.googleapis.com *.google.com *.datadome.co *.pinterest.com *.tiktok.com *.klaviyo.com *.yotpo.com *.google-analytics.com *.klarna.com *.doubleclick.net *.klarnaevt.com *.facebook.com *.connectpos.com *.sleeknote.com *.appspot.com *.nr-data.net *.elev.io *.zdassets.com *.clarity.ms *.bing.com *.kustom.co static.urkompagniet.dk static.klockor.com static.superstar.dk static.klockgiganten.se static.klokkegiganten.no static.zegarkowygigant.pl static.horlogegigant.nl static.justoatiempo.es static.kellad.ee static.kellot.fi static.ure.dk static.klockor.se static.laikrodis.lt static.watchia.dk static.watchia.fi static.watchia.no static.watchia.se static.watchia.be static.watchia.com static.devm2.urkompagniet.dk static.devm2-watchia.urkompagniet.dk www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.reaktion.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com static.urkompagniet.dk static.klockor.com static.superstar.dk static.klockgiganten.se static.klokkegiganten.no static.zegarkowygigant.pl static.horlogegigant.nl static.justoatiempo.es static.kellad.ee static.kellot.fi static.ure.dk static.klockor.se static.laikrodis.lt static.watchia.dk static.watchia.fi static.watchia.no static.watchia.se static.watchia.be static.watchia.com https://sales.connectpos.com http://sales.connectpos.com https://www.dijkxhoorn.nl *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' https://*.adobedtm.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://www.facebook.com https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://emjcd.com https://www.mczbf.com https://www.sjwoe.com https://cj.dotomi.com https://cj.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.googletagmanager.com https://www.google.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://cdn.cookielaw.org https://www.gstatic.com https://youtube.com https://www.youtube.com https://youtu.be https://ssl.google-analytics.com https://cds-sdkcfg.onlineaccess1.com;connect-src 'self' https://edge.adobedc.net https://adobedc.demdex.net *.tt.omtrdc.net https://valley-privacy.my.onetrust.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://www.facebook.com https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://emjcd.com https://www.mczbf.com https://www.sjwoe.com https://cj.dotomi.com https://cj.com https://*.fls.doubleclick.net https://*.doubleclick.net https://pixel-config.reddit.com https://www.clarity.ms https://*.clarity.ms https://calc-backend-prod.herokuapp.com https://cdn.segment.com https://*.segment.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.hotjar.io https://*.hotjar.com wss://ws.hotjar.com https://www.google-analytics.com https://siteimproveanalytics.com https://www.google.com https://www.google.com/recaptcha/api.js https://cdn.cookielaw.org https://analytics.google.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://*.us.yextapis.com https://conversions-config.reddit.com https://www.redditstatic.com https://*.amplitude.com https://cds-sdkcfg.onlineaccess1.com;script-src-elem 'self' 'unsafe-inline' https://admin4.testandtarget.omniture.com *.tt.omtrdc.net https://adobedtm.com https://*.adobedtm.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com https://simage2.pubmatic.com https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://www.facebook.com https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://emjcd.com https://www.mczbf.com https://www.sjwoe.com https://cj.dotomi.com https://cj.com https://*.fls.doubleclick.net https://www.clarity.ms https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://analytics.google.com https://www.google.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://cdn.cookielaw.org https://www.gstatic.com https://*.hotjar.com https://bat.bing.com https://aa.trkn.us https://analytics.newscred.com https://snap.licdn.com https://embed.signalintent.com https://www.youtube.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cdn.segment.com https://cdn.jsdelivr.net https://www.redditstatic.com https://cdn.amplitude.com https://siteimproveanalytics.com https://cds-sdkcfg.onlineaccess1.com;frame-src 'self' https://x.adroll.com https://*.fls.doubleclick.net https://*.doubleclick.net https://youtu.be https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.googletagmanager.com https://aa.trkn.us https://td.doubleclick.net;frame-ancestors 'self' *.adobemc.com *.adobe.com *.assets.adobedtm.com https://youtu.be https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://cdn.segment.com;worker-src 'self' blob: https://cds-sdkcfg.onlineaccess1.com 2 frame-ancestors www.medidata.com medidata.com next.medidata.com loc.medidata.com explorer.medidata.com https://*.mdsol.com test-medidata-next.pantheonsite.io ecoa-medidata-corporate.pantheonsite.io dev-medidata-next.pantheonsite.io blog-medidata-corporate.pantheonsite.io dev-medidata-corporate.pantheonsite.io test-medidata-corporate.pantheonsite.io 26five-medidata-corporate.pantheonsite.io perf-medidata-corporate.pantheonsite.io tags-medidata-corporate.pantheonsite.io web.cvent.com mdsol.preview.salesforce-experience.com mdsol.live-preview.salesforce-experience.com mdsol.my.site.com *.3ds.com 2 default-src * data:; script-src 'report-sample' https: https://cdn.omniconvert.com https://app.omniconvert.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://*.googletagmanager.com 'sha256-8Q2PbveConwZTNLEOm2JkgLiUIedDUUfUJVmYjVUsCw=' 'sha256-vSsjJXtUQ2H3fO17miWhBHNXLky17fl5Fi7OV0OpfdA=' 'sha256-eOSM8QzGIpyOc7CuIaa8v510KRRCuAmwDWmRzUrZwmw=' 'sha256-2rzpxq+Uo4VTCS6MM93uYFEW4WyY6LJ/YMkPWUPUQMc=' 'sha256-DU6gkPHMRtO5TRoi8QGArsg6F7MnFL5FM9NAVJ0IJyc=' 'sha256-8pUQvVdbnJVTgyq8/3Gwh2a03cHo86C/nUVTgkvsC8o=' 'sha256-URizvwyxGEinwf2ROe6XdgamFMHqOEVq8OHOjUHmPMA=' 'sha256-SLopV0MPdtOfkI8uYgUKDpvVn1Ew3EWGPxe6+n2PLlo=' 'sha256-Whc5OEsjtejfztylichiLtwcjMq8lYr6WVvqQaFdC18=' 'sha256-6ouy604PDogAFFhnFjBDv+H3o/9b1CC0RfjecNLkskE=' 'sha256-jtfclAIFSttRQi6em2JV524dyymD3rzgkiwz4ZqbdVY=' 'sha256-f4bj6sLdyvIouHuDwAJ+iXgyEcxLLTqm3xxOQcJEdGY=' 'sha256-wYRGMODEfEYSIzWXe2K6WbKBisnTOVmworcxpzugRxk=' 'sha256-o/bmjpzDgth8s9SyQRZC3pe7HcjJJCJ1ljERBdOHkkY=' 'sha256-g/79p31nxpburxDpvQTuGvhB8Hm2iREkm1n9E7/HEkM=' 'sha256-TSbjSYUvIOxnflWi9SinQU/R1Dgzjn/80rp1S0uG1FY=' 'sha256-eat5b3AcJ7eMvhfnpHiViTTFti8K32IfnLdrDHB1rAE=' 'sha256-uEOJPKvF/qZ94I3NdP4yal/L91r/KfMn6Fcp7UgMS7Q=' 'sha256-mtREC3ob9pYVzlzNNzZFtO9BQf6wYyrrSzlR1MELUZc=' 'sha256-jXbO4t2TJ9ujFXiYN8Vp7JQSmjHNpUdKuoG2u2+xNd0=' 'sha256-MJ1OS9NFWlBWWq9n42b7edaqEp2kp0arIaNzNPPOxiY=' 'sha256-wMa1Vd3QJ5xpPtpicK6Zaf4u/BreQHt44Dtv1MKLnzA=' 'sha256-lB9gqVJLI4Z409iQKFmxUanwOUMRXbhtDHTPdrmh5HA=' 'sha256-u1u6sxuB/gmZ496a85GhWTsz3z2SzPLz0I30Gdl4RLQ=' 'sha256-bYd1RJLE4FhgYWB5ZsX4l5Y/PAZOfT4c6zI2DmD4CDs=' 'sha256-DqwQW63kuu7Spnxysa0Vf5s3vmFLj9qz2SRF6Wbc8qo=' 'sha256-McEW0A01K7b7JT/nnrC10FiGhlpf6kDzlt/svJZ3kdE=' 'sha256-CU/3qyak3xVdF/7MEk7RDhH99GvhIUnjpbs9wz9vRB0=' 'sha256-lKzSIYIbDDmhRNcLlFL4GsGRg8o43/jmeBIRhSRq67w='; style-src https: 'unsafe-inline' 'report-sample' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src https: data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://ssl.gstatic.com https://www.gstatic.com 'unsafe-inline'; media-src * blob: https: 'unsafe-inline'; 2 upgrade-insecure-requests; default-src 'self' chat.sameday.ro data: blob:; script-src 'self' https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro https://ajax.cloudflare.com https://*.wp.com https://*.hotjar.com https://*.gstatic.com https://*.fontawesome.com https://*.recaptcha.net https://consent.cookiebot.com https://*.googleapis.com https://*.facebook.net https://*.sameday.ro *.sameday.ro *.googlesyndication.com https://*.hotjar.com https://*.hotjar.io *.googlesyndication.com *.googleadservices.com 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' blob: data: webpack: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro https://*.doubleclick.net https://*.googleapis.com https://*.oribi.io https://*.zitec.dev https://*.zitec.com https://*.sameday.bg https://*.sameday.hu https://*.sameday.ro https://analytics.tiktok.com https://ib.adnxs.com wss://chat.sameday.ro *.sameday.ro wss://chat.sameday.ro *.googlesyndication.com *.linkedin.com wss://ws.hotjar.com https://*.hotjar.com https://*.hotjar.io https://content.hotjar.io https://ams.creativecdn.com *.googlesyndication.com *.googleadservices.com https://unpkg.com https://sourcemap.devowl.io; media-src *; object-src 'none'; child-src 'self' blob:; frame-src 'self' https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro https://*.googletagmanager.com https://*.google.com https://*.facebook.com https://*.youtube.com; worker-src 'self' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro blob:; manifest-src *; base-uri 'self'; form-action 'self' https://*.facebook.com; frame-ancestors https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro;; 2 frame-ancestors https://*.wafdbank.com 2 frame-ancestors 'self' https://*.revenue.io https://*.ringdna.net https://*.force.com 2 child-src js.stripe.com www.facebook.com; connect-src 'self' dz8rit8v72mig.cloudfront.net d3banl4fzuxsjl.cloudfront.net https://1.1.1.1 d94qwxh6czci4.cloudfront.net d1yz9u4jf6oqub.cloudfront.net wtp.siteperformancetest.net d6wfl40rgh70w.cloudfront.net https://siteperformancetest.net d1rk8r7fwbocot.cloudfront.net d3k4bt74u9esq1.cloudfront.net d1ezzflfzltk6e.cloudfront.net d3nocrch4qti4v.cloudfront.net duuytoqss3gu4.cloudfront.net df45ay5pw60dy.cloudfront.net pixel.pointmediatracker.com faro-collector-prod-us-east-2.grafana.net sdk.iad-01.braze.com wss://ws-mt1.pusher.com sockjs-mt1.pusher.com api.segment.io api2.branch.io cdn.segment.com firebaseinstallations.googleapis.com firebaseremoteconfig.googleapis.com firebaselogging-pa.googleapis.com maps.googleapis.com dataplane.rum.us-east-1.amazonaws.com cognito-identity.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com *.launchdarkly.com https://*.forter.com d3in1te4fdays6.cloudfront.net d1wix2gc2cgqis.cloudfront.net d3lqotgbn3npr.cloudfront.net analytics.google.com google.com www.google.com translate.googleapis.com wss://cdn0.forter.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.pci.favor.dev *.favordelivery.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com privacyportal.onetrust.com geolocation.onetrust.com https://*.sendbird.com wss://*.sendbird.com cdn.cookielaw.org www.googleadservices.com ads.nextdoor.com https://*.amplitude.com; frame-src js.stripe.com bid.g.doubleclick.net www.facebook.com www.googletagmanager.com td.doubleclick.net www.google.com; img-src 'self' cdn.branch.io https://file-us-3.sendbird.com https://s3.us-east-1.amazonaws.com/sendbird-us-3 pixel.pointmediatracker.com flask.nextdoor.com cdn.blisspointmedia.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com graph.facebook.com cdn.cookielaw.org https://braze-images.com https://favor-iac-media-c09c.s3.amazonaws.com data: blob:; script-src-elem 'self' 'unsafe-inline' https://d2aibw1rdya05u.cloudfront.net cdn.segment.com ads.nextdoor.com https://client.rum.us-east-1.amazonaws.com *.pci.favor.dev *.favorengineering.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net wss://cdn0.forter.com *.prod.favor.dev *.pci-np.favor.dev www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com app.link cdn.branch.io cdn.cookielaw.org https://www.gstatic.com; script-src 'self' 'unsafe-eval' 'report-sha256' https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net cdn.segment.com ads.nextdoor.com cdn.branch.io https://client.rum.us-east-1.amazonaws.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.prod.favor.dev *.pci-np.favor.dev js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' web-assets.favordelivery.com www.gstatic.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.favordelivery.com *.favorengineering.com *.prod.favor.dev *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/reportOnly; worker-src *.favordelivery.com 'self' blob:; frame-ancestors 'self' https://heb.com https://*.heb.com; 2 frame-ancestors resources.levelaccess.com 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net blob: https://tracking.g2crowd.com *.nitrocdn.com https://nitroscripts.com https://cdn.addevent.com https://code.highcharts.com https://static.addtoany.com https://js.intercomcdn.com https://js.hubspot.com/web-interactives-embed.js https://js.adsrvr.org *.vidyard.com https://cdn.wmxtools.com https://widget.intercom.io https://a.usbrowserspeed.com https://www.levelaccess.com https://www.influ2.com https://ct.capterra.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://gdata.youtube.com https://www.adnxs-simple.com https://www.adnxs.com https://www.googletagservices.com https://www.googleadservices.com https://www.doubleclick.net https://www.google.com https://t.influ2.com https://ajax.googleapis.com *.greenhouse.io https://bat.bing.com https://cdnjs.cloudflare.com https://cta-service-cms2.hubspot.com https://code.jquery.com https://connect.facebook.net https://cdn.bizible.com https://content.linkedin.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://dsp-creative.demandbase.com https://d.adroll.com https://forms.hsforms.com https://graph.facebook.com https://googleads.g.doubleclick.net https://google-analytics.com https://googletagmanager.com https://js.hscta.net https://js.facebook.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.qualified.com https://j.6sc.co https://resources.levelaccess.com https://a.levelaccess.com https://learn.levelaccess.com https://m.youtube.com https://stackpath.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://app.qualified.com/ https://platform.linkedin.com https://r.bing.com https://src.litix.io https://stackpath.bootstrapcdn.com https://s.adroll.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://www.hsforms.net https://www.hsforms.com https://cdnjs.cloudflare.com https://levelaccess.com/a/ https://levelaccess.com/a/previous-channels-assets/ *.googlesyndication.com *.googleadservices.com https://resources.levelaccess.com www.googletagmanager.com *.google.nl *.google.ca https://cdn.jsdelivr.net/npm/canvas-confetti@1.6.0/dist/confetti.browser.min.js *.cookiebot.com *.addtoany.com *.formhq.net *.google-analytics.com *.zoominfo.com https://js.adsrvr.org https://jsv3.recruitics.com/ https://cdn.rollbar.com/rollbarjs/refs/tags/v2.22.0/rollbar.min.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://unpkg.com/lottie-web@5.12.0/build/player/lottie.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://dev.visualwebsiteoptimizer.com https://load.sgtm.levelaccess.com https://sgtm.levelaccess.com https://content.hotjar.io https://browser.sentry-cdn.com;connect-src 'self' https://content.hotjar.io https://nitropack.io https://cta-service-cms2.hubspot.com https://nitropack.io https://insight.adsrvr.org https://vc.hotjar.io https://ipapi.co/json/ https://api-iam.intercom.io https://www.googletagmanager.com *.nitrocdn.com *.litix.io https://epsilon.6sense.com/v3/company/details https://px.ads.linkedin.com https://www.google-analytics.com https://c.6sc.co https://ipv6.6sc.co *.getnitropack.com https://t.influ2.com https://ws.qualified.com https://app.qualified.com https://js.qualified.com https://stats.g.doubleclick.net wss://ws.qualified.com wss://ws1.qualified.com wss://ws.hotjar.com https://sgtm.levelaccess.com https://tracking.g2crowd.com https://hubspot-forms-static-embed.s3.amazonaws.com data: https://forms.hsforms.com https://api.formhq.net https://api.hubapi.com *.hubapi.com https://ws.zoominfo.com https://analytics.google.com *.nitrocdn.com https://api.hubapi.com *.hubapi.com https://googleads.g.doubleclick.net *.doubleclick.net https://fast.wistia.net *.wistia.com https://yoast.com/ *.bing.com https://www.google.com https://google.com https://regional.google-analytics.com *.google-analytics.com *.googlesyndication.com *.google.nl *.google.ca *.googleadservices.com *.cookiebot.com https://dev.visualwebsiteoptimizer.com https://www.facebook.com https://tracking-api.g2.com;object-src embedwistia-a.akamaihd.net;child-src 'self' data: blob: https://www.google.com https://www.doubleclick.net https://www.googlesyndication.com https://www.adnxs.com https://www.facebook.com app.hubspot.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net www.youtube.com www.ub-assets.com www.cloudfront.net www.unbounce.com www.static.addtoany.com www.googletagmanager.com *.cookiebot.com;base-uri 'self' https://www.adnxs.com;form-action 'self' https://www.google.com https://www.facebook.com connect.facebook.net download.essentialaccessibility.com forms.hubspot.com forms.hsforms.com;worker-src 'self' blob: https://www.google.com;frame-src 'self' data: https://insight.adsrvr.org/ https://fast.wistia.com https://fast.wistia.net https://play.vidyard.com https://static.addtoany.com/ https://match.adsrvr.org/ https://www.googletagmanager.com/ https://td.doubleclick.net https://www.youtube.com https://www.cloudfront.net/ https://www.unbounce.com/ https://www.surveymonkey.com https://www.ub-assets.com/ https://app.qualified.com/ https://gdata.youtube.com *.greenhouse.io https://www.hubspot.com https://www.hsforms.net https://www.hsforms.com https://cdnjs.cloudflare.com https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://vars.hotjar.com/ forms.hsforms.com https://cdn.rollbar.com/rollbarjs/refs/tags/v2.22.0/rollbar.min.js https://jsv3.recruitics.com/ https://code.jquery.com/jquery-3.3.1.min.js https://dev.visualwebsiteoptimizer.com blob: https://sgtm.levelaccess.com;style-src 'self' 'report-sample' 'unsafe-inline' blob: *.google.com *.licdn.com *.nitrocdn.com *.cloudfront.net *.unbounce.com *.ub-assets.com *.qualified.com *.bing.com *.bootstrapcdn.com https://cdn.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://code.jquery.com/jquery-3.3.1.min.js https://js.adsrvr.org https://js.adsrvr.org/up_loader.1.1.0.js https://fast.wistia.com gdata.youtube.com fonts.googleapis.com https://levelaccess.com/a/previous-channels-assets/ https://levelaccess.com/a/previous-channels-assets/ https://resources.levelaccess.com www.googletagmanager.com;manifest-src 'self';media-src 'self' https://www.levelaccess.com blob: https://app.qualified.com data: https://*.wistia.com https://*.wistia.net;img-src 'self' https://fonts.gstatic.com https://www.levelaccess.com/a/ https://forms-na1.hsforms.com *.nitrocdn.com https://stats.g.doubleclick.net https://perf-na1.hsforms.com https://www.google.co.il https://www.google.de https://play.vidyard.com/ *.vidyard.com https://ps.w.org https://levelaccess.com https://cdn.addevent.com https://uploads-ssl.webflow.com https://imgsct.cookiebot.com *.nitrocdn.com *.linkedin.com https://s.w.org *.hubspot.com *.bing.com *.6sc.co *.facebook.com *.google.co.in *.google.com *.google.ca *.google.nl *.px.ads.linkedin.com https://www.google.com https://www.google.co.in https://forms.hsforms.com data: *.wistia.com https://*.wistia.net https://www.googletagmanager.com *.capterra.com https://www.google-analytics.com https://*.googleapis.com https://*.google.com https://dev.visualwebsiteoptimizer.com https://sgtm.levelaccess.com https://googleads.g.doubleclick.net;font-src 'self' https://stackpath.bootstrapcdn.com/ https://fonts.gstatic.com https://fast.wistia.com https://s0.wp.com https://cdn.rollbar.com/ https://jsv3.recruitics.com/ *.wistia.com https://cdnjs.cloudflare.com https://fast.wistia.net *.google.nl *.google.ca *.nitrocdn.com data:; 2 frame-ancestors 'self' *.comune.milano.it 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' kalibrr.com *.kalibrr.com kalibrr.id *.kalibrr.id kalibrr.ph *.kalibrr.ph kalibrr.vn *.kalibrr.vn *.blitzllama.com https://tally.so/ *.tally.so *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com appleid.cdn-apple.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net cdn.ckeditor.com https://optimize.google.com; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com https://optimize.google.com https://snap.licdn.com *.blitzllama.com https://tally.so/ *.tally.so; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 2 frame-ancestors 'self' http://emprotest:8080 http://emprolive:8080 http://emprodev:8080 http://ecm-live:8080 http://ecm-test:8080 2 default-src 'self' blob:; script-src https://*.visit-x.net http://*.visit-x.net https://*.visit-x.es http://*.visit-x.es https://*.visit-x.co.uk http://*.visit-x.co.uk https://*.visit-x.us http://*.visit-x.us 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com *.analytics.google.com https://analytics.google.com https://tagmanager.google.com *.campoints.net *.google-analytics.com browser-update.org *.zopim.com https://*.getsentry.com https://*.disqus.com https://*.disquscdn.com https://*.bing.com https://*.googleadservices.com data: https://disqus.com https://*.wowza.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://static.zdassets.com https://trck.spoteffects.net https://phyon.communipay.net; object-src 'self' *.vxcdn.org *.cpmessenger.io *.inethoster.org https://vjs.zencdn.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://optimize.google.com https://*.disquscdn.com https://*.wowza.com https://*.google.com https://fonts.googleapis.com; img-src *.visit-x.net *.visit-x.es *.visit-x.co.uk *.visit-x.us 'self' *.vxcdn.org *.cpmessenger.io *.inethoster.org *.campoints.net http://visitx.testunikat.com http://194.116.150.87/ https://*.maptilehoster.com *.google-analytics.com https://*.bing.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.com.ec https://*.google.de https://*.google.ch https://*.google.at https://*.google.es https://*.google.fr data: browser-update.org https://v2.zopim.com https://v2assets.zopim.io https://*.disquscdn.com https://*.disqus.com https://www.googletagmanager.com https://prod-railsapp.s3.amazonaws.com https://*.wowza.com https://*.gstatic.com https://trck.spoteffects.net https://phyon.communipay.net https://*.vxmodels.com https://cdn.jsdelivr.net https://*.vxmodelsites.com blob:; media-src 'self' *.vxcdn.org *.cpmessenger.io *.inethoster.org *.campoints.net stream.visit-x.tv blob: https://v2.zopim.com https://*.akamaihd.net https://bintu-h5live.nanocosmos.de https://cdn.jsdelivr.net https://static.zdassets.com; frame-src https://*.visit-x.net http://*.visit-x.net https://*.visit-x.es http://*.visit-x.es https://*.visit-x.co.uk http://*.visit-x.co.uk https://*.visit-x.us http://*.visit-x.us 'self' https://optimize.google.com *.analytics.google.com https://analytics.google.com *.campoints.net https://*.vxcdn.org https://*.cpmessenger.io https://*.inethoster.org https://*.youtube.com https://*.disqus.com https://disqus.com https://*.feedtures.com https://player.vimeo.com https://paytour.communipay.net https://checkout.communipay.net https://phyon.communipay.net https://*.sexole.com; child-src https://*.visit-x.net http://*.visit-x.net https://*.visit-x.es http://*.visit-x.es https://*.visit-x.co.uk http://*.visit-x.co.uk https://*.visit-x.us http://*.visit-x.us 'self' *.campoints.net blob:; font-src *.visit-x.net *.visit-x.es *.visit-x.co.uk *.visit-x.us 'self' fonts.gstatic.com data: https://*.zopim.com https://*.disquscdn.com; connect-src https://*.visit-x.net https://*.visit-x.es https://*.visit-x.co.uk https://*.visit-x.us 'self' wss://*.campoints.net wss://*.campoints.net:443 wss://websocket.campoints.net wss://ws.campoints.net wss://*.farm1.campoints.net wss://*.farm1.campoints.net:443 *.campoints.net *.vxcdn.org *.cpmessenger.io https://*.visit-x.tv *.google-analytics.com wss://*.zopim.com https://*.getsentry.com https://*.akamaihd.net https://*.disqus.com https://*.wowza.com https://stream.vxcdn.org https://latencytimer.azurewebsites.net/api/HttpTriggerJS1 *.vx-services.net https://ekr.zdassets.com https://visitxbv.zendesk.com wss://bintu-h5live.nanocosmos.de https://stats.g.doubleclick.net https://glog1.nanocosmos.de https://phyon.communipay.net *.inethoster.org *.services.vxmodels.com https://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io *.analytics.google.com https://analytics.google.com https://api.videosdk.live wss://*.rm.videosdk.live; 2 frame-src 'self' https://returns.jsautomotive.ie https://ecat.apecautomotive.co.uk https://www.google.com 2 frame-ancestors 'self' https://*.model-t.cc.commerce.ondemand.com https://*.freedom.com.au 2 default-src https://app-sj22.marketo.com; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' https://cdn.cookielaw.org https://app-sj22.marketo.com https://dyv6f9ner1ir9.cloudfront.net https://assets.adoberesources.net https://documentcloud.adobe.com https://kit.fontawesome.com/703ee20203.js https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://www.googletagmanager.com/ https://tag.demandbase.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://munchkin.marketo.net/ https://snap.licdn.com/ https://connect.facebook.net/ https://bat.bing.com/ https://cdn.mouseflow.com/ https://j.6sc.co/ https://js.storylane.io/ https://s.company-target.com/ https://static.addtoany.com/ https://pages.fiscalnote.com/ https://www.votervoice.net/ https://unpkg.com/ https://vjs.zencdn.net/ https://ajax.googleapis.com/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsforms.net/ https://fiscalnote.chilipiper.com/concierge-js/cjs/concierge.js https://js.zi-scripts.com/zi-tag.js https://js.hubspot.com/web-interactives-embed.js; style-src 'self' https://fonts.googleapis.com 'unsafe-hashes' 'unsafe-inline' https://hello.myfonts.net https://app-sj22.marketo.com https://*.typekit.net https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com/ https://pages.fiscalnote.com/ https://unpkg.com/ https://cdnjs.cloudflare.com/ https://vjs.zencdn.net/ https://dyv6f9ner1ir9.cloudfront.net/assets/css/shared/chatV2.css; img-src 'self' data: https://fiscalnote-marketing.s3.amazonaws.com https://app-sj22.marketo.com https://assets.adoberesources.net https://lh3.googleusercontent.com https://raw.githubusercontent.com/ https://image.freepik.com/ https://px.ads.linkedin.com/ https://api.company-target.com/ https://id.rlcdn.com/464526.gif https://www.facebook.com/ https://b.6sc.co/v1/beacon/ https://www.google.com/ https://bat.bing.com/ https://t.co/ https://www.google-analytics.com/ https://segments.company-target.com/ https://cdn.filestackcontent.com/ https://cdn.coverr.co/ https://info.votervoice.net/ https://www.linkedin.com https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://pages.fiscalnote.com/ https://vjs.zencdn.net/ https://cdn.pixabay.com/ https://images.unsplash.com/ https://i.postimg.cc/63XvymsK/ https://forms.hsforms.com/ https://track.hubspot.com/ https://forms-na1.hsforms.com/ https://perf-na1.hsforms.com/; connect-src 'self' https://cdn.cookielaw.org *.adobe.io wss://*.adobe.io https://ka-f.fontawesome.com https://www.google.com/ https://analytics.google.com/ https://api.company-target.com/ https://tag-logger.demandbase.com/ https://www.google-analytics.com/ https://c.6sc.co/ https://109-ill-989.mktoresp.com/ https://px.ads.linkedin.com/ https://ipv6.6sc.co/ https://geolocation.onetrust.com/ https://stats.g.doubleclick.net https://cdn.plyr.io/ https://vjs.zencdn.net/ https://forms.hscollectedforms.net/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://assets.adoberesources.net/loader.js.map https://fiscalnote.chilipiper.com/concierge-js/cjs/concierge.js.map https://assets.adoberesources.net/builds/ https://js.hs-banner.com/ https://js.zi-scripts.com/ https://cta-service-cms2.hubspot.com/; font-src data: 'self' https://fonts.gstatic.com https://*.typekit.net https://ka-f.fontawesome.com/; media-src https://fiscalnote-marketing.s3.amazonaws.com https://cdn.coverr.co/ https://fiscalnote2.ddev.site/path/to/captions.vtt https://stream.mux.com/ https://vjs.zencdn.net/ https://fiscalnote-marketing.s3.us-east-2.amazonaws.com/ https://info.votervoice.net/; frame-src https://fiscalnote.outgrow.us https://www.youtube.com https://app-sj22.marketo.com https://documentcloud.adobe.com https://www.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://s.company-target.com/ https://app.storylane.io/ https://fast.wistia.net/ https://pages.fiscalnote.com/ https://fiscalnote.chilipiper.com/ https://www.votervoice.net/ https://datawrapper.dwcdn.net/ https://fiscalnote-marketing.s3.amazonaws.com/ https://js.hsforms.net/ https://49236461.hs-sites.com/; form-action 'self'; base-uri 'self'; manifest-src 'self'; 2 default-src fonts.gstatic.com https://www.youtube.com *.salemove.com cdn.evgnet.com eastus-8.in.applicationinsights.azure.com cdn.intake-lr.com data: *.fintactix.com *.evergage.com *.doubleclick.net 'self'; style-src *.googleapis.com libs.salemove.com *.stackadapt.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline'; connect-src wss://localhost:* *.googleapis.com eastus-8.in.applicationinsights.azure.com js.monitor.azure.com cdnjs.cloudflare.com api.salemove.com poshie-chat-api.poshdevelopment.com sessions.bugsnag.com ws-mt1.pusher.com sockjs.pusher.com wss://ws-mt1.pusher.com https://notify.bugsnag.com/ forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com geolocation.onetrust.com cdn.cookielaw.org wss://pubsub.salemove.com *.salemove.com wss://kluster.salemove.com *.google.com *.doubleclick.net thefontzone.com *.stackadapt.com *.linkedin.com *.adsrvr.org *.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com pagead2.googlesyndication.com www.googleadservices.com *.mktoresp.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self'; img-src https://i.ytimg.com/ *.gstatic.com *.googleapis.com cdn.servicecu.org cdn.evergage.com forms-na1.hsforms.com cdn.cookielaw.org uploads.salemove.com *.linkedin.com bat.bing.com *.facebook.com *.google-analytics.com *.googletagmanager.com ade.googlesyndication.com adservice.google.com pixel.adswizz.com *.siteimproveanalytics.io *.linksynergy.com *.adroll.com *.adsrvr.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data:; frame-src https://player.vimeo.com/ https://www.youtube.com/ app.poshdevelopment.com servicefederalcu.us-6.evergage.com 'self' calculators.fintactix.com https://www.google.com https://servicecu.wd5.myworkdayjobs.com/ qltvideo.bvs.com https://consumer.optimalblue.com https://app.conferlending.com/ https://www.youtube-nocookie.com/ https://calculators.fintactix.com/ https://*.fintactix.com *.googletagmanager.com *.tiqcdn.com *.adsrvr.org https://servedby.flashtalking.com/ https://11982217.fls.doubleclick.net/; script-src *.googleapis.com 'unsafe-inline' js.monitor.azure.com cdnjs.cloudflare.com cdn.evgnet.com api.salemove.com eastus-8.in.applicationinsights.azure.com cdn.evergage.com 'unsafe-eval' data: cdn.cookielaw.org libs.salemove.com https://consumer.optimalblue.com *.poshdevelopment.com *.google.com *.gstatic.com *.googletagmanager.com js.hsforms.net bat.bing.com *.licdn.com *.facebook.net *.rainlocal.com *.tiqcdn.com pop6serve.com *.stackadapt.com *.adsrvr.org https://www.google-analytics.com/analytics.js siteimproveanalytics.com *.adroll.com *.marketo.net *.simpli.fi https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self'; media-src 'self' 2 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.6sc.co *.6sense.com *.ads-twitter.com *.clarity.ms *.cloudflareinsights.com *.doubleclick.net *.g2.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.greenhouse.io *.hotjar.com *.knock-ai.com *.parsely.com *.sentry-cdn.com *.storylane.io *.teamme.link *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.wp.com analytics.ahrefs.com analytics.tiktok.com bat.bing.com blob: cdn.cookielaw.org cdn.inspectlet.com cdn.noibu.com cdn.parsely.com cdn.salesfire.co.uk cdnjs.cloudflare.com connect.facebook.net data: dev.orca.security dev.visualwebsiteoptimizer.com euob.itstarsbuilding.com googleads.g.doubleclick.net hm.baidu.com j.6sc.co js.zi-scripts.com mc.yandex.ru munchkin.marketo.net obseu.itstarsbuilding.com orca.security pagead2.googlesyndication.com s.pinimg.com s.yimg.jp s0.wp.com sb.scorecardresearch.com snap.licdn.com static.ads-twitter.com static.chartbeat.com static.cloudflareinsights.com static.hotjar.com static.wdgtsrc.com stats.wp.com teammate.link tracking.g2crowd.com translate-pa.googleapis.com translate.googleapis.com try.orca.security unpkg.com widgets.wp.com www.gstatic.cn www.gstatic.com www.redditstatic.com yoast.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.6sc.co *.6sense.com *.ads-twitter.com *.clarity.ms *.cloudflareinsights.com *.doubleclick.net *.g2.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.greenhouse.io *.hotjar.com *.knock-ai.com *.parsely.com *.sentry-cdn.com *.storylane.io *.teamme.link *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.wp.com analytics.ahrefs.com analytics.tiktok.com bat.bing.com blob: cdn.cookielaw.org cdn.inspectlet.com cdn.noibu.com cdn.parsely.com cdn.salesfire.co.uk cdnjs.cloudflare.com connect.facebook.net data: dev.orca.security dev.visualwebsiteoptimizer.com euob.itstarsbuilding.com fast.wistia.net googleads.g.doubleclick.net hm.baidu.com j.6sc.co js.zi-scripts.com mc.yandex.ru munchkin.marketo.net obseu.itstarsbuilding.com orca.security pagead2.googlesyndication.com s.pinimg.com s.yimg.jp s0.wp.com sb.scorecardresearch.com snap.licdn.com static.ads-twitter.com static.chartbeat.com static.cloudflareinsights.com static.hotjar.com static.wdgtsrc.com stats.wp.com teammate.link tracking.g2crowd.com translate-pa.googleapis.com translate.googleapis.com try.orca.security unpkg.com widgets.wp.com www.gstatic.cn www.gstatic.com www.redditstatic.com yoast.com; style-src 'self' 'unsafe-inline' *.orca.security *.teamme.link *.wp.com data: fonts.googleapis.com orca.security p.typekit.net s0.wp.com sdk.teamme.link teammate.link try.orca.security widgets.wp.com www.googletagmanager.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.orca.security *.teamme.link *.wp.com data: fonts.googleapis.com job-boards.cdn.greenhouse.io orca.security p.typekit.net s0.wp.com sdk.teamme.link teammate.link try.orca.security widgets.wp.com www.googletagmanager.com www.gstatic.com; style-src-attr 'self' 'unsafe-inline'; font-src 'self' *.fontawesome.com *.hotjar.com *.migaku.com *.orca.security *.typekit.net *.wistia.com *.wistia.net *.wp.com data: fast.wistia.net fonts.gstatic.com res-1.cdn.office.net s0.wp.com s1.wp.com use.typekit.net; connect-src 'self' *.6sc.co *.6sense.com *.algolia.net *.algolianet.com *.bing.com *.bing.net *.clarity.ms *.edgemv.mux.com *.fastly.mux.com *.g.doubleclick.net *.g2.com *.google-analytics.com *.google.ae *.google.am *.google.at *.google.bg *.google.bt *.google.ca *.google.ch *.google.cl *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.uk *.google.co.uz *.google.co.za *.google.com *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.ee *.google.com.eg *.google.com.gt *.google.com.hk *.google.com.lb *.google.com.mx *.google.com.my *.google.com.ng *.google.com.ni *.google.com.np *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn *.google.de *.google.es *.google.fr *.google.ie *.google.iq *.google.lv *.google.nl *.google.pl *.google.pt *.google.ru *.google.se *.googleadservices.com *.googleapis.com *.googlesyndication.com *.greenhouse.io *.hotjar.io *.ingest.sentry.io *.ingest.us.sentry.io *.knock-ai.com *.linkedin.com *.litix.io *.marketo.net *.mktoutil.com *.mux.com *.onetrust.com *.orca.security *.pendo.io *.reddit.com *.redditstatic.com *.sentry-cdn.com *.sentry.io *.teamme.link *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.yoast.com *.zi-scripts.com 796-pbw-559.mktoresp.com abzbmmyyoz-dsn.algolia.net alb.reddit.com analytics.google.com api.parsely.com api.storylane.io cdn.cookielaw.org conversions-config.reddit.com data dev.visualwebsiteoptimizer.com epsilon.6sense.com fast.wistia.net geolocation.onetrust.com localhost my.productfruits.com my.yoast.com obseu.itstarsbuilding.com p1.parsely.com pagead2.googlesyndication.com pixel-config.reddit.com px.ads.linkedin.com public-api.wordpress.com region1.analytics.google.com secure.adnxs.com ssl.google-analytics.com static.chartbeat.com stats.g.doubleclick.net teammate.link teamme.link tracking-api.g2.com translate.googleapis.com widgets.wp.com ws.zoominfo.com wss: wss://*.hotjar.com www.facebook.com www.google.ad www.google.al www.google.az www.google.be www.google.bf www.google.by www.google.cd www.google.ci www.google.co.bw www.google.co.ls www.google.co.ug www.google.co.ve www.google.co.zm www.google.co.zw www.google.com.bh www.google.com.et www.google.com.fj www.google.com.gh www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.om www.google.com.qa www.google.com.sv www.google.com.uy www.google.cz www.google.dk www.google.dz www.google.ee www.google.fi www.google.ge www.google.hn www.google.hr www.google.hu www.google.it www.google.jo www.google.kz www.google.lk www.google.lu www.google.me www.google.mg www.google.mk www.google.mu www.google.mw www.google.no www.google.ro www.google.rs www.google.si www.google.sk www.google.sn www.google.sr www.google.tn www.googletagmanager.com yoast.com; img-src 'self' *.ads.linkedin.com *.amazonaws.com *.bing.com *.bing.net *.clarity.ms *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.bg *.google.bt *.google.by *.google.ca *.google.ch *.google.ci *.google.cl *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.com *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.ee *.google.com.eg *.google.com.gt *.google.com.hk *.google.com.kh *.google.com.kw *.google.com.mx *.google.com.my *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.cz *.google.de *.google.dk *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hu *.google.ie *.google.iq *.google.it *.google.jo *.google.la *.google.lk *.google.lu *.google.lv *.google.me *.google.mg *.google.mk *.google.mn *.google.mu *.google.nl *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.tn *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gravatar.com *.linkedin.com *.parsely.com *.pendo.io *.reddit.com *.supabase.co *.twitter.com *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.wordpress.com *.wp.com *.yahoo.co.jp *.ytimg.com b.6sc.co bat.bing.com blob: c.bing.com c.clarity.ms cdn.cookielaw.org data: dev.orca.security dev.visualwebsiteoptimizer.com en.wordpress.com fonts.gstatic.com images.parsely.com my.productfruits.com obseu.itstarsbuilding.com orca-2024-staging.go-vip.net orca.security p1.parsely.com pixel.wp.com pos.baidu.com s.w.org secure.adnxs.com stats.g.doubleclick.net storylane-prod-uploads.s3.us-east-2.amazonaws.com try.orca.security wpvip.com www.google.ad www.google.be www.google.bf www.google.bs www.google.cd www.google.cg www.google.cm www.google.co.bw www.google.co.ls www.google.co.mz www.google.co.tz www.google.co.zw www.google.com.ag www.google.com.bh www.google.com.bn www.google.com.cu www.google.com.et www.google.com.fj www.google.com.gh www.google.com.jm www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.py www.google.com.sv www.google.ee www.google.gg www.google.hr www.google.ht www.google.im www.google.is www.google.je www.google.kg www.google.ki www.google.kz www.google.lt www.google.md www.google.mv www.google.mw www.google.ne www.google.no www.google.rw www.google.sk www.google.sn www.google.so www.google.sr www.google.td www.google.tg www.google.tt www.gstatic.com yt3.ggpht.com; media-src 'self' *.amazonaws.com *.supabase.co *.wistia.com *.wistia.net blob: data: embed-ssl.wistia.com orca.security ssl.gstatic.com www.youtube.com; frame-src 'self' *.doubleclick.net *.facebook.com *.google.com *.googletagmanager.com *.greenhouse.io *.hotjar.com *.itstarsbuilding.com *.storylane.io *.visualwebsiteoptimizer.com *.wistia.com *.wistia.net *.youtube.com *.youtube.com.x.3d6775cf054690432b0ac4a01fda9c93f851.d045232a.clientid.sse.cisco-secure.com blob: block.sse.cisco.com calendly.com connect.useparagon.com docs.google.com gateway.zscalerthree.net loader.media orca.security recaptcha.net safe.menlosecurity.com translate.googleapis.com try.orca.security widgets.wp.com wordpress.com www.recaptcha.net; worker-src 'self' blob:; object-src 'self' *.wistia.com; frame-ancestors 'self' orca.security; form-action 'self' *.facebook.com *.orca.security orca.security translate.googleapis.com; manifest-src 'self' *.orca.security orca.security; report-uri https://report.centralcsp.com/68ab10d68ce2c6625c49ecd9; report-to csp-endpoint; 2 frame-ancestors 'self' https://trustseal.enamad.ir; 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: googletagmanager.com tagmanager.google.com *.googletagmanager.com www.googleadservices.com www.google.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.typekit.net *.episerver.net zefzhat.appspot.com *.hotjar.com *.hotjar.io *.google-analytics.com analytics.google.com code.jquery.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com googleapis.com api.siteattention.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.gstatic.com *.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com *.giosg.com t.lianacem.com static.ws.apsis.one static.ws-apac.apsis.one s3.amazonaws.com/beacon.pmmimediagroup.com/ static.ads-twitter.com js.monitor.azure.com ccchat-fi.telia.ee fonts.gstatic.com analytics.google.com bugcrowd.com assets.bugcrowdusercontent.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; font-src 'self' data: fonts.gstatic.com *.typekit.net storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.giosg.com *.giosgusercontent.com googleapis.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; img-src 'self' data: blob: about: googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google.it www.googletagmanager.com www.google.com pagead2.googlesyndication.com www.googleadservices.com google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se www.google.it *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io *.analytics.google.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com *.googleapis.com googleapis.com maps.gstatic.com fonts.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com cdn.datatables.net s3.amazonaws.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com i.ytimg.com *.episerver.net cdn2.siteattention.com amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com mb.cision.com gateway.zscloud.net *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.fbcdn.net *.flockler.com scontent.cdninstagram.com *.giosgusercontent.com *.giosg.com analytics.twitter.com t.co ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google.it pagead2.googlesyndication.com www.googleadservices.com www.google.com google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se www.google.it *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com *.typekit.net *.giosgusercontent.com *.giosg.com prospector.pmmimediagroup.com audience.ws.apsis.one t.lianacem.com googleapis.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com wss://ccchat-fi.telia.ee ccchat-fi.telia.ee px.ads.linkedin.com wss://www.upm.com t.lianacem.com px.ads.linkedin.com *.monitor.azure.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com googletagmanager.com tagmanager.google.com fonts.googleapis.com livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net use.fontawesome.com stackpath.bootstrapcdn.com cdn.jsdelivr.net cdn.datatables.net optimize.google.com *.giosg.com *.giosgusercontent.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-src 'self' data: www.googletagmanager.com *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com *.giosg.com go.upmspecialtypapers.com open.spotify.com upm.leadfamly.com form.apsis.one player.simplecast.com v.qq.com selectscience.net googleapis.com tools.eurolandir.com w.soundcloud.com bugcrowd.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-ancestors 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; media-src 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 2 frame-ancestors 'self' https://*.newamericanfunding.com https://*.nafcash.com https://*.nafhomes.com https://*.nafpromise.org https://*.optimizely.com https://*.nafconcierge.com/ 2 default-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: *; script-src-elem * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 2 connect-src 'self' content.layershift.com maps.googleapis.com vercel.live stats.layershift.com sentry-new.tidio.co socket.tidio.co api-v2.tidio.co api.stripe.com hcaptcha.com *.hcaptcha.com https: wss:; script-src 'self' content.layershift.com js.stripe.com *.js.stripe.com maps.googleapis.com vercel.live stats.layershift.com code.tidio.co widget-v4.tidiochat.com hcaptcha.com *.hcaptcha.com 'unsafe-inline' 'unsafe-eval'; frame-src *.js.stripe.com js.stripe.com hooks.stripe.com hcaptcha.com *.hcaptcha.com calendar.google.com; style-src 'self' fonts.googleapis.com https: 'unsafe-inline'; img-src content.layershift.com static.layershift.com maps.gstatic.com cdnjs.cloudflare.com data: https: 'self' data:; font-src 'self' content.layershift.com static.layershift.com fonts.gstatic.com https: data:; object-src 'none'; base-uri 'self' https://stats.layershift.com; form-action 'self'; frame-ancestors https://stats.layershift.com; block-all-mixed-content; upgrade-insecure-requests; 2 child-src 'self' ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com *.googleadservices.com googleadservices.com *.favi.cz *.favi.sk bat.bing.net *.seznam.cz bianopixel.com *.biano.sk *.bianopixel.com *.heureka.group *.zbozi.cz *.sjwoe.com *.cj.com *.consentmanager.net *.googlesyndication.com *.smartlook.cloud *.exponea.com *.creativecdn.com *.sentry.io *.lmc.cz *.ecomailapp.cz *.googleapis.com *.google-analytics.com *.google.com *.g.doubleclick.net *.google.cz *.google-analytics.com *.google.com *.g.doubleclick.net *.linkedin.oribi.io *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.bing.com *.biano.cz *.amazonaws.com *.pinterest.com *.clarity.ms *.mczbf.com *.facebook.com *.homecredit.cz *.jsdelivr.net *.packeta.com ws: ; default-src 'self' ; font-src 'self' *.zbozi.cz *.cj.com *.mapy.cz *.lmc.cz *.typekit.net *.gstatic.com *.mczbf.com *.clarity.ms data: ; form-action * 'unsafe-inline' ; frame-src 'self' *.gls-czech.cz *.google.com *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.sproutvideo.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz *.facebook.com *.vub.sk *.zbozi.cz *.szn.cz *.packeta.com ; frame-ancestors 'self' ; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' bat.bing.net *.360yield.com *.openx.net *.smartadserver.com *.outbrain.com *.3lift.com *.adscale.de *.casalemedia.com *.taboola.com *.udmserve.net *.zbozi.cz *.teads.tv *.emjcd.com *.blob.core.windows.net *.orangeclickmedia.com *.sonobi.com *.rubiconproject.com *.seedtag.com *.adnxs.com *.mapy.cz *.typekit.net *.gstatic.com *.googleapis.com *.zasilkovna.cz *.zasielkovna.sk *.packeta.com *.packeta.sk *.google.cz *.google.com creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.mczbf.com *.pinterest.com *.consentmanager.net *.seznam.cz *.bing.com *.cloudfront.net *.google-analytics.com *.facebook.com *.clarity.ms *.rooom.com *.yahoo.com *.amazonaws.com *.consentmanager.net *.ecpaper.cz *.doubleclick.net *.homecredit.cz *.creativecdn.com *.payu.com *.googlesyndication.com *.smartsuppcdn.com *.kdukvh.com *.googletagmanager.com *.heureka.cz *.heureka.sk *.heureka.group *.dotomi.com data: ; manifest-src 'self' ; media-src 'self' *.smartsuppcdn.com ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.favicdn.net bat.bing.net bianopixel.com *.biano.sk *.bianopixel.com *.heureka.cz *.heureka.sk *.heureka.group *.zbozi.cz *.cj.com *.exponea.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.favicdn.net bat.bing.net bianopixel.com *.bianopixel.com *.jsdelivr.net *.exponea.com *.mapy.cz *.lmc.cz *.twitter.com *.packeta.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz *.typekit.net *.etargetnet.com *.googlesyndication.com *.googleapis.com *.zbozi.cz *.heureka.cz *.heureka.sk *.heureka.group *.im9.cz im9.cz *.googleadservices.com googleadservices.com ; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' *.favicdn.net bat.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.net *.zbozi.cz *.cj.com *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.net *.mapy.cz *.lmc.cz *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz ; style-src-attr 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.net *.googletagmanager.com *.google-analytics.com *.facebook.net creativecdn.com *.creativecdn.com *.biano.cz *.biano.sk *.consentmanager.net *.pinimg.com *.cloudfront.net *.mczbf.com *.amazonaws.com *.pinterest.com *.doubleclick.net *.clarity.ms *.seznam.cz *.smartsuppchat.com *.bing.com *.smartsuppcdn.com *.smartlook.com unpkg.com *.unpkg.com *.rooom.com *.smartform.cz *.gstatic.com *.facebook.com *.google.com *.ecpaper.cz *.homecredit.cz; worker-src 'self' *.mczbf.com ; 2 default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 'self'; style-src-elem 'unsafe-inline' 'self' data: *.gstatic.com *.googleapis.com *.makewebstatic.com *.makewebeasy.com *.makewebeasy.net *.makewebcdn.com ; font-src 'self' data: *.gstatic.com *.googleapis.com *.makewebstatic.com *.makewebeasy.com *.makewebeasy.net *.makewebcdn.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-src 'none'; object-src 'none' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: fonts.gstatic.com fonts.googleapis.com *.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net td.doubleclick.net www.google-analytics.com *.google-analytics.com www.googletagmanager.com *.analytics.google.com googletagmanager.com region1.google-analytics.com translate.google.com analytics.google.com translate.googleapis.com ajax.googleapis.com *.force.com g.alicdn.com *.leadboxer.com *.cookielaw.org *.onetrust.com *.ads.linkedin.com px.ads.linkedin.com privacyportal-de.onetrust.com stats.g.doubleclick.net www.linkedin.com *.linkedin.com www.youtube-nocookie.com cdn-images.mailchimp.com www.google.be www.google.bg www.google.fi www.google.fr www.google.se www.google.ae www.google.dk www.google.ca www.google.ch www.google.com.br www.google.com.bd www.google.com.bo www.google.gr www.google.lt www.google.tn www.google.com.sa www.google.com.sg www.google.com.my www.google.com.mx www.google.com.tr www.google.com.tw www.google.com.au www.google.com.eg www.google.co.jp www.google.co.nz www.google.co.uk www.google.co.ma www.google.co.za www.google.co.in www.google.co.il www.google.co.id www.google.co.th www.google.co.tz www.google.com www.google.cl www.google.nl www.google.at www.google.ro www.google.ru www.google.rs www.google.rw www.google.de www.google.es www.google.pt www.google.pl www.google.ie www.google.it www.google.hr www.google.hu *.adsymptotic.com *.livechatinc.com script.hotjar.com vc.hotjar.io content.hotjar.io metrics.hotjar.io *.hotjar.com static.hotjar.com wss://ws.hotjar.com img.youtube.com *.pardot.com ortec.my.salesforce-sites.com ortec.us12.list-manage.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com cca-platform.s3.eu-west-3.amazonaws.com *.userlike.com go.ortec.com cdn.linkedin.oribi.io ws.zoominfo.com images.prismic.io *.prismic.io prismic.io prismic-io.s3.amazonaws.com s3.amazonaws.com js.zi-scripts.com i.ytimg.com yastatic.net analytics.ahrefs.com static.hsappstatic.net saml.saasprotection.com cdn.scite.ai infragrid.v.network www.google.ad www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.az www.google.ba www.google.bf www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.cd www.google.cf www.google.cg www.google.ci www.google.co.ck www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.dj www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.et www.google.com.fj www.google.fm www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.ht www.google.im www.google.iq www.google.is www.google.je www.google.com.jm www.google.jo www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lu www.google.lv www.google.com.ly www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.no www.google.com.np www.google.nr www.google.nu www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph google.com.ph www.google.com.pk www.google.pn www.google.com.pr www.google.ps www.google.com.py www.google.com.qa www.google.com.sb www.google.sc www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.com.tj www.google.tl www.google.tm www.google.to www.google.tt www.google.com.ua www.google.co.ug www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.co.zm www.google.co.zw www.google.cat google.com snap.licdn.com o4508414977966080.ingest.de.sentry.io use.typekit.net gateway.zscloud.net images.unsplash.com cdn.faceworks.nl plugin.sopro.io ; report-uri /api/csp-violation-report 2 frame-ancestors 'self' kedge.edu *.kedge.edu outlook.office365.com; 2 default-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' blob: *; style-src 'unsafe-inline' *; object-src 'self'; font-src 'self' data: *; connect-src *; img-src 'self' data: *; frame-src *; media-src *; 2 object-src 'self' blob:; base-uri 'self'; report-uri https://cspappdirect.report-uri.com/r/d/csp/reportOnly; worker-src 'self' blob:; 2 *; 2 default-src 'self' 'unsafe-inline' https: data: *.maribank.com.sg *.maribank.sg www.google-analytics.com www.googletagmanager.com wvjbscheme:; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 2 default-src 'self' 'unsafe-inline' https://app.storylane.io https://player.vimeo.com/ https://play.hubspotvideo.com *.hs-sites.com https://platform.twitter.com https://player.vimeo.com https://web.cvent.com https://83340.fs1.hubspotusercontent-na1.net https://ncontracts.applytojob.com https://fonts.googleapis.com https://www.facebook.com https://forms.hsforms.com https://view.ceros.com https://app.qualified.com https://cdnjs.cloudflare.com https://www.youtube.com/ *.hubspot.com *.hs-banner.com *.hsleadflows.net *.hs-analytics.net *.hsforms.net *.hsadspixel.net https://tracking.g2crowd.com *.cloudfront.net https://kit.fontawesome.com https://js.hs-scripts.com https://static.hsappstatic.net https://js.qualified.com https://rum-static.pingdom.net https://static.oktopost.com https://assets.revsure.cloud https://okt.to https://www.googletagmanager.com https://td.doubleclick.net https://snap.licdn.com *.esnlocco.com https://connect.facebook.net https://j.6sc.co https://bat.bing.com https://www.clarity.ms https://js.usemessages.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.gstatic.com *.fontawesome.com; script-src 'self' 'unsafe-inline' https://ws.zoominfo.com https://js.storylane.io https://scripts.clarity.ms/ https://obs.buzzfufighter.com/ https://ob.buzzfufighter.com/ https://player.vimeo.com/api/player.js https://platform.twitter.com https://platform.linkedin.com https://static.hsappstatic.net/ https://web.cvent.com/ https://www.ncontracts.com https://view.ceros.com https://tracking.g2crowd.com https://rum-static.pingdom.net https://cdnjs.cloudflare.com *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.hsforms.net https://kit.fontawesome.com https://static.oktopost.com https://js.qualified.com https://assets.revsure.cloud https://okt.to *.hsleadflows.net *.hubspot.com *.hs-banner.com https://www.googletagmanager.com *.cloudfront.net https://www.google.com https://snap.licdn.com https://www.gstatic.com *.esnlocco.com https://connect.facebook.net https://j.6sc.co https://bat.bing.com https://www.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://googleads.g.doubleclick.net https://js.usemessages.com; img-src 'self' https://obs.buzzfufighter.com/ https://273774.fs1.hubspotusercontent-na1.net https://www.trupointpartners.com https://c.clarity.ms https://www.googletagmanager.com https://83340.fs1.hubspotusercontent-na1.net https://cdnjs.cloudflare.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://px.ads.linkedin.com *.hsappstatic.net *.hs-embed-reporting.com https://b.6sc.co https://bat.bing.com *.esnlocco.com *.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px4.ads.linkedin.com; connect-src 'self' https://assets.revsure.cloud https://ob.buzzfufighter.com https://static.hsappstatic.net https://api.storylane.io https://obs.buzzfufighter.com/ https://j.clarity.ms https://js.hsforms.net/ https://www.googleadservices.com https://vimeo.com https://www.google-analytics.com https://tracking-api.g2.com https://stats.g.doubleclick.net https://secure.adnxs.com https//c.6sc.co https://www.facebook.com *.clarity.ms *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.fontawesome.com https://settings.luckyorange.net https://app.qualified.com https://api.rudderstack.com wss://*.qualified.com https://analytics.revsure.cloud https://px.ads.linkedin.com *.google.com https://ipv6.6sc.co *.esnlocco.com https://e.clarity.ms https://epsilon.6sense.com https://rum-collector-2.pingdom.net https://google.com;; upgrade-insecure-requests 2 frame-ancestors 'self' *.e-spirit.hosting; base-uri 'self' 2 default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https://www.youtube.com https://*.vimeo.com; connect-src 'self' https:; frame-src 'self' https:; frame-ancestors 'none'; font-src 'self' https://identity.mandai.com; object-src 'none'; 2 frame-ancestors https://*.babes.com 2 default-src 'self' 'unsafe-inline'; font-src 'self' *.hlx.live *.aem.live *.hlx.page *.aem.page *.pricefx.com *.gstatic.com *.marketo.com *.driftt.com *.adobeaemcloud.com; img-src 'self' about: *.hlx.live *.aem.live *.hlx.page *.aem.page *.scene7.com *.g2crowd.com *.g2.com data: *.google-analytics.com *.prod.bidr.io *.reddit.com *.co *.bizibly.com *.google.com *.linkedin.com *.bizible.com *.googletagmanager.com *.facebook.com *.twitter.com *.google.co.in *.marketo.com *.driftt.com *.adobeaemcloud.com *.hsforms.com *.hubspot.com; script-src 'self' blob: *.pricefx.com 'unsafe-inline' *.hotjar.io *.hlx.live *.aem.live *.hlx.page *.aem.page *.scene7.com *.addtoany.com *.redditstatic.com *.licdn.com *.zoominfo.com *.marketo.com *.g2crowd.com *.6sc.co *.g.doubleclick.net *.to *.pricefx.com *.marketo.net *.googletagmanager.com *.driftt.com *.google-analytics.com *.hotjar.com *.ads-twitter.com *.luckyorange.com *.linkedin.com *.zi-scripts.com *.bizible.com *.facebook.net *.metadata.io *.oktopost.com *.vimeocdn.com *.adobeaemcloud.com *.youtube.com *.hs-scripts.com *.hscollectedforms.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com; style-src 'self' *.hlx.live *.aem.live *.hlx.page *.aem.page 'unsafe-inline' *.scene7.com *.gstatic.com *.googleapis.com *.driftt.com *.pricefx.com *.marketo.com *.adobeaemcloud.com; connect-src 'self' *.hotjar.io wss://*.hotjar.com *.6sense.com *.production.g2.com *.zi-scripts.com *.zoominfo.com *.marketo.com *.pricefx.com *.doubleclick.net *.scene7.com *.jobscore.com *.g2crowd.com *.adnxs.com *.google.com *.tt.omtrdc.net *.aem.live *.hlx.live *.hlx.page *.aem.page *.mktoresp.com *.luckyorange.com *.reddit.com *.redditstatic.com *.linkedin.com *.google-analytics.com *.6sc.co *.adobeaemcloud.com *.platformapi.metadata.io *.api-gw.metadata.io *.hubspot.com *.hscollectedforms.net *.hubapi.com; frame-src 'self' *.g2.com *.hlx.live *.aem.live *.hlx.page *.aem.page *.pricefx.com *.googletagmanager.com *.doubleclick.net *.driftt.com *.addtoany.com *.adobeaemcloud.com *.youtube.com *.hubspot.com; media-src 'self' blob: *.scene7.com *.hlx.live *.aem.live *.hlx.page *.aem.page *.driftt.com *.adobeaemcloud.com; 2 object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 2 frame-ancestors 'self' *.opco.com opco.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv https://tags.bkrtx.com https://stags.bluekai.com https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://programarcita.claro.com.sv/ https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.kampyle.com https://*.medallia.com https://*.ads-twitter.com https://run.app https://*.twitter.com https://digitasgt.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.acuityplatform.com https://*.clarovideo.net https://*.claromusica.com https://i.ytimg.com https://*.seadform.net https://players.brightcove.net https://e.issuu.com https://*.claro.com.sv https://www.googleoptimize.com https://*.google.com https://cdn.agentbot.net https://*.amazonaws.com https://*.aivo.co https://cdn.jsdelivr.net https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com https://sv.mipagoclaro.com https://paquetes.miclaro.com.sv https://s.gravatar.com https://*.google.com.mx https://*.bing.com https://paquetes1.miclaro.com.sv https://*.prod.clarodigital.net https://*.run.app https://*.google.com.gt https://*.claro.com.gt https://static.ads-twitter.com https://*.clarity.ms https://*.gstatic.com https://universalplus.com https://*.teads.tv https://*.tiktok.com https://*.googleadservices.com https://connect.facebook.net; media-src mediastream: https://*.amazonaws.com; 2 frame-ancestors https://connext.conti.de/ http://localhost:* http://localhost:* https://localhost:*; 2 default-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://*.sender.mobi 'unsafe-inline'; frame-src 'self' https://*.gravatar.com https://*.google.com https://*.sender.mobi; script-src 'self' https://*.sender.mobi https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.gravatar.com https://www.google.com https://www.google.com.ua https://*.sender.mobi https://www.google-analytics.com https://*.gstatic.com data:; object-src 'self'; font-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com data:; style-src * blob: 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://*.sender.mobi https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; 2 base-uri 'self'; frame-src 'self' https://*.google.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://*.tiqcdn.com https://match.adsrvr.org https://insight.adsrvr.org https://experience.arcgis.com/ https://*.adform.net https://connect.facebook.net https://c1.adform.net https://platform.twitter.com/ https://a.flexbooker.com/ https://www.snappayglobal.com/ https://stage.snappayglobal.com/ https://www.youtube.com/ https://player.vimeo.com/ https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://*.arcgis.com https://hctra.maps.arcgis.com https://www.google.com/maps/ https://www.google.com/maps https://www.google.com https://www.trustedsite.com https://cse.google.com/ https://public.earthcam.net https://td.doubleclick.net; default-src 'self'; script-src 'self' 'unsafe-inline' https://js.adsrvr.org https://*.tiqcdn.com https://www.googleadservices.com https://*.clarity.ms https://t.clarity.ms https://*.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://qvdt3feo.com/events.js https://tags.srv.stackadapt.com https://connect.facebook.net https://*.adform.net https://www.clarity.ms https://ads.nextdoor.com https://platform.twitter.com/js/tweet.b81b6d7af2d75db873cff6099e4f433a.js https://platform.twitter.com/widgets.js https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://bam.nr-data.net https://js-agent.newrelic.com https://cse.google.com https://www.google.com/cse/ https://clients1.google.com https://www.google-analytics.com https://cdn.ywxi.net https://www.googletagmanager.com https://www.google.com https://*.gstatic.com https://www.trustedsite.com https://googleads.g.doubleclick.net https://google.com; img-src blob: data: 'self' https://www.facebook.com https://www.googleadservices.com https://tpc.googlesyndication.com https://insight.adsrvr.org https://dpm.demdex.net https://datacloud.tealiumiq.com https://cm.g.doubleclick.net https://match.adsrvr.org https://*.stackadapt.com https://tags.srv.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://*.mdhv.io https://*.clarity.ms https://c.clarity.ms https://pbs.twimg.com https://syndication.twitter.com https://cdn.ywxi.net https://smetrics.hctra.org https://clients1.google.com https://www.google.com/cse/ https://www.google-analytics.com https://www.googleapis.com/ https://ssl.gstatic.com https://encrypted-tbn0.gstatic.com/images https://encrypted-tbn1.gstatic.com/images https://encrypted-tbn2.gstatic.com/images https://encrypted-tbn3.gstatic.com/images https://traffic.houstontranstar.org https://www.adobe.com/images/shared/download_buttons/ https://www.googletagmanager.com https://googleads.g.doubleclick.net; object-src 'self'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://www.google.com/cse/static/; connect-src 'self' https://connect.facebook.net https://www.googleadservices.com https://insight.adsrvr.org https://*.tealiumiq.com https://*.clarity.ms https://*.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://qvdt3feo.com/events.js https://y.clarity.ms https://t.clarity.ms https://tags.srv.stackadapt.com https://*.adform.net https://www.google-analytics.com https://s3-us-west-2.amazonaws.com/mfesecure-public/host/ https://bam.nr-data.net https://triposcert.vantiv.com https://tripos.vantiv.com https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; form-action 'none'; frame-ancestors 'self'; report-uri /api/sessions/CspViolationLog/ReportViolation/ 2 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.ouhealth.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' *.hotjar.com guysandstthomas.shorthandstories.com *.trac.jobs www.google.com www.gstatic.com *.googletagmanager.com *.shorthand.com unpkg.com cdnjs.cloudflare.com *.webspellchecker.net *.visualwebsiteoptimizer.com *.cloudflare.com *.jsdelivr.net *.contentsquare.net *.teams.cdn.office.net; script-src-elem 'self' 'unsafe-inline' *.hotjar.com guysandstthomas.shorthandstories.com *.trac.jobs www.google.com www.gstatic.com *.googletagmanager.com *.shorthand.com unpkg.com cdnjs.cloudflare.com *.webspellchecker.net *.visualwebsiteoptimizer.com *.cloudflare.com *.jsdelivr.net *.contentsquare.net *.teams.cdn.office.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' https://www.guysandstthomas.nhs.uk data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.gstatic.com *.ytimg.com *.shorthandstories.com *.visualwebsiteoptimizer.com *.baidu.com *.hotjar.com *.trac.jobs *.contentsquare.net; frame-src 'self' *.youtube.com www.google.com; frame-ancestors 'self'; child-src blob:; font-src 'self' *.gstatic.com *.googleusercontent.com *.googleapis.com; connect-src 'self' *.hotjar.io *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.google.com *.g.doubleclick.net *.visualwebsiteoptimizer.com *.shorthand.com *.webspellchecker.net wss://*.hotjar.com *.cloudflare.com *.hotjar.com *.trac.jobs wss://ws.hotjar.com *.launchdarkly.com *.contentsquare.net; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src https://cdn.qapitalapp.net 'self'; style-src https://cdn.qapitalapp.net 'self' 'unsafe-inline'; script-src https://cdn.qapitalapp.net https://*.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net 'self' 'unsafe-inline'; object-src 'none'; img-src https://*.google-analytics.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://www.facebook.com 'self'; connect-src https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://stats.g.doubleclick.net https://analytics.tiktok.com 'self'; frame-ancestors 'none' 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com http://flex.msn.com http://www.googleadservices.com https://seal.digicert.com https://seal.verisign.com https://www.google.com https://www.googleadservices.com https://app-ab16.marketo.com https://www.gstatic.com https://www.googletagmanager.com https://s.go-mpulse.net https://googleads.g.doubleclick.net; connect-src 'self' 'unsafe-inline' http://localhost:9002 https://magtek.acipayonline.com:9002 *.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://www.officialpayments.com https://www.google.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://privacy-policy.truste.com https://seal.digicert.com *.google-analytics.com https://app-ab16.marketo.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://app-ab16.marketo.com; style-src 'self' 'unsafe-inline' https://app-ab16.marketo.com; object-src 'self' *.google-analytics.com; report-uri https://acipayonline.com/CSPFailuresHandler; frame-ancestors 'self' https://sa.peralta.edu 2 default-src 'self'; font-src 'self' data:; img-src 'self' data:; 2 default-src 'self';script-src 'self' https://www.havas.com https://www.havas.fr https://www.youtube.com https://yt.zone-secure.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.matomo.cloud/matomo.js htt ps://unpkg.com/friendly-challenge@0.9.11/widget.module.min.js 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdnjs.cloudflare.com 'unsafe-inline';object-src 'none';base-uri 'self'; connect-src 'self' https://region1.google-analytics.com https://www.google-ana lytics.com https://havasgroup-site.matomo.cloud https://www.havas.com https://www.havas.fr;font-src 'self' data:;frame-src 'self' https://gateway.euronext.com https://www.dailymotion.com https://www.youtube-nocookie.com https://geo.dailymotion.com https://player.vimeo.com https://sdk.co mpanywebcast.com;img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://s2.dmcdn.net/ https://s1.dmcdn.net/;manifest-src 'self';media-src 'self'; 2 default-src 'self' https://apiprod-bsaye6h6a5hbhzgm.a03.azurefd.net https://*.google.com/ https://*.gstatic.com/ https://*.google-analytics.com/ https://play.google.com/ https://*.googleapis.com; script-src 'self' https://*.google.com/ https://*.gstatic.com/ https://*.google-analytics.com/ https://*.googletagmanager.com https://*.facebook.net https://*.hotjar.com https://*.clarity.ms https://*.googleapis.com https://googleads.g.doubleclick.net 'unsafe-inline'; frame-src 'self' https://*.google.com/ https://*.gstatic.com/ https://*.youtube.com/ https://*.googletagmanager.com/ https://*.facebook.net; frame-ancestors 'none'; font-src 'self' data: https://fonts.gstatic.com/ https://pro.fontawesome.com/; style-src 'self' https://fonts.googleapis.com/ https://pro.fontawesome.com/ 'unsafe-inline'; img-src 'self' data: blob: https://apiprod-bsaye6h6a5hbhzgm.a03.azurefd.net https://drprod-gphdeze8e5bnfegs.a03.azurefd.net https://*.google-analytics.com/ https://*.googletagmanager.com https://*.facebook.net https://*.hotjar.com https://*.facebook.com https://*.google.com https://*.clarity.ms https://*.bing.com https://*.gstatic.com https://*.googleapis.com https://*.azurewebsites.net https://www.google.cl https://googleads.g.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.googleapis.com https://apiprod-bsaye6h6a5hbhzgm.a03.azurefd.net https://*.google.com https://*.clarity.ms https://*.googleadservices.com https://*.google.cl; object-src 'none'; base-uri 'self' 2 frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://tags.tiqcdn.com https://static.ads-twitter.com https://t.co https://di.rlcdn.com https://connect.facebook.net https://www.facebook.com https://d.agkn.com https://2530996.fls.doubleclick.net https://sb.scorecardresearch.com https://www.googletagmanager.com https://s.yimg.com https://sp.analytics.yahoo.com https://px.airpr.com https://dpx.airpr.com https://secure.adnxs.com https://schwab.demdex.net https://googleads.g.doubleclick.net https://adservice.google.com https://schwab.tt.omtrdc.net https://smetric.schwab.com https://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com; report-uri /report-csp-violation 2 img-src * *.commercecloud.salesforce.com *.thewatchbox.com *.govbergwatches.com *.the1916company.com *.imgix.net *.amazonaws.com *.placeholder.com *.cookielaw.org *.adyen.com 'self' data:;script-src 'self' 'unsafe-inline' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com *.reviews.io unsafe-inline *.bosslogics.com micro.dy.cloud.bosslogics.com *.adyen.com *.mobify-storefront.com 'unsafe-eval' https://runtime.commercecloud.com;script-src-attr 'self' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com *.reviews.io *.bosslogics.com micro.dy.cloud.bosslogics.com *.adyen.com *.mobify-storefront.com data:;connect-src 'self' 'unsafe-inline' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com *.reviews.io unsafe-inline *.bosslogics.com micro.dy.cloud.bosslogics.com *.adyen.com *.mobify-storefront.com https://runtime.commercecloud.com;default-src 'self';style-src 'self' * 'unsafe-inline' data:;style-src-elem 'self' 'unsafe-inline' * api.cquotient.com storage.googleapis.com *.cookielaw.org *.criteo.com *.audioeye.com *.google-analytics.com *.googletagmanager.com *.reviews.io unsafe-inline *.bosslogics.com micro.dy.cloud.bosslogics.com *.adyen.com *.mobify-storefront.com data:;frame-src 'self' * data: blob:;media-src 'self' *;object-src 'none';font-src 'self' * data:;frame-ancestors 'self' https://www.the1916company.com https://runtime.commercecloud.com;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests 2 default-src 'self'; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net blob:; script-src 'self' 'unsafe-inline' https://snap.licdn.com https://dam.santander.co.uk https://t.contentsquare.net https://app.contentsquare.com https://md-scp.kampyle.com https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://sc-static.net https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://lptag.liveperson.net https://lo.v.liveperson.net https://lo.msg.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net https://www.google.com https://google.com https://*.santander.co.uk https://rum.hlx.page/ https://www.redditstatic.com; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://ad.doubleclick.net https://conversions-config.reddit.com https://www.redditstatic.com https://pixel-config.reddit.com https://www.facebook.com https://adobedc.demdex.net https://edge.adobedc.net https://px.ads.linkedin.com https://tr.snapchat.com https://pagead2.googlesyndication.com https://dam.santander.co.uk https://events.launchdarkly.com https://app.launchdarkly.com wss://int-cb.santander.co.uk https://*.contentsquare.net https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://santanderuk.tt.omtrdc.net https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://*.bf.dynatrace.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://www.google.com https://google.com https://googleads.g.doubleclick.net https://*.santander.co.uk https://analytics-fe.digital-cloud-uk.medallia.eu; img-src 'self' https://*.contentsquare.net https://lpcdn.lpsnmedia.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' 'unsafe-inline' https://md-scp.kampyle.com; font-src 'self' https://dam.santander.co.uk; frame-src 'self' 'unsafe-inline' https://player.vimeo.com https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com https://activitymap.adobe.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net https://vimeo.com; object-src 'self'; media-src https://player.vimeo.com https://vimeo.com https://www.youtube.com https://lpcdn.lpsnmedia.net; worker-src blob:; 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; frame-src *; worker-src blob:; form-action 'self'; frame-ancestors 'self' https://a.cms.omniupdate.com; 2 default-src 'self';script-src 'self' https://bat.bing.com https://*.ceros.com https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://olivia.eu1.paradox.ai wss://ws.eu1.paradox.ai https://*.pardot.com https://player.vimeo.com https://www.youtube.com https://*.googleapis.com https://stg.eu1.paradox.ai/ wss://ws.stg.eu1.paradox.ai/ wss://ws.paradox.ai https://o1000039.ingest.sentry.io https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://stats.g.doubleclick.net https://stg.paradox.ai https://d25zu39ynyitwy.cloudfront.net https://s7g10.scene7.com https://cdn.cookielaw.org https://assets.adobedtm.com https://analytics.google.com https://*.analytics.google.com https://static.hotjar.com/ https://a.omappapi.com https://*.kerry.com https://app-ab33.marketo.com https://munchkin.marketo.net https://platform.twitter.com https://platform.linkedin.com https://www.googletagmanager.com https://code.jquery.com https://dnn506yrbagrg.cloudfront.net https://siteimproveanalytics.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://newdownload.seismic.com https://*.blob.core.windows.net https://js.hcaptcha.com/1/api.js https://hcaptcha.com/1/api.js https://script.hotjar.com https://www.gstatic.com https://a.opmnstr.com https://*.kerry.com https://kerry.tt.omtrdc.net https://snap.licdn.com https://connect.facebook.net https://*.marketo.com https://ipinfo.io https://www.kerrygroup.com https://otp.tools.investis.com https://kerry.cnddtid.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' fonts.gstatic.com blob: data: https://newdownload.seismic.com https://bat.bing.net https://bat.bing.com https://*.blob.core.windows.net https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://www.google.ie https://www.linkedin.com https://i.ytimg.com https://d25zu39ynyitwy.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://s7g10.scene7.com https://cdnkdc.azureedge.net https://cm.everesttech.net https://dpm.demdex.net https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://*.kerry.com https://6071260.global.siteimproveanalytics.io https://*.google-analytics.com data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://x.bidswitch.net https://www.facebook.com https://syndication.twitter.com https://*.hotjar.com https://www.kerrygroup.com https://insight.adsrvr.org https://match.sharethrough.com https://p.adsymptotic.com https://a.omappapi.com https://dev.day.com https://tags.bluekai.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://secure-gl.imrworldwide.com https://tags.rd.linksynergy.com https://match.adsrvr.org https://ads.scorecardresearch.com https://s.thebrighttag.com https://i.liadm.com https://ml314.com https://mid.rkdms.com https://match.sync.ad.cpe.dotomi.com https://odr.mookie1.com https://uipglob.semasio.net https://secure.insightexpressai.com https://eb2.3lift.com https://loadm.exelator.com https://usermatch.krxd.net https://su.addthis.com https://dmp.truoptik.com https://*.global.siteimproveanalytics.io https://www.google.com/ads/ga-audiences https://kerryportaldevreportsuite.112.2o7.net https://images.salsify.com https://maps.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://d25zu39ynyitwy.cloudfront.net https://s7g10.scene7.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://*.kerry.com; style-src-elem 'unsafe-inline' 'self' https://www.googletagmanager.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s7g10.scene7.com https://use.typekit.net https://p.typekit.net https://*.kerry.com https://*.marketo.com/ https://a.omappapi.com; connect-src 'self' https://bat.bing.com https://bat.bing.net https://www.facebook.com https://maps.googleapis.com https://analytics.google.com https://www.google.ie https://*.analytics.google.com https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://olivia.eu1.paradox.ai wss://ws.eu1.paradox.ai https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://stg.eu1.paradox.ai/ wss://ws.stg.eu1.paradox.ai/ wss://ws.paradox.ai https://stg.paradox.ai https://d25zu39ynyitwy.cloudfront.net https://dpm.demdex.net https://cdn.cookielaw.org https://s7mbrstream-g1.scene7.com https://s7g10.scene7.com https://privacyportal-de.onetrust.com https://*.algolia.net https://*.google-analytics.com https://stats.g.doubleclick.net https://www.kerrygroup.com https://*.hotjar.io https://in.hotjar.com wss://*.hotjar.com https://a.opmnstr.com https://munchkin.marketo.net https://117-tlu-222.mktoresp.com https://geolocation.onetrust.com https://smetrics.kerry.com https://*.hotjar.com https://*.kerry.com https://kerry.tt.omtrdc.net https://*.mktoresp.com https://*.omappapi.com https://*.tt.omtrdc.net/ https://*.marketo.com https://*.algolianet.com https://ipinfo.io https://www.kerrygroup.com https://otp.tools.investis.com https://kerryluxembourgsarl.hb.omtrdc.net https://adobedc.demdex.net https://edge.adobedc.net https://px.ads.linkedin.com https://www.google.com/ccm/collect https://addressvalidation.googleapis.com https://kerryshareholders-test.okta.com https://kerryshareholders-production.okta.com https://northeurope-2.in.applicationinsights.azure.com https://js.monitor.azure.com; font-src 'self' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://d25zu39ynyitwy.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://*.kerry.com https://script.hotjar.com; frame-src 'self' https://www.googletagmanager.com https://*.ceros.com https://5722629.fls.doubleclick.net/ https://www.youtube-nocookie.com https://kerry.demdex.net https://irs.tools.investis.com https://otp.tools.investis.com https://platform.twitter.com https://*.kerry.com https://vars.hotjar.com/ https://www.youtube.com https://www.google.com https://*.marketo.com/ https://www.facebook.com https://newassets.hcaptcha.com/ https://gateway.zscloud.net/; media-src 'self' blob: https://*.kerry.com https://*.scene7.com http://*.scene7.com https://cdnkdc.azureedge.net; worker-src 'self' blob: 2 child-src blob:; default-src 'self' data: https://*.redsift.com https://red-sift.prismic.io/ https://*.internal.prismic.io/* https://hook.integromat.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://*.wistia.com https://*.wistia.net; font-src 'self' https://*.redsift.com https://fonts.gstatic.com/ data: chrome-extension: moz-extension: safari-web-extension: https://*.hotjar.com https://*.wistia.com; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://*.google.co.uk https://googleads.g.doubleclick.net https://googletagmanager.com https://www.google-analytics.com https://www.google.com https://google.com https://*.google.com https://*.hotjar.com https://images.prismic.io https://*.internal.prismic.io/* https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://red-sift.cdn.prismic.io https://images.prismic.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.redsift.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com/recaptcha/ https://static.cdn.prismic.io/ https://prismic.io https://*.internal.prismic.io/* https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://munchkin.marketo.net/ https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://tag.clearbitscripts.com/v1/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tags.js https://reveal.clearbit.com/v1/companies/reveal https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/destinations.min.js https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tracking.min.js https://secure.oita4bali.com/js/151998.js https://secure.oita4bali.com/Track/Capture.aspx https://*.hotjar.com https://static.hotjar.com/c/hotjar-3150796.js https://j.6sc.co/j/80f37845-a767-46c9-9ad5-abb58133cf39.js https://j.6sc.co/6si.min.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://js.driftt.com https://widget.drift.com https://js.sentry-cdn.com https://challenges.cloudflare.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://cdn.jsdelivr.com https://cdn.jsdelivr.net; style-src 'self' blob: 'unsafe-inline' https://*.redsift.com https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://*.googlesyndication.com https://td.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://consentcdn.cookiebot.com https://red-sift.prismic.io/ https://*.internal.prismic.io/* https://www.youtube.com https://www.google.com https://*.hotjar.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://widget.drift.com https://challenges.cloudflare.com https://hemsync.clickagy.com; connect-src https://radar-lite.redsift.cloud 'self' https://*.redsift.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google-analytics.com https://*.google.com https://*.google.de https://*.google.no https://*.google.ca https://*.google.ch https://*.google.es https://*.google.it https://*.google.co.uk https://*.google.co.nz https://*.google.co.au https://*.google.nl https://*.google.fr https://*.google.be https://*.google.se https://*.google.pt https://images.prismic.io https://red-sift.cdn.prismic.io https://red-sift.cdn.prismic.io/api/v2 https://red-sift.cdn.prismic.io/api/v2/documents/search https://*.internal.prismic.io/* https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com https://px.ads.linkedin.com/attribution_trigger https://hook.integromat.com/ https://api-eu.customer.io/v1/webhook/40a4a49d472519b0 https://webto.salesforce.com https://api.github.com/repos/redsift/red-sift-website/dispatches https://*.mktoresp.com https://*.mktoutil.com https://*.ondmarc.com https://ondmarc.com https://ipforensics-svc.redsift.io/graphql https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://app.clearbit.com/v1/p https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.6sc.co/ https://c.6sc.co/ https://ipv6.6sc.co/ https://*.6sense.com/ https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://epsilon-globalaccelerator.6sense.com https://secure.adnxs.com/getuidj https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.algolia.net https://api.ipify.org wss://presence.api.drift.com https://aorta.clickagy.com https://hemsync.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com https://data.hockeystack.com https://browser-intake-datadoghq.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.redsift.com https://app.drift.com; report-uri https://o177043.ingest.sentry.io/api/1306227/security/?sentry_key=860eaee6b9674db6ac8d51d87a14fd84 2 frame-ancestors 'self' https://config.strato.de https://config.strato.de https://config.strato.es https://config.strato.fr https://config.strato-hosting.co.uk https://config.strato.nl https://config-staging.strato.de 2 connect-src 'self' *.tuerchen.com tuerchen.app *.tuerchen.app *.etracker.de *.etracker.com *.usercentrics.eu *.cmp.usercentrics.eu *.novomind.com *.ekomiapps.de *.google.de *.googleadservices.com *.google.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.bing.net *.bing.com *.trbo.com *.quantserve.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.fitrockr.com *.heyflow.com *.loyjoy.com *.moin.ai wss://bot.moin.ai *.qualtrics.com; default-src 'self'; font-src 'self' data: *.novomind.com font.gstatic.com *.tuerchen.app core.tuerchen.com *.loyjoy.com *.heyflow.cloud *.moin.ai; frame-ancestors 'self' *.hanse-merkur.de newapp.etracker.com localhost *.hokify.de www.dwin1.com; frame-src 'self' blob: hansemerkur.happymo.re *.usercentrics.eu *.cmp.usercentrics.eu youtube.com *.youtube.com *.youtube-nocookie.com *.novomind.com *.kasko.io *.kaskocloud.com *.google.com *.trbo.com *.facebook.com *.pantumdetect.com *.awin1.com *.hansemerkur.de *.hansemerkur-video.de *.hanse-merkur.de *.ad-srv.net *.mein-hmrv.de *.criteo.com www.public-hansemerkur.de outlook.office365.com calendly.com *.qualtrics.com *.doubleclick.net *.googletagmanager.com; img-src 'self' data: *.tuerchen.app core.tuerchen.com *.hmrv.de *.hansemerkur.de tile.geofabrik.de *.etracker.de *.etracker.com *.gstatic.com *.google-analytics.com *.novomind.com *.bing.net *.bing.com *.doubleclick.net *.usercentrics.eu *.cmp.usercentrics.eu *.google.com *.google.de *.trbo.com ekomi-ui.s3.amazonaws.com www.facebook.com *.quantcount.com *.quantserve.com lantern.roeye.com *.hansemerkur-vertriebsportal.de *.hansemerkur.de *.tradedoubler.com *.googletagmanager.com *.loyjoy.com *.heyflow.com *.moin.ai *.qualtrics.com *.public-hansemerkur.de; media-src 'self' *.hansemerkur-video.de *.youtube.com *.moin.ai; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tuerchen.app tuerchen.app www.happymo.re *.etracker.de *.etracker.com *.googletagmanager.com www.dwin1.com *.usercentrics.eu *.cmp.usercentrics.eu *.novomind.com *.bing.com *.google.com *.google-analytics.com *.kasko.io *.kaskojs.com *.ekomiapps.de *.doubleclick.net *.googleadservices.com *.trbo.com connect.facebook.net *.hanse-merkur.de *.quantserve.com *.quantcount.com lantern.roeyecdn.com *.signalize.com *.tradedoubler.com *.criteo.com *.fitrockr.com *.heyflow.com *.calendly.com *.loyjoy.com widget.moin.ai *.qualtrics.com; style-src 'self' 'unsafe-inline' *.tuerchen.app tuerchen.app www.etracker.de fonts.googleapis.com tagmanager.google.com *.googletagmanager.com *.novomind.com *.ekomiapps.de *.heyflow.com *.heyflow.cloud *.loyjoy.com *.moin.ai 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.yotpo.com *.googleapis.com *.fontawesome.com *.catchmarketingservices.com *.azureedge.net *.dynamics.com *.acsbapp.com *.zdassets.com *.zendesk.com *.bing.com *.hubspot.com *.zendesk-eu.my.sentry.io *.adobedc.net *.doubleclick.net *.google.com *.hsforms.net rjlportfolio.com *.githubusercontent.com rjlwebdesign.com *.githack.com *.tradecentric.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.punchout2go.com *.tradecentric.com *.yotpo.com *.google.com *.gstatic.com 'self' data: *.dynamics.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.punchout2go.com *.tradecentric.com *.wesupply.xyz https://wesupplylabs.com *.yotpo.com *.weltpixel.com *.dynamics.com *.azureedge.net *.githack.com *.doubleclick.net *.hsforms.net rjlwebdesign.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net data: *.yotpo.com *.postcodeanywhere.co.uk *.google.com *.google.co.in *.hubspot.com *.catchmarketingservices.com *.azureedge.net *.dynamics.com *.acsbapp.com acsbapp.com *.zdassets.com *.zendesk.com *.bing.com https://cdn2.hubspot.com/ *.hubspotusercontent-na1.net *.zendesk-eu.my.sentry.io *.adobedtm.com *.adobedc.net *.doubleclick.net *.spectrumchemical.com *.spectrumrx.com *.windows.net *.hsforms.net *.fontawesome.com rjlportfolio.com *.githubusercontent.com rjlwebdesign.com *.githack.com *.tradecentric.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.magento-ds.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com *.magento-datasolutions.com https://rum.hlx.page *.punchout2go.com *.tradecentric.com *.cloudflare.com *.yotpo.com https://www.googletagmanager.com tagmanager.google.com *.bing.com *.googletagmanager.com *.gstatic.com *.postcodeanywhere.co.uk *.resultspage.com *.resultsstage.com *.hsleadflows.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.catchmarketingservices.com *.azureedge.net *.mktdplp102cdn.azureedge.net mktdplp102cdn.azureedge.net *.dynamics.com *.acsbapp.com acsbapp.com *.zdassets.com *.zendesk.com *.hubspot.com *.hubspot.net *.zendesk-eu.my.sentry.io *.adobedc.net *.doubleclick.net *.githack.com *.googleapis.com *.hsforms.net *.fontawesome.com rjlportfolio.com *.githubusercontent.com rjlwebdesign.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com *.punchout2go.com *.tradecentric.com *.yotpo.com *.googleapis.com *.fontawesome.com tagmanager.google.com *.services.postcodeanywhere.co.uk *.google.com *.gstatic.com 'self' data: *.catchmarketingservices.com *.mktdplp102cdn.azureedge.net mktdplp102cdn.azureedge.net *.dynamics.com *.acsbapp.com acsbapp.com *.zdassets.com *.zendesk.com *.bing.com *.hubspot.com *.hubspot.net *.zendesk-eu.my.sentry.io *.adobedc.net *.doubleclick.net *.githack.com *.hsforms.net rjlportfolio.com *.githubusercontent.com rjlwebdesign.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com *.magento-datasolutions.com *.magento-ds.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io https://api.postgrid.com *.yotpo.com https://www.google-analytics.com *.bing.com *.services.postcodeanywhere.co.uk *.google-analytics.com *.hubspot.com *.spectrumrx.com *.spectrumchemical.com *.catchmarketingservices.com *.azureedge.net *.dynamics.com *.acsbapp.com acsbapp.com *.zdassets.com *.zendesk.com *.zendesk-eu.my.sentry.io *.adobedc.net *.doubleclick.net *.hsforms.net *.hsforms.com *.fontawesome.com rjlportfolio.com *.githubusercontent.com rjlwebdesign.com *.tradecentric.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.youtube.com youtube.com *.vimeo.com vimeo.com; img-src * data:; font-src * data:; style-src 'unsafe-inline' *; 2 frame-ancestors 'self' builder.io code.gist.build 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com tagmanager.google.com fonts.googleapis.com *.doubleclick.net *.clarity.ms *.gravatar.com *.hotjar.com *.aparat.com *.mediaad.org *.tavoos.net *.yektanet.com *.sanjagh.com *.sabavision.com *.najva.com *.jsdelivr.net *.googleapis.com *.pegah.tech *.w.org *.wp.com *.openstreetmap.org *.raychat.io *.goftino.com; 2 default-src 'none';child-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://youtube.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com wss://*.salesforce-sites.com data: blob:;connect-src 'self' https://*.adsymptotic.com https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.bing.com https://*.clarity.ms https://*.cookielaw.org https://*.contextweb.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.force.com https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.jwpcdn.com https://*.jwpsrv.com https://*.kore.ai https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.vimeo.com https://*.vimeocdn.com https://cdn.appdynamics.com https://cdnjs.cloudflare.com https://col.eum-appdynamics.com https://content.jwplatform.com https://google.com https://jwpsrv-vh.akamaihd.net https://stats.g.doubleclick.net https://vc.hotjar.io wss://*.hotjar.com wss://*.hotjar.io wss://*.kore.ai wss://*.salesforce-sites.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adsymptotic.com https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.bing.com https://*.clarity.ms https://*.cookielaw.org https://*.contextweb.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.force.com https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.jwpcdn.com https://*.jwpsrv.com https://*.kore.ai https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.mailchimp.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.vimeo.com https://*.vimeocdn.com https://cdn.appdynamics.com https://chimpstatic.com https://cdnjs.cloudflare.com https://code.jquery.com https://col.eum-appdynamics.com https://content.jwplatform.com https://jwpltx.com https://maxcdn.bootstrapcdn.com wss://*.kore.ai;img-src 'self' data: https://*.andanet.com https://*.adsymptotic.com https://*.adnxs.com https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.bing.com https://*.clarity.ms https://*.cookielaw.org https://*.contextweb.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.force.com https://*.formstack.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.jwpcdn.com https://*.jwpsrv.com https://*.kore.ai https://*.linkedin.com https://*.linkedin.oribi.io https://*.mailchimp.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.vimeo.com https://*.vimeocdn.com https://col.eum-appdynamics.com https://content.jwplatform.com https://google.com https://jwpltx.com https://openbadges.blob.core.windows.net https://placehold.co;media-src 'self' blob: data:;style-src 'self' 'unsafe-inline' https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.force.com https://*.formstack.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.kore.ai https://*.mailchimp.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://maxcdn.bootstrapcdn.com;font-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.mailchimp.com;frame-src 'self' https://*.andameds.com https://*.andameds.com:8443 https://*.andanet.com https://*.andanet.com:8443 https://*.clarity.ms https://*.cybersource.com https://*.doubleclick.net https://*.force.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.jwpcdn.com https://*.jwpsrv.com https://*.kore.ai https://*.mailchimp.com https://*.salesforce-sites.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.vimeo.com https://*.vimeocdn.com https://anda.formstack.com https://col.eum-appdynamics.com https://content.jwplatform.com wss://*.kore.ai 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.technipenergies.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://*.clarity.ms https://snap.licdn.com https://*.linkedin.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googlesyndication.com https://d3js.org https://cdn.jsdelivr.net https://*.ten.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://www.gstatic.com https://d3js.org; img-src 'self' data: *; frame-src 'self' https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com https://tools.eurolandir.com https://fr.zone-secure.net https://*.ten.com https://*.technipenergies.com https://sdk.companywebcast.com; frame-ancestors 'self' https://*.ten.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.linkedin.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.google.com https://google.com https://www.googletagmanager.com; report-uri /report-csp-violation 2 frame-ancestors 'self'; object-src 'none'; frame-src 'self' youtube.com www.youtube.com google.com www.google.com secure.livechatinc.com www.paypal.com paypal.com ct.pinterest.com accounts.google.com www.googletagmanager.com data:; 2 default-src 'self';report-uri https://sentry.ladderlife.com/api/5/security/?sentry_key=256f94429c2e43ef8fadcb036d4c7e92;manifest-src https://ddw3p1oh0ex89.cloudfront.net;script-src https://*.adroll.com https://*.facebook.net https://sdk.twilio.com https://cdn.humanapi.co/ https://ekr.zendesk.com 'sha256-c7M5EaJ4WdOCgAf4VR5PNAIx8Tfot/Q3Nsu8lkLFXlU=' https://static.zdassets.com https://cdn.jsdelivr.net/fingerprintjs2/1.5.1/fingerprint2.min.js 'sha256-28pWGDRYnND+KcXkQSsC8a7TlpIi4HPpfQ4OvqTUNY8=' https://*.zopim.com 'sha256-ZKu42s6NuuaVSSaKshRcJFOs1ctAeLMINp2+/JEaBWM=' https://*.linkedin.com/ https://ddw3p1oh0ex89.cloudfront.net https://*.adnxs.com/ https://www.googletagmanager.com https://*.twitter.com https://app.getsentry.com https://*.g.doubleclick.net https://maps.googleapis.com https://*.plaid.com wss://ladderlife.zendesk.com https://cdn.pbbl.co https://*.googlesyndication.com https://ads.nextdoor.com/public/pixel/ndp.js 'sha256-+9xfK56z1o8LjCn+r6aZvibnWQ4slrvpI04piONRQ5U=' 'sha256-I4sssOimP4aqQ3guQTL1/GuKKN/qcNxjkHE09MYMLQA=' https://www.google-analytics.com/analytics.js https://*.bizographics.com/ https://*.newrelic.com https://ekr.zdassets.com https://bam.nr-data.net https://www.google.com https://qp.delty.io/q1/HdwFxDxD.js https://zendesk-eu.my.sentry.io https://cdn.cookielaw.org/scripttemplates/ wss://api.smooch.io 'sha256-Od08hzv9y6Vx8fH7Kz8bVZJpiAMT3DkJyoEjYXh4t50=' 'sha256-EhImtpQrxfrzkUueM3popkaGrI5KZmBuHLwfmTZTphA=' https://*.bing.com 'sha256-lpUhVVDo2EzRH5vTU08BulB+rpSke0YpGJ6ZmllJNys=' https://api.smooch.io https://qp.delty.io/q1/t/client.min.js https://media.smooch.io https://static.ads-twitter.com/uwt.js https://*.licdn.com/ 'sha256-a9K368kgMI7sk9t0Bk3PLOztxYxCDfIYzxgb6aA1dEg=' https://ladderlife.zendesk.com wss://voice-js.roaming.twilio.com 'sha256-LROnOwSP0gZe2prEj+944RV8WJ3wSYUdpLr1amrGxFE=' https://*.googleadservices.com https://*.stripe.com;child-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://pay.prudential.com https://hapi-connect.humanapi.co https://pay-cert.prudential.com https://*.stripe.com;frame-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://pay.prudential.com https://hapi-connect.humanapi.co https://pay-cert.prudential.com https://*.stripe.com;style-src https://ddw3p1oh0ex89.cloudfront.net https://fonts.googleapis.com 'unsafe-inline';media-src https://static.zdassets.com https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net;img-src https://static.zdassets.com https://ddw3p1oh0ex89.cloudfront.net https: data: blob: https://accounts.zendesk.com https://*.zdusercontent.com https://media.smooch.io https://ladderlife.zendesk.com 'self';font-src https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net data: https://fonts.gstatic.com;connect-src https://www.google-analytics.com/ https://ekr.zendesk.com https://adservice.google.com https://eng.trkcnv.com/postBack https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net https://api.segment.io https://*.twitter.com https://maps.googleapis.com https://*.google.com https://www.facebook.com wss://ladderlife.zendesk.com https://stats.g.doubleclick.net/ https://*.googlesyndication.com https://ekr.zdassets.com https://cdn.cookielaw.org/ https://bam.nr-data.net https://www.google.com https://geolocation.onetrust.com/ wss://api.smooch.io https://*.bing.com https://stripe.com https://api.smooch.io https://sentry.ladderlife.com wss://*.zopim.com https://ladderlife.zendesk.com https://fonts.googleapis.com https://out.stashinvest.com/event https://*.stripe.com 'self' https://privacyportal.onetrust.com/;frame-ancestors https://banking.radiusbank.com/ https://*.lendingclub.com/; 2 default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://cdn.consentmanager.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.getresponse.com https://an.gr-wcon.com *.gr-cdn.com https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://cdn.curator.io https://static.etracker.com https://www.etracker.de https://code.etracker.com https://*.delivery.consentmanager.net https://cdn.consentmanager.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsforms.net;style-src 'self' 'unsafe-inline' https://cdn.consentmanager.net/ *.getresponse.com https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com https://cdn.curator.io https://www.youtube.com;img-src 'self' data: https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://media-exp1.licdn.com https://*.fbcdn.net https://yt3.ggpht.com https://i.ytimg.com *.google.ae/ads/ *.google.al/ads/ *.google.am/ads/ *.google.at/ads/ *.google.ba/ads/ *.google.be/ads/ *.google.bg/ads/ *.google.bj/ads/ *.google.by/ads/ *.google.ca/ads/ *.google.cd/ads/ *.google.ch/ads/ *.google.cl/ads/ *.google.cn/ads/ *.google.co.id/ads/ *.google.co.il/ads/ *.google.co.in/ads/ *.google.co.jp/ads/ *.google.co.kr/ads/ *.google.co.ma/ads/ *.google.co.nz/ads/ *.google.co.th/ads/ *.google.co.uk/ads/ *.google.co.uz/ads/ *.google.co.za/ads/ *.google.com.au/ads/ *.google.com.bd/ads/ *.google.com.br/ads/ *.google.com.co/ads/ *.google.com.cy/ads/ *.google.com.ec/ads/ *.google.com.eg/ads/ *.google.com.hk/ads/ *.google.com.jm/ads/ *.google.com.lb/ads/ *.google.com.mx/ads/ *.google.com.my/ads/ *.google.com.ng/ads/ *.google.com.np/ads/ *.google.com.ph/ads/ *.google.com.pk/ads/ *.google.com.qa/ads/ *.google.com.sa/ads/ *.google.com.sg/ads/ *.google.com.tr/ads/ *.google.com.tw/ads/ *.google.com.ua/ads/ *.google.com.uy/ads/ *.google.com.vn/ads/ *.google.com/ads/ *.google.cz/ads/ *.google.de/ads/ *.google.dk/ads/ *.google.dz/ads/ *.google.es/ads/ *.google.fi/ads/ *.google.fr/ads/ *.google.gr/ads/ *.google.gy/ads/ *.google.hr/ads/ *.google.hu/ads/ *.google.ie/ads/ *.google.it/ads/ *.google.jo/ads/ *.google.li/ads/ *.google.lt/ads/ *.google.lu/ads/ *.google.lv/ads/ *.google.md/ads/ *.google.mk/ads/ *.google.mu/ads/ *.google.nl/ads/ *.google.no/ads/ *.google.pl/ads/ *.google.pt/ads/ *.google.ro/ads/ *.google.rs/ads/ *.google.ru/ads/ *.google.se/ads/ *.google.si/ads/ *.google.sk/ads/ *.google.tn/ads/ https://*.delivery.consentmanager.net *.hsforms.com *.hubspot.com;font-src 'self' https://fonts.gstatic.com https://cdn.curator.io data:;connect-src 'self' *.getresponse.com https://stats.g.doubleclick.net https://www.google-analytics.com *.cloudfront.net https://api.curator.io https://www.etracker.de https://consentmanager.mgr.consensu.org https://*.delivery.consentmanager.net *.hscollectedforms.net;frame-src 'self' https://ce1.eu/triangle/ https://www.ce1.eu/triangle/ *.getresponse.com https://register.gotowebinar.com https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net https://vimeo.com https://webcast2.promeas.com/ https://player.vimeo.com/ https://www.brn-ag.de/ https://soziale-anwendung.de/ https://www.youtube.com/embed/ https://www.youtube-nocookie.com/ https://mediathek.promeas.com/ *.hsforms.net *.hsforms.com;media-src 'self' blob: https://curator-assets.b-cdn.net *.cloudfront.net/jenoptik/ https://video.twimg.com;worker-src blob:;report-uri https://jeno.report-uri.com/r/d/csp/enforce 2 default-src https: data: blob: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; 2 frame-ancestors http://*.donstroy.moscow https://*.donstroy.moscow http://donstroy.moscow https://donstroy.moscow http://webvisor.com http://webvisor.ru http://webvisor.by http://webvisor.com.tr https://webvisor.com https://webvisor.ru https://webvisor.by https://webvisor.com.tr https://metrika.yandex.com https://metrika.yandex.com.tr https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://metrica.yandex.ru https://metrica.yandex.by https://awards.ratingruneta.ru https://sales.donstroy.moscow http://sales.donstroy.moscow https://pmp-a.dev.blue-ant.ru http://pmp-a.dev.blue-ant.ru 2 font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com js.stripe.com https://*.dpdconnect.nl *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cookiebot.com *.cookiebot.eu futy-io.s3.eu-west-2.amazonaws.com api.justreview.co justreview.co https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com https://*.dpdconnect.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com consent.cookiebot.com consent.cookiebot.eu *.futy.io api.justreview.co justreview.co apis.google.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com api.justreview.co justreview.co google.com maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://maps.googleapis.com https://player.vimeo.com *.futy.io api.justreview.co ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors *; 2 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js www.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.fontawesome.com use.fontawesome.com www5.smartadserver.com www.smartadserver.com https://id5-sync.com/ https://ced.sascdn.com/ *.sascdn.com www.congressweb.com https://embed.podcasts.apple.com https://form.asana.com video.theassociationpartner.com *.salespanel.io *.visitorqueue.io *.marinsm.com *.licdn.com *.adnxs.com *.contextweb.com *.amazonaws.com *.inspectlet.com *.googlesyndication.com *.prfct.co *.moatads.com *.googleadservices.com *.doubleclick.net *.processwebsitedata.com *.datasteam.io *.sitedataprocessing.com *.id5-sync.com *.ads-twitter.com *.liadm.com *.usbrowserspeed.com https://www.k12insight.com/ cdnjs.cloudflare.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com www5.smartadserver.com www.congressweb.com video.theassociationpartner.com *.sitedataprocessing.com https://www.k12insight.com/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.aasa.org *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com placeimg.com www5.smartadserver.com *.sascdn.com picsum.photos *.picsum.photos *.adnxs.com *.pontiac.media *.googletagmanager.com *.smartadserver.com *.linkedin.com *.thrtle.com *.prfct.co *.twitter.com *.addthis.com *.yahoo.com *.openx.net *.rubiconproject.com *.doubleclick.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com use.fontawesome.com; frame-src 'self' *.doubleclick.net *.youtube.com video.theassociationpartner.com/ *.snapwidget.com snapwidget.com *.apple.com *.podbean.com *.soundcloud.com *.sascdn.com https://www.googletagmanager.com/ *.k12insight.com https://i.liadm.com/ *.padlet.com padlet.com *.padlet.net padlet.net web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://www.google.com https://www.googleadservices.com/ *.mktoresp.com *.fontawesome.com www5.smartadserver.com www.congressweb.com https://embed.podcasts.apple.com https://id5-sync.com analytics.google.com *.smartadserver.com *.ipify.org *.ipinfo.io *.inspectlet.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.youtube.com video.theassociationpartner.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www5.smartadserver.com https://id5-sync.com www.congressweb.com https://embed.podcasts.apple.com video.theassociationpartner.com https://snapwidget.com www.podbean.com 'self' web-chat.nativechat.com; frame-ancestors 'self' 2 frame-ancestors 'self' https://jobcloud.ch https://www.jobcloud.ch https://jobs.ch https://www.jobs.ch https://jobup.ch https://www.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://www.jobscout24.ch https://jobscout24.ch https://impieghi.ch https://www.impieghi.ch https://www.stellenmarkt.ch https://stellenmarkt.ch https://www.jobbasel.ch https://www.jobbern.ch https://www.jobmittelland.ch https://www.myjob.ch https://www.ostjob.ch https://www.zentraljob.ch https://www.rhenus.com https://rhenus.com https://www.rhenus-truckerjobs.com https://www.lager-mitarbeiter.de 2 default-src 'self'; img-src 'self' https://syndication.twitter.com https://secure.gravatar.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.googletagmanager.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.omnicomgroup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js https://www.omnicomgroup.com https://platform.twitter.com https://www.google-analytics.com https://static.addtoany.com https://code.jquery.com https://cdn.cookielaw.org https://www.googletagmanager.com https://omnicom-privacy-cdn.my.onetrust.com; connect-src 'self' https://investor.omnicomgroup.com https://omnicom.q4web.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://omnicom-privacy-cdn.my.onetrust.com https://omnicom-privacy.my.onetrust.com; style-src 'self' 'unsafe-inline' https://omnicom-privacy-cdn.my.onetrust.com; frame-src 'self' https://static.addtoany.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com youtube.com www.youtube.com; font-src 'self' https://omnicom-privacy-cdn.my.onetrust.com data:; worker-src 'self' https://www.omnicomgroup.com blob:; 2 default-src 'self' ; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://static.cloudflareinsights.com https://eu2.snoobi.eu http://eu2.snoobi.eu https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; worker-src 'self' blob:; style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: blob: https://images.ctfassets.net https://imgsct.cookiebot.com/ https://luontoon-fi-assets.s3.eu-north-1.amazonaws.com https://luontoon-fi-cms-test.druid.fi https://luontoon-fi-cms-staging.druid.fi https://luontoon-fi-cms-production.druid.fi https://lipas-data.s3.eu-north-1.amazonaws.com https://s3.eu-central-1.amazonaws.com https://cdn-datahub.visitfinland.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; font-src 'self' https://script.hotjar.com; connect-src 'self' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://static.cloudflareinsights.com https://www.luontoon.fi https://luontoon-fi-cms-test.druid.fi https://luontoon-fi-cms-staging.druid.fi https://luontoon-fi-cms-production.druid.fi https://eu2.snoobi.eu https://luontoon.fi https://www.luontoon.fi https://tiles.stadiamaps.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src https://consent.cookiebot.com https://consentcdn.cookiebot.com https://challenges.cloudflare.com https://www.youtube.com; object-src 'none'; base-uri 'self'; form-action 'self'; 2 script-src-elem *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com unpkg.com *.greencolumnart.com *.hotjar.com *.cloudfront.net *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.googletagmanager.com *.newrelic.com *.cloudflare.com *.facebook.net googleads.g.doubleclick.net *.crazyegg.com *.victoriassecret.cl 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com *.cdnfonts.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.facebook.net *.victoriassecret.cl maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com webpay3g.transbank.cl webpay3gint.transbank.cl *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.googletagmanager.com *.doubleclick.net *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com mercadopago.cl/ *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.oraclecloud.com *.guess.cl *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.ads-twitter.com t.co *.twitter.com *.bing.net *.klaviyo.com *.cloudflare.com *.facebook.net *.victoriassecret.cl *.google.com.co *.google.com.cl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net *.soicos.com *.verificado.ai *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.ads-twitter.com *.klaviyo.com *.cloudflare.com *.braintreegateway.com *.victoriassecret.cl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com assets.braintreegateway.com *.tagmanager.google.com *.googletagmanager.com *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.cl *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self' 'unsafe-inline'; media-src *.adobe.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.cl wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.twitter.com *.ads-twitter.com *.bing.net *.klaviyo.com *.cloudflare.com *.crazyegg.com *.braintreegateway.com *.victoriassecret.cl *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl http: https: blob: 'self' 'unsafe-inline'; default-src *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com *.emarsys.net *.visualwebsiteoptimizer.com *.varify.io *.whatsapp.com *.pushcrew.com *.vwo.com *.vwo.io *.cloudflare.com *.facebook.net *.victoriassecret.cl 'self' 'unsafe-inline'; 2 frame-ancestors *.dreampairs.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://cdn.bc0a.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://cruelly-unknown-chipmunk.pgsdemo.com https://assets.sitescdn.net https://cdn.cookielaw.org https://www.clarity.ms https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://s.pinimg.com https://js.adsrvr.org https://y.clarity.ms https://j.clarity.ms https://o.clarity.ms https://ct.pinterest.com https://www.facebook.com https://www.youtube.com https://scripts.clarity.ms; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://assets.sitescdn.net; font-src 'self' https://use.typekit.net; img-src 'self' data: https://l.sharethis.com https://platform-cdn.sharethis.com https://cdn.cookielaw.org https://c.clarity.ms https://www.facebook.com https://c.bing.com https://www.googletagmanager.com; connect-src 'self' https://ixfd2-api.bc0a.com https://l.sharethis.com https://www.google.com https://www.gstatic.com https://analytics.google.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.clarity.ms https://geolocation.onetrust.com https://ct.pinterest.com https://l.clarity.ms https://y.clarity.ms https://www.google-analytics.com https://privacyportal.onetrust.com https://insight.adsrvr.org https://www.facebook.com https://o.clarity.ms https://d.clarity.ms https://j.clarity.ms https://app-cdn.bc0a.com https://app-cf.bc0a.com; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://cruelly-unknown-chipmunk.pgsdemo.com https://ct.pinterest.com https://insight.adsrvr.org https://match.adsrvr.org https://www.facebook.com https://www.youtube.com; object-src 'none'; base-uri 'self'; 2 default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de ;img-src 'self' data: *.materna.de *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 2 frame-ancestors 'self' mopinion.com app.mopinion.com 2 default-src 'self' https:; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; worker-src blob:; 2 script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: https://bat.bing.com https://ftlaunchpad.ai https://hits3.livemarketshoppers.com https://build.1pdata.app https://cdn.omniconvert.com https://*.clopay.com/ https://*.clopaydoor.com/ https://*.googleapis.com https://*.dynatrace.com https://rawgit.com https://*.jquery.com https://*.jsdelivr.net https://www.youtube.com/ https://www.google-analytics.com https://*.googletagmanager.com https://*.freshchat.com https://*.cloudflare.com http://www.pagespeed-mod.com https://*.google-analytics.com https://*.google.com https://*.bazaarvoice.com https://*.monitor.azure.com https://*.pinimg.com https://*.marketingcloudfx.com https://*.leadmanagerfx.com https://*.adsrvr.org https://*.hotjar.com https://*.facebook.net https://*.licdn.com https://*.cornellcookson.com https://www.gstatic.com https://acsbapp.com https://*.dstillery.com https://*.media6degrees.com https://*.iesnare.com https://acuityplatform.com https://ct.pinterest.com/ https://googleads.g.doubleclick.net/ https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ https://tags.srv.stackadapt.com https://c.webfxcapi.com https://*.invocacdn.com https://www.redditstatic.com/ https://loader.nutshell.com/ https://acdn.adnxs.com/; style-src 'self' 'unsafe-inline' https://*.clopay.com/ https://*.clopaydoor.com/ https://*.bazaarvoice.com https://*.googleapis.com/ https://*.cornellcookson.com https://*.clopaydoor.com https://*.freshchat.com https://tags.srv.stackadapt.com; img-src 'self' data: blob: https://c.webfxcapi.com/ https://www.google.com https://bat.bing.com https://ftlaunchpad.ai https://hits3.livemarketshoppers.com https://build.1pdata.app https://*.azurewebsites.net/ https://www.google-analytics.com/ https://i.ytimg.com/ https://www.facebook.com https://*.pinterest.com https://*.googleapis.com https://*.gstatic.com https://www.googletagmanager.com https://www.google.co.in https://*.linkedin.com https://*.clopaydoor.com https://*.doubleclick.net https://*.bazaarvoice.com https://*.adsrvr.org https://*.rubiconproject.com https://tags.srv.stackadapt.com https://*.reddit.com/ https://*.adnxs.com/; object-src 'none'; form-action 'self' https://*.clopay.com/; base-uri 'none'; font-src 'self' data: https://*.gstatic.com https://*.googleapis.com; default-src 'self' https://app.omniconvert.com https://*.clopay.com/ https://*.clopaydoor.com/ https://*.linkedin.com https://*.applicationinsights.azure.com https://*.google.com https://*.acsbapp.com https://*.marketingcloudfx.com https://*.doubleclick.net wss://ws.hotjar.com https://*.hotjar.io https://*.dynatrace.com https://*.facebook.com/ https://*.leadmanagerfx.com https://acsbapp.com/ https://*.cornellcookson.com https://*.freshchat.com https://*.adsrvr.org https://www.google-analytics.com https://www.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://*.akamaized.net https://*.bazaarvoice.com https://*.googleapis.com https://restapi https://ct.pinterest.com/ https://www.googletagmanager.com/ https://tags.srv.stackadapt.com https://*.webfxcapi.com/ https://clopaycorporationproductselector.com/ https://*.a.run.app https://*.conversionsapigateway.com https://www.redditstatic.com https://*.reddit.com https://*.adnxs.com https://*.ingest.us.sentry.io https://app.nutshell.com https://js.monitor.azure.com https://*.invoca.net/; 2 report-uri /tullettprebon/report-csp-violation; upgrade-insecure-requests 2 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://youtube.googleapis.com https://youtube.com https://s.ytimg.com https://www.youtube.googleapis.com https://static.corp.google.com https://meet.google.com/_/ink/release/ https://maps.googleapis.com;report-uri /_/MeetingsUi/cspreport/allowlist 2 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; worker-src 'self' blob:; 2 default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/ https://www.youtube.com/ https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/releases/ https://freegeoip.live/json/ https://www.google.com/recaptcha/api.js https://js.driftt.com/ https://sc.lfeeder.com/lftracker_v1_3P1w24dW9Ag7mY5n.js https://www.googletagmanager.com/gtag/js; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com sha256-; object-src 'none'; base-uri 'self'; connect-src https://www.google.com/ https://www.google.com/ https://www.google-analytics.com/ https://reallyfreegeoip.org/json/ https://ipapi.co 'self'; font-src 'self' data: https://s0.wp.com/i/fonts/ https://fonts.gstatic.com; frame-src 'self' https://js.driftt.com https://www.google.com https://www.youtube.com/ ; img-src 'self' https://www.googletagmanager.com/ https://comosense.com/ https://i.ytimg.com/vi/ https://secure.gravatar.com https://www.google-analytics.com/ https://tr-rc.lfeeder.com/ https://wpengine.com/ data: https://static-mk.prod.bcomo.com https://s.w.org; manifest-src 'self'; media-src 'self' https://js.driftt.com; worker-src 'self' blob:; 2 frame-ancestors https://platform.sbnation.com https://*.sbnation.com https://platform.batterypower.com https://*.batterypower.com 'self' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://www.google.com https://www.gstatic.com https://beacon-v2.helpscout.net https://zencastr.com https://dev.visualwebsiteoptimizer.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.ne https://js.zi-scripts.com https://js.hs-analytics.net https://socialannexinc.widget.insent.ai https://googleads.g.doubleclick.net https://tags.clickagy.com https://static.hsappstatic.net https://www.annexcloud.com https://annexcloud.com data: https://unpkg.com https://js.hubspot.com https://j.6sc.co/6si.min.js https://j.6sc.co/ https://b.6sc.co https://*.clarity.ms https://annexcloud-9462504.hs-sites.com blob: https://js.adsrvr.org/ https://www.opinionstage.com/ https://cdn-app.pathfactory.com https://cdn.optimizely.com https://cdn.annexcloud.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.annexcloud.com https://unpkg.com https://cdn-app.pathfactory.com https://cdn.optimizely.com https://cdn.annexcloud.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://forms.hsforms.com https://forms-na1.hsforms.com https://i.ytimg.com https://dev.visualwebsiteoptimizer.com https://track.hubspot.com https://r2.visualwebsiteoptimizer.com https://aorta.clickagy.com https://sync.crwdcntrl.net https://dpm.demdex.net https://pixel-sync.sitescout.com https://cm.g.doubleclick.net https://aa.agkn.com https://idsync.rlcdn.com https://d.agkn.com https://www.annexcloud.com https://r1.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://validator.swagger.io https://us-u.openx.net https://perf-na1.hsforms.com https://j.6sc.co/ https://b.6sc.co/ https://*.clarity.ms https://c.bing.com https://annexcloud-9462504.hs-sites.com https://opinionstage-res.cloudinary.com/ https://assets.opinionstage.com/ https://cdn.optimizely.com https://cdn.annexcloud.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://dev.visualwebsiteoptimizer.com https://forms.hscollectedforms.net https://r2.visualwebsiteoptimizer.com https://js.hs-banner.com https://js.zi-scripts.com https://api.hubapi.com https://ws.zoominfo.com https://aorta.clickagy.com https://hemsync.clickagy.com https://socialannexinc.api https://pagead2.googlesyndication.com https://r1.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://cdn.annexcloud.com https://cta-service-cms2.hubspot.com https://ipv6.6sc.co/ https://c.6sc.co/ https://epsilon.6sense.com/ https://*.clarity.ms https://annexcloud-9462504.hs-sites.com https://forms-na1.hubspot.com/ https://eps.6sc.co/ https://v.eps.6sc.co/ https://www.opinionstage.com https://jukebox.pathfactory.com https://spcollector.pathfactory.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com https://www.annexcloud.com https://cdn-app.pathfactory.com https://cdn.pathfactory.com https://cdn.optimizely.com https://cdn.annexcloud.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://cdn.optimizely.com https://cdn.annexcloud.com; frame-src 'self' https://www.google.com https://www.youtube.com https://zencastr.com data: blob: https://socialannexinc.widget.insent.ai https://meetings.hubspot.com https://forms.hsforms.com https://annexcloudplatform-us.site24x7signals.com https://annexcloudplatform-us.site24x7statusiq.com https://*.site24x7signals.com https://annexcloudplatform-apregion-1600872281861.site24x7statusiq.com https://annexcloudplatform-euregion-1600872281864.site24x7statusiq.com https://cdn.annexcloud.com https://td.doubleclick.net https://*.clarity.ms https://annexcloud-9462504.hs-sites.com https://app.hubspot.com https://insight.adsrvr.org https://match.adsrvr.org https://www.opinionstage.com https://annexcloud.pathfactory.com https://loyaltylounge.annexcloud.com https://player.vimeo.com www.googletagmanager.com; manifest-src 'self' https://www.annexcloud.com; child-src 'self' www.googletagmanager.com; worker-src 'self' blob:; frame-ancestors 'none' https://loyaltylounge.annexcloud.com https://annexcloud.pathfactory.com; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' http://*.bokklubben.no:* https://*.bokklubben.no https://*.bokkilden.no 2 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' liveperson.net https:; style-src 'unsafe-inline' liveperson.net https: 2 frame-ancestors https://tools.univer.se 2 frame-ancestors 'self' hagen.de *.hagen.de stadt-hagen.de *.stadt-hagen.de; 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://www2.discoverflow.co https://www.discoverflow.co https://discoverflow.co https://analytics.discoverflow.co; form-action *; worker-src * blob:; 2 frame-ancestors 'self'; frame-src *; 2 frame-ancestors 'self' pmt.honeywell.com ppe.sps.honeywell.com automation.honeywell.com process.honeywell.com; 2 connect-src *; script-src-elem * 'unsafe-inline' 'unsafe-eval' blob:; worker-src 'self' * blob:; frame-src 'self' https://forms-eu1.hsforms.com/ *.hsforms.com/ https://td.doubleclick.net/ https://forms.hsforms.com/ https://job-boards.greenhouse.io/ https://irhythm2024rd.q4web.com/ https://privacyportal-na01.onetrust.com/ https://www.googletagmanager.com/ *.my.site.com *.salesforce-sites.com *.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.vimeo.com *.youtube.com; frame-ancestors *.irhythmtech.com; default-src 'self' https://www.cqc.org.uk/ https://job-boards.greenhouse.io/ *.googlesyndication.com *.my.site.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.google.com *.googletagmanager.com *.adobeaemcloud.com *.irhythmtech.com *.salesforce-sites.com *.hsforms.com https://forms-eu1.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com *.zoominfo.com *.hsforms.net *.zi-scripts.com 'unsafe-inline' data:; script-src 'self' *.cqc.org.uk *.vimeo.com *.youtube.com https://cdn.cookielaw.org/ *.zoominfo.com *.adobeaemcloud.com assets.adobedtm.com *.googletagmanager.com *.hsforms.net *.zi-scripts.com *.irhythmtech.com 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://www.cqc.org.uk/ https://www.google.com/ https://track.hubspot.com/ https://px.ads.linkedin.com/ https://bat.bing.com/ https://i.vimeocdn.com/ https://help-corp.myzio.com/ https://help.myzio.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com *.hsforms.net *.hsforms.com *.adobeaemcloud.com *.irhythmtech.com *.day.com data:; 2 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 2 frame-ancestors 'self' https://*${toyota_KZ_RU_ROOT} https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2 media-src * 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://scripts.clarity.ms https://s.company-target.com https://snap.licdn.com https://www.google.com.mx https://www.google.co https://www.google.it https://www.google.pl https://www.google.fi https://www.google.de https://www.google.fr https://www.google.ie https://www.google.se https://www.google.es https://www.google.be https://www.google.no https://www.google.at https://www.google.nl https://www.google.hr https://analytics.google.com https://www.tiktok.com https://www.facebook.com https://clarity.ms https://heyzine.com https://*.heyzine.com https://*.doubleclick.net https://176-hnm-524.mktoutil.com https://actian.com https://api.neverbounce.com https://capture.navattic.com https://cdn.cookielaw.org https://cdn.intellimize.co/snippet/117629792.js https://cdn.neverbounce.com https://cdn.weglot.com https://challenges.cloudflare.com/turnstile/v0/api.js https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js https://connect.facebook.net https://connect.facebook.net/en_us/fbevents.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://f.vimeocdn.com/p/4.40.32/js/player.module.js https://f.vimeocdn.com/p/4.40.32/js/vendor.module.js https://go.actian.com https://googlesyndication.com https://happy.teddybearmetal.com/i/d15a6c558f1e96ed3cc638309390ba9e.js https://joy.teddybearmetal.com https://js.adsrvr.org/universal_pixel.1.1.0.js https://js.adsrvr.org/up_loader.1.1.0.js https://js.navattic.com/sdk.js https://js.zi-scripts.com https://munchkin.marketo.net/164/munchkin.js https://munchkin.marketo.net/munchkin.js https://player.vimeo.com https://scout-cdn.salesloft.com/sl.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://stage.actian.com/wp-content/uploads/2020/10/bcreate_insert_read_sample2.js https://static.cloud.coveo.com https://static.doubleclick.net/instream/ad_status.js https://tag.demandbase.com/53b235a8849bddd7.min.js https://ws-assets.zoominfo.com/formcomplete.js https://ws.zoominfo.com https://www.actian.com https://www.clarity.ms https://www.clarity.ms/s/0.8.1/clarity.js https://www.google-analytics.com https://google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/base.js https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/embed.js https://www.youtube.com/s/player/8a8ac953/player_ias.vflset/en_us/remote.js https://www.youtube.com/s/player/8a8ac953/www-embed-player.vflset/www-embed-player.js https://www.youtube.com/s/player/8a8ac953/www-widgetapi.vflset/www-widgetapi.js https://yoast.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://heyzine.com https://*.heyzine.com https://actian.com https://capture.navattic.com https://cdn.cookielaw.org https://f.vimeocdn.com/p/4.40.32/css/player.css https://go.actian.com https://static.cloud.coveo.com https://www.actian.com https://www.googletagmanager.com https://www.youtube.com/s/player/8a8ac953/www-player.css; img-src 'self' data: https://px4.ads.linkedin.com https://ade.googlesyndication.com https://*.facebook.com https://px.ads.linkedin.com https://clarity.ms https://bing.com https://www.google.com.mx https://www.google.it https://www.google.pl https://www.google.fi https://www.google.de https://www.google.fr https://www.google.ie https://www.google.se https://www.google.es https://www.google.be https://www.google.no https://www.google.at https://www.google.nl https://www.google.hr https://www.googletagmanager.com https://www.google-analytics.com https://adservice.google.com https://s3.amazonaws.com https://player.vimeo.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://maps.googleapis.com https://heyzine.com https://*.heyzine.com https://*.clarity.ms https://*.doubleclick.net https://actian.com https://adservice.google.com https://c.bing.com https://cdn-images-1.medium.com/max/2600/1*ebxc9ej1yrfltkni_djaaw.png https://cdn.cookielaw.org https://cdn.neverbounce.com https://cdn.weglot.com https://d.adroll.com https://go.actian.com https://googlesyndication.com https://i.vimeocdn.com https://i.ytimg.com/vi_webp/65ybu597sv0/default.webp https://i.ytimg.com/vi_webp/vdd7hrxzknk/default.webp https://id.rlcdn.com/1000.gif https://id.rlcdn.com/464526.gif https://joy.teddybearmetal.com https://px.ads.linkedin.com https://scout.us2.salesloft.com https://segments.company-target.com https://uploads-ssl.webflow.com/62163f5cc8a142313ee5a151/656a6573c1fc838c31e1c93b_popuppattern.jpeg https://www.actian.com https://www.facebook.com https://www.google-analytics.com https://www.google.co https://www.google.co.jp https://www.google.co.nz https://www.google.com https://www.google.com.au https://www.google.com.np https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com; font-src 'self' data: https://heyzine.com https://*.heyzine.com https://actian.com https://capture.navattic.com https://cdn.neverbounce.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.gstatic.com/s/roboto/v18/kfolcnqeu92fr1mmeu9fbbc4.woff2 https://fonts.gstatic.com/s/roboto/v18/kfomcnqeu92fr1mu4mxk.woff2 https://www.actian.com; connect-src 'self' https://facebook.com https://px.ads.linkedin.com https://tiktok.com https://www.googlesyndication.com https://maps.googleapis.com https://www.gstatic.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com/ccm/collect https://heyzine.com https://*.heyzine.com https://*.analytics.google.com https://*.clarity.ms https://*.doubleclick.net https://*.zoominfo.com https://117629792.intellimizeio.com https://176-hnm-524.mktoresp.com https://176-hnm-524.mktoutil.com https://actianynmehrnx.analytics.org.coveo.com https://actianynmehrnx.org.coveo.com https://adservice.google.com https://analytics.google.com https://api.company-target.com https://api.intellimize.co https://api.weglot.com https://app.navattic.com https://c.bing.com https://capture.navattic.com https://cdn.cookielaw.org https://cdn.neverbounce.com https://cdn.weglot.com https://geolocation.onetrust.com https://go.actian.com https://googlesyndication.com https://insight.adsrvr.org https://joy.teddybearmetal.com https://js.zi-scripts.com https://log.intellimize.co https://match.adsrvr.org https://player.vimeo.com https://px.ads.linkedin.com https://s.company-target.com https://scout.salesloft.com https://segments.company-target.com https://static.cloud.coveo.com https://tag-logger.demandbase.com https://vimeo.com https://vod-adaptive-ak.vimeocdn.com https://www.facebook.com https://www.google-analytics.com https://www.google.at https://www.google.ba https://www.google.be https://www.google.by https://www.google.ca https://www.google.co https://www.google.co.in https://www.google.co.kr https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.eg https://www.google.com.hk https://www.google.com.mt https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.tr https://www.google.de https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com; frame-src 'self' https://td.doubleclick.net https://*.facebook.com https://www.google.com https://heyzine.com https://*.heyzine.com https://*.doubleclick.net https://117629792.intellimizeio.com https://capture.navattic.com https://go.actian.com https://insight.adsrvr.org https://match.adsrvr.org https://player.vimeo.com https://s.company-target.com https://www.googletagmanager.com https://www.youtube.com; media-src 'self' https://heyzine.com https://*.heyzine.com https://vod-adaptive-ak.vimeocdn.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors https://*.actian.com https://www.actian.com; worker-src 'self' blob:; report-uri https://reddoor.domo.com/api/iot/v1/webhook/data/eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3NDQwNTk5NjEsInN0cmVhbSI6Ijk1NDg2NGM3NjEwNTQwNWJhMWFhYTAwZDJjYmY3OWFjOnJlZGRvb3I6MjAyMDA5NDcwMyJ9.JkfyugRtZ2oK3Gy9T4Z6VTVTkMFSZM_xDZLfMKVrboE; 2 frame-ancestors *.muctr.ru 2 default-src 'unsafe-inline' https: https://www.jung-group.com; script-src 'unsafe-inline' 'unsafe-eval' https: https://www.jung-group.com; object-src 'unsafe-inline' https://*.mollie.com; style-src 'unsafe-inline' https:; img-src data: https:; font-src data: https:; frame-src https://www.jung-group.com https://*.jung.de https://*.jung-group.cn https://*.jung-group.com https://scnem3.com https://*.mollie.com blob: https://*.arviewer.jung.de https://*.cms-assets.jung.de https://*.cms.jung.de https://*.downloads.jung.de https://*.jung.app https://*.jung.de https://*.jung.ee https://*.jung.es https://*.jung.lt https://*.jung-russia.ru https://*.jung.ua https://*.m.jung.de https://*.musterkoffer.jung.de https://*.qr.jung.de https://*.service.jung.de https://*.smarthome.jung.de https://*.software.jung.de https://*.jung.be https://*.jungcontrols.com https://*.mein-elektroinstallateur.de https://*.youtube.com https://www.youtube-nocookie.com https://player.podigee-cdn.net https://scnem3.com https://*.pay1.de https://*.paypal.com https://*.paypalobjects.com https://*.archlabtransfer.de https://*.partcommunity.com https://*.jung-group.cn https://planung.fs-conf3-jung-qm.p14.de https://planung.konfigurator.jung.de https://planung.jung.de https://planung.jung-group.com https://*.mypurecloud.de https://*.nr-data.net https://shyrka-prod-euc1.s3.eu-central-1.amazonaws.com https://*.newrelic.com https://jung.canto.de https://d30qymu4o00meq.cloudfront.net https://*.cloudfront.net https://canto.us1app.churnzero.net https://embeds.beehiiv.com https://*.euc1.pure.cloud wss://*.mypurecloud.de wss://*.euc1.pure.cloud https://digital.jung-group.com https://digital.jung-group.com/de/knx-configurator https://digital.jung-group.com/de/home-configurator https://digital.jung-group.com/de/switch-configurator https://jung-configurator.canvaslogic.tech https://www.googletagmanager.com https://productimages.jung-group.com https://default-german-bucket-staging.s3-accelerate.amazonaws.com https://default-german-bucket-staging-public.s3-accelerate.amazonaws.com https://default-german-bucket.s3.eu-central-1.amazonaws.com https://oauth.canto.de https://jung.sw.localhost; frame-ancestors 'self' https://www.jung-group.com https://jung.canto.de 2 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com https://*.yandexcloud.net 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; script-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline' data: blob: mediastream:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * blob: data: 'unsafe-inline'; worker-src * data: blob: mediastream: 'unsafe-inline' 'unsafe-eval' 2 default-src https: connect-src https: font-src https: data: frame-src https: img-src https: data: media-src https: object-src https: script-src 'unsafe-inline' 'unsafe-eval' https: style-src 'unsafe-inline' https: 2 frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com; font-src https://fonts.gstatic.com 'self' data: blob:; default-src 'unsafe-inline' 'self' https: data: blob:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; 2 {"default-src":"self","report_to":"default","include_subdomains":true} 2 default-src 'self' https: data: blob:; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: https://mc.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://yandex.ru https://*.maps.yandex.net https://cloud.roistat.com https://www.google.com https://apis.google.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.recaptcha.net https://maps.googleapis.com https://maps.gstatic.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com; style-src 'self' https: 'unsafe-inline' data: https://fonts.googleapis.com blob:; img-src 'self' https: data: blob: https://mc.yandex.ru https://*.maps.yandex.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://yandex.ru https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://i.ytimg.com https://i.vimeocdn.com https://f.vimeocdn.com; font-src 'self' https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://mc.yandex.ru https://cloud.roistat.com https://cloud-reserved.roistat.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net; frame-src 'self' blob: https://mc.yandex.ru https://player.vimeo.com https://vkvideo.ru https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://maps.google.com https://www.youtube.com https://www.youtube-nocookie.com https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://yandex.ru; child-src blob: https://mc.yandex.ru https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://maps.google.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://vkvideo.ru https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://yandex.ru; upgrade-insecure-requests 2 default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; child-src * 'self'; frame-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 2 default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 2 frame-ancestors 'self' https://outlook.office.com https://outlook.office365.com; 2 frame-ancestors 'self' *.kassel.de *.stadtreiniger.de *.stadt-kassel.de *.kasselkultur2022.de www-kassel-de.translate.goog 2 frame-ancestors 'self' *.wpenginepowered.com *.wpengine.com https://cid.com 2 default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.buzzsprout.com/ cdn.jsdelivr.net/gh/ckeditor/ static.pathmotion.io pathmotion.com equans.career-inspiration.com/ *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net cdn.jsdelivr.net consent.cookiebot.com siteimproveanalytics.com cdn.matomo.cloud cdn.siteimprove.net www.youtube-nocookie.com unpkg.com odyssiant.azureedge.net *.bootstrapcdn.com js-agent.newrelic.com *.linkedin.com snippet.capybara.lmc.cz s.go-mpulse.net tags.data-driven.fr *.byspotify.com *.tiktok.com cdn.cookielaw.org eu.textrecruit.com *.hotjar.com sc-static.net secure.data-insight365.com cdn.leadinfo.net *.ldnfrpl.com assets.juicer.io consentcdn.cookiebot.com www.youtube.com; object-src 'none' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net snippet.capybara.lmc.cz unpkg.com/leaflet@1.7.1/dist/leaflet.css unpkg.com/leaflet.markercluster/dist/MarkerCluster.css unpkg.com/leaflet.markercluster/dist/MarkerCluster.Default.css cdn.leadinfo.net assets.juicer.io; img-src 'self' data: https:;; media-src 'self'; frame-src 'self' *.youtube.com/ *.youtube-nocookie.com/ *.vimeo.com/ apply.refline.ch engie.taleo.net www.google.com www.buzzsprout.com equans.career-inspiration.com/ facebook.com *.doubleclick.net/ cdn.linkedin.oribi.io www.facebook.com www.equans.co.uk json3d.tftlabs.com www.yousty.ch www.googletagmanager.com ohws.prospective.ch plan-group.acquiretm.com plan-groupca.acquiretm.com colas-implantations-monde.latitude-cartagene.com admin-mediabox.colas.fr consentcdn.cookiebot.com; frame-ancestors 'self' https://n3g.4projects.com n3g.4projects.com; child-src 'self' https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ engie.taleo.net; font-src 'self' fonts.gstatic.com snippet.capybara.lmc.cz cdn.leadinfo.net data: static.juicer.io; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ static.pathmotion.io pathmotion.com equans.career-inspiration.com api.mixpanel.com *.algolia.net equans.matomo.cloud privacyportal-fr.onetrust.com cdn.linkedin.oribi.io my2.siteimprove.com id.siteimprove.com contentassistant.eu.siteimprove.com id.eu.siteimprove.com *.algolianet.com *.odyssiant.com *.googlesyndication.com bam.nr-data.net *.linkedin.com *.algolianet.com api.capybara.lmc.cz *.ingest.sentry.io c.go-mpulse.net *.akstat.io *.tiktok.com *.byspotify.com *.textrecruit.tools *.akamaihd.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.data-driven.fr api.mapbox.com nominatim.openstreetmap.org siteimprove.com siteimproveanalytics.com siteimprove.net siteimproveanalytics.io api.leadinfo.com *.leadinfo.net *.ldnfrpl.com li-replay.s3-accelerate.amazonaws.com *.content-hub.acquia.com www.juicer.io consentcdn.cookiebot.com identity.siteimprove.com cdn.jsdelivr.net; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://sonichealthcareusa.us16.list-manage.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com https://js.hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net https://acsbapp.com *.amazonaws.com *.jotfor.ms *.jotform.com *.sonichealthcare.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.mailchimp.com *.jotfor.ms *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.acsbapp.com acsbapp.com *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://cdn.acsbapp.com *.cookiebot.com *.onetrust.com; font-src 'self' data: *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com https://cms-liquidstate-cloud.s3.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.cookiebot.com *.onetrust.com 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com *.sonichealthcareusa.com *.jotform.com *.jotfor.ms *.propath.com *.sonichealth.us *.cookiebot.com *.genially.com; object-src 'none'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.realperson.cloud code.jquery.com static.cloudflareinsights.com ajax.cloudflare.com *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com analytics.regiohelden.de data: https://*.openstreetmap.org 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: source.unsplash.com images.unsplash.com usercontent.realperson.cloud www.googletagmanager.com www.google.de www.google.com ssl.google-analytics.com analytics.regiohelden.de imgsct.cookiebot.com https://*.openstreetmap.org; base-uri 'self'; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com www.linkedin.com www.chatnode.ai embed.chatnode.ai; form-action 'self'; style-src 'self' 'unsafe-inline' *.realperson.cloud *.cookiebot.com 'report-sample'; font-src 'self' data: *.realperson.cloud; worker-src 'self' blob:; connect-src 'self' https://chat2180.realperson.cloud wss://chat2180.realperson.cloud https://charts3.equitystory.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.regiohelden.de data: https://*.openstreetmap.org; frame-ancestors 'self'; report-uri https://www.stroeer.de/@http-reporting?csp=report&requestTime=1763134557454493&requestHash=3649a17b0afd14af524a8208c10948a6c53c15ed 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://click2cart.com https://ss.click2cart.com *.janraincapture.com https://rpxnow.com https://www.googleadservices.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com *.cloudfront.net https://www.lightboxcdn.com https://api.lightboxcdn.com https://pge.segmanta.com https://www.upsellit.com https://s.pinimg.com https://z.moatads.com https://c.lytics.io https://cdn.segment.com https://js-cdn.dynatrace.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://s3-us-west-2.amazonaws.com/smartcommerce.co https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://www.youtube.com https://pghub.io *.cookielaw.org *.rudderstack.com cdn.rudderlabs.com *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com https://analytics.tiktok.com https://ct.pinterest.com blob:; style-src 'self' 'unsafe-inline' https://click2cart.com https://quilt-cdn.janrain.com https://api.tiles.mapbox.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://fonts.googleapis.com; font-src 'self' https://s3.lightboxcdn.com https://fonts.gstatic.com https://click2cart.com https://s3-us-west-2.amazonaws.com/smartcommerce.co https://s3.us-west-2.amazonaws.com; img-src 'self' www.facebook.com https://click2cart.com https://img.youtube.com/ https://ad.doubleclick.net/ *.cookielaw.org *.cloudfront.net https://googleads.g.doubleclick.net https://www.google.hr https://www.google.co.in https://insight.adsrvr.org https://40n23zgkic3y-a.akamaihd.net https://ct.pinterest.com https://submit.lightboxcdn.com https://submitcus.lightboxcdn.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://px.moatads.com https://www.google.com i.ytimg.com videos.ctfassets.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com https://s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/smartcommerce.co data:; media-src 'self' https://videos.ctfassets.net *.iesnare.com data:; connect-src * https://click2cart.com; frame-src 'self' *.janraincapture.com https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube.com https://www.youtube-nocookie.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com https://www.googletagmanager.com; manifest-src *; 2 img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; 2 default-src 'self' *.synthetix.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.clarity.ms *.licdn.com *.52enterprisingdetails.com https://platform.twitter.com *.synthetix.com *.synthetix.com *.googletagmanager.com *.googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net *.youtube.com *.google.com;style-src 'self' *.googleapis.com *.synthetix.com *.cloudfront.net *.googletagmanager.com 'unsafe-inline';connect-src 'self' *.facebook.com *.bing.com *.getaddress.io *.doubleclick.net *.linkedin.com *.clarity.ms *.google.com *.hotjar.io *.hotjar.com *.google-analytics.com *.synthetix.com *.fullstory.com *.amazonaws.com wss://ws.hotjar.com/api/v2/client/ws;font-src 'self' *.gstatic.com *.hotjar.io *.hotjar.com;img-src 'self' data: https: syn-document-manager.s3.amazonaws.com *.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io;object-src 'none';frame-ancestors 'self' self;frame-src 'self' *.sfmc-content.com *.googletagmanager.com *.office.com *.youtube.com *.google.com *.twitter.com *.facebook.com *.doubleclick.net *.hotjar.com *.hotjar.io https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk https://wjec-cbac.leadfamly.com *.issuu.com;base-uri 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.srv.stackadapt.com/ https://script.hotjar.com https://*.simpli.fi/ https://*.bttrack.com/ https://bttrack.com/ https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://googleads.g.doubleclick.net/ https://stats.wp.com/ https://stats.wp.com/ https://static.hotjar.com/ https://sase.merck.com/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ https://player.quadia.net/quadia.player.min.js https://s0.wp.com https://*.contentsquare.com https://*.usabilla.com https://*.contentsquare.net/ https://pym.nprapps.org https://*.wotnot.io https://www.googletagmanager.com https://www.google-analytics.com/ https://players.brightcove.net https://cdn.cookielaw.org https://js-agent.newrelic.com/ https://*.pricespider.com https://api.tiles.mapbox.com https://vjs.zencdn.net https://bat.bing.com https://js.adsrvr.org https://connect.facebook.net https://bam.nr-data.net blob:; object-src 'none'; base-uri https://d6tizftlrpuof.cloudfront.net/; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net/ https://www.google.com.my/pagead/ https://sase.merck.com/ https://4918300.fls.doubleclick.net/ https://widgets.wp.com/ https://*.contentsquare.com https://*.contentsquare.net https://*.exacttarget.com https://*.facebook.com https://*.exct.net/ https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net https://pages.emailca.merck-animal-health-usa.com https://cloud.emailca.merck-animal-health-usa.com https://*.akamaihd.net https://insight.adsrvr.org https://match.adsrvr.org; frame-ancestors 'self'; img-src 'self' https://*.tile.openstreetmap.org https://policy.privacyandcookies.eu https://assets.merck-animal-health.com https://*.googleapis.com/ https://*.gstatic.com/ https://*.googleusercontent.com/ https://tags.srv.stackadapt.com/ https://*.simpli.fi/ https://bttrack.com/ https://www.google.com.my/pagead/ https://connect.facebook.net/ https://www.google.com.my/ads/ga-audiences https://www.google.co.za https://px.ads.linkedin.com/ https://www.google.de https://mid.rkdms.com/ https://match.sharethrough.com/ https://x.bidswitch.net/ https://match.adsrvr.org/ https://tags.bluekai.com/ https://pixel.rubiconproject.com/ https://cm.g.doubleclick.net/ https://dpm.demdex.net/ https://insight.adsrvr.org/ https://*.wp.com https://*.wotnot.io https://wotnot-chat-widget-icon.storage.googleapis.com https://*.contentsquare.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net/ https://*.contentsquare.net/ https://assets.msd-animal-health.com https://wotnot-bot-title-logo.storage.googleapis.com https://wotnot-avatar.storage.googleapis.com https://*.merck-animal-health.com https://unpkg.com https://cdn.jsdelivr.net https://secure.adnxs.com/ https://px.adentifi.com/ https://pubads.g.doubleclick.net https://cf-images.us-east-1.prod.boltdns.net https://www.msd-animal-health.com https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com/ https://*.deepintent.com/ https://*.brightcove.com https://brightcove.hs.llnwd.net https://*.brightcove.hs https://manifest.prod.boltdns.net data: https://www.google.com/ https://*.bing.com/ https://*.facebook.com/ https://*.pricespider.com/ https://*.turn.com https://*.googletagmanager.com/ https://www.google.pl/; media-src 'self' blob: https://*.wotnot.io https://*.brightcove.com https://manifest.prod.boltdns.net https://*.akamaihd.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://s0.wp.com https://d6tizftlrpuof.cloudfront.net/ https://*.mapbox.com/ https://*.pricespider.com/ https://tags.srv.stackadapt.com/; upgrade-insecure-requests; default-src blob: https: data: webpack: 'self' wss://*.wotnot.io wss://ws.hotjar.com; trusted-types 'allow-duplicates' google-maps-api#html google#safe google-analytics goog#html connect.facebook.net/fbevents facebook.com/signals/iwl youtube-widget-api default; 2 frame-ancestors https://*.rsca.be https://*.rsca.infosupport.com https://*.ddev.site; report-uri /report-csp-violation 2 frame-ancestors 'self' https://metrika.yandex.ru https://metrica.yandex.com https://webvisor.com https://*.webvisor.com; 2 frame-ancestors 'self' *.livguard.com *.livguardsolar.com solculator.livguardsolar.com partner.mylivserv.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com https://js.hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net *.laborpublisher.de *.bing.com *.sonichealthcare.com *.onetrust.com *.laborpublisher.staging.lfda.de 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.laborpublisher.de *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net *.google.com *.linkedin.com *.laborpublisher.de *.cookiebot.com *.onetrust.com *.laborpublisher.staging.lfda.de; font-src 'self' data: *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.sonichealthcare.com *.sonichealthcare.co.uk *.laborpublisher.de https://www.teamviewer.com *.cookiebot.com *.onetrust.com *.laborpublisher.staging.lfda.de 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com https://www.youtube-nocookie.com https://scnem3.com *.softgarden.io *.cookiebot.com; object-src 'none'; 2 script-src 'nonce-MQcXygUgL0tU8DMf8/cMiw==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' http: https:; base-uri none; frame-ancestors https://app.contentful.com; require-trusted-types-for 'script' 2 frame-ancestors 'self' *.psplugin.com 2 frame-ancestors 'self' https://*.webvisor.com https://metrika.yandex.ru/ https://www.copytrans.net 2 frame-ancestors 'self' *.cube365.net *.thecube.net *.siliconangle.com *.thecuberesearch.com 2 script-src 'unsafe-inline' 'self' data: *; style-src 'unsafe-inline' 'self' data: *; default-src 'unsafe-inline' 'self' data: *; font-src 'unsafe-inline' 'self' data: *; connect-src 'unsafe-inline' 'self' data: *; 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.gstatic.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://image.providesupport.com https://vm.providesupport.com https://cdnjs.cloudflare.com/ https://cdnjs.com/ https://unpkg.com/ https://connect.facebook.net/ https://*.smartlook.com https://*.smartlook.cloud;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com;img-src 'self' https://*.google.com https://www.gstatic.com https://translate.googleapis.com http://translate.google.com https://*.google-analytics.com data: https://image.providesupport.com https://fonts.gstatic.com https://www.facebook.com/ https://www.googletagmanager.com/;frame-src 'self' https://www.google.com https://www.youtube.com https://vm.providesupport.com http://vm.providesupport.com https://servis.webhouse.cz/ https://docs.google.com/ https://getwaitlist.com/ https://youtube.com/ https://www.book4u.cz https://accounts.google.com/;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://translate.googleapis.com https://translate-pa.googleapis.com https://*.google-analytics.com https://chatapi.providesupport.com https://image.providesupport.com https://www.facebook.com/ https://reporter.seznam.cz/ https://region1.analytics.google.com/ https://manager.eu.smartlook.cloud/ https://*.smartlook.com https://*.smartlook.cloud;form-action 'self';frame-ancestors 'self';block-all-mixed-content 2 frame-ancestors 'self' https://clientpoint.net https://*.clientpoint.net; 2 frame-ancestors 'self' https://ibexa.vonovia.de 2 default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: https://f86a65dca19a.edge.sdk.awswaf.com; connect-src https: wss:; font-src https: data:; 2 default-src 'self' www.livechat.com *.livechatinc.com data:; style-src 'self' 'unsafe-inline' cdn.livechat-static.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.polyfill.io *.livechatinc.com; font-src 'self' data:; connect-src 'self' https://geoip.nekudo.com 2 frame-ancestors https://modelcentro.com/ 2 default-src 'self' mnews.su.bcebos.com www.gw.com.cn mnews.dzh.com.cn ssp.gw.com.cn static.sensorsdata.cn datain.gw.com.cn dspweb.dzh.com.cn 'unsafe-inline' 'unsafe-eval' blob: data: ; 2 frame-ancestors 'self' *.etniabarcelona.com *.intranet-etniabarcelona.com *.extranet-etniabarcelona.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 2 default-src * 2 base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com https://applepay.cdn-apple.com; form-action 'self' https://*.adyen.com https://www.facebook.com; frame-ancestors https://*.weleda.bloomreach.cloud; img-src 'self' data: https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://cdn.cookielaw.org https://i.ytimg.com https://*.adyen.com https://*.paypalobjects.com https://*.weleda.bloomreach.cloud https://*.weleda.com https://*.mimecast.com https://insight.adsrvr.org https://shopper.shop.pe https://*.bing.net https://cdn.taboola.com https://*.tvsquared.com https://s.pinimg.com https://*.facebook.com https://*.gstatic.com https://assets.local:8080 https://*.liadm.com https://partner.mediawallahscript.com https://bat.bing.com https://i.imgur.com https://lh3.googleusercontent.com https://connect.facebook.net https://analytics.tiktok.com https://log.pinterest.com; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' http://fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.googleadservices.com https://s.pinimg.com https://cdn.cookielaw.org https://*.gstatic.com https://tag.rmp.rakuten.com https://connect.facebook.net https://analytics.tiktok.com https://shop.pe https://*.shop.pe https://addshoppers.s3.amazonaws.com https://www.upsellit.com https://*.cloudfront.net https://ct.pinterest.com https://*.mouseflow.com https://bat.bing.com https://*.taboola.com https://*.paypal.com https://*.tvsquared.com https://*.youtube.com https://translate.yandex.net https://service2.daguands.cn https://applepay.cdn-apple.com; upgrade-insecure-requests; connect-src 'self' https://google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.googleapis.com https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://cdn.cookielaw.org https://*.doubleclick.net https://*.weleda.com https://*.weleda.de https://*.weleda.at https://*.weleda.ch https://*.paypal.com https://analytics.tiktok.com https://*.bing.net https://*.taboola.com https://ct.pinterest.com https://s.pinimg.com https://manage.safeopt.com https://*.adyen.com https://*.shop.pe https://*.onetrust.com https://*.mouseflow.com https://www.facebook.com https://bat.bing.com https://infragrid.v.network https://api.addressy.com; media-src 'self' https://*.googleapis.com https://*.doubleclick.net; frame-src 'self' https://*.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.adyen.com https://*.paypal.com https://*.youtube-nocookie.com https://*.weleda.de https://*.weleda.at https://*.weleda.ch https://*.weleda.com https://cdn.taboola.com https://s.pinimg.com https://*.pinterest.com https://www.facebook.com https://applepay.cdn-apple.com; report-uri /api/csp-report; 2 default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.recaptcha.net https://*.twitter.com *.bing.com https://*.fonts.net https://*.bazaarvoice.com https://*.sprinklr.com content.securedvisit.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ct.pinterest.com https://storage.cloud.kargo.com https://*.recaptcha.net https://*.twimg.com https://*.bing.com https://*.gstatic.com https://*.google.com https://*.everesttech.net https://*.dotomi.com https://*.iovation.com https://*.bridgestonetire.com https://*.iesnare.com https://*.akamaihd.net https://*.bazaarvoice.com https://*.jquery.com https://*.twitter.com https://*.ads-twitter.com https://*.virtualearth.net https://assets.adobedtm.com https://*.bing.com https://*.googletagmanager.com https://pixel.everesttech.net https://*.pinimg.com https://*.googleadservices.com https://*.google-analytics.com https://*.iperceptions.com https://*.everestjs.net https://www.youtube.com https://*.firestonecompleteautocare.com https://*.tiresplus.com https://*.wheelworks.net https://*.hibdontire.com https://*.hotjar.com https://*.facebook.net https://*.ytimg.com https://*.netmng.com https://*.doubleclick.net https://*.sprinklr.com api.securedvisit.com content.securedvisit.com track.sv.rkdms.com sv.firestonetire.com sv.bridgestonetire.com https://live.rezync.com https://*.bc0a.com ; connect-src * ; frame-src 'self' https://*.googletagmanager.com https://*.recaptcha.net https://*.twitter.com https://*.google.com https://*.pinterest.com https://www.youtube.com https://*.doubleclick.net https://*.iperceptions.com https://*.facebook.com https://*.hotjar.com https://*.demdex.net https://*.bazaarvoice.com https://*.sprinklr.com api.securedvisit.com ; img-src * data: blob:; media-src 'self' https://*.iesnare.com https://*.sprinklr.com; font-src 'self' https://*.bazaarvoice.com https://*.fonts.net https://*.bridgestoneresources.com https://*.sprinklr.com data: 2 default-src openstreetmap.fr *.openstreetmap.fr openstreetmap.org *.openstreetmap.org arcgisonline.com *.arcgisonline.com cartocdn.com *.cartocdn.com 'self' 'unsafe-inline' 'unsafe-eval' nasdaqbaltic.com *.nasdaqbaltic.com *.vimeo.com vimeo.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net virtualearth.net *.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com *.virtualearth.net virtualearth.net; frame-ancestors 'self'; connect-src 'self' vimeo.com *.vimeo.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com *.bing.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com google.com *.google.com *.bing.com bing.com 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vimeo.com https://player.vimeo.com/api/player.js platform.linkedin.com https://www.linkedin.com cdn.linkedin.oribi.io https://px.ads.linkedin.com/ *.guidepoint.com qsight.guidepoint.com ls.guidepoint.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ analytics.google.com www.google-analytics.com ajax.googleapis.com *.bc0a.com *.b0e8.com cmp.osano.com static.addtoany.com https://www.googletagmanager.com snap.licdn.com boards.greenhouse.io js.driftt.com scout-cdn.salesloft.com *.osano.com https://td.doubleclick.net https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' *.guidepoint.com guidepoint.com https://fonts.googleapis.com platform.twitter.com maxcdn.bootstrapcdn.com fast.fonts.net *.osano.com; img-src * 'self' www.googletagmanager.com; font-src * 'self' data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com www.guidepoint.com *.guidepoint.com; connect-src 'self' https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/wa/ cdn.linkedin.oribi.io ixfd1-api.bc0a.com analytics.google.com *.guidepoint.com qsight.guidepoint.com ls.guidepoint.com www.google-analytics.com stats.g.doubleclick.net boards-api.greenhouse.io guidepoint.com consent.api.osano.com tattle.api.osano.com scout.salesloft.com https://*.googleapis.com *.google.com https://*.gstatic.com *.osano.com; media-src * 'self'; frame-src 'self' https://td.doubleclick.net/ https://snazzymaps.com platform.twitter.com boards.greenhouse.io cmp.osano.com is.driftt.com js.driftt.com youtube.com youtu.be www.youtube.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ *.google.com https://www.linkedin.com *.osano.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net; worker-src 'self' *.osano.com blob:; frame-ancestors www.youtube.com youtube.com youtu.be 2 default-src https: data: https://*.clarity.ms https://c.bing.com;script-src 'unsafe-inline' 'unsafe-eval' *;object-src 'none';style-src 'unsafe-inline' *;frame-ancestors 'none';worker-src 'self'; report-to csp-endpoint; report-uri https://tz-httpreporting.prod.intergies.com/reporting/csp-report-uri 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.googleadservices.com *.iqm.com *.cookielaw.org *.onetrust.com *.vimeo.com tags.srv.stackadapt.com resources.forvis.com resources.forvismazars.us *.googletagmanager.com *.knowledgeowl.com *.wistia.com *.bugherd.com *.jquery.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.facebook.net *.youtube.com *.twitter.com *.marketo.net *.eloqua.com *.tableau.com *.jsdelivr.net *.flourish.studio acsbapp.com snap.licdn.com *.linkedin.com *.storylane.io; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com resources.forvis.com resources.forvismazars.us *.knowledgeowl.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.google.com *.twimg.com *.typekit.net *.fontawesome.com; font-src * data:; img-src * data:; media-src 'self' data: blob: *.wistia.com; frame-src 'self' resources.forvis.com resources.forvismazars.us *.libsyn.com *.bkd.com *.yumpu.com *.brightcove.net *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com *.tableau.com *.googletagmanager.com flo.uri.sh *.cookielaw.org cdn.cookielaw.org *.onetrust.com snap.licdn.com *.linkedin.com *.doubleclick.net *.podbean.com *.storylane.io; child-src 'self' resources.forvis.com resources.forvismazars.us *.libsyn.com *.bkd.com *.yumpu.com *.brightcove.net *.knowledgeowl.com *.twitter.com *.youtube.com *.vimeo.com vimeo.com *.soundcloud.com *.bugherd.com *.google.com *.wistia.com *.wistia.net *.facebook.com *.tableau.com *.googletagmanager.com flo.uri.sh *.cookielaw.org cdn.cookielaw.org *.onetrust.com snap.licdn.com *.linkedin.com *.doubleclick.net *.podbean.com; connect-src 'self' *.google.com google.com *.googleadservices.com *.g.doubleclick.net *.cookielaw.org cdn.cookielaw.org *.onetrust.com tags.srv.stackadapt.com *.google-analytics.com *.google.com *.litix.io *.wistia.com *.bugsnag.com *.pusher.com ws-mt1.pusher.com *.bugherd.com *.googleapis.com *.mktoresp.com 932-bac-700.mktoutil.com acsbapp.com *.acsbapp.com snap.licdn.com *.linkedin.com; 2 default-src 'none'; base-uri 'self'; frame-ancestors 'self'; media-src 'self' blob: data:; object-src 'none'; manifest-src 'self'; worker-src 'self' blob:; upgrade-insecure-requests; img-src 'self' data: blob: https:; font-src 'self' data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com https://use.typekit.net https://fast.wistia.net; style-src 'self' 'unsafe-inline' https://bluesight-support.freshchat.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; form-action 'self' https://forms.hsforms.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://lex.33across.com https://fast.wistia.com https://embed.formhq.net https://snap.licdn.com https://fast.wistia.net https://static.hotjar.com https://script.hotjar.com https://js.hsadspixel.net https://d.adroll.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-scripts.com https://assets.apollo.io https://www.idcomet.com https://s.adroll.com/ https://embed.formhq.net https://public.api.tofuhq.com/ https://bluesight-support.freshchat.com https://forms.hsforms.com/ https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://forms.hsforms.com https://js.hsforms.net https://app.hubspot.com https://content.hotjar.io https://js.chilipiper.com https://edge.marker.io https://browser.sentry-cdn.com https://cdn.cookiehub.eu https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; connect-src 'self' wss://ws.hotjar.com https://browser.sentry-cdn.com https://fast.wistia.net https://static.hsappstatic.net https://fast.wistia.com https://pipedream.wistia.com https://js.chilipiper.com/marketing.js.map https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://www.idcomet.com https://forms.hsforms.com https://api.formhq.net https://www.googleadservices.com https://aplo-evnt.com https://www.google.com https://www.google-analytics.com https://analytics.google.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://content.hotjar.io https://api.chilipiper.com https://edge.marker.io https://hubspot-forms-static-embed.s3.amazonaws.com/ https://assetscdn-wchat.freshchat.com https://distillery.wistia.com https://embed-cloudfront.wistia.com https://www.facebook.com; frame-src 'self' https://fast.wistia.net https://forms.hsforms.com https://kitcheck.chilipiper.com https://www.facebook.com https://www.googletagmanager.com https://bluesight-support.freshchat.com; 2 default-src 'none';img-src 'self' data: blob: ;script-src 'self' 'wasm-unsafe-eval' ;style-src 'self' 'unsafe-inline';connect-src * wss:;font-src 'self';object-src 'self' blob:;media-src 'self' blob:;frame-ancestors 'self';frame-src 'self' https://login.microsoftonline.com blob:;base-uri 'self';form-action 'none';manifest-src 'none';worker-src 'self' 2 frame-ancestors 'self' trocadero.com cyberattic.com vervendi.com *.trocadero.com *.cyberattic.com *.vervendi.com authorize.net *.authorize.net; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://fonts.googleapis.com https://consent.cookiebot.com https://www.google.com https://analytics.twitter.com https://api-iam.intercom.io https://api-js.mixpanel.com https://cdn.mxpnl.com https://chimpstatic.com https://consentcdn.cookiebot.com https://cookieconsent.popupsmart.com https://downloads.mailchimp.com https://fonts.gstatic.com https://fonts.gstatic.com https://imgsct.cookiebot.com https://js.intercomcdn.com https://mc.us5.list-manage.com https://pi.pardot.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://region1.analytics.google.com https://snap.licdn.com https://static.ads-twitter.com https://static.blippar.com https://t.co https://translate-pa.googleapis.com https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://widget.intercom.io https://www.gstatic.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.youtube.com 2 https: data: https://*.valantic.com wss://*.valantic.com https://*.hotjar.com https://*.hubspot.com https://*.hotjar.io wss://*.hotjar.com wss://*.cognigy.ai 'unsafe-eval' 2 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://campaign.citrusad.com https://kingfisher-sandbox.citrusad.com https://tradepoint-sandbox.citrusad.com https://b-q.citrusad.com;style-src * data: 'unsafe-inline'; font-src * data: ; 2 default-src 'self' https://code.jquery.com; connect-src 'self' 'unsafe-inline' https: wss:; media-src 'self' https://media.lifeinside.io blob: data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; font-src 'self' 'unsafe-inline' https: data:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; img-src 'self' data: https:; frame-src 'self' https:; 2 frame-ancestors 'self' https://app.storyblok.com https://editor.storyblok.com https://m.storyblok.com https://app.zoominfo.com; 2 default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests;media-src blob: data: https:; 2 frame-ancestors 'self' *.cdc2vckncu-lederands1-p1-public.model-t.cc.commerce.ondemand.com:443 2 default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com https://www.instagram.com; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://*.google.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com https://www.instagram.com; object-src 'none'; upgrade-insecure-requests; 2 connect-src 'self' https://matomo.heinlein-support.de https://numbers.heinlein-support.de; font-src 'self'; frame-src 'self' https://www.youtube.com/; img-src 'self' https://cdn.redoc.ly/redoc/ https://i.ytimg.com/ data: 'unsafe-eval'; object-src 'self'; script-src 'self' 'unsafe-inline' https://matomo.heinlein-support.de https://numbers.heinlein-support.de https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.heinlein-support.de/report-uri/enforce 2 frame-ancestors 'self' https://*.sms-digital.cloud; 2 default-src 'self'; connect-src 'self' *.readspeaker.com https://www.piwik.bayern.de/ wss://*.assistent.bayern.de/chat/widget/ https://eu-api.friendlycaptcha.eu/api/v1/puzzle; manifest-src 'self'; img-src 'self' data: https://*.assistent.bayern.de/bot-media/ https://*.assistent.bayern.de/static/ https://i.ytimg.com/; font-src 'self' data: https://*.assistent.bayern.de/static/; frame-src *.readspeaker.com *.bayern.de https://www.youtube-nocookie.com/ https://www.youtube.com/; media-src 'self' *.readspeaker.com; prefetch-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'wasm-unsafe-eval' 'self' https://www.piwik.bayern.de/piwik/piwik.js *.bayern.de https://*.assistent.bayern.de/static/; worker-src blob:; child-src blob: 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.facebook.net *.twitter.com *.twimg.com https://cdn.chatbot.com https://content.govdelivery.com/ https://cdn.livechatinc.com/ https://api.livechatinc.com/ https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com https://content.govdelivery.com/; connect-src 'self' https://maps.googleapis.com https://kdorapi.kdor.org https://cdn.chatbot.com/widget/5c7029abb3a91872edc36639/settings.json https://api.livechatinc.com; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com data:; img-src 'self' www.google-analytics.com maps.google.com *.twimg.com *.twitter.com https://cdn.livechat-files.com data: https://content.govdelivery.com/; frame-src 'self' *.youtube.com *.facebook.com *.twitter.com https://cdn.chatbot.com https://secure.livechatinc.com/ https://challenges.cloudflare.com; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2 frame-ancestors 'self' https://app.pia4you.com http://erika.hotainment.info 2 frame-ancestors 'self' https://*.storyblok.com 2 default-src 'self' *.berger-levrault.com; img-src 'self' sdk.privacy-center.org data: *.berger-levrault.com *.analytics.google.com *.google.es *.wistia.com wp-rocket.me *.google-analytics.com *.gravatar.com https://s.w.org https://gravityforms.s3.amazonaws.com https://gravityforms.s3.amazonaus.com *.gstatic.com *.googleapis.com; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; script-src 'self' sdk.privacy-center.org *.google.ca google.ca *.google.com google.com *.en25.com *.licdn.com *.facebook.net *.google.es *.googleadservices.com googleadservices.com *.helpscout.net *.wistia.com *.hcaptcha.com *.matomo.cloud *.mxpnl.com https://hcaptcha.com *.cloudflare.com *.googleapis.com *.googletagmanager.com https://www.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.berger-levrault.com *.youtube.com *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.gstatic.com; connect-src 'self' api.redirect.li *.googlesyndication.com *.facebook.com *.linkedin.com *.doubleclick.net api.privacy-center.org *.google.com *.analytics.google.com *.helpscout.net *.wistia.com *.litix.io *.cloudfront.net *.matomo.cloud *.hcaptcha.com *.gstatic.com *.googleapis.com *.google-analytics.com *.yoast.com yoast.com *.berger-levrault.com; frame-src 'self' mailto: tel: *.googletagmanager.com *.facebook.net recrute.berger-levrault.com *.berger-levrault.com *.hcaptcha.com *.youtube.com *.youtube-nocookie.com wp-rocket.me; media-src 'self' blob: *.berger-levrault.com *.wistia.net 2 frame-ancestors 'self' https://*.opsm.com.au https://*.luxottica.com https://*.essilorluxottica.com; 2 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.licdn.com *.evgnet.com *.zoominfo.com *.eum-appdynamics.com *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.marketo.com cdn.appdynamics.com www.googletagmanager.com code.jquery.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.crazyegg.com *.adsymptotic.com www.youtube.com *.hotjar.com https://tagmanager.google.com https://www.googletagmanager.com tools.cdc.gov/TemplatePackage/contrib/libs/jquery/1.12.4/jquery.js tools.cdc.gov/TemplatePackage/contrib/widgets/tp-widget-external-loader.js https://data.processwebsitedata.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://cdn.cookielaw.org *.vimeo.com js.zi-scripts.com blob: 'self' googleads.g.doubleclick.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://dec.azureedge.net app-sjo.marketo.com code.jquery.com *.marketo.com https://tagmanager.google.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: forms.hsforms.com *.google.com *.linkedin.com *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://aedevstoragecdn.azureedge.net https://aeprdcmsstoragecdn.azureedge.net https://aeprdusstoragecdn.azureedge.net code.jquery.com *.googletagmanager.com *.adsymptotic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://cdn.cookielaw.org/ *.cookielaw.org *.sirva.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.googleapis.com; frame-src *.vimeo.com td.doubleclick.net *.marketo.com *.googletagmanager.com 'self' web-chat.nativechat.com; connect-src 'self' accounts.google.com api.hubapi.com forms.hubspot.com *.doubleclick.net *.evergage.com *.google-analytics.com *.crazyegg.com *.marketo.com *.eum-appdynamics.com https://*.dec.sitefinity.com *.mktoresp.com *.zoominfo.com https://js.hs-banner.com https://cdn.cookielaw.org https://*.onetrust.com analytics.google.com px.ads.linkedin.com js.zi-scripts.com *.facebook.com www.google.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com app-sjo.marketo.com *.sirva.com.au www.cdc.gov/ https://player.youku.com https://valc.atm.youku.com 'self' web-chat.nativechat.com 2 frame-src *; frame-ancestors *; child-src 'self' 'unsafe-inline' blob:; report-uri /report-csp-violation 2 script-src *.bancfirst.tv *.cloudflare.com *.youtube.com *.googletagmanager.com *.sharethis.com *.basis.net *.wave2.io *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bancfirst.bank *.googleapis.com 'unsafe-inline' ; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem *.bancfirst.bank *.youtube.com *.cloudflare.com *.google.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.google-analytics.com 'unsafe-inline' *.wave2.io *.wave2locator.com 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'self'; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: https: 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 frame-ancestors 'self' https://portal.ukbonn.de https://portal-test.ukbonn.de; 2 script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.statcounter.com/counter/counter.js https://www.google.com/recaptcha/api.js; frame-ancestors 'none';child-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://vimeo.com; 2 default-src * https: data: 'unsafe-inline' 'unsafe-eval' p11.techlab-cdn.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.google.com.hk https://*.google.com.sg https://*.google.de https://*.google.com.my https://*.google.co.uk https://*.google.co.in https://*.google.cn https://*.google.com.tw https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.ctfassets.net https://sentry.io https://*.contentful.com https://*.youtube.com https://*.yimg.com https://*.yahoo.com https://*.adsrvr.org https://*.bing.com https://*.taboola.com data:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://a.delivery.consentmanager.net https://cdn.consentmanager.net https://track.adform.net https://s2.adform.net https://sslwidget.criteo.com https://dynamic.criteo.com https://ajax.cloudflare.com https://bat.bing.com https://app.unbounce.com https://static.ads-twitter.com https://d3pkntwtp2ukl5.cloudfront.net https://static.ads-twitter.com https://www.googleadservices.com https://connect.facebook.net https://www.clarity.ms https://go.mikro.com.tr https://pi.pardot.com https://cdn.cookielaw.org https://assets.ubembed.com https://googleads.g.doubleclick.net https://9882f66cb7cd442498456acd330ef561.js.ubembed.com https://cdn.jsdelivr.net https://www.googletagmanager.com; img-src 'self' https://uploads.mikro.com.tr https://www.google.com https://www.google.com.tr https://cdn.cookielaw.org https://app.unbounce.com https://c.clarity.ms https://www.facebook.com https://cdn-mikro.atros.com.tr https://c.bing.com https://analytics.twitter.com https://t.co https://googleads.g.doubleclick.net https://www.googletagmanager.com https://analytics.twitter.com https://gen.sendtric.com https://bat.bing.com https://dynamic.criteo.com https://sslwidget.criteo.com https://x.bidswitch.net https://ib.adnxs.com https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://contextual.media.net https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://pixel.rubiconproject.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://cm.g.doubleclick.net https://criteo-sync.teads.tv https://criteo-partners.tremorhub.com https://eb2.3lift.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://sync.1rx.io https://dis.criteo.com https://dpm.demdex.net https://aa.agkn.com https://server.seadform.net https://token.rubiconproject.com https://sync.targeting.unrulymedia.com https://cdn.consentmanager.net https://a.delivery.consentmanager.net data: 2 frame-ancestors 'self' https://www.rhonefm.ch; 2 base-uri 'self'; connect-src 'self' https: wss:; default-src 'none'; media-src 'self' https://banners.wesendit.com; img-src 'self' https://*.gleap.io https://*.productfruits.com https: data: blob:; font-src 'self' data: https://fonts.gstatic.com https://*.productfruits.com https://widget.crowdswap.org; form-action 'self' https://*.facebook.com; frame-src 'self' https://*.gleap.io https://player.vimeo.com https://td.doubleclick.net https://*.sandbox.dat https://*.datatrans.com https://*.paypal.com https://*.cloudflare.com https://*.payrexx.com https://hooks.stripe.com https://verify.walletconnect.com https://*.googletagmanager.com https://banners.wesendit.com https://*.productfruits.com https://*.facebook.com https://*.youtube.com; frame-ancestors 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' https://*.gleap.io https://*.googletagmanager.com https://*.google-analytics.com https://*.trstplse.com https://*.googleapis.com https://*.doubleclick.net https://*.datatrans.com https://*.paypal.com https://*.gstatic.com https://*.crowdswap.org https://*.cloudflare.com https://*.payrexx.com https://*.hotjar.com https://*.facebook.net https://*.clarity.ms https://*.facebook.net https://*.productfruits.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.productfruits.com 2 frame-ancestors *.umay.club *.mycollege.kz *.codo.kz *.hrplus.kz *.nis.edu.kz *.edu.kz 2 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vk.com https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://smartcaptcha.yandexcloud.net https://yastatic.net https://mc.yandex.ru https://mc.yandex.com; child-src 'self' https://yastatic.net https://api-maps.yandex.ru https://smartcaptcha.yandexcloud.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; worker-src 'self' blob: data: https://yastatic.net https://api-maps.yandex.ru https://smartcaptcha.yandexcloud.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; frame-src 'self' https://yastatic.net https://api-maps.yandex.ru https://smartcaptcha.yandexcloud.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; style-src 'self' 'unsafe-inline' blob: https://yastatic.net; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https: blob: https://mc.yandex.ru https://mc.yandex.com https://*.maps.yandex.net https://api-maps.yandex.ru https://yandex.ru; connect-src 'self' https://yastatic.net https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://webvisor.com *.webvisor.com wss: ws://terminal.jewish-museum.ru; object-src 'none'; base-uri 'self'; form-action 'self' https://wpay.uniteller.ru https://fpay.uniteller.ru; frame-ancestors 'self'; 2 frame-ancestors 'self'; object-src 'none'; form-action 'self' 2 frame-ancestors 'self'; default-src 'self' data: blob: *.openstreetmap.org unpkg.com an.gr-wcon.com us-an.gr-cdn.com pagead2.googlesyndication.com snap.licdn.com px.ads.linkedin.com td.doubleclick.net us-ms.gr-cdn.com mzer.pl snid.snitcher.com bot.naxiom.com www.googletagmanager.com *.snitcher.com *.getresponse.com open.spotify.com www.google-analytics.com *.albacross.com *.google.pl *.google.com *.g.doubleclick.net *.hotjar.com *.bazo.io *.analytics.google.com; img-src data: blob: * *.momentjs.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.twitter.com *.youtube.com ajax.googleapis.com unpkg.com an.gr-wcon.com us-an.gr-cdn.com pagead2.googlesyndication.com snap.licdn.com px.ads.linkedin.com td.doubleclick.net us-ms.gr-cdn.com mzer.pl snid.snitcher.com bot.naxiom.com www.googletagmanager.com *.snitcher.com *.getresponse.com open.spotify.com www.google-analytics.com *.albacross.com *.google.pl *.google.com *.g.doubleclick.net *.hotjar.com *.bazo.io *.analytics.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com unpkg.com an.gr-wcon.com us-an.gr-cdn.com pagead2.googlesyndication.com snap.licdn.com px.ads.linkedin.com td.doubleclick.net us-ms.gr-cdn.com mzer.pl snid.snitcher.com bot.naxiom.com www.googletagmanager.com *.snitcher.com *.getresponse.com open.spotify.com www.google-analytics.com *.albacross.com *.google.pl *.google.com *.g.doubleclick.net *.hotjar.com *.bazo.io *.analytics.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.easypack24.net *.tiktok.com *.ttwstatic.com *.inpost.pl unpkg.com an.gr-wcon.com us-an.gr-cdn.com pagead2.googlesyndication.com snap.licdn.com px.ads.linkedin.com td.doubleclick.net us-ms.gr-cdn.com mzer.pl snid.snitcher.com bot.naxiom.com www.googletagmanager.com *.snitcher.com *.getresponse.com open.spotify.com www.google-analytics.com *.albacross.com *.google.pl *.google.com *.g.doubleclick.net *.hotjar.com *.bazo.io *.analytics.google.com; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.instagram.com *.twitter.com *.easypack24.net *.inpost.pl *.tiktok.com *.ttwstatic.com *.googletagmanager.com *.cloudflare.com *.openstreetmap.org unpkg.com an.gr-wcon.com us-an.gr-cdn.com pagead2.googlesyndication.com snap.licdn.com px.ads.linkedin.com td.doubleclick.net us-ms.gr-cdn.com mzer.pl snid.snitcher.com bot.naxiom.com www.googletagmanager.com *.snitcher.com *.getresponse.com open.spotify.com www.google-analytics.com *.albacross.com *.google.pl *.google.com *.g.doubleclick.net *.hotjar.com *.bazo.io *.analytics.google.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.momentjs.com momentjs.com *.google.com connect.facebook.net *.instagram.com *.twitter.com *.googletagmanager.com *.hotjar.com *.gstatic.com *.easypack24.net *.tiktok.com *.ttwstatic.com *.inpost.pl unpkg.com an.gr-wcon.com us-an.gr-cdn.com pagead2.googlesyndication.com snap.licdn.com px.ads.linkedin.com td.doubleclick.net us-ms.gr-cdn.com mzer.pl snid.snitcher.com bot.naxiom.com www.googletagmanager.com *.snitcher.com *.getresponse.com open.spotify.com www.google-analytics.com *.albacross.com *.google.pl *.google.com *.g.doubleclick.net *.hotjar.com *.bazo.io *.analytics.google.com; connect-src 'self' blob: ws: *.openstreetmap.org *.google-analytics.com *.googlesyndication.com *.hotjar.com *.hotjar.io unpkg.com an.gr-wcon.com us-an.gr-cdn.com pagead2.googlesyndication.com snap.licdn.com px.ads.linkedin.com td.doubleclick.net us-ms.gr-cdn.com mzer.pl snid.snitcher.com bot.naxiom.com www.googletagmanager.com *.snitcher.com *.getresponse.com open.spotify.com www.google-analytics.com *.albacross.com *.google.pl *.google.com *.g.doubleclick.net *.hotjar.com *.bazo.io *.analytics.google.com 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 child-src 'self' https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com https://apps.rokt.com https://sgtm.glossybox.co.uk https://*.ringcentral.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://api.stripe.com https://api-dev.pogodonate.com https://api.pogodonate.com https://app-dev.pogodonate.com https://app.pogodonate.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://obseu.seroundprince.com https://analytics.tiktok.com https://*.ringcentral.com wss://*.ringcentral.com https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://ct.pinterest.com https://sgtm.glossybox.co.uk; default-src 'none'; font-src 'self' https://app-dev.pogodonate.com https://app.pogodonate.com data: https://*.ringcentral.com https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.glossybox.co.uk https://checkout.glossybox.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' https://pogodonate.s3.eu-west-2.amazonaws.com https://app-dev.pogodonate.com https://app.pogodonate.com data: https://*.ringcentral.com https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' https://*.js.stripe.com https://js.stripe.com blob: https://app-dev.pogodonate.com https://app.pogodonate.com 'unsafe-eval' 'unsafe-inline' data: https://apps.rokt.com https://euob.seroundprince.com https://obseu.seroundprince.com https://analytics.tiktok.com https://static.ads-twitter.com https://*.ringcentral.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://s.pinimg.com https://sgtm.glossybox.co.uk; style-src 'self' https://*.js.stripe.com https://app-dev.pogodonate.com https://app.pogodonate.com 'unsafe-inline' https://*.ringcentral.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to csp-endpoint 2 child-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.hotjar.com https://*.hsforms.com https://*.sitescout.com https://www.databank.com; connect-src 'self' https://*.akamaihd.net https://*.amazonaws.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.hs-sites.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.parsely.com https://*.salesloft.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://*.youtube.com https://bat.bing.com https://bat.bing.net https://maps.googleapis.com https://obseu.bmccfortress.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com wss://*.hotjar.com; default-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com; font-src 'self' data: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.gstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.databank.com; frame-src 'self' https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.hs-sites.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.instagram.com https://*.issuu.com https://*.marketo.com https://*.sitescout.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com/ https://*.wordpress.com https://*.wp.com https://*.youtube.com https://s-static.ak.facebook.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com; img-src 'self' data: https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.bing.com https://*.cardlytics.com https://*.company-target.com https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotusercontent-na1.net https://*.instagram.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.parsely.com https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.sitescout.com https://*.usbrowserspeed.co https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://bat.bing.net https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://obseu.bmccfortress.com https://storage.pardot.com https://www.databank.com https://www.googletagmanager.com; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.wistia.com/ https://www.databank.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.bing.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hsleadflows.net https://*.hubapi.com https://*.hubspot.com https://*.hubspot.net https://*.hubspotfeedback.com https://*.instagram.com https://*.jsdelivr.net https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.ml314.com https://*.optmnstr.com https://*.pardot.com https://*.parsely.com https://*.pixel.ad https://*.predictiveresponse.net https://*.remarketstats.com https://*.salesloft.com https://*.scriptintel.io https://*.twitter.com https://*.usbrowserspeed.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://connect.facebook.net https://ml314.com https://obseu.bmccfortress.com https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.clickcease.com https://www.databank.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.googleapis.com https://*.gravatar.com https://*.jsdelivr.net https://*.marketo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wp.com https://tagmanager.google.com https://www.databank.com; worker-src 'self' blob: data: file: filesystem: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com 2 base-uri 'self'; default-src *; style-src 'unsafe-inline' *; script-src 'unsafe-eval' 'unsafe-inline' *; img-src *; media-src *; font-src *; connect-src *; worker-src *; frame-src *; form-action *; 2 frame-ancestors 'self' https://extrawatch.com https://app.extrawatch.com; upgrade-insecure-requests; 2 child-src 'self' https://ksms-p-001.sitecorecontenthub.cloud/;connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.moatads.com localhost:44001 *.hotjar.com *.hotjar.io *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.sumo.com sumo.com *.bc0a.com *.brightedge.com *.vidyard.com *.comm100.io *.googleadservices.com *.google.com *.milestoneinternet.com share.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/ *.sumome.com https://sumome.com *.surveymonkey.com *.fontawesome.com google.com *.rakanto.com *.demdex.net https://unitedhealthgroup.tt.omtrdc.net https://capturelogger-prod-usa.localiq.com https://unitedhealthgroup.tt.omtrdc.net;default-src 'self' *.googleapis.com *.gstatic.com fonts.gstatic.com *.vidyard.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.gstatic.com www.google.com *.comm100.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' share.kelsey-seybold.com https://apps.sitecore.net https://ksms-p-001.sitecorecontenthub.cloud/;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com *.fontawesome.com;frame-ancestors 'self' *.kelsey-seybold.com *.promotionsdev.com promotionsdev.com *.whyilike.com whyilike.com *.mykelseyonline.com https://www.clinicadekelsey.com https://temp-www.kelsey-seybold.com temp-www.kelsey-seybold.com www.mykelseyonline.com https://www.kelsey-seybold.com *.kelsey-seybold.com *.mycharttst.kelsey-seybold.com/ *.mycharttst.kelsey-seybold.com https://uat-www.clinicadekelsey.com share.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/ *.sitecorecontenthub.cloud ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.ksnet.com;frame-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net fonts.gstatic.com www.googletagmanager.com *.addthis.com *.addthisedge.com *.moatads.com *.hotjar.com *.vidyard.com *.addthis.com *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.google.com *.kelsey-seybold.com *.mykelseyonline.com *.whyilike.com whyilike.com *.promotionsdev.com promotionsdev.com *.googleservices.com *.doubleclick.net webto.salesforce.com *.salesforce.com *.podsnack.com *.flipsnack.com *.youtube.com *.understand.com *.typeform.com *.mykelseyonline.com https://www.clinicadekelsey.com https://www.kelsey-seybold.com *.kelsey-seybold.com https://www.facebook.com https://mykelseyonline.com/ *.adsrvr.org *.mycharttst.kelsey-seybold.com/ *.mycharttst.kelsey-seybold.com https://uat-www.clinicadekelsey.com https://temp-www.kelsey-seybold.com share.kelsey-seybold.com www.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/ *.sitecorecontenthub.cloud *.surveymonkey.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.ksnet.com;img-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.googleapis.com *.gstatic.com fonts.gstatic.com data: *.doubleclick.net *.google-analytics.com www.googletagmanager.com *.vidyard.com *.kelsey-seybold.com *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.b0e8.com *.simpli.fi *.googleadservices.com *.bc0a.com *.pro-market.net *.igodigital.com *.google.com *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.advertising.com *.intentiq.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.spotxchange.com *.adnxs.com *.rubiconproject.com *.openx.net *.pippio.com pippio.com *.apxlv.com *.trueleadid.com *.cogocast.net *.comm100.io *.hotjar.com https://*.hotjar.com https://usermatch.krxd.net https://beacon.krxd.net https://sync.mathtag.com *.adsrvr.org *.nextdoor.com share.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/ https://sumome.com *.sumome.com *.surveymonkey.com https://s3-eu-west-1.amazonaws.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com smetrics.optum.com;media-src 'self' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net share.kelsey-seybold.com https://ksms-p-001.sitecorecontenthub.cloud/;script-src 'self' *.addthis.com *.addthisedge.com *.moatads.com *.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com code.jquery.com 'unsafe-eval' 'unsafe-inline' *.hotjar.com unpkg.com *.cloudflare.com *.vidyard.com *.rlets.com *.reachlocalservices.com *.simpli.fi *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.googleservices.com *.doubleclick.net *.google.com *.sumo.com sumo.com *.bc0a.com *.b0e8.com *.igodigital.com *.googleadservices.com geo-targetly.com *.mykelseyonline.com *.comm100.com *.comm100vue.com *.typeform.com browser-update.org *.milestoneinternet.com mykelseyonline.com *.mykelseyonline.com kelsey-seybold.com *.nextdoor.com *.kelsey-seybold.com *.adsrvr.org *.googletagmanager.com mycharttst.kelsey-seybold.com *.mycharttst.kelsey-seybold.com *.kelsey-seybold.com temp-www.kelsey-seybold.com share.kelsey-seybold.com www.kelsey-seybold.com *.sumome.com *.surveymonkey.com *.fontawesome.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.rakanto.com *.adobedtm.com;style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.rlets.com *.reachlocalservices.com *.facebook.net *.rlcdn.com *.gannettdigital.com *.facebook.com *.simpli.fi *.googleservices.com *.doubleclick.net *.typeform.com mykelseyonline.com *.mykelseyonline.com temp-www.kelsey-seybold.com *.kelsey-seybold.com mycharttst.kelsey-seybold.com www.kelsey-seybold.com share.kelsey-seybold.com ksprod-new-ksc-cd.ksnet.com *.ksprod-new-ksc-cd.ksnet.com https://ksprod-new-ksc-cd.ksnet.com *.fontawesome.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline'; img-src data: 'self'; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com cdn.laola1.tv player.cloud.wowza.com live.virtual-events.at vimeo.com player.vimeo.com app.lapentor.com playout.3qsdn.com; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 2 default-src 'self' 'unsafe-inline' * data: blob:; script-src 'self' 'unsafe-inline' data: blob: https://*.doubleclick.net https://*.iesnare.com https://*.liveperson.net https://*.lpsnmedia.net https://*.paylode.com https://accounts.google.com https://apis.google.com https://bat.bing.com https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://cdn.jsdelivr.net https://cdn.plaid.com https://cdnjs.cloudflare.com https://cmp.osano.com https://connect.facebook.net https://hire.withgoogle.com https://js.hsforms.net https://js.stripe.com https://maps.googleapis.com https://s7.addthis.com https://sdk.us.heap-api.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://ws.zoominfo.com; script-src-elem 'self' 'unsafe-inline' data: blob: https://*.doubleclick.net https://*.iesnare.com https://*.liveperson.net https://*.lpsnmedia.net https://*.paylode.com https://accounts.google.com https://apis.google.com https://bat.bing.com https://browser.sentry-cdn.com https://cdn.heapanalytics.com https://cdn.jsdelivr.net https://cdn.plaid.com https://cdnjs.cloudflare.com https://cmp.osano.com https://connect.facebook.net https://hire.withgoogle.com https://js.hsforms.net https://js.stripe.com https://maps.googleapis.com https://s7.addthis.com https://sdk.us.heap-api.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://ws.zoominfo.com; script-src-attr 'unsafe-inline'; worker-src blob:; report-to csp-sentry; report-uri https://o69629.ingest.us.sentry.io/api/1288599/security/?sentry_key=762075c8415146eba795078437617b5e&sentry_environment=production 2 frame-ancestors 'self' https://411.windcreekcasinodev.com https://411.windcreekcasino.com https://411.windcreekcasinostage.com; 2 form-action https:; 2 default-src ‘self’; 2 default-src 'self' wss://ws.salecycle.com/ *.salecycle.com/ *.cloudfront.net/ assets.sc-trc.com/ mymachine.salecycle.com:8080/ *.fanplayr.com/ *.contentsquare.net/ *.office.net/ 'unsafe-inline'; style-src 'self' *.adobe.com/ *.scene7.com/ *.adobeaemcloud.com/ *.msccruises.com/ *.msccruises.ie/ *.msccruises.ch/ *.msccruises.de/ *.msccruises.at/ *.msccrociere.it/ *.msccroisieres.fr/ *.msccruceros.es/ *.msccruisesusa.com/ *.partnership.msccruises.com/ *.algolianet.com/ *.algolia.net/ *.dynatrace.com/ *.go-mpulse.net/ *.paypal.co/ *.apple.com/ *.googleapis.com/ google.com/ wss://ws.salecycle.com/ *.salecycle.com/ *.thron.com/ *.privacy-center.org/ cdn.jsdelivr.net/ *.fanplayr.com/ *.criteo.com/ *.criteo.net/ *.pinimg.com/ *.contentsquare.net/ *.kampyle.com/ *.medallia.eu/ *.medallia.com/ *.trustpilot.com/ 'unsafe-inline'; script-src 'self' *.adobe.com/ *.scene7.com/ *.adobeaemcloud.com/ *.msccruises.com/ *.msccruises.ie/ *.msccruises.ch/ *.msccruises.de/ *.msccruises.at/ *.msccrociere.it/ *.msccroisieres.fr/ *.msccruceros.es/ *.msccruisesusa.com/ *.partnership.msccruises.com/ *.algolianet.com/ *.algolia.net/ cdn.jsdelivr.net/ *.datatrans.com/ *.dynatrace.com/ *.go-mpulse.net/ *.akamaihd.net/ *.google.com/ google.com/ *.paypal.com/ *.apple.com/ *.adobedtm.com/ *.googletagmanager.com/ *.admo.tv/ *.facebook.net/ *.fanplayr.com/ *.msccruises.co.uk/ *.bing.com/ *.pinimg.com/ *.cloudfront.net/ *.tiktok.com/ *.freespee.com/ *.google-analytics.com/ *.pinterest.com/ *.gstatic.com/ *.googleadservices.com/ *.google.it/ *.google.co.uk/ *.google.ch/ *.google.ie/ *.google.gr/ *.googleapis.com/ wss://ws.salecycle.com/ *.salecycle.com/ *.doubleclick.net/ *.thron.com/ *.privacy-center.org/ *.clarity.ms/ blob: 'unsafe-inline' 'unsafe-eval' assets.sc-trc.com/ mymachine.salecycle.com:8080/ *.criteo.com/ *.criteo.net/ *.tiktokw.us/ *.bing-int.com/ *.google.hr/ *.google.es/ *.google.co.in/ *.google.com.tw/ *.google.bg/ *.google.com.tr/ *.google.fr/ *.google.com.eg/ *.google.com.mt/ *.google.com.au/ *.google.de/ *.google.im/ *.google.co.za/ *.google.com.hk/ *.google.co.il/ *.google.kz/ *.google.be/ *.google.pt/ *.contentsquare.net/ *.trustpilot.com/ *.kampyle.com/ *.medallia.eu/ *.medallia.com/; img-src 'self' data: *.adobe.com/ *.scene7.com/ *.adobeaemcloud.com/ *.assetsadobe.com/ *.msccruises.com/ *.msccruises.co.uk/ *.msccruises.ie/ *.msccruises.ch/ *.msccruises.de/ *.msccruises.at/ *.msccrociere.it/ *.msccroisieres.fr/ *.msccruceros.es/ *.msccruisesusa.com/ *.partnership.msccruises.com/ *.algolianet.com/ *.algolia.net/ *.youtube.com/ *.bing.com/ *.paypalobjects.com/ *.paypal.com/ *.gstatic.com/ *.doubleclick.net/ *.googletagmanager.com/ *.googleadservices.com/ *.google.it/ *.google.com/ *.google.ch/ *.google.co.uk/ *.google.ie/ *.google.gr/ *.facebook.com/ *.datatrans.com/ *.thron.com/ *.privacy-center.org/ *.clarity.ms/ *.fanplayr.com *.cloudfront.net assets.sc-trc.com/ *.criteo.com/ *.criteo.net/ *.tiktokw.us/ *.bing-int.com/ *.google.hr/ *.google.es/ *.google.co.in/ *.google.com.tw/ *.google.bg/ *.google.com.tr/ *.google.fr/ *.google.com.eg/ *.google.com.mt/ *.google.com.au/ *.google.de/ *.google.im/ *.google.co.za/ *.google.com.hk/ *.google.co.il/ *.google.kz/ *.google.be/ *.google.pt/ *.contentsquare.net/ *.ytimg.com/ *.emailingnetwork-platform.com/ *.kampyle.com/ *.medallia.eu/ *.medallia.com/ *.trustpilot.com/; frame-src 'self' *.adobe.com/ *.youtube.com *.datatrans.com/ *.paypal.com/ *.apple.com/ *.googletagmanager.com/ *.pinterest.com/ *.paypalobjects.com/ *.gstatic.com/ *.doubleclick.net/ *.googleadservices.com/ *.google.it/ *.google.com/ *.google.ch/ *.google.co.uk/ *.google.ie/ *.google.gr/ *.facebook.com/ *.msccruises.com/ *.privacy-center.org/ wss://ws.salecycle.com/ *.salecycle.com/ *.cloudfront.net/ assets.sc-trc.com/ mymachine.salecycle.com:8080/ *.thron.com/ *.clarity.ms/ *.criteo.com/ *.criteo.net/ *.tiktokw.us/ *.contentsquare.net/ *.trustpilot.com/ *.kampyle.com/ *.medallia.eu/ *.medallia.com/; frame-ancestors 'self' main--cm-p155458-s6675-msc--adobe-cm.aem.page main--cm-p155458-s6675-msc--adobe-cm.aem.live d3d1m8nh1kp829.cloudfront.net *.trustpilot.com/; connect-src 'self' *.adobe.com/ *.scene7.com/ *.algolianet.com/ *.algolia.net/ cdn.jsdelivr.net/ *.datatrans.com/ *.dynatrace.com/ *.go-mpulse.net/ *.akstat.io/ *.akamaihd.net/ google.com/ *.google.com/ *.google.it/ *.google.ch/ *.google.co.uk/ *.google.ie/ *.google.gr/ *.paypal.com/ *.apple.com/ *.cloudhub.io/ *.adobedc.net/ *.adobedtm.com/ *.googletagmanager.com/ *.admo.tv/ *.facebook.net/ *.facebook.com/ *.fanplayr.com/ *.msccruises.co.uk/ *.bing.com/ *.bing.net/ *.pinimg.com/ *.cloudfront.net/ *.tiktok.com/ *.freespee.com/ *.google-analytics.com/ *.pinterest.com/ *.paypalobjects.com/ *.gstatic.com/ *.demdex.net/ *.salecycle.com/ *.thron.com/ *.privacy-center.org/ *.msccruises.com/ wss://ws.salecycle.com/ *.salecycle.com/ *.privacy-center.org/ *.msccruises.com/ *.clarity.ms/ *.adobeaemcloud.com/ assets.sc-trc.com/ mymachine.salecycle.com:8080/ smetrics.msccruises.co.uk/ smetrics.msccruisesusa.com/ smetrics.msccruises.ie/ smetrics.msccruises.de/ smetrics.msccruises.at/ smetrics.msccruises.ch/ smetrics.msccrociere.it/ smetrics.msccroisieres.fr/ smetrics.msccruceros.es/ *.doubleclick.net/ *.algolia.io/ *.criteo.com/ *.criteo.net/ *.tiktokw.us/ *.googleadservices.com/ *.bing-int.com/ *.google.hr/ *.google.es/ *.google.co.in/ *.google.com.tw/ *.google.bg/ *.google.com.tr/ *.google.fr/ *.google.com.eg/ *.google.com.mt/ *.google.com.au/ *.google.de/ *.google.im/ *.google.co.za/ *.google.com.hk/ *.google.co.il/ *.google.kz/ *.google.be/ *.google.pt/ *.contentsquare.net/ *.kampyle.com/ *.medallia.eu/ *.medallia.com/ *.trustpilot.com/; font-src 'self' data: *.adobe.com/ *.scene7.com/ *.adobeaemcloud.com/ *.fanplayr.com/ *.gstatic.com/ *.office.net/ *.trustpilot.com/; media-src 'self' stage-assets.msccruises.com/ assets.msccruises.com/ *.adobe.com/ *.scene7.com/ *.thron.com/ *.trustpilot.com/ blob: 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.smsapi.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms *.devsms.com ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.smsapi.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms *.devsms.com ; connect-src 'self' *.clickcease.com *.cookiebot.eu *.cookiebot.com *.cookielaw.org *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com google.com *.hotjar.com *.hotjar.io *.intercom.io *.tawk.to cdn.smsapi.com *.devsms.com cdnjs.cloudflare.com connect.facebook.net i.imgur.com js.intercomcdn.com plausible.io uploads.intercomcdn.com uploads.intercomusercontent.com smsapi.pl smsapi.com sentry.smsapi.com http://smsapi.pl/* http://*.smsapi.pl/* http://www.smsapi.pl/* wss://www.smsapi.bg wss://www.smsapi.com wss://www.smsapi.pl wss://www.smsapi.ro wss://*.hotjar.com wss://*.intercom.io wss://*.tawk.to www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ bat.bing.com sgtm.smsapi.pl *.clarity.ms *.oribi.io *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws https://*.googlesyndication.com/ px.ads.linkedin.com ; frame-src *.doubleclick.net *.hotjar.com *.hotjar.io *.youtube-nocookie.com *.youtube.com youtube.com consentcdn.cookiebot.eu consentcdn.cookiebot.com www.facebook.com www.google.com/recaptcha/ www.googletagmanager.com ; img-src data: blob: 'self' *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.facebook.com *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-9.com *.intercomcdn.com *.smsapi.com *.smsapi.pl *.devsms.com *.tawk.to *.twimg.com *.youtube.com *.ytimg.com *.zapier.com cdn.jsdelivr.net i.imgur.com messenger-apps.intercom.io *.linkedin.com static.intercomassets.com uploads.intercomusercontent.com www.googletagmanager.com zapier-images.imgix.net *.bing.com *.clarity.ms *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws img.sct.eu1.usercentrics.eu ; style-src 'unsafe-inline' 'self' *.erecruiter.pl *.fontawesome.com *.smsapi.com *.smsapi.pl *.devsms.com *.tawk.to fonts.googleapis.com ; font-src 'self' *.fontawesome.com *.hotjar.com *.hotjar.io *.tawk.to cdnjs.cloudflare.com fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com cdn.smsapi.com *.devsms.com ; child-src 'self' blob: fast.wistia.net intercom-sheets.com player.vimeo.com share.intercom.io www.intercom-reporting.com www.youtube.com ; form-action 'self' *.facebook.com api-iam.intercom.io app.marketingplatform.com intercom.help ; media-src 'self' *.tawk.to js.intercomcdn.com ; worker-src 'self' blob:; report-to csp-report-endpoint; report-uri https://sentry.smsapi.com/api/9/security/?sentry_key=54a0185e0d3c272313efb135bc1754f3; 2 frame-ancestors 'self' https://www.escanav.com; 2 frame-ancestors ; connect-src www.mineraltree.com www.google-analytics.com analytics.google.com api.company-target.com company-target.com segments.company-target.com s.company-target.com rlcdn.com *.cookielaw.org *.popt.in *.demandbase.com *.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com *.onetrust.com *.cloudfront.net *.clarity.ms my.g2.com *.doubleclick.net; default-src 'self' 'unsafe-inline' mineralstage.wpengine.com www.google-analytics.com *.google.com maps.googleapis.com stats.g.doubleclick.net *.chilipiper.com *.clickagy.com www.googletagmanager.com *.breezy.hr *.linkedin.oribi.io *.linkedin.com *.wistia.com *.zoominfo.com *.litix.io cdn.cookielaw.org *.onetrust.com vimeo.com dev.visualwebsiteoptimizer.com *.popt.in *.cloudfront.net *.company-target.com *.demandbase.com *.rlcdn.com; font-src 'self' use.typekit.net fonts.gstatic.com *.popt.in *.cloudflare.com *.on.aws *.cloudfront.net *.amazonaws.com data:; frame-src 'self' 'unsafe-inline' player.vimeo.com js.driftt.com *.bugherd.com mineraltree.breezy.hr *.mineraltree.com *.googletagmanager.com optimize.google.com *.youtube.com *.chilipiper.com *.doubleclick.net *.company-target.com *.google.com *.visualwebsiteoptimizer.com app.vwo.com data:; img-src 'self' mineralstage.wpengine.com www.google.com www.google-analytics.com maps.gstatic.com maps.googleapis.com *.googletagmanager.com optimize.google.com *.linkedin.com lltrck.com b.6sc.co p.adsymptotic.com *.clickagy.com *.rlcdn.com *.bing.com *.wistia.com *.vimeocdn.com *.chilipiper.com cdn.cookielaw.org *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io *.company-target.com *.clarity.ms hostedseal.trustarc.com images.g2crowd.com data:; media-src 'self' mineralstage.wpengine.com blob:; script-src 'self' 'unsafe-inline' mineralstage.wpengine.com js.driftt.com *.bugherd.com j.6sc.co www.googletagmanager.com www.google-analytics.com maps.googleapis.com www.googleoptimize.com optimize.google.com player.vimeo.com pi.pardot.com ws.zoominfo.com tracking.leadlander.com snap.licdn.com go.mineraltree.com mineraltree.breezy.hr *.chilipiper.com *.bing.com *.clickagy.com *.wistia.com *.capterra.com cdn.cookielaw.org *.visualwebsiteoptimizer.com app.vwo.com cdn.jsdelivr.net cdnjs.cloudflare.com *.popt.in tag.demandbase.com tag-logger.demandbase.com scripts.demandbase.com www.google.com www.gstatic.com *.clarity.ms my.g2.com blob:; style-src 'self' 'unsafe-inline' mineralstage.wpengine.com *.typekit.net *.googleapis.com optimize.google.com *.popt.in *.cloudflare.com *.on.aws *.visualwebsiteoptimizer.com app.vwo.com; 2 frame-ancestors *.brunomarc.com 2 default-src *; connect-src * blob: ; media-src * blob: data:; ; object-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self' https://scatbook.com https://darkfans.com; 2 default-src * blob: data:; font-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src *; img-src * data:; style-src 'self' fonts.googleapis.com https://apps.bazaarvoice.com http://display.ugc.bazaarvoice.com https://embed.salefinder.com.au https://app.medmate.com.au https://test-app.medmate.com.au https://fonts.cdnfonts.com https://embed.typeform.com 'unsafe-inline' https://vercel.live; base-uri 'self'; form-action 'self' https://*.paypal.com; 2 frame-ancestors http://idsplinfo.in/ http://www.idsplinfo.in/ http://idslinfo.in/ http://www.idslinfo.in/ 'self'; 2 frame-ancestors 'self' https://admin.earlygame.com earlygame.com; 2 0 2 script-src 'unsafe-inline' 'unsafe-eval' https://universalclass.com https://*.universalclass.com https://*.4uc.org https://4uc.org https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com; object-src 'none';frame-ancestors 'self' 2 frame-ancestors 'self' www.google.com; connect-src 'self' data: *.po.edu.pl wss://fulltextsearch.org/flare *.google-analytics.com wu.po.opole.pl socialplugin.facebook.net www.facebook.com/plugins/customer_chat/ maps.googleapis.com https://www.google.com/recaptcha/ www.google.com www.gstatic.com; default-src 'self' data: *.po.edu.pl 'unsafe-inline' blob:; font-src 'self' data: *.po.edu.pl fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net; frame-src 'self' data: *.po.edu.pl www.facebook.com maps.google.com www.google.com web.facebook.com www.youtube.com www.youtube-nocookie.com https://po.edu.pl/dni_otwarte https://politechnika-opolska.ipv4-only.speedtestcustom.com/; img-src 'self' data: graph.facebook.com *.xx.fbcdn.net wu.po.opole.pl s.w.org *.ytimg.com *.po.edu.pl *.fna.fbcdn.net www.googletagmanager.com www.youtube.com; script-src 'self' *.po.edu.pl cdn.jsdelivr.net www.youtube.com www.googletagmanager.com maps.googleapis.com 'unsafe-eval' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; script-src-elem 'self' *.po.edu.pl cdn.jsdelivr.net www.youtube.com www.googletagmanager.com connect.facebook.net 'unsafe-inline' www.youtube.com/iframe_api *.www-widgetapi.js www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' *.po.edu.pl fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline'; style-src-elem 'self' *.po.edu.pl cdn.jsdelivr.net www.googletagmanager.com connect.facebook.net 'unsafe-inline' www.youtube.com fonts.googleapis.com; worker-src blob:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; 2 default-src 'self' * 'unsafe-inline'; frame-src 'self' * 'unsafe-inline'; img-src 'self' data: * 'unsafe-inline'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' https://duerrtablets.tema-hosting.de/ 2 connect-src 'self' *.akstat.io *.go-mpulse.net cdn.cookielaw.org *.bing.com *.brightcove.com *.brightcove.net *.google-analytics.com *.quantummetric.com *.boltdns.net *.brightcovecdn.com *.google.com *.linkedin.com *.doubleclick.net api.company-target.com *.demandbase.com *.onetrust.com *.virtualearth.net *.akamaihd.net *.dynatrace.com *.akamaihd.net;;default-src 'self' data: blob: https: *.fls.doubleclick.net *.brightcove.com *.brightcove.net *.fmglobal.com local.fmglobal pbs.twimg.com *.googletagmanager.com http://manifest.prod.boltdns.net *.akamaihd.net;;font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com;;frame-ancestors 'self' ;frame-src 'self' *.quantummetric.com *.googletagmanager.com *.doubleclick.net *.company-target.com fmglobalpublic.quantummetric.com;;img-src 'self' data: *.bing.com cdn.cookielaw.org *.linkedin.com *.akstat.io www.googletagmanager.com *.virtualearth.net metrics.brightcove.com segments.company-target.com *.rlcdn.com *.gstatic.com *.boltdns.net *.cdn maps.fmglobal.com ;media-src 'self' blob: *.fmglobal.com *.fm.com local.fmglobal;;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.brightcove.com *.brightcove.net cdnjs.cloudflare.com *.google-analytics.com www.googletagmanager.com *.quantummetric.com cdn.cookielaw.org *.bing.com *.go-mpulse.net blob: *.fm.com local.fm cdn.datatables.net connect.facebook.net js.adsrvr.org s.go-mpulse.net snap.licdn.com static.ads-twitter.com tag.demandbase.com z.moatads.com vjs.zencdn.net *.virtualearth.net www.googleadservices.com *.ceros.com *.cdn s.company-target.com ingest.quantummetric.com mktdplp102cdn.azureedge.net tagmanager.google.com;;style-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.quantummetric.com cdnjs.cloudflare.com fonts.googleapis.com *.bing.com cdn.datatables.net tagmanager.google.com;; 2 script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; img-src * data: blob:; connect-src *; default-src * data: blob:; 2 frame-ancestors 'self' www.scc-events.com; 2 frame-ancestors *.imu.nl *.phoenixsite.nl www.scalia.nl 2 frame-ancestors 'self' http://*.di.dk; 2 form-action 'self' *.coworkingresources.org *.getkisi.com *.hsforms.com *.hsforms.net *.hubspot.com coworkingresources.org getkisi.com production-b3jhdbaf6q-uk.a.run.app staging-b3jhdbaf6q-uk.a.run.app www.facebook.com; script-src 'self' 'unsafe-inline' *.clearbit.com *.clearbitjs.com *.clearbitscripts.com *.hsforms.com *.hsforms.net *.hubspot.com *.smartlook.cloud *.smartlook.com *.typekit.net a.omappapi.com a.optmnstr.com ajax.googleapis.com api.na.chilipiper.com assets.apollo.io bat.bing.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org fonts.googleapis.com fonts.gstatic.com google.com googleads.g.doubleclick.net idsync.rlcdn.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.na.chilipiper.com js.usemessages.com netlify-cdp-loader.netlify.app optimize.google.com player.cloudinary.com production-b3jhdbaf6q-uk.a.run.app recaptcha.net s.adroll.com script.hotjar.com snap.licdn.com ssl.google-analytics.com staging-b3jhdbaf6q-uk.a.run.app static.ads-twitter.com static.hotjar.com tagmanager.google.com w.appzi.io www.chatbase.co www.clarity.ms www.google-analytics.com www.google.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.youtube.com 2 default-src 'none'; script-src 'self' 'sha256-8utW+kKzeUlJv3uhUjjdPCEamVpNjhk4CpTE1oe3icY=' https://app.intercom.io https://widget.intercom.io https://*.intercomcdn.com https://plausible.io https://static.cloudflareinsights.com https://*.cloudflareaccess.com https://js.stripe.com; connect-src *; style-src 'self' 'unsafe-inline' https://*.cloudflareaccess.com https://fonts.googleapis.com; img-src data: blob: https://*.hoa-express.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.googleapis.com https://*.gstatic.com https://*.google.com; font-src 'self' data: https://*.hoa-express.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com; child-src 'self' blob: https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.stripe.com; media-src 'self' https://js.intercomcdn.com; manifest-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io https://f4g8z0njphjx.statuspage.io; report-uri https://sparksuite.report-uri.com/r/d/csp/enforce; report-to csp-endpoint; 2 default-src 'self'; script-src 'self' 'unsafe-inline' blob: https://matomo01.cms.kommunale.it; connect-src 'self' https://matomo01.cms.kommunale.it; style-src 'self' 'unsafe-inline' ; img-src 'self' data:; font-src 'self'; object-src 'none';frame-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests 2 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors *.caf.io 2 frame-ancestors 'self' https://stat01.opsanalytics.ch https://marketing.opsone.ch https://content.opsone.ch; 2 base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 2 frame-ancestors 'self' https://www.racq.com.au https://rac.com.au https://our.raa.com.au; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src data: *.zettagrid.com fonts.googleapi.com fonts.hsforms.com fonts.gstatic.com; form-action forms.hsforms.com *.zettagrid.com; frame-ancestors 'self' app.hubspot.com; frame-src 'self' 'unsafe-inline' https: zettagrid.com static.hsappstatic.net *.cloudfront.net www.redbubble.com forms.hsforms.com app.hubspot.com www.google.com *.vmware.com *.g.doubleclick.net *.zettagrid.com app.hubspot.com www.youtube.com *.googletagmanager.com; upgrade-insecure-requests 2 script-src 'strict-dynamic' 'sha256-nUpWXjxj8sV4lkU6HNFNDvOYlrotKgJe5/p7jnHEq8o=' 'sha256-M5kmoZMn+XdTJMDJU00ia66v/GXBPHKmeLzQCdGU4xE=' 'nonce-Njg0ODkzMDk3MDcxMzk2Nzc4Ng==' 'unsafe-hashes' ; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google.com/ https://noname-drink.appspot.com/stats; style-src 'self' 'unsafe-inline' https://www.google.com/ https://ajax.googleapis.com/; img-src 'self' data: https://*.tile.openstreetmap.org http://*.tile.openstreetmap.de; frame-src 'self' https://pizza.noname-ev.de 2 frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 2 frame-ancestors 'self' *.studis-online.de *.bafoeg-rechner.de *.netzseiten.de; 2 frame-ancestors 'none'; base-uri 'none'; 2 default-src 'self' https://wchat.freshchat.com https://hooks.stripe.com https://js.stripe.com;style-src 'self' 'unsafe-inline' https://baremetrics-dunning.baremetrics.com/css/barepay.css https://wchat.freshchat.com/css/widget.css https://js.stripe.com/v3/* https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.stripe.com/checkout.js https://www.google-analytics.com https://ajax.googleapis.com https://script.crazyegg.com use.fontawesome.com www.google.com cdnjs.cloudflare.com www.gstatic.com grok-2018.local:8890 www.googletagmanager.com d36mpcpuzc4ztk.cloudfront.net baremetrics-dunning.baremetrics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://wchat.freshchat.com/js/widget.js https://js.stripe.com https://hooks.stripe.com https://js.stripe.com/v3/* https://cdn.jsdelivr.net/npm/anchor-js/anchor.min.js http://www.google-analytics.com/analytics.js https://*.analytics.google.com;connect-src 'self' https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://dunning.baremetrics.com/customer_status https://script.crazyegg.com https://www.google-analytics.com https://checkout.stripe.com https://*.analytics.google.com/;object-src 'none';font-src 'self' data: https://fonts.gstatic.com/;img-src 'self' data: https://secure.gravatar.com https://www.google.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com https://q.stripe.com www.gstatic.com https://www.google.pt;frame-src https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://platform.twitter.com www.google.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' *;img-src *;script-src-elem 'unsafe-inline' *;frame-src *;font-src *;connect-src *; 2 default-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com unpkg.com googletagmanager.com rum-static.pingdom.net www.google-analytics.com data: audio: kit.fontawesome.com ka-f.fontawesome.com fonts.gstatic.com rum-collector-2.pingdom.net connect.facebook.net www.facebook.com stats.g.doubleclick.net lifeblood.clevertar.app webau.blob.core.windows.net my-opa.donateblood.com.au www.youtube.com www.google.com oembed.libsyn.com fls.doubleclick.net dc.services.visualstudio.com js.clevertar.app https://bcvipsd20.rightnowtech.com/engagement/api/consumer/ https://my-opa.donateblood.com.au/web-determinations/redirectQuery aurcbloodservices.widget.custhelp.com region1.google-analytics.com region1.analytics.google.com https://aurcbloodservices.widget.custhelp.com https://characters.clevertar.app https://components.clevertar.app https://api.experianaperture.io/ snap.licdn.com ads.linkedin.com www.google.com.au/ads/ga-audiences cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads cdn.pdst.fm https://romeo.liveclicker.com https://previewpxy.liveclicker.com https://preview.analytics.lifeblood.com.au https://analytics.lifeblood.com.au/; connect-src 'self' intercept.inmoment.com.au csc.inmoment.com www.google-analytics.com rum-collector-2.pingdom.net maps.googleapis.com aurcbloodservices.widget.custhelp.com doubleclick.net https://components.clevertar.app https://qa-lifeblood.clevertar.app/ azure.com/ api.experianaperture.io my-opa.donateblood.com.au intercept-client.inmoment.com.au analytics.google.com analytics.tiktok.com ads.linkedin.com https://bcvipsd20.rightnowtech.com reddit.com https://preview.analytics.lifeblood.com.au https://analytics.lifeblood.com.au/ https://www.google.com/recaptcha/ www.googletagmanager.com/ https://pixel.byspotify.com https://pixel-config.reddit.com https://wa.onelink.me/v1/onelink; font-src 'self' kit.fontawesome.com cdnjs.cloudflare.com ka-f.fontawesome.com data: application: fonts.gstatic.com https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/euf/core/3.3/thirdParty/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads https://qa-lifeblood.clevertar.app/; frame-src 'self' www.youtube.com www.facebook.com oembed.libsyn.com www.google.com fls.doubleclick.net https://platform.twitter.com/ www.instagram.com www.linkedin.com https://api.experianaperture.io/ snap.licdn.com ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au feedback.inmoment.com.au preview.analytics.lifeblood.com.au; img-src 'self' www.w3.org/* data: https: http: image: blob: region1.google-analytics.com region1.analytics.google.com snap.licdn.com ads.linkedin.com cdn.linkedin.oribi.io gw.linkedin.oribi.io analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.facebook.com kit.fontawesome.com www.google-analytics.com ka-f.fontawesome.com googleads.g.doubleclick.net www.w3.org code.jquery.com www.youtube.com clevertar.azureedge.net www.googletagmanager.com rum-static.pingdom.net img.en25.com rum-collector-2.pingdom.net lifeblood.clevertar.app my-opa.donateblood.com.au https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ aurcbloodservices.widget.custhelp.com/ci/oit https://aurcbloodservices.widget.custhelp.com https://www.rnengage.com/api https://api.experianaperture.io/ https://aurcbloodservices.widget.custhelp.com/s/oit/latest/common/v0/libs/oit/ snap.licdn.com ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://romeo.liveclicker.com https://previewpxy.liveclicker.com https://preview.analytics.lifeblood.com.au https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com img.en25.com my-opa.donateblood.com.au rum-static.pingdom.net www.googleadservices.com/ www.w3.org/* code.jquery.com/jquery-3.5.0.min.js kit.fontawesome.com www.youtube.com www.googletagmanager.com connect.facebook.net www.google-analytics.com clevertar.azureedge.net googleads.g.doubleclick.net www.gstatic.com/recaptcha/releases/ aurcbloodservices.widget.custhelp.com https://my-opa.donateblood.com.au/web-determinations/staticresource/ www.rnengage.com/api/ https://platform.twitter.com/ https://www.instagram.com/ https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://components.clevertar.app/ https://qa-lifeblood.clevertar.app/ https://r.turn.com https://preview.analytics.lifeblood.com.au/ https://websdk.appsflyer.com/ https://pixel.byspotify.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' ka-f.fontawesome.com/* https://fonts.googleapis.com/css https://clevertar.azureedge.net/UserInterface/evo/classic.css fonts.googleapis.com www.googletagmanager.com my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au https://components.clevertar.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' maps.googleapis.com/* unpkg.com fonts.googleapis.com kit.fontawesome.com www.googletagmanager.com clevertar.azureedge.net https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au components.clevertar.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://www.lifeblood.com.au/report-uri/enforce; upgrade-insecure-requests 2 default-src 'self' https://in2-files.zohopublic.in/ https://static.zohocdn.com/salesiq/MEDIA_14/sound/ping_B3Q7CttOJr4_tpj5BQsAbUyBDTjROkEVntM-uJp-rdZT3N_ALeIfWJZULOfCeBiL_.mp3; connect-src 'self' https://salesiq.zohopublic.in https://e.clarity.ms/collect https://maps.googleapis.com https://googleads.g.doubleclick.net/ https://www.google.com https://www.google-analytics.com https://analytics.google.com/ https://gisprod.tataskybb.com https://pagesense-collect.zoho.in https://www.facebook.com https://www.google-analytics.com https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://www.google.com https://www.tataplayfiber.com https://maps.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: gap: https://www.clarity.ms/tag/r8iowognwh https://www.clarity.ms/s/0.8.1/clarity.js https://www.clarity.ms/s/0.7.68/clarity.js https://code.jquery.com/ https://tsbb-corporate-portal-uat-files.s3.ap-south-1.amazonaws.com/s3fs-public/js/ https://crm.zoho.in/crm/javascript/zcga.js https://www.clarity.ms/tag/ml3qizflr2 https://tsbb-corporate-portal-uat-files.s3.ap-south-1.amazonaws.com/ https://tsbb-corporate-portal-files.s3.ap-south-1.amazonaws.com/s3fs-public/js/ https://tsbb-corporate-portal-files.s3.ap-south-1.amazonaws.com/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://static.zohocdn.com/pagesense/ https://static.zohocdn.com/ https://js.zohocdn.com https://salesiq.zohopublic.in https://salesiq.zohopublic.in/* https://crm.zoho.in/crm/javascript/zcga.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://public.releases.juspay.in/hyper-sdk-web/HyperServices.js https://public.releases.juspay.in/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://connect.facebook.net https://cdn-in.pagesense.io https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://static.zohocdn.com/pagesense/tracking https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://www.tataplayfiber.com https://www.gstatic.com/recaptcha/releases/joHA60MeME-PNviL59xVH9zs/recaptcha__en.js https://www.google.com https://maps.gstatic.com; img-src 'self' data: https://tsbb-dev-billing-bucket.s3.ap-south-1.amazonaws.com https://css.zohocdn.com https://static.zohocdn.com/ https://in2-files.zohopublic.in https://salesiq.zohopublic.in https://tataplayfiber.com https://static.zohocdn.com/ https://c.clarity.ms/c.gif https://tsbb-corporate-portal-files.s3.ap-south-1.amazonaws.com https://tsbb-corporate-portal-uat-files.s3.ap-south-1.amazonaws.com/ https://www.google.co.in/pagead/1p-user-list/10796352102/ https://www.google.co.in/pagead/1p-user-list/10796352102/* https://www.google.co.in/ads/ga-audiences/* https://www.google-analytics.com https://maps.googleapis.com https://www.facebook.com/tr http://tsbb-dev-billing-bucket.s3.amazonaws.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://css.zohocdn.com https://webfonts.zoho.in/ https://tsbb-corporate-portal-files.s3.ap-south-1.amazonaws.com/ https://tsbb-corporate-portal-uat-files.s3.ap-south-1.amazonaws.com/ https://www.tataplayfiber.com/themes/custom/tsb/css/bootstrap.css https://static.zohocdn.com/ https://fonts.googleapis.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com ; font-src 'self' data: https://css.zohocdn.com https://static.zohocdn.com/ https://s3.ap-south-1.amazonaws.com https://fonts.gstatic.com https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com ; frame-src 'self' bytedance: https://www.googletagmanager.com/ https://salesiq.zohopublic.in/ https://td.doubleclick.net/ https://static.addtoany.com/ https://payments.juspay.in/ https://sandbox.assets.juspay.in/ https://www.facebook.com/ https://cdn-in.pagesense.io/ https://public.releases.juspay.in/ https://www.google-analytics.com https://www.facebook.com https://www.google.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com ; object-src 'self' https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://www.tataplayfiber.com https://maps.gstatic.com https://www.google.com ; 2 default-src 'self'; script-src 'self' https://static-forms.lacontrevoie.fr/; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://static-forms.lacontrevoie.fr/; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self' data:; worker-src 'self' blob:; 2 default-src 'self'; img-src 'self' data: https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://www.googletagmanager.com https://*.clarity.ms; frame-src https://www.youtube.com; connect-src https://www.google-analytics.com https://*.clarity.ms https://intouchreceipting-api.azurewebsites.net; 2 connect-src 'self' *.squarecloud.app *.squarecloud.dev *.github.com *.crisp.chat wss://*.crisp.chat *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.cloudflare.com *.cloudflareinsights.com discord.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://www.googletagmanager.com https://www.google-analytics.com https://*.g.doubleclick.net https://snap.licdn.com https://*.googlesyndication.com https://img.en25.com https://connect.facebook.net https://static.ads-twitter.com https://ws.zoominfo.com https://*.googleadservices.com https://*.google.com https://*.brightcove.com https://*.gstatic.com https://maps.googleapis.com https://*.hotjar.com https://*.clarity.ms https://vjs.zencdn.net https://secure.p04.eloqua.com https://tag.demandbase.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://*.opendns.com https://opencdn.fpjs.sh https://fpnpmcdn.net https://*.linkedin.com https://*.gartner.com https://cdnjs.cloudflare.com https://openfpcdn.io https://*.adtrafficquality.google https://*.company-target.com https://*.blackfire.io https://*.ads-twitter.com https://*.facebook.net https://*.licdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.viavisolutions.com https://*.googleapis.com https://tags.srv.stackadapt.com https://www.googletagmanager.com https://players.brightcove.net https://www.gartner.com https://*.brightcove.com; img-src 'self' about: blob: data: https://*.viavisolutions.com http://comms.viavisolutions.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googlesyndication.com https://*.google.com https://maps.gstatic.com https://maps.googleapis.com https://*.clarity.ms https://t.co https://analytics.twitter.com https://*.linkedin.com https://www.facebook.com https://*.brightcove.com https://ws.zoominfo.com https://*.boltdns.net https://fonts.gstatic.com https://id.rlcdn.com https://segments.company-target.com https://tags.srv.stackadapt.com https://stickerly.pstatic.net https://players.brightcove.net https://*.gartner.com https://*.clarity.ms https://*.bing.com https://*.linkedin.com; media-src 'self' blob: https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.akamaihd.net https://*.cf.brightcove.com; frame-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://td.doubleclick.net https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com https://www.googletagmanager.com https://*.libsyn.com; frame-ancestors 'self' https://*.viavisolutions.com https://viavi.seismic.com; child-src 'self' blob: https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com; font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://players.brightcove.net https://*.brightcove.com; connect-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://*.gstatic.com https://www.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google.com https://maps.googleapis.com https://*.g.doubleclick.net https://tags.srv.stackadapt.com https://*.brightcove.com https://ws.zoominfo.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.clarity.ms https://*.boltdns.net https://*.akamaihd.net https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com https://tag-logger.demandbase.com https://*.opendns.com https://px.ads.linkedin.com https://api.fpjs.io https://www.feedrapp.info https://*.adtrafficquality.google https://*.ceros.com https://*.brightcovecdn.com https://*.google-analytics.com; report-uri /report-csp-violation 2 frame-ancestors 'self' *.tennisonly.com.au *.runningwarehouse.com.au *.totalpickleball.com.au www.runningwarehouse.eu www.runningwarehouse.com www.tennis-warehouse.com www.tenniswarehouse-europe.com; 2 img-src 'self' data: https: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=report 2 worker-src blob:; default-src * data: 'unsafe-eval' 'unsafe-inline' 2 default-src 'self'; script-src 'self'; 2 frame-ancestors https://*.trend.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 2 default-src 'self'; style-src * 'unsafe-inline'; img-src * 'self' data:; media-src * 'self'; font-src * 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'self'; frame-src * 'self'; frame-ancestors * 'self'; worker-src * 'self' blob: 2 default-src 'none'; child-src 'self' *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; connect-src 'self' data: *.rekai.se http://ad.doubleclick.net https://*.cognitoforms.com https://*.googletagmanager.com https://*.onetrust.com https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://analytics.tiktok.com https://assets-tracking.crazyegg.com https://cdn.cookielaw.org https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com https://googleads.g.doubleclick.net https://molnlycke2gir36prod.dxcloud.episerver.net https://pagead2.googlesyndication.com https://pagestates-tracking.crazyegg.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.crazyegg.com https://server-side-tagging-tagkg43egq-uc.a.run.app https://stats.g.doubleclick.net https://tracking.crazyegg.com https://www.facebook.com https://www.google-analytics.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.eg https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ro https://www.google.se https://www.googleadservices.com https://www.molnlycke.com/localization-admin-ui/*; font-src 'self' data: *.rekai.se http://themes.googleusercontent.com https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.gstatic.com https://login.microsoftonline.com https://sc-static.net https://script.crazyegg.com https://svcs.tql.com https://www.molnlycke.com/localization-admin-ui/*; form-action 'self' *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; frame-src 'self' blob: *.rekai.se http://*.opendns.com https://*.crazyegg.com https://*.opendns.com https://api.screen9.com https://dashboard.find.episerver.net https://script.crazyegg.com https://server-side-tagging-tagkg43egq-uc.a.run.app/ https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; img-src 'self' data: *.rekai.se https://cdn.cookielaw.org https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://login.microsoftonline.com https://minervablob.blob.core.windows.net https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://script.crazyegg.com https://storage.googleapis.com https://translate.google.com https://www.facebook.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.hk https://www.google.com.lb https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.lv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.se https://www.google.si https://www.googletagmanager.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; media-src 'self' *.rekai.se https://minervablob.blob.core.windows.net https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; script-src-elem 'self' 'unsafe-inline' *.rekai.se https://*.cognitoforms.com https://*.crazyegg.com https://*.googletagmanager.com https://*.youtube.com https://analytics.tiktok.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://gc.kis.v2.scr.kaspersky-labs.com https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://maxcdn.bootstrapcdn.com https://pagead2.googlesyndication.com https://sc-static.net https://script.crazyegg.com https://snap.licdn.com https://static.rekai.se https://unpkg.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.rekai.se https://*.cognitoforms.com https://cdn.cookielaw.org https://connect.facebook.net https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://script.crazyegg.com https://unpkg.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/* https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' *.rekai.se https://cdn.jsdelivr.net https://fonts.googleapis.com https://login.microsoftonline.com https://maxcdn.bootstrapcdn.com https://script.crazyegg.com https://web-sdk-eu.aptrinsic.com https://www.gstatic.com https://www.molnlycke.com/localization-admin-ui/*; style-src 'self' 'unsafe-inline' *.rekai.se https://login.microsoftonline.com https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; style-src-attr 'unsafe-inline' *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; manifest-src *.rekai.se https://molnlycke2gir36prod.dxcloud.episerver.net https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; frame-ancestors *.rekai.se https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; base-uri *.rekai.se https://script.crazyegg.com https://www.molnlycke.com https://www.molnlycke.com/localization-admin-ui/*; worker-src blob: *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; script-src-attr *.rekai.se https://script.crazyegg.com https://www.google.com https://www.molnlycke.com/localization-admin-ui/*; object-src *.rekai.se https://script.crazyegg.com https://www.molnlycke.com/localization-admin-ui/*; navigate-to *.rekai.se https://www.molnlycke.com/localization-admin-ui/*; prefetch-src *.rekai.se https://www.molnlycke.com/localization-admin-ui/*; report-to stott-security-endpoint;report-uri https://www.molnlycke.at/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2 default-src 'self'; media-src https://videos.ctfassets.net; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 2 default-src 'self' *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.hotjar.com *.visualstudio.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.azure.com *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.datatables.net *.fortawesome.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.jquery.com *.jsdelivr.net *.mouseflow.com *.msecnd.net *.sharethis.com *.typekit.net *.youtube.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com/font-awesome/ *.cookiebot.com *.datatables.net *.fortawesome.com *.typography.com *.typekit.net;frame-src 'self' *.arcgis.com *.cookiebot.com *.cyfoethnaturiolcymru.gov.uk *.google.com *.googletagmanager.com *.hotjar.com *.powerbi.com *.youtube.com;font-src 'self' data: *.bootstrapcdn.com *.hotjar.com *.typekit.net;img-src 'self' blob: data: *.azurefd.net *.azureedge.net *.cyfoethnaturiol.cymru *.google-analytics.com *.hotjar.com *.naturalresources.wales *.sharethis.com *.umbraco.com *.ytimg.com *.cookiebot.com *.datatables.net;connect-src 'self' ws: wss: *.azure.com *.cookiebot.com *.datatables.net *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.sharethis.com *.visualstudio.com;worker-src blob:;upgrade-insecure-requests 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://analytics.tiktok.com https://static.doubleclick.net https://access.equalweb.com https://s.yimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.com.br https://tagmanager.google.com https://cdn.cookielaw.org https://code.jquery.com https://cdn.krxd.net https://connect.facebook.net https://beacon.krxd.net https://consumer.krxd.net https://plugin.handtalk.me https://*.youtube.com https://s.ytimg.com https://cdn.equalweb.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://edge.adobedc.net https://tcp.googlesyndication.com https://pixel.mathtag.com https://maps.googleapis.com ; img-src 'self' data: blob: https://ad.doubleclick.net https://match.adsrvr.org https://pixel.rubiconproject.com https://yt3.ggpht.com https://pixel.mathtag.com https://sp.analytics.yahoo.com https://*.fls.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://adservice.google.com https://lh3.googleusercontent.com https://cdn.cookielaw.org https://beacon.krxd.net https://usermatch.krxd.net https://cm.g.doubleclick.net https://stags.bluekai.com https://ib.adnxs.com https://sync.mathtag.com https://analytics.twitter.com https://cms.analytics.yahoo.com https://sync.navdmp.com https://global.ib-ibi.com https://www.facebook.com https://i.ytimg.com https://www.google.com https://www.google.com.br https://googleads.g.doubleclick.net https://access.equalweb.com https://plugin.handtalk.me https://test.cocacola.com.br https://stage.cocacola.com.br https://www.coca-cola.com.br https://hub-singleserve-invoice-homolog.s3.amazonaws.com https://hub-singleserve-invoice-stage.s3.amazonaws.com https://hub-singleserve-invoice-production.s3.amazonaws.com https://hub-gamers-invoice-homolog.s3.amazonaws.com https://hub-gamers-invoice-stage.s3.amazonaws.com https://hub-gamers-invoice-production.s3.amazonaws.com https://hub-worldcup-invoice-test.s3.amazonaws.com https://hub-worldcup-invoice-homolog.s3.amazonaws.com https://hub-worldcup-invoice-stage.s3.amazonaws.com https://hub-worldcup-invoice-production.s3.amazonaws.com https://*.privacysandbox.googleadservices.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://immakers.go2cloud.org https://image2.pubmatic.com https://dsum-sec.casalemedia.com https://idsync.reson8.com https://eb2.3lift.com https://idsync.rlcdn.com https://x.bidswitch.net https://sync.go.sonobi.com https://ad.360yield.com https://ads.stickyadstv.com https://sync.search.spotxchange.com https://pixel.tapad.com https://x.dlx.addthis.com https://ups.analytics.yahoo.com https://us-u.openx.net https://uipus.semasio.net https://loadm.exelator.com https://su.addthis.com https://maps.googleapis.com https://img.youtube.com ; style-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://*.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com https://*.gstatic.com https://cdn.cookielaw.org https://code.jquery.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://plugin.handtalk.me ; child-src 'self' blob:; object-src 'none' ; frame-src 'self' https://s.amazon-adsystem.com https://access.equalweb.com https://*.doubleclick.net https://www.googletagmanager.com https://plugin.handtalk.me https://www.google.com https://cdn.krxd.net https://*.youtube.com https://www.facebook.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://pixel.mathtag.com ; connect-src 'self' data: https://checkip.amazonaws.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://play.google.com https://googleads.g.doubleclick.net https://jnn-pa.googleapis.com https://hub-singleserve-invoice-homolog.s3.amazonaws.com https://hub-singleserve-invoice-stage.s3.amazonaws.com https://hub-singleserve-invoice-production.s3.amazonaws.com https://hub-gamers-invoice-homolog.s3.amazonaws.com https://hub-gamers-invoice-stage.s3.amazonaws.com https://hub-gamers-invoice-production.s3.amazonaws.com https://hub-worldcup-invoice-test.s3.amazonaws.com https://hub-worldcup-invoice-homolog.s3.amazonaws.com https://hub-worldcup-invoice-stage.s3.amazonaws.com https://hub-worldcup-invoice-production.s3.amazonaws.com https://s.yimg.com https://stats.g.doubleclick.net https://us-central1-kora-nlp-prod.cloudfunctions.net https://www.google-analytics.com https://la.ces.coke.com https://plugin.handtalk.me https://stage-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://prod-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://gamma-latam-us-west-2-api-config.s3.amazonaws.com https://prod-latam-us-west-2-api-config.s3-us-west-2.amazonaws.com https://pyhdy1j3zh.execute-api.us-west-2.amazonaws.com https://8lioi8nl48.execute-api.us-west-2.amazonaws.com https://cdn.equalweb.com https://access.equalweb.com https://translation.handtalk.me https://translation-v3.handtalk.me https://www.facebook.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://edge.adobedc.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://adservice.google.com https://aadb2c-apig.latam.gcds.coke.com https://aadb2c-apig.gamma.latam.gcds.coke.com https://aadb2c-apig.alpha.latam.gcds.coke.com https://analytics.google.com https://maps.googleapis.com ; form-action 'self' https://www.facebook.com ; font-src 'self' data: https://fonts.gstatic.com ; 2 frame-ancestors 'none'; style-src https: blob: 'unsafe-inline' 'self' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.priv.center *.truendo.com https://cdn.jsdelivr.net https://embed.typeform.com *.popupsmart.com blob: 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.expel.com https://*.mindtickle.com 2 default-src 'self' https://mw-ar-recom-prod.pgapi.io/; style-src 'self' 'unsafe-inline' *; img-src https://* 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors * 'self' data: https: blob: 2 default-src 'self' data: www.googletagmanager.com webcommon.easyweddings.com.au player.vimeo.com td.doubleclick.net js.stripe.com www.google.com player-widget.mixcloud.com w.soundcloud.com my.matterport.com fonts.gstatic.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com bid.g.doubleclick.net *.facebook.com www.youtube.com youtu.be *.vimeo.com wistia.com *.wistia.net fonts.gstatic.com static.helloumi.com *.firebaseio.com webcommon.easyweddings.com.au;connect-src 'self' *.userflux.co webcommon.easyweddings.com.au v6-cdn.easyweddings.com cta-service-cms2.hubspot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com google.com analytics.google.com *.facebook.net *.googletagmanager.com https://*.sendbird.com wss://*.sendbird.com *.cookiefirst.com pagead2.googlesyndication.com stripe.com bam.nr-data.net api.hubapi.com www.google.com forms.hscollectedforms.net graph.facebook.com n2.mouseflow.com api.easyweddings.com.au webapi.easyweddings.com.au maps.googleapis.com *.facebook.com stats.g.doubleclick.net www.google-analytics.com api.hubspot.com forms.hubspot.com bid.g.doubleclick.net *.firebaseio.com wss://*.firebaseio.com *.googleapis.com; style-src 'self' 'unsafe-inline' blob: prod-ew-wedding-websites.s3.ap-southeast-2.amazonaws.com webcommon.easyweddings.com.au code.jquery.com pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com fonts.googleapis.com *.cookiefirst.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.skypack.dev prod-ew-wedding-websites.s3.ap-southeast-2.amazonaws.com js.hubspot.com script.hotjar.com static.hotjar.com consent.cookiefirst.com bam.nr-data.net js-agent.newrelic.com js.hsadspixel.net js.stripe.com servedbyadbutler.com www.gstatic.com cdn.mouseflow.com ajax.googleapis.com cdnjs.cloudflare.com maps.googleapis.com connect.facebook.net v5-cdn.easyweddings.com v6-cdn.easyweddings.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com www.google-analytics.com www.googletagmanager.com *.firebaseio.com www.google.com;img-src 'self' data: blob: https: prod-ew-wedding-websites.s3.ap-southeast-2.amazonaws.com perf-na1.hsforms.com https://*.amazonaws.com https://*.sendbird.com hotelmedia.s3.amazonaws.com assets-destwed.easyweddings.com contentdw.easyweddings.com *.cookiefirst.com i.vimeocdn.com supplier-images.s3.amazonaws.com www.googletagmanager.com forms.hscollectedforms.net servedbyadbutler.com assets.easyweddings.com.au v4-cdn-consolidation.easyweddings.com.au prod-ew-image-global-v2.s3.amazonaws.com maps.gstatic.com easyweddings-framework-v4.s3.amazonaws.com googleads.g.doubleclick.net maps.googleapis.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com images-cdn.easyweddings.com.au ew-image-global.s3.amazonaws.com images.easyweddings.com.au easyweddings-framework.s3.amazonaws.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com forms.hsforms.com www.google-analytics.com www.google.com www.google.com.au track.hubspot.com storage.googleapis.com wedding-website-images.s3.amazonaws.com assets.easyweddings.com *.facebook.com cdn.hotelplanner.com; 2 block-all-mixed-content; report-uri https://tfyre.co.za/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=cbd4a62b7b 2 upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.sierratel.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://api.w.org https://www.google.com https://www.google-analytics.com https://speedtest.sti.net https://cdn.plyr.io https://cdn.acsbapp.com https://acsbapp.com https://maps.googleapis.com https://maps.gstatic.com http://code.jquery.com https://secure.gravatar.com https://ps.w.org https://code.jquery.com https://cdn.jsdelivr.net https://www.googleapis.com https://s.w.org https://library.elementor.com https://www.youtube.com https://www.youtube-nocookie.com https://i.ytimg.com https://cdn.crowdfiber.io https://app.broadbandconsumerlabels.com https://uiniversal.accessibe.com https://library.phlox.pro https://main.averta.net https://demo.phlox.pro https://storage.googleapis.com https://universal.accessibe.com https://cdnjs.cloudflare.com https://www.w3-edge.com https://wufoo.com https://accesswidget-log-receiver.acsbapp.com/ 2 frame-ancestors *.myshopify.com https://admin.shopify.com; 2 frame-ancestors 'self' https://newaccount.wsfsbank.com; 2 upgrade-insecure-requests; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 2 font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com *.fontawesome.com https://fonts.bunny.net *.klaviyo.com cdn.jsdelivr.net *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://lapp.leanpay.hr https://app.leanpay.hr https://stage-app.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com meetanshi.com *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.paypalobjects.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.google.com *.meetanshi.com meetanshi.com *.trustpilot.com *.slideshare.net/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com www.xtento.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net *.analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.paypal.com *.typekit.net *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://firebasestorage.googleapis.com *.meetanshi.com meetanshi.com *.google.si *.google.com cdn.jsdelivr.net *.optics-trade.eu *.optics-trade-static.eu widgets.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.shopify.com *.meetanshi.com meetanshi.com *.trustpilot.com unpkg.com cdn.jsdelivr.net widgets.trustedshops.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com https://fonts.bunny.net *.stripe.network *.stripecdn.com *.amazon.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.meetanshi.com meetanshi.com blob: *.optics-trade.eu *.gstatic.com *.trustpilot.com *.g.doubleclick.net *.hunting-trade.eu *.lovackatrgovina.hr *.lovskatrgovina.si *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline'; form-action 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; require-trusted-types-for 'script'; upgrade-insecure-requests; font-src 'self'; media-src 'self'; child-src 'self'; img-src 'self' data: *.mapgic.org; frame-src 'self' *.mapgic.org 2 frame-ancestors 'self' https://speak.com https://usespeak.com https://*.speak.com https://*.usespeak.com 2 script-src https://cdnjs.cloudflare.com https://cdn.botframework.com https://code.jquery.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors https://*.kaiserpermanente.org; frame-src 'none' 2 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: data: ms-word: ms-powerpoint: ms-excel: ms-visio: ms-access: ms-project: ms-publisher: ms-infopath: vnd.libreoffice.command: 2 frame-ancestors 'self' *.tdsecurities.com *.tdbank.ca *.tdbank.com *.td.com 2 frame-ancestors 'self' https://app.endearhq.com *.endearhq.com; report-uri https://o76320.ingest.sentry.io/api/5434086/security/?sentry_key=4606408afb594b4dafe50588b2179815 2 default-src 'self' *.joomla.org cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com pangea-marketing-bot-web-app.azurewebsites.net wss://directline.botframework.com directline.botframework.com *.botframework.com *.oribi.io *.hubspot.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.onetrust.com *.zscalertwo.net px.ads.linkedin.com *.optimizely.com cscglobal-marketing-website-chatbot-app-service.azurewebsites.net *.clarity.ms *.mktoresp.com api.company-target.com *.demandbase.com *.hubapi.com js.usemessages.com *.facebook.com *.wistia.net *.wistia.com static.hsappstatic.net; script-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.botframework.com webchat.botframework.com js.usemessages.com; worker-src mydev.cscglobal.com blob:; script-src-elem 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.botframework.com webchat.botframework.com *.licdn.com *.facebook.net *.youtube.com *.googlesyndication.com *.cookielaw.org *.zscalertwo.net *.googleoptimize.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.optimizely.com *.bing.com *.clarity.ms *.marketo.net *.demandbase.com cdn-assets-prod.s3.amazonaws.com *.hsadspixel.net *.doubleclick.net js.usemessages.com *.wistia.net *.wistia.com 'unsafe-inline'; style-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com *.marketo.com go.corptax.com corptax.cld.bz *.crazyegg.com 'unsafe-inline'; img-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.hsforms.com *.linkedin.com *.facebook.com *.doubleclick.net *.cookielaw.org *.crazyegg.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com d.adroll.mgr.consensu.org x.bidswitch.net dsum-sec.casalemedia.com idsync.rlcdn.com sync.outbrain.com pixel.rubiconproject.com *.pubmatic.com *.taboola.com eb2.3lift.com ib.adnxs.com *.yahoo.com us-u.openx.net segments.company-target.com *.hubspot.com pixel.tapad.com match.adsrvr.org ds.reson8.com *.bing.com pippio.com *.youtube.com secure.adnxs.com id.rlcdn.com ums.acuityplatform.com *.clarity.ms *.joomla.org dpm.demdex.net ml314.com *.kargo.com ads.scorecardresearch.com *.criteo.com idsync.reson8.com sync-tm.everesttech.net match.prod.bidr.io d.turn.com pm.w55c.net beacon.walmart.com sync.mathtag.com *.wistia.net *.wistia.com; font-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.facebook.com *.verse.com *.hsforms.com *.doubleclick.net *.googlesyndication.com *.wistia.net *.wistia.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com *.optimizely.com s.company-target.com *.googletagmanager.com *.linkedin.com *.hubspot.com *.hsforms.net *.cscglobal.com; object-src 'none' 2 default-src 'self' 'unsafe-inline' https://* wss://*; img-src https://*; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; 2 script-src 'unsafe-inline' 'self' 'unsafe-eval' https://analytics.tiktok.com https://fonts.googleapis.com https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://assets.adobedtm.com https://bat.bing.com https://www.googleadservices.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://js.hs-scripts.com https://a.quora.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://px.ads.linkedin.com https://static.hotjar.com https://analytics.twitter.com https://script.hotjar.com https://sc-static.net https://www.linkedin.com https://platform.twitter.com https://secure-ds.serving-sys.com https://optimize.google.com https://cdn.segment.com https://tags.srv.stackadapt.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-banner.com https://boards.greenhouse.io https://boards-cdn.greenhouse.io https://s3-cdn.greenhouse.io https://boards-api.greenhouse.io https://tag.simpli.fi https://i.simpli.fi https://munchkin.marketo.net https://go.yourbind.com https://cdn.wisepops.com https://*.marketo.com https://www.yourbind.com https://staging-yourbind.netlify.app https://www.surest.com https://staging-surest.netlify.app https://acdn.adnxs.com https://*.on24.com https://assets.adoberesources.net https://documentcloud.adobe.com https://*.typekit.net *.adobe.io wss://*.adobe.io https://assets.adoberesources.net https://lh3.googleusercontent.com https://documentcloud.adobe.com js.zi-scripts.com tags.clickagy.com *.pixel.ad *.basis.net *.sitescout.com https://www.hlx.live https://rum.hlx.page/ https://www.aem.live https://rum.aem.page/ https://britehr.app https://www.facebook.com https://s.pinimg.com/ct/core.js https://ct.pinterest.com https://s.pinimg.com/ct/lib/main.cb6ceab7.js https://player.vimeo.com/api/player.js https://cdn.jsdelivr.net/npm/svg-pan-zoom@3.6.2/dist/svg-pan-zoom.min.js https://tag.brandcdn.com https://www.googletagmanager.com https://s.yimg.com https://ws.zoominfo.com; frame-ancestors 'self' http://localhost:8000 https://surest-calculator-embed.vercel.app https://www.figma.com https://britehr.app; 2 frame-ancestors 'self' http://*.helixsolution.com https://*.helixsolution.com; 2 script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https:; worker-src blob: https: 2 script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: https: ; 2 img-src * https: data:; object-src 'none'; frame-ancestors 'self' https://app.contentful.com 2 frame-ancestors 'self' *.enagic.mobi *.enagic.com *.enagic.ca *.enagiceu.com *.enagic.ng *.enagicwebsystem.com 10.0.2.20:3003 localhost capacitor://* 2 default-src 'self' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com; frame-ancestors 'self' *.jobbern.ch; 2 default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com fonts.static.com www.google-analytics.com; 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.signalize.com/ https://code.etracker.com/ https://dmndfrcstng.com/ https://www.etracker.de/; style-src 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.etracker.de https://dmndfrcstng.com/ https://eu-api.friendlycaptcha.eu/api/ https://api.friendlycaptcha.com/api/; font-src 'self' data:; frame-src 'self' https://www.youtube-nocookie.com https://irs.tools.investis.com; img-src 'self' data:; manifest-src 'self'; media-src 'self'; worker-src blob:; frame-ancestors 'self' https://*.etracker.com 2 font-src *.oney.io *.staging.oney.io bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://fonts.gstatic.com https://*.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://www.googletagmanager.com https://www.facebook.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.googletagmanager.com *.hipay-tpp.com *.hipay.com *.paypal.com *.googleapis.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://www.googletagmanager.com https://www.google.com https://www.google.fr https://googleads.g.doubleclick.net https://ad.ad-srv.net https://hal9000.redintelligence.net https://tags.dynamo.one https://ad4m.at https://ad4mat.net https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://cl.avis-verifies.com https://www.facebook.com *.tradedoubler.com https://v.calameo.com/ *.facil-iti.app *.facil-iti.com *.spotify.com *.flymenu.fr td.doubleclick.net tr.snapchat.com docs.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.hipay.com *.googleapis.com *.oney.io *.staging.oney.io *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://www.google.com https://www.google.fr https://maps.googleapis.com https://maps.gstatic.com https://cl.avis-verifies.com https://bat.bing.com https://googleads.g.doubleclick.net https://track.adform.net https://ad4m.at *.ad4m.at https://cm.g.doubleclick.net https://ih.adscale.de https://rtb-csync.smartadserver.com https://dsum-sec.casalemedia.com https://a.twiago.com https://dmp.ad4mat.net https://www.googletagmanager.com blob: https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://dpm.demdex.net https://match.justpremium.com https://x.bidswitch.net https://sync.1rx.io https://sync.targeting.unrulymedia.com https://id5-sync.com https://ice.360yield.com https://www.facebook.com *.clarity.ms *.bing.com *.doubleclick.net https://i.ytimg.com/ *.facil-iti.app *.facil-iti.com *.digital-metric.net *.cookielaw.org/ *.flymenu.fr 'self' data: www.facebook.com adservice.google.com *.googleusercontent.com www.google.pl www.google.ch www.google.be www.google.es www.google.de www.google.mg tr.snapchat.com trk.datnova.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.paypal.com *.google.com *.oney.io *.staging.oney.io *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://www.google.com https://www.google.fr https://maps.googleapis.com https://www.googletagmanager.com https://cl.avis-verifies.com https://bat.bing.com https://googleads.g.doubleclick.net https://img.metaffiliation.com https://tags.dynamo.one https://profiling.veoxa.com https://js.sddan.com https://pixel.social-media-system.com https://ad4mat.de https://ad4m.at *.ad4m.at https://sddan.mgr.consensu.org https://mon.social-media-system.com https://sv.ciblelink.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.gstatic.com https://tracking.veoxa.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://forms.sbc30.net https://connect.facebook.net https://analytics.optimalpeople.fr https://vu.adschoom.com https://svht.tradedoubler.com *.clarity.ms *.facil-iti.app *.facil-iti.com *.digital-metric.net *.aticdn.net https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.cookielaw.org/ *.flymenu.fr *.gstatic.com api.flymenu.fr sc-static.net apicit.net p.gsitrix.com tr.snapchat.com cdn.cookielaw.org xir.prixclub.com bat.bing.com tags.clickintext.net tag.aticdn.net o.gsitrix.com swrap.tradedoubler.com trk.datnova.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hipay.com *.googleapis.com bio.coop *.bio.coop biocoop.fr *.biocoop.fr https://fonts.googleapis.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com *.googleapis.com bio.coop *.bio.coop https://toq.bio.coop www.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr www.biocoop.fr https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com *.facil-iti.app *.facil-iti.com *.flymenu.fr www.bing.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com https://www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com *.googleapis.com *.oney.io *.staging.oney.io t.elasticsuite.io *.hsforms.net *.hsforms.com bio.coop *.bio.coop https://toq.bio.coop biocoop.fr *.biocoop.fr https://toq.biocoop.fr https://stats.g.doubleclick.net https://img.metaffiliation.com https://bam.nr-data.net https://action.metaffiliation.com https://js.cookieless-data.com https://www.youtube-nocookie.com https://r.adserver01.de https://ads.creative-serving.com https://secure.adnxs.com https://analytics.optimalpeople.fr *.clarity.ms *.pvnsolutions.com https://stage-secure-gateway.hipay-tpp.com https://secure-gateway.hipay-tpp.com *.facil-iti.app *.facil-iti.com https://widgets.rr.skeepers.io/ https://api-product-reviews.cxr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ https://cl-pbr.cxr.skeepers.io/ *.cookielaw.org/ *.onetrust.com/ *.flymenu.fr *.google-analytics.com api.flymenu.fr logc412.xiti.com www.facebook.com google.com bat.bing.com p.gsitrix.com *.onetrust.com adservice.google.com www.google.com *.snapchat.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https:; object-src 'none';frame-ancestors 'self';form-action 'self' https://www.paypal.com; 2 child-src 'self' ;connect-src 'self' 'unsafe-inline' *.amazonaws.com *.guidedogs.org.uk *.googlesyndication.com *.addthis.com *.azurewebsites.net *.googleapis.com *.hotjar.com *.zenaps.com wss://*.hotjar.com *.doubleclick.net *.usabilla.com *.google-analytics.com google-analytics.com *.paypal.com analytics.google.com *.analytics.google.com cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net cdn-ukwest.onetrust.com cookies-data.onetrust.io geolocation.onetrust.com ct.pinterest.com *.algolia.net *.algolianet.com algolia.net algolianet.com s.yimg.com analytics.tiktok.com cdn.schemaapp.com data.schemaapp.com api.schemaapp.com google.com/pay pay.google.com *.hotjar.io https://www.google.com/pay www.google.com/pay ib.adnxs.com/ talk.hyvor.com https://*.qualtrics.com https://*.clarity.ms https://c.bing.com px.ads.linkedin.com px.ads.linkedin.com/wa https://www.google.com/ccm/collect https://privacyportal-uk.onetrust.com;default-src 'self' https://*.clarity.ms https://c.bing.com;font-src 'self' *.typekit.net *.azureedge.net gd-blog.netlify.app *.gstatic.com https://script.hotjar.com data:;frame-ancestors 'self' *.azurewebsites.net;frame-src 'self' *.addthis.com *.addthisedge.com *.guidedogs.org.uk https://www.audiencemanager.de *.hotjar.com *.rfihub.com *.facebook.com *.amazon-adsystem.com *.doubleclick.net *.youtube.com *.datacash.com *.azurewebsites.net/ *.awin1.com *.arcot.com *.youtube-nocookie.com *.americanexpress.com *.paypalobjects.com *.abmr.net *.barclaycard.co.uk *.barclays.co.uk *.lloydstsb.com *.securesuite.co.uk *.cardinalcommerce.com *.muchloved.com *.edb.com *.mycardsecure.com *.monzo.com *.securecode.com *.wlp-acs.com *.westpac.com *.redsys.es *.netsgroup.com *.touchtechpayments.com *.stripe.com *.google.com *.cloudfront.net *.paypal.com talk.hyvor.com ct.pinterest.com https://*.qualtrics.com;img-src data: 'unsafe-eval' 'self' 'unsafe-inline' static.ads-twitter.com *.azureedge.net *.amazon-adsystem.com *.adnxs.com *.google-analytics.com google-analytics.com *.tvsquared.com *.co *.doubleclick.net *.facebook.com analytics.twitter.com *.google.com *.google.co.uk *.gstatic.com *.atdm *.googleapis.comt.com *.audiencemanager.de *.googlesyndication.com *.googleapis.com *.paypalobjects.com *.awin1.com *.ak1s.abmr.net *.abmr.net *.muchloved.com *.bing.com *.cloudfront.net *.usabilla.com c5.adalyser.com gd-blog.netlify.app images.ctfassets.net cookie-cdn.cookiepro.com cdn-ukwest.onetrust.com cookiesuksouth.blob.core.windows.net *.analytics.google.com analytics.google.com ct.pinterest.com sp.analytics.yahoo.com https://static.hotjar.com https://script.hotjar.com https://secure.adnxs.com/ https://ad.doubleclick.net/ https://flask.nextdoor.com https://*.qualtrics.com px.ads.linkedin.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://*.clarity.ms;media-src 'self' *.azureedge.net *.youtube.com downloads.ctfassets.net;object-src 'self' ;report-uri https://rwgd.report-uri.com/r/d/csp/enforce;script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com *.google-analytics.com *.addthis.com *.addthisedge.com *.typekit.net www.googletagmanager.com static.ads-twitter.com cdnjs.cloudflare.com *.amazonaws.com *.azureedge.net *.hotjar.com *.tvsquared.com *.adform.net *.doubleclick.net *.rfihub.net *.facebook.net *.ads-twitter.com *.audiencemanager.de *.googletagservices.com *.googleadservices.com *.twitter.com a.rfihub.com *.guidedogs.org.uk *.google.com *.google.co.uk *.youtube.com *.ytimg.com *.facebook.com *.googleapis.com *.dwin1.com *.awin1.com *.zenaps.com *.muchloved.com *.bing.com *.usabilla.com *.googlesyndication.com js.stripe.com *.cloudfront.net *.trackedlink.net *.paypal.com *.sandbox.paypal.com c5.adalyser.com talk.hyvor.com analytics.google.com cookie-cdn.cookiepro.com cdn-ukwest.onetrust.com cdn.jsdelivr.net cdn-ukwest.onetrust.com s.pinimg.com s.yimg.com www.redditstatic.com analytics.tiktok.com cdn.schemaapp.com https://ads.nextdoor.com/* https://ads.nextdoor-test.com/* https://acdn.adnxs.com/ https://ads.nextdoor.com/public/pixel/ndp.js https://*.qualtrics.com https://*.clarity.ms https://c.bing.com snap.licdn.com;style-src 'self' 'unsafe-inline' *.typekit.net *.guidedogs.org.uk *.azureedge.net *.google.com *.googleapis.com *.google.co.uk *.muchloved.com *.cloudfront.net cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com; 2 frame-ancestors 'self' https://ptcarena.lookbookhq.com https://ptcarena.pathfactory.com https://www.arena-community.ptc.com https://arena-education.ptc.com; 2 default-src 'self'; img-src * data:; media-src * blob:; font-src https: data:; style-src 'self' 'unsafe-inline'; frame-src *.google.com *.googlesyndication.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.vimeo.com *.doubleclick.net https://bandcamp.com; script-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.gstatic.com www.googletagmanager.com https://www.google-analytics.com *.googleapis.com *.googlesyndication.com *.google.com *.google.de *.googletagservices.com https://svcs.ebay.com https://cdn.ravenjs.com https://browser.sentry-cdn.com 'sha256-Us/oj4ftL5JKI9/5Nj0/Ccw+R4vMfgFLR5oEpbqJOiw='; connect-src 'self' *.modulargrid.net *.google-analytics.com https://www.googleapis.com *.googlesyndication.com https://sentry.io https://www.youtube.com https://www.youtube-nocookie.com https://*.googlevideo.com https://i.ytimg.com https://s.ytimg.com 2 frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://bbox.blackbaudhosting.com https://cdn.lightwidget.com https://embed-assets.wakelet.com/ https://my.visme.co https://trevorzaplelts.shinyapps.io https://forms.zohopublic.com https://living-in-a-warming-world.lesaffranchis.ca/ https://drive.google.com https://app.smartsheet.com https://embed.wakelet.com https://host.nxt.blackbaud.com https://payments.blackbaud.com https://www.google.com https://player.captivate.fm https://padlet.com https://indd.adobe.com https://view-awesome-table.com https://xmas-2023.lesaffranchis.ca/; object-src 'none'; script-src * 'report-sample' 'unsafe-inline' 'unsafe-eval'; style-src * 'report-sample' 'unsafe-inline'; webrtc 'block'; worker-src 'self'; base-uri 'self'; form-action 'self' https://auth.letstalkscience.ca/ https://host.nxt.blackbaud.com https://payments.blackbaud.com; frame-ancestors 'self' https://host.nxt.blackbaud.com https://payments.blackbaud.com 2 default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://siteimprovanalytics.com https://js.monitor.azure.com https://cdn.jsdelivr.net dl.episerver.net https://survey.skyra.no/skyra-survey.js https://policy.app.cookieinformation.com/uc.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://static.addtoany.com/menu/page.js https://static.addtoany.com/menu/modules/* https://static.addtoany.com/menu/* https://www.youtube.com/ https://www.google.com/recaptcha/ https://policy.app.cookieinformation.com/ https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/api/ https://go.statkraft.com/ https://player.vimeo.com/api/player-2.16.4.js https://dc.services.visualstudio.com/v2/track https://www.googletagmanager.com/gtm.js https://static.addtoany.com/menu/modules/core.pt5ow5lr.js https://static.addtoany.com/menu/modules/core.oafg07ee.js https://static.addtoany.com/menu/eso.oafg07ee.js https://code.highcharts.com/highcharts.js https://code.highcharts.com/modules/exporting.js https://code.highcharts.com/modules/export-data.js https://code.highcharts.com/modules/accessibility.js https://static.addtoany.com/menu/locale/no.js https://static.smartrecruiters.com/job-widget/1.6.2/script/smart_widget.js https://static.smartrecruiters.com/job-widget/1.6.2/script/jquery.min.js https://www.smartrecruiters.com/job-api/ https://fosenvind.mynewsdesk.com/ https://siteimproveanalytics.com/js/siteanalyze_6035611.js https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://code.jquery.com/jquery-3.3.1.min.js https://www.google-analytics.com https://fonts.googleapis.com/* ; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net dl.episerver.net https://static.smartrecruiters.com/job-widget/1.6.2/css/smart_widget.css https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com/debug/badge.css; img-src 'self' data: https://maps.googleapis.com https://i.vimeocdn.com/video/ dl.episerver.net https://6035611.global.siteimproveanalytics.io/ https://googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://pagead2.googlesyndication.com/ https://eur03.safelinks.protection.outlook.com/ https://kvtbeta.vindteknikk.no/webpush/fosen/fosen.svg; connect-src 'self' data: https://dc.services.visualstudio.com https://maps.googleapis.com https://vimeo.com/api/* https://vimeo.com/api/oembed.json https://vimeo.com/api/v2/video/ https://www.google.com/recaptcha/api2/ https://policy.app.cookieinformation.com/ https://consent.app.cookieinformation.com/api/consent https://ingest.staging.skyra.no/ https://cdn.jsdelivr.net/npm/@photo-sphere-viewer/core@5/index.css.map https://js.monitor.azure.com/scripts/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com/ https://www.google.com/ccm/collect https://www.googleadservices.com/* https://ingest.skyra.no/ https://survey.skyra.no/ ; font-src 'self' https://fonts.gstatic.com data:; object-src 'self' ; media-src 'self' ; frame-src 'self' https://www.google.com/ https://maps.googleapis.com https://player.vimeo.com/ https://www.youtube.com/ https://vimeo.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://policy.app.cookieinformation.com/ https://static.addtoany.com/ https://players.brightcove.net/ https://go.statkraft.com/ https://fosenvind.mynewsdesk.com/ https://silva-green-fuel.mynewsdesk.com/ https://www.googletagmanager.com/ https://e.issuu.com/ ; child-src 'self' ; form-action 'self' data: https://webto.salesforce.com/; frame-ancestors 'self' ; base-uri 'self' ; worker-src 'self' ; manifest-src 'self' ; report-uri https://www.statkraft.com/api/reporting/; report-to csp-endpoint; 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; 2 frame-src *.questglobal.com questglobal.com *.quest-global.com quest-global.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.google.com app.hubspot.com *.hubspot.com *.doubleclick.net *.googletagmanager.com googletagmanager.com *.hsforms.com hsforms.com userway.org *.userway.org cookieyes.com *.cookieyes.com px.ads.linkedin.com *.ads.linkedin.com; frame-ancestors 'self' https://www.questglobal.com/ https://questglobal.com/; 2 script-src 'nonce-Hv2x5WKx9G4meHZAydrhNg==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' http: https:; base-uri none; frame-ancestors https://app.contentful.com; require-trusted-types-for 'script' 2 default-src 'self'; script-src 'self' https://5f3c395.ccm19.de/ https://*.googletagmanager.com/ https://snap.licdn.com/ https://*.doubleclick.net/ https://www.google-analytics.com https://ssl.google-analytics.com https://unpkg.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://5f3c395.ccm19.de/ https://europe-west1-qnips-io.cloudfunctions.net https://*.bitbucket.org https://*.atlassian.com https://*.gravatar.com https://*.doubleclick.net/ https://snap.licdn.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://px.ads.linkedin.com https://prod.spline.design https://unpkg.com https://fonts.gstatic.com https://www.gstatic.com https://qnips-gmbh.jobs.personio.de; style-src 'self' https://5f3c395.ccm19.de/ https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline'; img-src * blob: data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; font-src 'self' https://fonts.gstatic.com data:; frame-src https://player.vimeo.com/ https://qnips-gmbh.jobs.personio.de/ https://td.doubleclick.net/; worker-src 'self' blob:; frame-ancestors 'none' 2 default-src 'self' cloudflare-quic.com; script-src 'self' d10zminp1cyta8.cloudfront.net *.googletagmanager.com *.google-analytics.com *.cookiebot.com challenges.cloudflare.com cdnjs.cloudflare.com *.licdn.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hsforms.com *.hsforms.net *.hs-analytics.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.linkedin.com *.cookiebot.com *.hsforms.com; font-src 'self' data:; frame-src 'self' *.googletagmanager.com *.cookiebot.com challenges.cloudflare.com *.hsforms.com; object-src 'none'; connect-src 'self' career.recruitee.com *.plyr.io *.linkedin.oribi.io *.cookiebot.com *.google-analytics.com px.ads.linkedin.com *.hsforms.com *.s3.amazonaws.com; 2 frame-ancestors https://*.mihoyo.com https://*.miyoushe.com https://*.bh3.com https://*.m.sm.cn https://www.baidu.com https://m.baidu.com https://www.so.com https://m.so.com https://www.bing.com https://sogou.com https://www.sogou.com https://m.sogou.com; report-uri https://api-takumi.mihoyo.com/event/merlin_v2/v2/flow/run/bh3_cn/cspreport/2?game_biz=bh3_cn 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval' data:; child-src https: http: webrun: webrun2: data:; media-src * ; connect-src https: http: wss: blob: data:; 2 frame-ancestors 'self'; upgrade-insecure-requests; script-src 'self' 'nonce-443877e917' 'unsafe-eval' https: 'strict-dynamic'; script-src-elem 'unsafe-inline' 'unsafe-eval' https: 'self'; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; frame-src 'self' consentcdn.cookiebot.com www.googletagmanager.com www.google.com; object-src 'none' ; child-src 'self' data: *.adnxs.com www.googletagmanager.com; form-action 'self'; worker-src 'self' blob:; base-uri 'self' 2 Content-Security-Policy: default-src https: 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.norstat.co https://track.norstatpanel.com https://snap.licdn.com https://emails.norstatgroup.com https://widget.freshworks.com https://*.googleadservices.com https://*.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://px.ads.linkedin.com; img-src 'self' blob: data: https://*.norstat.co https://track.norstatpanel.com https://snap.licdn.com https://emails.norstatgroup.com https://widget.freshworks.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://*.googleadservices.com https://google.com https://*.google.com https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it https://*.google.nl https://*.google.es https://*.google.ee https://*.google.lv https://*.google.lt https://*.google.be https://*.google.at https://*.google.ch https://*.google.pl https://*.google.ie https://*.google.cz https://*.google.co.uk http://imgsct.cookiebot.com/ https://px.ads.linkedin.com https://*.ads.linkedin.com https://*.norstat.no; frame-src 'self' https://*.norstat.co https://track.norstatpanel.com https://services.norstat.no https://snap.licdn.com https://emails.norstatgroup.com https://widget.freshworks.com https://www.googletagmanager.com https://td.doubleclick.net https://px.ads.linkedin.com https://consentcdn.cookiebot.com; connect-src 'self' https://*.norstat.co https://norstat-client-portal.s3.eu-north-1.amazonaws.com https://track.norstatpanel.com https://snap.licdn.com https://emails.norstatgroup.com https://widget.freshworks.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.google.com https://*.google.se https://*.google.no https://*.google.dk https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it https://*.google.nl https://*.google.es https://*.google.ee https://*.google.lv https://*.google.lt https://*.google.be https://*.google.at https://*.google.ch https://*.google.pl https://*.google.ie https://*.google.cz https://*.google.co.uk https://google.com https://pagead2.googlesyndication.com https://sgtm.norstat.co https://consentcdn.cookiebot.com https://consent.cookiebot.com https://px.ads.linkedin.com; 2 default-src 'none'; script-src 'self' https://*.googletagmanager.com; font-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' data: https://maps.dnslytics.org https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self'; form-action https://search.dnslytics.com/; 2 frame-ancestors 'self' agom.net 2 default-src 'self'; connect-src https:; frame-src https:; font-src https:; img-src https:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; base-uri 'self'; report-uri https://dline.ua/report-uri; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://di.rlcdn.com https://cdn.di-capt.com https://cdn.cookielaw.org https://cdn.segment.com https://cdn.mouseflow.com https://www.datadoghq-browser-agent.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googlesyndication.com https://*.google.com https://*.google.fr https://*.gstatic.com https://*.googleapis.com https://bat.bing.com https://datenschutz.sanofi.de https://*.ipredictive.com https://*.pmsrv.co https://*.doubleclick.net https://beacon.deepintent.com https://*.adentifi.com https://c.amazon-adsystem.com https://*.facebook.net https://sc-static.net https://*.facebook.com https://tr.snapchat.com https://analytics.tiktok.com https://static.ads-twitter.com https://analytics.twitter.com https://*.nextdoor.com https://*.youtube.com https://www.redditstatic.com https://*.reddit.com https://srv.stackadapt.com https://*.srv.stackadapt.com https://*.wordlift.io https://cdn.amplitude.com https://*.adsrvr.org https://*.licdn.com https://px.ads.linkedin.com https://bh.contextweb.com; img-src 'self' data: https://*.accelerator.sanofi https://di.rlcdn.com https://cdn.cookielaw.org https://datenschutz.sanofi.de https://*.googletagmanager.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.google.fr https://*.gstatic.com https://*.googleapis.com https://bat.bing.com https://*.pmsrv.co https://beacon.deepintent.com https://*.adentifi.com https://*.facebook.net https://sc-static.net https://*.facebook.com https://www.redditstatic.com https://*.reddit.com https://tr.snapchat.com https://analytics.tiktok.com https://static.ads-twitter.com https://analytics.twitter.com https://t.co https://*.nextdoor.com https://i.vimeocdn.com https://*.youtube.com https://i.ytimg.com https://srv.stackadapt.com https://*.srv.stackadapt.com https://bh.contextweb.com https://*.licdn.com https://px.ads.linkedin.com https://*.adsrvr.org; worker-src 'self' blob:; media-src 'self' blob: https://*.accelerator.sanofi https://d1vw97g3d3qipe.cloudfront.net/; font-src 'self' data: https://*.accelerator.sanofi https://datenschutz.sanofi.de https://*.googleapis.com https://*.gstatic.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.admixer.net https://www.gstatic.com *.admixer.net *.stacksandbox.com https://partner.googleadservices.com https://cse.google.com *.google.com https://connect.facebook.net https://script.hotjar.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://snap.licdn.com https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://static.hotjar.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google-analytics.com; object-src 'none'; base-uri *.admixer.net;style-src 'self' 'unsafe-inline' https://script.hotjar.com https://cse.google.com https://cdn.admixer.net https://cse.google.com https://fonts.googleapis.com *.google.com https://cdn.jsdelivr.net https://use.fontawesome.com https://partner.googleadservices.com https://admixer.net https://www.gstatic.com *.stacksandbox.com report-uri https://proximaresearch.com 2 frame-ancestors https://development.maritim.de https://karriere.maritim.de https://www.maritim.de https://www.maritim.com https://www.maritim-hotels.cn https://www.orangerie-timmendorfer-strand.de https://www.maritim-reisedienst.de https://www.reinhardtundsander.de 2 frame-ancestors 'self' https://www.spreadfamily.fr *.spread.family projectxparis.com *.projectxparis.com tranquilleemile.net *.tranquilleemile.net starwax.fr *.starwax.fr groupama.fr *.groupama.fr fnac.com *.fnac.com animation.espritjeu.com belleetbio.com *.belleetbio.com animation.fnac.com animation.darty.com newsletters.chamonix.com club.pellenc.com store.pellenc.com 2 frame-ancestors 'self' *.localhost.test *.pages.dev *.tickettando.it tickettando.it *.casacinemanapoli.it; 2 default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://sampatapi.areeo.ac.ir https://cdn.goftino.com *.goftino.com https://cdn.userway.org https://cdn77.api.userway.org https://panel.sofiamind.ir https://ipapi.co https://flagcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://panel.sofiamind.ir http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://*.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://*.goftino.com https://ipapi.co https://flagcdn.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://*.goftino.com https://panel.sofiamind.ir https://cdn.userway.org https://widget-react.raychat.io https://ipapi.co https://flagcdn.com; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com https://*.google-analytics.com www.google-analytics.com *.google-analytics.com https://ipapi.co https://flagcdn.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com https://*.google-analytics.com www.google-analytics.com *.google-analytics.com https://samta.samt.ac.ir https://sampatapi.areeo.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com wss://*.goftino.com https://panel.sofiamind.ir https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com https://ipapi.co https://flagcdn.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://panel.sofiamind.ir https://ipapi.co https://flagcdn.com; frame-ancestors 'self' https://trustseal.enamad.ir; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.usercentrics.eu https://*.cookieinformation.com https://*.hometogo.com https://*.google-analytics.com https://*.facebook.net https://*.g.doubleclick.net https://*.creativecdn.com https://unpkg.com https://bat.bing.com https://*.criteo.net https://*.criteo.com https://*.hubspot.com https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hotjar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: https:; frame-src 'self' https://*.creativecdn.com https://*.googletagmanager.com https://*.usercentrics.eu https://*.cookieinformation.com https://*.doubleclick.net https://*.appspot.com https://*.criteo.com; connect-src 'self' https: wss: https://policy.app.cookieinformation.com; child-src 'self' https://app.usercentrics.eu https://policy.app.cookieinformation.com; worker-src 'self' blob:; frame-ancestors 'self' https://*.ardennes-etape.be https://*.ardennes-etape.fr https://*.ardennes-etape.nl https://*.ardennes-etape.com https://*.ardennes-etape.de https://*.ardennes-etape.co.uk 2 frame-ancestors 'self' https://*.sprxcms.com https://*.tiarccms.co.uk https://*.sparxvr.com https://*.sprxvr.com https://*.web.app; 2 default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2 img-src https: cdn.galxe.com/galaxy/obolnetwork *.obol.tech *.obol.org *.ethpandaops.io 'self' *.dev.launchpad.obol.tech *.dev.launchpad.obol.org blob: *.rpgf.obol.org data:; font-src *; connect-src https: *.ethpandaops.io obol.tech obol.org *.obol.tech *.obol.org api.splits.org *.dev.launchpad.obol.tech *.dev.launchpad.obol.org holesky.beaconcha.in mainnet.beaconcha.in gnosis.beaconcha.in sepolia.beaconcha.in *.cloudflareinsights.com *.cloudflare-eth.com 'self' api.thegraph.com api.studio.thegraph.com *.publicnode.com wss://relay.walletconnect.org wss://relay.walletconnect.com *.ethpandaops.io; media-src https: *.obol.tech *.obol.org *.dev.launchpad.obol.tech *.dev.launchpad.obol.org 'self'; object-src https: *.obol.tech *.obol.org 'self'; child-src https: *.obol.tech *.obol.org 'self'; frame-src https: *.obol.tech *.obol.org *.dev.launchpad.obol.tech *.dev.launchpad.obol.org 'self'; worker-src https: *.obol.tech *.obol.org 'self' blob:; frame-ancestors https: *.obol.tech *.obol.org 'self'; form-action https: *.obol.tech *.obol.org; base-uri https: *.obol.tech *.obol.org; script-src https: *.obol.tech *.obol.org 'self' 'unsafe-inline' 'unsafe-eval' *.dev.launchpad.obol.tech *.dev.launchpad.obol.org; style-src https: *.obol.tech *.obol.org 'self' 'unsafe-inline' 'unsafe-eval' *.dev.launchpad.obol.tech *.dev.launchpad.obol.org; 2 default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com *.hotjar.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com *.youtube-nocookie.com *.adsrvr.org https://storage.pardot.com/961942/1714040807BiAtzoZM/attribution_engine.min.js https://pt.onelineage.com/l/961942/2024-04-25/5n7n9/961942/1714040807BiAtzoZM/attribution_engine.min.js *.zi-scripts.com *.datadoghq-browser-agent.com *.vimeo.com js.zi-scripts.com *.zoominfo.com *.clickagy.com *.weglot.com *.clarity.ms; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.youtube-nocookie.com *.weglot.com; img-src 'self' data: *.crazyegg.com acsbapp.com *.acsbapp.com *.gstatic.com *.googleapis.com https://cdn.cookielaw.org/logos/static/ot_close.svg https://cdn.cookielaw.org/logos/00ede55a-7822-413c-a767-b17482b93176/6a9f63ca-67d4-447a-846e-044d865079f1/fd22dd1b-b5d9-4bdc-803d-bb78e0f32fd3/lineage_logo.png https://cdn.cookielaw.org/logos/static/powered_by_logo.svg https://id.rlcdn.com/464526.gif *.company-target.com *.everesttech.net *.linkedin.com *.bing.com *.doubleclick.net *.google.com *.facebook.com *.googletagmanager.com *.demdex.net *.casalemedia.com *.adnxs.com *.openx.net *.rubiconproject.com *.yahoo.com *.pubmatic.com *.bluekai.com *.cookielaw.org *.clickagy.com *.agkn.com *.sitescout.com *.rlcdn.com *.clarity.ms *.bing.net *.google.nl; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com *.youtube-nocookie.com https://airtable.com/ player.vimeo.com *.googletagmanager.com *.morganstanley.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com pt.onelineage.com *.youtube-nocookie.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js *.youtube-nocookie.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://browser-intake-us5-datadoghq.com *.zi-scripts.com *.zoominfo.com *.hotjar.io *.hotjar.com insight.adsrvr.org https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com *.clickagy.com *; report-uri /report-csp-violation 2 xn--96-mlc8b4a.xn--p1ai *.xn--96-mlc8b4a.xn--p1ai 2 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 2 upgrade-insecure-requests 2 default-src 'self' 'unsafe-eval' https://cdn-as.readspeaker.com https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://www.naha.ae https://www.gstatic.com https://app-as.readspeaker.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://mindrocketsinc.com https://tamm.abudhabi https://stage.tamm.abudhabi https://beta.tamm.abudhabi https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-as.readspeaker.com https://cdn.userway.org https://www.googletagmanager.com https://cdn.jsdelivr.net https://unpkg.com https://www.google-analytics.com https://tamm.abudhabi https://stage.tamm.abudhabi https://beta.tamm.abudhabi https://www.naha.ae https://naha.ae https://server.arcgisonline.com https://translate-pa.googleapis.com https://stackpath.bootstrapcdn.com https://api.abudhabi.ae http://w3.org https://httpbin.org https://directline.botframework.com https://www.google.com https://es.adpolice.gov.ae https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://mindrocketsinc.com https://player.vimeo.com https://www.tamm.abudhabi https://stage.tamm.abudhabi https://beta.tamm.abudhabi https://www.naha.ae https://naha.ae https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://sandboxadmin.prioticket.com https://static.ads-twitter.com https://snap.licdn.com https://googleads.g.doubleclick.net https://oc-cdn-ocuae-uae.azureedge.net https://cdn.jsdelivr.net oc-cdn-public-eur.azureedge.net/* oc-cdn-public-sam.azureedge.net/* oc-cdn-public-gbr.azureedge.net/* oc-cdn-public-jpn.azureedge.net/* oc-apj-public-eur.azureedge.net/* oc-cdn-public.azureedge.net/* oc-cdn-public-ind.azureedge.net/* oc-cdn-public-apj.azureedge.net/* oc-cdn-public-oce.azureedge.net/* oc-cdn-public-fra.azureedge.net/* oc-cdn-ocuae-uae.azureedge.net/* oc-cdn-ocprod.azureedge.net/* https://*.screenmeet.com https://edge.screenmeet.com wss://*.screenmeet.com https://tammlivesupport.com https://*.tammlivesupport.com https://*.scrn.mt https://tamm-chatbot-prod.azurewebsites.net https://connect.facebook.net https://analytics.tiktok.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://cdn-as.readspeaker.com https://cdn.userway.org https://cdn.jsdelivr.net https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://static.tamm.abudhabi https://app-as.readspeaker.com https://mindrocketsapis.com https://www.gstatic.com https://mindrocketsinc.com https://js.arcgis.com https://translate.google.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://cdn-as.readspeaker.com https://cdn.userway.org https://maiyar.qcc.gov.ae https://schdmngr.tamm.abudhabi https://myland.dmt.gov.ae https://recaptcha.net https://rstts-as.readspeaker.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com https://es.adpolice.gov.ae https://directline.botframework.com https://cdn1.readspeaker.com https://rstts-as.readspeaker.com https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com https://app-as.readspeaker.com https://mindrocketsinc.com https://player.vimeo.com https://comms.omnichannelengagementhub.com https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com; font-src 'self' https://cdn1.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi https://adda-chatbot-prod.azurewebsites.net https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi https://stage.tamm.abudhabi https://beta.tamm.abudhabi https://www.naha.ae https://naha.ae https://static.tamm.abudhabi https://www.tamm.abudhabi/nicabudhabi blob:; connect-src 'self' wss://pub-csm-plce-01-t.trouter.skype.com wss://pub-csm-plce-02-t.trouter.skype.com wss://directline.botframework.com https://comms.omnichannelengagementhub.com https://beta.adgpg.gov.ae https://www.beta.adgpg.gov.ae https://rstts-as.readspeaker.com https://www.gstatic.com https://cdn1.readspeaker.com https://app-as.readspeaker.com https://mindrocketsapis.com https://mindrocketsinc.com https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https://adda-chatbot-prod.azurewebsites.net https://orgbb3c15ea-crm15.omnichannelengagementhub.com https://webchatic3.blob.core.windows.net https://addastorageaccountuat.blob.core.windows.net https://addadevstorage.blob.core.windows.net https://ocsdk-prod.azureedge.net https://sandboxadmin.prioticket.com wss://trouter-azsc-euno-0-a.trouter.skype.com https://trouter-azsc-euno-0-b.trouter.skype.com https://adda-chatbot-r2-prod.azurewebsites.net https://*.omnichannelengagementhub.com https://ProdCRM-APIM.tammcrm.abudhabi.ae/ wss://trouter-azsc-ukwe-0-b.trouter.skype.com wss://trouter-azsc-ukwe-0-a.trouter.skype.com wss://trouter-azsc-euno-0-b.trouter.skype.com wss://trouter-azsc-asse-0-b.trouter.skype.com wss://trouter-azsc-asse-0-a.trouter.skype.com https://adda-bot-preprod.azurewebsites.net/api https://PreprodCRM-APIM.tammcrm.abudhabi.ae https://*.communication.azure.com https://login.microsoft.net https://login.microsoftonline.com https://login.windows.net https://*.teams.microsoft.com https://ecs.office.com https://*.skype.com/* https://*.trouter.skype.com https://*.edge.skype.com https://browser.pipe.aria.microsoft.com https://plat.teams.microsoft.com https://aad.skypetoken.skype.com https://authsvc.teams.microsoft.com https://swc.cdn.skype.com/* https://config.edge.skype.com/* https://edge.skype.com/* https://api.aps.skype.com/* https://*.asm.skype.com https://*.ng.msg.teams.microsoft.com/* https://*.notifications.teams.microsoft.com/* https://cdn.botframework.com/botframework-webchat https://ocsdk-prod.azureedge.net8 https://*.service.signalr.net https://ecs.office.com https://browser.pipe.aria.microsoft.com https://oc-cdn-ocprod.azureedge.net/livechatwidget https://cdn.botframework.com/botframework-webchat wss://trouter2-azsc-sece-8-a.trouter.teams.microsoft.com wss://trouter2-azsc-euno-4-b.trouter.teams.microsoft.com wss://trouter2-azsc-euwe-2-a.trouter.teams.microsoft.com https:; 2 frame-ancestors 'self' *.everwisecu.com *.zagclients.net everwisecu.sharepoint.com 2 default-src *; style-src http: https: 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; font-src 'self' http: https: data:; img-src 'self' https: http: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 2 frame-ancestors 'self' https://*.etracker.com https://*.etracker.de https://*.zohopublic.eu; 2 frame-ancestors 'self'; frame-src enovationgroup.com *.enovationgroup.com *.stuurlui.dev *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.ont.stuurlui.dev *.ontw.stuurlui.dev *.zaurus.io *.doubleclick.net forms.zoho.eu forms.zohopublic.eu 2 default-src 'self' data: blob: *.yunshipei.com *.conac.cn *.gov.cn *.edu.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2 default-src * 'unsafe-inline'; frame-ancestors *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; font-src * data:; 2 default-src 'self'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; worker-src 'self' blob:; frame-src 'self' https:; media-src 'self' https: blob:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2 default-src 'self' https://unpkg.com/ https://*.unpkg.com/ https://*.revtrax.com https://irxcm.com/ https://*.pg.com/ https://*.azureedge.net/ https://*.promosvcs.com/ https://*.doubleclick.net/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://*.goskope.com/ https://*.cpnscdn.com/ https://*.ctfassets.net/ https://*.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.com/ https://*.pgsvc.com/ https://*.adsrvr.org/ https://*.google-analytics.com/ https://*.cloudinary.com/ https://*.tiktok.com/ https://*.rpxnow.com/ https://*.googleapis.com/ https://*.cloudfront.net/ https://*.gstatic.com/ https://*.googletagmanager.com/ https://*.segment.com/ https://*.tapad.com/ https://xxredda.s3.amazonaws.com/ https://*.incentives.gcp.pgcloud.com/ https://*.crazyegg.com https://*.rbi-umbrella.com/ blob:; font-src 'self' https://*.gstatic.com/ data: *.abtasty.com; img-src * 'self' https://*.ctfassets.net/ https://*.cpnscdn.com/ https://*.incentives.gcp.pgcloud.com/ blob: data: https: *.abtasty.com; script-src 'strict-dynamic' 'nonce-UCZHR29vZEV2ZXJ5ZGF5Q1NQU2VjdXJpdHk=' 'unsafe-inline' 'unsafe-eval' 'self' https://*.unpkg.com/ https://*.revtrax.com/ https://*.pg.com/ https://*.azureedge.net/ https://*.promosvcs.com/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://*.goskope.com/ https://*.onetrust.com/ https://*.tiktok.com/ https://*.ipify.org/ https://*.instagram.com/ https://*.moatads.com/ https://*.pghub.io/ https://*.tp88trk.com/ https://*.cookielaw.org/ https://*.crazyegg.com/ https://*.pepperjam.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.google.com/ https://*.lytics.io/ https://*.youtube.com/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.cloudfront.net/ https://*.segment.com/ https://*.adsrvr.org/ https://*.doubleclick.net/ https://*.cognigy.ai/ https://*.pypestream.com/ https://*.launchdarkly.com/ https://*.incentives.gcp.pgcloud.com/ blob: *.abtasty.com; style-src 'self' 'unsafe-inline' https://*.lytics.io/ https://*.googleapis.com/ https://*.incentives.gcp.pgcloud.com/ https://*.crazyegg.com *.abtasty.com; frame-src 'self' https://p192942-amj-madetosave-stage-dwahece3dnbwfuf0.centralus-01.azurewebsites.net/ https://*.centralus-01.azurewebsites.net/cvs https://*.centralus-01.azurewebsites.net/dollar-general https://*.centralus-01.azurewebsites.net/instacart https://*.centralus-01.azurewebsites.net/price-chopper https://*.centralus-01.azurewebsites.net/shop-rite https://*.centralus-01.azurewebsites.net/walgreens https://irxcm.com/ https://*.rbi-umbrella.com/ https://*.pinterest.com/ https://*.quotient.com/ https://*.googletagmanager.com/ https://*.revtrax.com/ https://*.ltimindtree.com/ https://p192909-holiday-scale2-stage.azurewebsites.net/ https://p192918-pgge-amj-rebate.azurewebsites.net https://p192934-olay-stage.azurewebsites.net/ https://*.onetrust.com/ https://*.ipify.org/ https://*.adsrvr.org/ https://*.lightning.force.com/ https://*.salesforce-sites.com/ https://*.tapad.com/ https://*.pepperjamnetwork.com/ https://*.pg.promosvcs.com/ https://*.facebook.com/ https://*.doubleclick.net/ https://*.coupons.com/ https://*.smartsource.com/ https://*.segmanta.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.zscaler.net/ https://*.crazyegg.com/ https://*.incentives.gcp.pgcloud.com/ https://*.pypestream.com/ https://*.static.lightning.force.com https://xxredda.s3.amazonaws.com/ https://p192918-pgge-amj-rebate-stage.azurewebsites.net/ https://*.azurewebsites.net.rproxy.goskope.com/ https://*.pggoodeveryday.com https://*.pg.com/ https://*.jebbit.com https://*.pghub.io/ *.abtasty.com https://safe.menlosecurity.com/ https://*.menlosecurity.com/ https://analytics.pgbrandsaver.com https://*.pgbrandsaver.com https://192956-pgbs-holiday-stage-hbcfdvc2e0arardn.centralus-01.azurewebsites.net https://r192956.pg.promosvcs.com/; object-src 'self'; connect-src 'self' https://*.bing.com/ https://bat.bing.com/p/conversions/c/i https://*.rudderstack.com https://cdn.rudderlabs.com https://*.pinterest.com/ https://*.pg.com/ https://*.revtrax.com/ https://*.irxcm.com/ https://*.google-analytics.com/ https://*.visualstudio.com/ https://*.azureedge.net/ https://*.doubleclick.net/ https://*.pg-campaigns.com/ https://*.launchdarkly.com/ https://*.pypestream.com/ wss://*.cognigy.ai/ https://*.onetrust.com/ https://*.ipify.org/ https://*.instagram.com/ https://*.coupon.pg.com/ https://*.zscaler.net/ https://*.contentful.com/ https://*.moatads.com/ https://*.cpnscdn.com/ https://*.ctfassets.net/ https://*.yahoo.com/ https://*.shophermedia.net/ https://*.pghub.io/ https://*.tp88trk.com/ https://*.pepperjam.com/ https://*.facebook.com/ https://*.algolianet.com/ https://*.onetrust.io/ https://*.algolia.net/ https://*.crazyegg.com/ https://*.cookielaw.org/ https://*.youtube.com/ https://*.rubiconproject.com/ https://*.pg.com/ https://*.adsrvr.org/ https://*.gstatic.com/ https://*.amazon-adsystem.com/ https://*.lytics.io/ https://*.segment.io/ https://*.segment.com/ https://*.googleadservices.com/ https://*.segmanta.com/ https://*.pggoodeveryday.com/ https://*.pgsvc.com/ https://*.doubleclick.net/ https://*.cloudinary.com/ https://*.tiktok.com/ https://*.rpxnow.com/ https://*.cloudfront.net/ https://*.tapad.com/ https://*.google.com/ https://*.google.co.in/ https://xxredda.s3.amazonaws.com/ https://*.incentives.gcp.pgcloud.com/ https://*.addrexx10.com/ https://*.gcp.pgcloud.com https://*.reddit.com https://www.redditstatic.com https://*.tiktokw.us https://*.bing-int.com https://*.pgbrandsaver.com *.abtasty.com *.outbrain.com; frame-ancestors 'self' https://*.centralus-01.azurewebsites.net/ https://*.centralus-01.azurewebsites.net/cvs https://*.centralus-01.azurewebsites.net/dollar-general https://*.centralus-01.azurewebsites.net/instacart https://*.centralus-01.azurewebsites.net/price-chopper https://*.centralus-01.azurewebsites.net/shop-rite https://*.centralus-01.azurewebsites.net/walgreens https://p192942-amj-madetosave-stage-dwahece3dnbwfuf0.centralus-01.azurewebsites.net/ https://p192918-pgge-amj-rebate-stage.azurewebsites.net/ https://*.pg.promosvcs.com/ https://192956-pgbs-holiday-stage-hbcfdvc2e0arardn.centralus-01.azurewebsites.net https://r192956.pg.promosvcs.com/ 2 frame-ancestors https://jsapps.c1gdtat48x-ferreroin2-d1-public.model-t.cc.commerce.ondemand.com https://jsapps.c1gdtat48x-ferreroin2-s1-public.model-t.cc.commerce.ondemand.com https://jsapps.c1gdtat48x-ferreroin2-p1-public.model-t.cc.commerce.ondemand.com https://dev.fanniemay.com https://staging.thorntons.com https://staging.fanniemay.com https://www.fanniemay.com https://www.thorntons.com accstorefront.c1gdtat48x-ferreroin2-d1-public.model-t.cc.commerce.ondemand.com:443 accstorefront.c1gdtat48x-ferreroin2-s1-public.model-t.cc.commerce.ondemand.com:443 accstorefront.c1gdtat48x-ferreroin2-p1-public.model-t.cc.commerce.ondemand.com:443 2 default-src 'self' *.dab-bank.de https://*.dab-bank.de intent://consors.com https://*.optimizely.com;script-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.bootstrapcdn.com https://*.ensighten.com https://*.googleapis.com https://*.akamaihd.net https://*.tlscdn.com https://*.cloudfront.net https://*.google-analytics.com https://*.akamai.net https://*.dab-partnerprogramm.de https://*.zanox.com https://*.intelliad.de https://*.netrk.net https://*.optimizely.com https://*.amazonaws.com https://*.googleadservices.com https://*.webmasterplan.com https://*.neqty.net https://*.gstatic.com https://*.doubleclick.net https://*.adform.net https://*.vid.ly https://*.googleusercontent.com *.mdgms.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.facebook.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval';img-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.bootstrapcdn.com https://*.ensighten.com *.mdgms.com https://*.netrk.net https://*.adform.net https://*.intelliad.de https://*.zanox.com *.webmasterplan.com https://*.gstatic.com https://*.amazonaws.com https://*.google-analytics.com https://*.akamai.net https://*.neqty.net https://*.twitter.com https://*.google.com https://*.doubleclick.net https://*.google.de https://*.googleadservices.com *.bing.com https://*.akamaihd.net https://*.facebook.com https://*.facebook.net https://*.cloudfront.net https://*.ssl-images-amazon.com https://*.googleapis.com https://*.optimizely.com https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de data:;style-src 'self' 'unsafe-inline' *.dab-bank.de https://*.dab-bank.de https://*.googleapis.com https://*.bootstrapcdn.com https://*.intelliad.de https://*.webmasterplan.com;frame-src 'self' *.dab-bank.de https://*.dab-bank.de push.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.google.de https://*.cloudfront.net https://*.rexx-server.com https://*.amazonaws.com *.mdgms.com https://*.webmasterplan.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.akamaihd.net https://*.intelliad.de http://*.zanox.com http://*.adform.net https://*.netrk.net https://*.neqty.net https://*.googleapis.com https://*.optimizely.com https://*.google-analytics.com https://*.googleadservices.com https://*.ensighten.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.facebook.com https://*.facebook.net https://www.youtube-nocookie.com;font-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.googleusercontent.com https://*.gstatic.com https://*.bootstrapcdn.com;object-src 'self' *.dab-bank.de https://*.dab-bank.de http://boerse.dab-bank.de https://*.akamaihd.net https://*.akamai.net;connect-src 'self' *.dab-bank.de https://*.dab-bank.de wss://*.dab-bank.de https://*.googleapis.com https://*.log.optimizely.com https://*.log.optimizely.com https://test1-onboarding.united-signals.com https://onboarding.united-signals.com https://*.united-signals.com;media-src 'self' *.dab-bank.de https://*.dab-bank.de;report-uri /json/open/csp_report; 2 default-src https: 'unsafe-eval' 'unsafe-inline' blob: data: wss:; img-src 'self' blob: data: https:; object-src 'self'; frame-src 'self' blob: data: https: lavitaapp:; report-uri https://sentry.lavita.io/api/7/security/?sentry_key=6ea35b7ebf064adb9ad7002afcbf1d53; frame-ancestors https://*.etracker.com 2 font-src *.fontawesome.com fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com pay.google.com payments-eu.amazon.com *.amazon.de https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.paypal.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://plumrocket.com *.hub-box.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com * *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com pay.google.com *.payments-amazon.com *.media-amazon.com *.paypalobjects.com *.awin1.com *.zenaps.com magefan.com cm.magefan.com cdn.doofinder.com *.disqus.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.google.com *.twitter.com *.instagram.com *.pinterest.com *.facebook.net *.dobell.co.uk *.bing.com brxcdn.com *.roeye.com www.googletagmanager.com *.dobell.at *.dobell.de *.dobell.fr *.dobell.nl *.dobell.se *.mytuxedo.com.au *.dobell.com *.google.co.uk *.bing.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com pay.google.com *.payments-amazon.com *.paypal.com *.ratepay.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com cdn.doofinder.com *.disqus.com *.avada.io assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com openapi.etsy.com *.fitbit.com api.500px.com *.flickr.com *.intuit.com quickbooks.api.intuit.com *.tumblr.com *.twitter.com api.xing.com api.login.yahoo.com social.yahooapis.com *.amazon.com *.battle.net *.bitly.com *.box.com *.dailymotion.com *.deezer.com *.delicious.com www.deviantart.com *.dropbox.com *.eveonline.com. *.facebook.com api.foursquare.com foursquare.com api.github.com github.com api.harvestapp.com *.heroku.com api.hubic.com *.instagram.com jawbone.com *.linkedin.com *.mailchimp.com *.nest.com login.live.com apiflowerpower.parrot.com api.pinterest.com getpocket.com *.reddit.com *.runkeeper.com *.googleapis.com login.salesforce.com *.soundcloud.com *.spotify.com www.strava.com api.vimeo.com *.vk.com www.yammer.com *.channeladvisor.com *.klarna.com www.googletagmanager.com *.exponea.com *.trustpilot.com *.newrelic.com *.hotjar.com *.cookie-script.com *.facebook.net lantern.roeyecdn.com *.bing.com *.pinimg.com bam.nr-data.net *.google-analytics.com *.googlesyndication.com *.pinterest.com *.hotjar.io *.g.doubleclick.net *.roeye.com *.addressy.com brxcdn.com *.gstatic.com the.sciencebehindecommerce.com *.doofinder.com wss://ws.hotjar.com *.google.com google.com out.adyen.com applepay.cdn-apple.com static.addtoany.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com use.typekit.net *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com brxcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google.com google.com payments-eu.amazon.com *.paypal.com https://the.sciencebehindecommerce.com *.doofinder.com wss://*.doofinder.com *.hub-box.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.facebook.com *.instagram.com *.channeladvisor.com *.klarna.com *.pinterest.com *.linkedin.com *.mailchimp.com www.googletagmanager.com *.newrelic.com *.exponea.com *.hotjar.io *.g.doubleclick.net *.cookie-script.com *.facebook.net lantern.roeyecdn.com *.bing.com *.pinimg.com bam.nr-data.net *.google-analytics.com *.googlesyndication.com www.dwin1.com *.roeye.com *.addressy.com wss://ws.hotjar.com brxcdn.com *.gstatic.com the.sciencebehindecommerce.com out.adyen.com *.bing.net *.trustpilot.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.exponea.com 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' policy.app.cookieinformation.com www.googletagmanager.com fazercs--partial.sandbox.my.site.com fazercs.my.site.com plugins.flockler.com *.shopifysvc.com *.shopify.com *.myshopify.com *.shopifycdn.com *.woolman.app www.fazer.fi www.google-analytics.com service.force.com fazercs.my.salesforce.com *.salesforce.com *.fazer.com *.salesforceliveagent.com cdnjs.cloudflare.com cdn.jsdelivr.net visitfazer.asio.fi fazergroup.workbuster.com code.jquery.com ajax.googleapis.com fazergroup.onecruiter.com snap.licdn.com web-sdk-eu.aptrinsic.com *.hotjar.com *.hotjar.io fazer.simulator.palmu.fi *.cloudfront.net connect.facebook.net us-ma.sam4m.com/2.0/site/undefined/analytics/sa.js cdn.mxapis.com serve.mxapis.com track.adform.net *.ads-twitter.com stats.g.doubleclick.net *.adform.net www.youtube.com *.leadfamly.com plugins.flockler.com *.ingrid.com *.adyen.com *.lipscore.com *.bootstrapcdn.com bat.bing.com data.fazer.fi data.gateau.fi data.gateau.se; style-src 'self' 'unsafe-inline' fazercs--partial.sandbox.my.site.com fazercs.my.site.com fazercs.my.salesforce.com *.shopifysvc.com *.shopify.com *.myshopify.com *.shopifycdn.com *.woolman.app www.fazer.fi *.fazer.com *.salesforceliveagent.com *.cdn.flockler.com fazergroup.onecruiter.com fonts.googleapis.com s3-eu-west-1.amazonaws.com/wb-bolt-production/account_1348 web-sdk-eu.aptrinsic.com *.ingrid.com *.adyen.com *.lipscore.com *.bootstrapcdn.com *.jsdelivr.net *.fontawesome.com www.googletagmanager.com data.fazer.fi data.gateau.fi data.gateau.se; img-src * data:; font-src 'self' data: fazercs--partial.sandbox.my.site.com fazercs.my.site.com *.shopifysvc.com *.shopify.com *.myshopify.com *.shopifycdn.com *.woolman.app www.fazer.fi *.fazer.com fazergroup.onecruiter.com fonts.gstatic.com use.typekit.net *.cloudfront.net *.ingrid.com *.adyen.com *.lipscore.com *.fontawesome.com; connect-src *; frame-src *; frame-ancestors *; object-src 'none'; base-uri 'self'; form-action *; upgrade-insecure-requests ; block-all-mixed-content 2 img-src blob: https: data:; upgrade-insecure-requests 2 frame-ancestors self https://*.tracker-gps.com; img-src * data: 2 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.fonts.googleapis.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com *.dotdigital-pages.com *.dotdigital.com webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://hdsunflower-hd1.ycb.me *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.trackedlink.net *.iubenda.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://firebasestorage.googleapis.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://*.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.iubenda.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io *.shopify.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://embed.ycb.me https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com/apps/app/dist/js/loader.js *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://cdn.iubenda.com/iubenda_badge.css tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.iubenda.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency https://cdn.acsbapp.com/config/sunflower.dev.pixie.agency/config.json https://cdn.acsbapp.com/cache/app/wildcards.json https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://accesswidget-log-receiver.acsbapp.com https://cdn.acsbapp.com/config/hdsunflower.com/config.json *.cloudflare.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src: https: 'unsafe-inline' 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://tags.tiqcdn.com https://www.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://*.cloudfront.net https://app.usercentrics.eu https://static.hotjar.com https://connect.facebook.net https://track.adform.net https://snap.licdn.com https://analytics.tiktok.com https://www.clarity.ms https://difc.my.salesforce.com https://scripts.clarity.ms https://*.salesforceliveagent.com https://difc--uatdifc.sandbox.my.salesforce.com https://portal.difc.ae https://script.hotjar.com https://code.jquery.com https://www.gstatic.com https://s2.adform.net https://www.juicer.io https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://assets.juicer.io https://www.google-analytics.com;style-src 'self' https://difc--uatdifc.sandbox.my.salesforce.com https://www.gstatic.com https://difc.my.salesforce.com https://fonts.googleapis.com https://maps.gstatic.com https://portal.difc.ae 'unsafe-inline'; font-src 'self' https://www.difc.com https://www.juicer.io https://static.juicer.io https://fonts.gstatic.com data:;img-src 'self' https://www.google-analytics.com https://*.google.ae https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.juicer.io https://static.juicer.io https://assets.difc.com https://www.facebook.com https://px.ads.linkedin.com https://c.clarity.ms https://c.bing.com https://i.ibb.co https://edge.sitecorecloud.io data: https://app.usercentrics.eu;media-src 'self' https://edge.sitecorecloud.io;frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://portaldifc.secure.force.com https://difc.my.salesforce-sites.com https://www.googletagmanager.com https://difc--uatdifc.sandbox.my.salesforce.com https://difc.my.salesforce.com https://www.google.com https://open.spotify.com https://td.doubleclick.net/ https://www.facebook.com;connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://api-engage-eu.sitecorecloud.io https://*.salesforce.com https://*.hotjar.com https://*.clarity.ms https://*.tiktok.com https://*.google-analytics.com https://*.facebook.net https:; object-src 'none'; base-uri 'self'; form-action 'self' https://sbcheckout.payfort.com https://checkout.payfort.com https://www.facebook.com ; frame-ancestors 'self'; upgrade-insecure-requests; 2 frame-ancestors https://*.cisin.com; 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hackerone.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.licdn.com *.ads-twitter.com *.twitter.com *.linkedin.com *.brightcove.net *.zencdn.net blob: *.twimg.com *.addthis.com *.addthisedge.com *.msecnd.net *.issuu.com *.pardot.com *.moatads.com *.qualtrics.com *.createjs.com *.ceros.com *.mobular.com js.hsforms.net; style-src 'self' 'unsafe-inline' *.cookielaw.org *.onetrust.com *.twitter.com *.datatables.net *.twimg.com *.mobular.com *.googleapis.com; img-src 'self' *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com t.co *.doubleclick.net *.google.com *.brightcove.com *.boltdns.net data: *.twitter.com *.twimg.com *.linkedin.com *.adsymptotic.com *.qualtrics.com *.mobular.com; media-src 'self' blob: *.boltdns.net *.akamaihd.net; font-src 'self' data: *.zencdn.net fonts.gstatic.com; object-src 'self'; connect-src 'self' *.cookielaw.org *.onetrust.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.addthis.com *.visualstudio.com *.google-analytics.com *.doubleclick.net *.akamaihd.net *.qualtrics.com *.mobular.com *.mobular.net cdn.linkedin.oribi.io fonts.googleapis.com; frame-src 'self' hackerone.com *.twitter.com *.google.com *.addthis.com *.brightcove.net *.issuu.com *.qualtrics.com *.pardot.com *.ceros.com *.captivate.fm embed.mobular.com; 2 frame-ancestors 'self'; base-uri 'self' https://contenthandler.azureedge.net; object-src 'none'; frame-src 'self' *.googletagmanager.com *.youtube.com *.fieldera.com www.google.com *.incontact.com *.doubleclick.net; upgrade-insecure-requests 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://group1auto-eu-prod.azureedge.net https://inchcape-eu-qa.azureedge.net https://inchcape.azureedge.net https://inchcape-prod.azureedge.net https://prod.group1auto.co.uk https://qa-test.inchcape.co.uk https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com https://prod-external.inchcape.co.uk https://inchcape-sa-prod.azureedge.net https://sa-prod.inchcape.com https://js.stripe.com https://plugins.codeweavers.net https://cdn.gubagoo.io https://gubagoo.io https://group1fordnewbury.tyresonmywebsite.co.uk https://*.dealertyres.co.uk https://form.jotform.com https://cdn-assets-prod.s3.amazonaws.com/ https://cdn.mouseflow.com https://iframe.app.autoconvert.co.uk https://vcc-eu11-cf.8x8.com https://js.monitor.azure.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://cdn.autopress.cl https://unpkg.com https://cdn.jsdelivr.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://bam.nr-data.net https://pixel.mathtag.com https://api-public.addthis.com https://*.cloudfront.net https://graph.facebook.com https://*.addthis.com https://*.addthisedge.com https://static.hotjar.com https://www.dynamicnumbers.mediahawk.co.uk https://static.analytics.netdirector.auto https://ajax.googleapis.com https://cdn.optimizely.com https://cdn.worldpay.com https://emac-direct.service-plan.co.uk https://maps.googleapis.com https://script.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://ad.doubleclick.net https://pagead2.googlesyndication.com https://js-agent.newrelic.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://t.astutemetrics.com https://vcc-eu11.8x8.com/CHAT/common/js/chat.js https://vcc-eu11.8x8.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://eu.cdn.autosonshow.tv/; style-src 'self' 'unsafe-inline' https://group1auto-eu-prod.azureedge.net https://inchcape-eu-qa.azureedge.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com/ https://inchcape-sa-prod.azureedge.net https://sa-prod.inchcape.com https://cdnjs.cloudflare.com https://group1fordnewbury.tyresonmywebsite.co.uk https://widgets.reputation.com https://emac-direct.service-plan.co.uk https://fonts.googleapis.com https://tagmanager.google.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com; img-src 'self' data: https://vcc-eu11-cf.8x8.com https://eu.cdn.autosonshow.tv/ https://gubagoo.io https://cdn.gubagoo.io https://imgsct.cookiebot.com https://vcc-eu11.8x8.com https://*.tyresonmywebsite.co.uk https://*.tyresandservice.co.uk https://componentsprodstorage.blob.core.windows.net/ https://www.group1auto.co.uk/ https://prodsc-mediacdn.azureedge.net https://lh3.ggpht.com https://azsbrglocdnepdnbvoa.azureedge.net https://ad.doubleclick.net https://group1auto-eu-prod.azureedge.net https://inchcape-eu-qa.azureedge.net https://group1autoukcdn.azureedge.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-qa.azureedge.net https://oc-prod.inchcape.com https://inchcape-oc-prod.azureedge.net https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://js.stripe.com https://cdnjs.cloudflare.com https://azeauglocdnedevbvoa.azureedge.net https://azsbrglocdnedevbvoa.azureedge.net https://azeauglocdnepdnbvoa.azureedge.net https://*.google-analytics.com https://*.analytics.google.com https://media.reputation.com https://widgets.reputation.com https://s3-us-west-1.amazonaws.com https://pixelg.adswizz.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://bam.nr-data.net https://pixel.mathtag.com https://match.adsrvr.org https://track.admaxim.com https://static.hotjar.com https://script.hotjar.com https://www.google.com https://www.google.ie https://www.google.co.uk https://*.g.doubleclick.net https://inchcapecdn.azureedge.net https://inchcapeukcdn.azureedge.net https://images-static.trustpilot.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://via.placeholder.com https://maps.googleapis.com https://maps.gstatic.com https://www.caranddriving.com https://*.googleapis.com https://ssl.gstatic.com https://5490816.fls.doubleclick.net https://www.facebook.com; font-src 'self' data: https://group1auto-eu-prod.azureedge.net https://inchcape-eu-qa.azureedge.net https://inchcape-prod.azureedge.net https://inchcape-prod-bnhgefd2dnf5a4ew.z01.azurefd.net https://inchcape-oc-prod.azureedge.net https://oc-prod.inchcape.com https://inchcape-sa-prod.azureedge.net https://sa-qa.inchcape.com https://cdnjs.cloudflare.com https://widgets.reputation.com https://emac-direct.service-plan.co.uk https://fonts.cdnfonts.com https://static.hotjar.com https://script.hotjar.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://fonts.gstatic.com; connect-src 'self' https://prod.group1auto.co.uk https://group1auto-eu-prod.azureedge.net/ https://prod.inchcape.co.uk https://prod-external.inchcape.co.uk https://qa-test.inchcape.co.uk https://preprod.inchcape.co.uk https://dev.inchcape.co.uk prod.inchcape.co.uk https://emac-direct-api.gforceslivelink.co.uk https://gubagoo.io https://cdn.gubagoo.io https://cbo-loader.gubagoo.io wss://node.gubagoo.io/ wss://socket.io wss://gb1-node.gubagoo.io https://eu01.rec.mouseflow.com https://cloud8-cc-geo.8x8.com https://*.in.applicationinsights.azure.com https://*.doubleclick.net https://api.autopress.cl https://b2b.autopress.cl https://www.google.com https://dn.mediahawk.co.uk https://*.logrocket.io https://*.lr-ingest.io https://analytics.netdirector.co.uk https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://googleads4.g.doubleclick.net https://www.facebook.com https://bam.nr-data.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://api.oneweb.inchcape.co.uk https://inchcapeuatapi.azurewebsites.net/ https://inchcapeprodapi.azurewebsites.net https://inchcapeuatsearchapi.azurewebsites.net https://inchcapeproductionsearchapi.azurewebsites.net https://inchcapeuatapi.azurewebsites.net https://inchcapeuatimporterapi.azurewebsites.net https://inchcapeuatsearchapi.azurewebsites.net https://m.addthis.com https://www.dynamicnumbers.mediahawk.co.uk http://*.hotjar.io:* https://*.hotjar.io:* http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https://*.googleapis.com https://*.optimizely.com https://stats.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com; media-src 'self' https://cdn.gubagoo.io/ https://eu.cdn.autosonshow.tv/; object-src 'self'; child-src 'self' blob:; frame-src 'self' https://js.stripe.com https://form.jotform.com https://eu-submit.jotform.com https://group1auto.vehiclevisuals.com https://iframe.app.autoconvert.co.uk/ https://vcc-eu11-cf.8x8.com/ https://*.gubagoo.io https://plugins.codeweavers.net/ https://*.tyresonmywebsite.co.uk/ https://*.dealertyres.co.uk/ https://widgets.reputation.com https://www.bumper.co.uk/ https://www.bumper.co/ https://vcc-eu11.8x8.com/ https://cdn.gubagoo.io https://vmc-qa.inchcape.digital/ https://vmc-prd.inchcape.digital/ https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.optimizely.com https://pixel.mathtag.com https://s7.addthis.com https://sdn.sitecore.net https://inchcape.mua.hrdepartment.com https://player.vimeo.com https://vars.hotjar.com https://*.citnow.com https://www.caranddriving.com https://www.youtube.com https://danclarksoninchcape.wufoo.eu https://danclarksoninchcape.wufoo.com https://5490816.fls.doubleclick.net https://emac-direct.service-plan.co.uk https://www.facebook.com/ https://*.mouseflow.com https://www.google.com https://consentcdn.cookiebot.com https://eu.cdn.autosonshow.tv/; worker-src 'self' blob:; frame-ancestors 'self' https://vmc-qa.inchcape.digital/ https://vmc-prd.inchcape.digital/ https://eu.cdn.autosonshow.tv/; form-action 'self' https://inchcape.mua.hrdepartment.com https://plugins.codeweavers.net www.facebook.com https://eu.cdn.autosonshow.tv/; upgrade-insecure-requests; 2 default-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: 2 default-src 'self'; img-src 'self' data: https://media.netcall.com https://img.youtube.com https://produksconverseassets.blob.core.windows.net https://produkwconverseassets.blob.core.windows.net https://produkswebassistassets.blob.core.windows.net https://*.onconnect.app https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://maps.gstatic.com https://geo0.ggpht.com https://*.googleapis.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org https://www.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://secure.gravatar.com https://*.w.org https://webassistant.onconverse.app https://bat.bing.com https://bat.bing.net https://www.facebook.com; style-src 'self' 'unsafe-inline' blob: https://webassistant.onconverse.app https://*.onconnect.app https://564-SJK-496.mktoweb.com https://rtp-static.marketo.com https://engage.netcall.com https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com https://fast.wistia.com https://pro.fontawesome.com https://use.typekit.net https://p.typekit.net https://cdn-labob.nitrocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://webassistant.onconverse.app https://*.onconnect.app https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://maps.googleapis.com https://www.gstatic.com https://engage.netcall.com https://564-SJK-496.mktoweb.com https://lonrtp1-cdn.marketo.com https://rtp-static.marketo.com https://lonrtp1.marketo.com https://app-lon09.marketo.com https://munchkin.marketo.net https://www.research-tree.com https://youtube.com https://www.youtube.com https://player.vimeo.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org https://snap.licdn.com https://geolocation.onetrust.com https://yoast.com/shared-assets/ https://unpkg.com/@dotlottie/ https://js-agent.newrelic.com https://nitropack.io https://nitroscripts.com https://kit.fontawesome.com https://bat.bing.com https://bat.bing.net https://secure.innovation-perceptive52.com https://plugin.sopro.io https://connect.facebook.net; font-src 'self' data: https://*.onconnect.app https://fonts.gstatic.com https://fonts.googleapis.com https://*.wistia.com https://*.hotjar.com https://*.hotjar.io https://pro.fontawesome.com https://use.typekit.net https://kit.fontawesome.com https://ka-p.fontawesome.com; connect-src 'self' https://webassistant.onconverse.app https://webassist.onconverse.app https://*.onconnect.app https://*.service.signalr.net wss://webassist.onconverse.app wss://*.service.signalr.net https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://www.google.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://px.ads.linkedin.com https://api.nelioabtesting.com https://rtp-static.marketo.com https://lonrtp1.marketo.com https://www.google-analytics.com https://*.mktoresp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net https://fast.wistia.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://yoast.com https://my.yoast.com https://bam.nr-data.net https://nitropack.io https://to.getnitropack.com https://cdn-labob.nitrocdn.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://bat.bing.com https://bat.bing.net https://sopro-personalisation.azurewebsites.net https://anonymous-api.azurewebsites.net; frame-src 'self' blob: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://td.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.research-tree.com https://564-SJK-496.mktoweb.com https://engage.netcall.com https://app-lon09.marketo.com https://youtube.com https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com https://fast.wistia.com https://fast.wistia.net https://*.hotjar.com https://*.hotjar.io https://polaris.brighterir.com https://player.rss.com/thetruthaboutlocalgovernment/ https://matssoft-operations-community-build.onmats.com https://matssoft-operations-community.onmats.com https://api-bea73872.duosecurity.com https://savingscalculators.ops.netcall.com; media-src 'self' data: blob: https://media.netcall.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; worker-src 'self' blob:; object-src 'none'; frame-ancestors 'self' https://nc2-webify-build.oncreate.app https://nc2-webify-test.oncreate.app https://nc2-webify.oncreate.app https://netcall.showpad.biz https://netcall.showpad.com https://*.netcall.com; 2 default-src * *.axaim-cx2020-dpl.sa:8100; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com sc-static.net *.kaltura.com *.google-analytics.com *.edgekey.net *.cloudflare.com *.jsdelivr.net *.en25.com *.facebook.net *.licdn.com *.axaim-cx2020-dpl.sa:8100 *.bing.com *.brighttalk.com platform.massrelevance.com *.siteimprove.net *.siteimprove.com *.fml-x.com *.ausha.co *.facebook.com *.ads-twitter.com *.axa-im.com *.linkedin.com static.ads-twitter.com *.aticdn.net *.ceros.com fml-x.com *.cookielaw.org *.fullstory.com; object-src self *.axaim-cx2020-dpl.sa:8100; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.axaim-cx2020-dpl.sa:8100; img-src https: data: *.axaim-cx2020-dpl.sa:8100; media-src https: data: blob: *.axaim-cx2020-dpl.sa:8100; frame-src self *.youtube-nocookie.com *.doubleclick.net *.axaim-cx2020-dpl.sa:8100 *.massrel.io *.siteimprove.net *.siteimprove.com *.ausha.co *.ceros.com *.fml-x.com *.googletagmanager.com *.axa-im.com *.youtube.com *.kaltura.com; frame-ancestors self; child-src self blob:; font-src data: fonts.gstatic.com *.googleusercontent.com *.axa-im.com *.axaim-cx2020-dpl.sa:8100 *.kaltura.com; connect-src *.axa-im.com *.axa-im.co.uk *.axaim-phoenix-vsr.preprod.agence-modedemploi.fr *.kaltura.com *.edgekey.net *.google-analytics.com *.axaim-cx2020-dpl.sa:8100 *.siteimprove.net *.siteimprove.com *.axa-im.com cdn.linkedin.oribi.io *.xiti.com fml-x.com *.linkedin.com *.cookielaw.org cdn.plyr.io *.google.com *.g.doubleclick.net *.googlesyndication.com *.bing.com *.fullstory.com *.facebook.com; report-uri /report-csp-violation 2 frame-ancestors 'self' https://web.telegram.org 2 style-src 'self' static.warpcs.org 'report-sample'; script-src 'self' static.warpcs.org x-0008.p.u9sv.com x-001a.p.u9sv.com 'sha256-Deekn20h+++EarpL0nFQLX7JSJv7s/2W9f988ZFAh14=' 'report-sample'; object-src 'none'; form-action 'self'; upgrade-insecure-requests; frame-ancestors 'self'; report-to sec-endpoint; report-uri https://api.warpcs.org/v2/meta/report?t=sec 2 frame-ancestors 'self' https://*.optimizely.com; default-src 'self'; worker-src 'self' data:; font-src 'self' https://*.rocketcdn.me https://*.gstatic.com https://*.typekit.net https://*.sharepointonline.com https://www.shopperapproved.com data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com ; img-src 'self' https: data: https://*.optimizely.com; connect-src https: wss://*.hotjar.com https://*.optimizely.com; frame-src 'self' https://*.hotjar.com https://*.snapchat.com https://*.facebook.com https://*.trustpilot.com https://*.greenhouse.io https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.typeform.com https://*.optimizely.com https://*.doubleclick.net https://play.vidyard.com https://*.googletagmanager.com https://*.wp-rocket.me; media-src 'self' https://*.rocketcdn.me; manifest-src 'self' https://*.rocketcdn.me; 2 base-uri 'self' stats.wp.com tags.inzynk.io 'self' https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://ajax.googleapis.com 'strict-dynamic'; connect-src 'self' https://e.infogram.com https://infogram.com www.facebook.com conversions-config.reddit.com www.redditstatic.com pixel-config.reddit.com consent-api.service.consent.usercentrics.eu v1.api.service.cmp.usercentrics.eu consent-pref.trustarc.com analytics.inzynk.io px.ads.linkedin.com www.google.com translate.googleapis.com translate-pa.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io *.cookiebot.eu *.cookiebot.com api.parsely.com region1.google-analytics.com www.google-analytics.com restcountries.com analytics.inzynk.io region1.analytics.google.com stats.g.doubleclick.net analytics.google.com; default-src 'self'; font-src consent.trustarc.com *.capgemini.com *.sogeti.com *.academy.sogeti.nl *.tmap.net *.go-vip.net fonts.gstatic.com s0.wp.com 'self' data: ; frame-src 'self' https://e.infogram.com https://infogram.com sogeti.my.salesforce-sites.com www.googletagmanager.com registration.invitedesk.com embed.acast.com *.cookiebot.eu *.cookiebot.com wordpress.com player.vimeo.com my.walls.io www.google.com *.consent.trustarc.com *.trustarc.com open.spotify.com share.transistor.fm www.youtube.com widgets.wp.com td.doubleclick.net; img-src * 'self' data: img.sct.eu1.usercentrics.eu imgsct.cookiebot.com img.sct.eu1.usercentrics.eu www.googletagmanager.com p1.parsely.com consent-pref.trustarc.com *.capgemini.com *.sogeti.com *.academy.sogeti.nl *.tmap.net *.go-vip.net pixel.wp.com *.ytimg.com secure.gravatar.com analytics.twitter.com consent.trustarc.com pd.sharethis. com px.ads.linkedin.com www.facebook.com flagcdn.com https://e.infogram.com https://infogram.com; manifest-src 'self'; media-src 'self' *.capgemini.com *.sogeti.com *.academy.sogeti.nl *.tmap.net; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' app.usercentrics.eu web.cmp.usercentrics.eu *.cookiebot.eu *.cookiebot.com content.hotjar.io script.hotjar.com static.hotjar.com walls.io cdn.parsely.com stats.wp.com *.aspnetcdn.com *.capgemini.com *.sogeti.com *.academy.sogeti.nl *.tmap.net www.gstatic.com *.wp.com connect.facebook.net consent.trustarc.com go.capgeminigroup.com pd.sharethis.com static.ads-twitter.com w.soundcloud.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.google.com ajax.aspnetcdn.com analytics.inzynk.io tags.inzynk.io https://e.infogram.com https://infogram.com; style-src *.capgemini.com *.sogeti.com *.academy.sogeti.nl *.tmap.net www.gstatic.com www.googletagmanager.com fonts.googleapis.com s0.wp.com 'unsafe-inline' 'report-sample' 'self' https://e.infogram.com; worker-src blob: ; form-action 'self' *.capgemini.com *.sogeti.com *.academy.sogeti.nl *.tmap.net *.sogeti.nl *.sogeti.uk *.sogeti.us *.sogeti.se *.sogeti.ie *.sogeti.lu *.sogeti.be *.sogeti.de *.sogeti.no *.sogeti.es *.sogeti.fi; frame-ancestors 'self' open.spotify.com; script-src-elem * 'unsafe-inline' 'unsafe-eval' 'self' app.usercentrics.eu web.cmp.usercentrics.eu snap.licdn.com pi.pardot.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com; report-to /csp-violation-report/ 2 default-src 'self' 'unsafe-hashes' 'unsafe-inline' https://*.clarity.ms/collect https://www.clarity.ms https://d.clarity.ms/collect https://s.clarity.ms/collect https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google.fr https://td.doubleclick.net https://www.google-analytics.com https://p.clarity.ms https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://use.typekit.net https://analytics.axess.fr https://www.google.com http://www.google.com https://webtracking-v01.bpmonline.com https://portail-int.axess.fr https://portail-int.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://portail.axess.fr https://portail.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://region1.analytics.google.com https://js-eu1.hs-scripts.com https://www.gstatic.com https://appvizer.one https://ariadne.appvizer.one https://inrecruitingfr.intervieweb.it https://bpm-rect.axess.fr https://bpm-rect.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://*.visualwebsiteoptimizer.com data:; script-src 'self' 'unsafe-hashes' 'unsafe-inline' https://*.clarity.ms/collect https://www.clarity.ms https://d.clarity.ms/collect https://s.clarity.ms/collect https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google.fr https://td.doubleclick.net https://www.google-analytics.com https://p.clarity.ms https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://use.typekit.net https://analytics.axess.fr https://www.google.com http://www.google.com https://webtracking-v01.bpmonline.com https://portail-int.axess.fr https://portail-int.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://portail.axess.fr https://portail.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://region1.analytics.google.com https://js-eu1.hs-scripts.com https://www.gstatic.com https://appvizer.one https://ariadne.appvizer.one https://inrecruitingfr.intervieweb.it https://bpm-rect.axess.fr https://bpm-rect.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://*.visualwebsiteoptimizer.com data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://share.trustfolio.co https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://*.clarity.ms/collect https://www.clarity.ms https://d.clarity.ms/collect https://s.clarity.ms/collect https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google.fr https://td.doubleclick.net https://www.google-analytics.com https://p.clarity.ms https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://use.typekit.net https://analytics.axess.fr https://www.google.com http://www.google.com https://webtracking-v01.bpmonline.com https://portail-int.axess.fr https://portail-int.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://portail.axess.fr https://portail.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://region1.analytics.google.com https://js-eu1.hs-scripts.com https://www.gstatic.com https://appvizer.one https://ariadne.appvizer.one https://inrecruitingfr.intervieweb.it https://bpm-rect.axess.fr https://bpm-rect.axess.fr/0/ServiceModel/GeneratedObjectWebFormService.svc/SaveWebFormObjectData https://*.visualwebsiteoptimizer.com data: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://p.typekit.net https://unpkg.com 2 frame-ancestors 'self' https://my.cermo360.de https://my.matterport.com; 2 default-src 'self' https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' 'unsafe-inline' http: https: data: blob:; connect-src 'self' https: blob:; worker-src 'self' https: blob: 2 frame-ancestors 'self' http://*.weekendesk.com; 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pinterest.com/ https://*.pinim.com https://*.pinimg.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.nl https://ajax.googleapis.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css https://www.googletagmanager.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googleadservices.com https://googleads.g.doubleclick.net *.cookiebot.com *.youtube.com https://s.ytimg.com https://connect.facebook.net https://content.jwplatform.com https://ssl.p.jwpcdn.com *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ https://sc-static.net/scevent.min.js https://tr.snapchat.com https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl blob: https://js.stripe.com https://b.stripecdn.com https://api.brightedge.com https://*.bc0a.com https://cdn.b0e8.com 38.108.179.5 https://*.raffle.ai/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://*.pinterest.com https://www.google.com https://www.google.nl *.google-analytics.com *.analytics.google.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com https://storage.googleapis.com/storyteq/ https://jwpltx.com https://prd.jwpltx.com *.hotjar.com *.hotjar.io *.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://tr.snapchat.com https://i.ytimg.com https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de https://assets.citynavigator.nl *.cookiebot.com https://assets.plaece.nl *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;media-src 'self' https://storage.googleapis.com/storyteq/;frame-src 'self' https://*.pinterest.com https://consentcdn.cookiebot.com https://www.google.com https://www.googletagmanager.com https://*.doubleclick.net https://estate.zeeland.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com *.cookiebot.com https://staticxx.facebook.com https://www.facebook.com https://g.jwpsrv.com https://www.vvvzeeland.nl *.hotjar.com *.hotjar.io *.formdesk.com https://tr.snapchat.com https://live.netcamviewer.nl *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com https://*.raffle.ai/;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com *.hotjar.com *.hotjar.io *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com;connect-src 'self' https://*.pinterest.com/ https://api.storyteq.com https://ssl.p.jwpcdn.com https://graph.facebook.com https://www.facebook.com https://www.google.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://*.doubleclick.net https://estate.zeeland.com *.cookiebot.com/ https://maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.io wss://*.hotjar.com *.snapchat.com *.linkedin.com *.localbooker.nl *.allyourz.nl https://provinciezeeland.localbooker.nl https://allyourz.nl *.mapbox.com https://js.stripe.com https://b.stripecdn.com https://api.brightedge.com https://*.bc0a.com https://cdn.b0e8.com 38.108.179.5 https://*.raffle.ai/;base-uri 'self' 2 default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 2 default-src https: 'self' data: blob:; script-src https: 'self' blob: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com/gtm.js https://www.googletagmanager.com/gtm.js https://pagead2.googlesyndication.com https://v.hvl.no; style-src https: 'self' data: 'unsafe-inline' https://v.hvl.no https://app.everviz.com https://fonts.googleapis.com; connect-src https: 'self' wss://hvl.boost.ai/api/chat/v2/ws wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/g/collect https://pagead2.googlesyndication.com; frame-ancestors 'self' https://hvl.instructure.com; 2 default-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://app-ab39.marketo.com https://cookiesapac.blob.core.windows.net *.onetrust.com use.typekit.net; script-src 'strict-dynamic' 'nonce-MTc2MzE2OTM2NzkzNTAuNjA0NzQ1Mjc=' 'self' *.6sc.co *.6sense.com *.youtube.com *.googletagmanager.com *.demandbase.com *.licdn.com *.cloudfront.com *.cloudfront.net *.mktoutil.com assets.adobedtm.com *.wipro.com *.woolmagazine.com match.prod.bidr.io google-analytics.com analytics.twitter.com static.ads-twitter.com *.twitter.com t.co *.marketo.com *.marketo.net geolocation.onetrust.com https://cookiesapac.blob.core.windows.net *.onetrust.com https://maxcdn.bootstrapcdn.com ssl.p.jwpcdn.com content.jwplatform.com *.encoretheme.com use.typekit.net; connect-src 'self' https://secure.adnxs.com https://*.6sc.co https://*.6sense.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com/ https://823-vdb-175.mktoresp.com wss://ws16.hotjar.com wss://*.hotjar.com wss://ws8.hotjar.com *.mktoutil.com *.wipro.com *.hotjar.com d.adroll.com *.hotjar.io api.company-target.com 921-uou-112.mktoresp.com *.sc.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.figma.com https://dpm.demdex.net https://privacyportal-apac.onetrust.com https://wiprolimited.tt.omtrdc.net https://cookiesapac.blob.core.windows.net *.onetrust.com https://maxcdn.bootstrapcdn.com 'nonce-MTc2MzE2OTM2NzkzNTAuNjA0NzQ1Mjc=' cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.google.com https://*.clarity.ms *.vimeo.com https://vimeo.com; style-src 'self' 'nonce-MTc2MzE2OTM2NzkzNTAuNjA0NzQ1Mjc=' *.appirio.com https://maxcdn.bootstrapcdn.com https://go.wipro.com https://app-ab39.marketo.com https://cookiesapac.blob.core.windows.net *.onetrust.com fonts.googleapis.com stackpath.bootstrapcdn.com *.encoretheme.com use.typekit.net p.typekit.net https://app-static.turtl.co/embed/turtl.embed.v1.css; frame-src 'self' *.vimeo.com *.appirio.com share.transistor.fm go.wipro.com spark.adobe.com *.hotjar.com *.demdex.net www.google.com *.doubleclick.net *.youtube-nocookie.com *.youtube.com https://app-ab39.marketo.com https://www.facebook.com assets.adobedtm.com *.figma.com https://explore.wipro.com/ https://www.googletagmanager.com/ 'nonce-MTc2MzE2OTM2NzkzNTAuNjA0NzQ1Mjc='; img-src 'self' data: *.demdex.net *.wipro.com stage2.wipro.com cm.everesttech.net https://i.ytimg.com/ https://prd.jwpltx.com https://www.google.com https://www.facebook.com app-ab39.marketo.com www.google.co.in https://wiprolimited.sc.omtrdc.net p.typekit.net http: https:; form-action facebook.com app-ab39.marketo.com 'nonce-MTc2MzE2OTM2NzkzNTAuNjA0NzQ1Mjc='; object-src *.wipro.com 'nonce-MTc2MzE2OTM2NzkzNTAuNjA0NzQ1Mjc=' ; frame-ancestors 'self' https://stage2.wipro.com https://www.wipro.com https://preview.wipro.com;media-src 'self' *.youtube.com blob: 'nonce-MTc2MzE2OTM2NzkzNTAuNjA0NzQ1Mjc=';base-uri 'none' 2 default-src 'self' mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel: blob:; connect-src https: blob:; media-src https: mediastream: blob: 2 default-src 'self' *.ist.ac.at *.ista.ac.at *.google-analytics.com *.azureedge.net *.dynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ist.ac.at *.ista.ac.at https://www.google-analytics.com https://www.googletagmanager.com *.azureedge.net *.dynamics.com; style-src 'self' *.googleapis.com *.ist.ac.at *.ista.ac.at *.azureedge.net *.dynamics.com 'unsafe-inline'; img-src 'self' data: *.ist.ac.at *.ista.ac.at https://secure.gravatar.com *.azureedge.net *.dynamics.com; font-src 'self' fonts.gstatic.com *.ist.ac.at *.ista.ac.at data:; connect-src 'self' *.ist.ac.at *.ista.ac.at *.google-analytics.com *.azureedge.net *.dynamics.com; media-src 'self' *.ist.ac.at *.ista.ac.at; object-src 'none'; base-uri 'self'; frame-ancestors 'self' *.ist.ac.at *.ista.ac.at; 2 default-src 'self'; script-src 'self' https://*.involve.me https://app.mailjet.com https://hcaptcha.com https://*.hcaptcha.com *.amazonaws.com calendar.google.com *.edoobox.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://www.google-analytics.com https://region1.analytics.google.com; font-src 'self'; frame-src 'self' https://*.involve.me https://hcaptcha.com https://*.hcaptcha.com clvr.ch forms.office.com outlook.office.com outlook.office365.com calendar.google.com *.edoobox.com www.gotostage.com tools.untis.at youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com my.walls.io www.ait.ac.at untis.apcloud.one ionos-39ba7e0f8.sendserver.email https://email-marketing.ionos.de https://e.issuu.com; img-src 'self' *.amazonaws.com https://www.youtube.com https://www.googletagmanager.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.at data: https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; 2 default-src 'self'; connect-src 'self' https://*.sata.pt https://*.proscloud.com https://o210366.ingest.sentry.io https://www.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.paypal.com https://*.azoresairlines.pt https://azo-cdn.azureedge.net https://tracking.monsido.com https://*.inside-graph.com wss://*.inside-graph.com https://*.googlesyndication.com https://*.quantcast.com https://*.inmobi.com https://www.facebook.com/tr/; font-src 'self' https://i.icomoon.io https://fonts.gstatic.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://azo-cdn.azureedge.net; form-action 'self' https://*.proscloud.com https://*.paypal.com https://*.iata.org https://payments.sata.pt https://*.azoresairlines.pt https://*.sata.pt https://www.facebook.com/tr/; frame-src 'self' https://heyzine.com https://www.youtube.com https://www.google.com https://www.recaptcha.net https://bid.g.doubleclick.net https://*.paypal.com https://static.sojern.com https://*.inside-graph.com https://*.doubleclick.net; frame-ancestors 'self'; img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com; object-src 'none'; script-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://quantcast.mgr.consensu.org https://secure.quantserve.com https://cmp.quantcast.com https://cmp.inmobi.com https://rules.quantcount.com https://www.google.com/recaptcha/ https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://storage.googleapis.com https://www.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.paypal.com https://static.sojern.com/utils/sjrn_autocx.js https://cdn.monsido.com https://*.inside-graph.com https://connect.facebook.net https://static.connect.travelaudience.com https://azo-cdn.azureedge.net; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.inside-graph.com https://i.icomoon.io https://azo-cdn.azureedge.net; 2 frame-ancestors https://admin.shopify.com 'self'; 2 default-src 'none'; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self'; object-src 'self'; font-src 'self' data: *; frame-src 'self' *; frame-ancestors 'none'; connect-src 'self' data: *; worker-src 'self' blob: *; 2 default-src 'self' https: 'unsafe-inline' 2 default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://sydle.sydle.one https://package-sydle-ui.sydle.com https://connect.facebook.net https://analytics.tiktok.com https://www.googletagmanager.com https://cdn.ampproject.org https://www.youtube.com https://snap.licdn.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com https://cdn.jsdelivr.net https://package-sydle-ui.sydle.com 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; connect-src 'self' https://stats.g.doubleclick.net https://package-sydle-ui.sydle.com https://www.google-analytics.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://www.google.com https://sydle.sydle.one; img-src 'self' data: https://www.google.com.br https://www.google.com https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com https://sydle.sydle.one; worker-src 'self' blob:; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com; 2 frame-ancestors 'self' dashboard.myrazz.com; report-uri /report-violation 2 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self' *.qbrick.com; media-src * blob:; worker-src * blob:; object-src 'self'; connect-src wss: https: 2 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.goinggoinggone.com *.goinggoing.com *.btttag.com *.dickssportinggoods.com *.cardinalcommerce.com *.akamaihd.net *.scene7.com app.link *.bazaarvoice.com *.googleapis.com *.certona.net *.certona.com res-x.com *.res-x.com maxcdn.bootstrapcdn.com *.go-mpulse.net akstat.io h.online-metrix.net tags.tiqcdn.com s.pinimg.com a.wishabi.com analytics.twitter.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com bat.bing.com beacon.riskified.com *.branch.io qognvtzku-x.global.ssl.fastly.net ciunnwhq.micpn.com connect.facebook.net ct.pinterest.com utt.impactcdn.com d2oh4tlt9mrke9.cloudfront.net dickssportinggoods.demdex.net dicks-sporting-goods.pxf.io dpm.demdex.net dsg.tt.omtrdc.net dsg2.btttag.com e.dickssportinggoods.com edge1.certona.net f.wishabi.net gateway.dcsg.com *.getmetrical.com img.riskified.com match.adsrvr.org *.kampyle.com network.bazaarvoice.com network-a.bazaarvoice.com pinterest.adsymptotic.com pixel.rubiconproject.com pixel.tapad.com r.dlx.addthis.com sc-static.net smetrics.dickssportinggoods.com snap.adsrvr.org so.rlcdn.com static.ads-twitter.com t.co tr.snapchat.com www.facebook.com www.googletagmanager.com www.hlserve.com www.res-x.com x.skimresources.com *.criteo.com cdn.hlserve.com b.hlserve.com www.google.com *.g.doubleclick.net *.googlesyndication.com adservice.google.com c.riskified.com ws.sessioncam.com www.googleadservices.com cdn.brandingbrand.com dsg2m.btttag.com www.google-analytics.com cdnjs.cloudflare.com *.cloudfront.net *.iesnare.com code.jquery.com www.paymentjs.firstdata.com www.gstatic.com www.everestjs.net *.braintreegateway.com www.paypal.com *.paypalobjects.com tagtracking.vibescm.com cdn.auth0.com polyfill.io cdn.tagdelivery.com *.truefitcorp.com *.affirm.com *.afterpay.com *.hlserve.com *.anyguide.com resources.digital-cloud.medallia.com *.anyroad.com checkoutshopper-live.adyen.com *.stylitics.com prod.accdab.net *.cdn-net.com *.syndigo.com *.zoovu.com *.curalate.com assets-barracuda-runner.azureedge.net *.liveperson.net *.lpsnmedia.net *.adoberesources.net *.adobedc.net *.attn.tv analytics.tiktok.com *.quantummetric.com *.fullstory.com *.bambuser.com *.mycustomizer.com *.flippenterprise.net *.collectivevoice.com ln-rules.rewardstyle.com accounts.google.com *.monetate.net *.recaptcha.net mczbf.com sjwoe.com cj.dotomi.com emjcd.com idsync.rlcdn.com *.mczbf.com *.cj.com *.techlab-cdn.com blob:; frame-ancestors *.goinggoinggone.com *.dickssportinggoods.com; child-src *.attn.tv *.goinggoinggone.com *.dickssportinggoods.com *.cj.com *.quantummetric.com *.adyen.com *.afterpay.com *.paypal.com *.paypalobjects.com *.cardinalcommerce.com *.liveperson.net *.lpsnmedia.net dickssportinggoods.demdex.net *.criteo.com *.criteo.net maps.google.com hosted.where2getit.com mobile.where2getit.com fit.dksxchange.com www.thinglink.com dicks-cti.gvcommerce.com www.youtube.com *.truefitcorp.com *.affirm.com *.doubleclick.net *.pinterest.com *.googleapis.com tr.snapchat.com resources.digital-cloud.medallia.com *.hlserve.com *.facebook.com static.ads-twitter.com *.tagdelivery.com *.fls.doubleclick.net prod.accdab.net www.cdn-net.com *.safeframe.googlesyndication.com www.google.com *.anyroad.com *.mycustomizer.com *.collectivevoice.com ln-rules.rewardstyle.com display.ugc.bazaarvoice.com api.bazaarvoice.com *.bazaarvoice.com *.bambuser.com goinggoinggone-cti.gvcommerce.com *.monetate.net *.techlab-cdn.com blob:; 2 default-src 'self'; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com https://*.omappapi.com https://emailoctopus.com https://*.elementor.com https://*.full.services https://*.icons8.com https://*.googleapis.com https://*.jsdelivr.net https://*.cloudflare.com s.go-mpulse.net https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.omwpapi.com https://*.typekit.net https://emailoctopus.com https://*.elementor.com https://s3.amazonaws.com https://*.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.hotjar.com https://*.facebook.net https://*.googletagmanager.com https://*.go-mpulse.net https://*.google-analytics.com https://*.jsdelivr.net https://*.google.com https://*.licdn.com https://*.doubleclick.net https://www.google.com https://*.gstatic.com data: blob:; connect-src 'self' https://cdn.jsdelivr.net https://*.rdstation.com https://*.facebook.com https://*.reclameaqui.com.br https://gyruss.rdops.systems https://*.omwpapi.com https://optinmonster.com https://*.full.services https://google.com https://*.google.com https://*.doubleclick.com https://*.go-mpulse.net https://*.akamaihd.net https://*.akastat.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.akstat.io https://*.google.com https://*.rdstation.com.br https://www.google.com https://*.linkedin.com; frame-src 'self' https://*.googletagmanager.com/ https://*.youtube.com https://*.doubleclick.net https://*.google.com; font-src 'self' https://*.typekit.net https://*.jsdelivr.net https://myrp.com.br https://*.gstatic.com data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com https://*.omwpapi.com https://*.jsdelivr.net https://unlimited-elements.com https://*.crocoblock.com https://optinmonster.com https://wpforms.com https://*.elementor.com https://*.full.services https://*.gravatar.com https://*.w.org https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://*.movidesk.com https://*.notion.so https://*.facebook.com https://*.google.com.br https://www.google.com https://*.linkedin.com data:; 2 frame-ancestors 'self' 2 default-src 'self' https://www-cdn01.avisonyoung.com https://api-eu1.hubspot.com https://analytics.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://www-proxy01.avisonyoung.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://www.avisonyoungproperty.co.uk https://cdn.jsdelivr.net https://*.sharplaunch.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hs-banner.com http://script.hotjar.com https://script.hotjar.com https://*.sharplaunch.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com https://js-eu1.usemessages.com https://js-eu1.hsadspixel.net https://analytics.avisonyoung.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js-eu1.hubspot.com https://cdn.jsdelivr.net https://www.avisonyoungproperty.co.uk https://sdk.sharplaunch.com https://cdnjs.cloudflare.com https://maps.google.com https://realtyads.com https://www.onelink-edge.com https://link.edgepilot.com https://analytics.sharplaunch.com https://*.sharplaunch.com https://secure.smart-enterprise-52.com https://js.zi-scripts.com https://tags.clickagy.com https://ajax.cloudflare.com https://tracking.walkthruit.com; img-src https: data: blob:; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com https://app-eu1.hubspot.com https://analytics.avisonyoung.com https://player.cohostpodcasting.com https://bid.g.doubleclick.net https://open.spotify.com https://td.doubleclick.net https://app.powerbi.com https://realtyads.com https://api.mapbox.com https://videos.eventsquared.live https://www.googletagmanager.com https://aycamerchantblock.sharplaunch.com https://my.matterport.com https://kuula.co hemsync.clickagy.com; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://maps.googleapis.com/ https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hs-banner.com https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://vimeo.com https://api-eu1.hubspot.com https://api-eu1.hubapi.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://content.hotjar.io https://metrics.hotjar.io https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cta-eu1.hubspot.com https://cdn.growthbook.io https://sdk.sharplaunch.com https://analytics.sharplaunch.com https://*.sharplaunch.com https://5igwwa7oi7.execute-api.us-east-1.amazonaws.com https://pagead2.googlesyndication.com aorta.clickagy.com hemsync.clickagy.com js.zi-scripts.com ws.zoominfo.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 2 frame-ancestors 'self' https://portal.punchout2go.com https://eprocurement.esmsolutions.com https://solutions.sciquest.com https://usertest.sciquest.com https://service.ariba.com https://s3.ariba.com 2 default-src 'self' https:; img-src 'self' https: data: blob: https://vercel.live/ https://vercel.com https://*.pusher.com/ https://prod-uk-services-workspac-workspacefilespublicbuck-vs4gjqpqjkh6.s3.amazonaws.com https://prod-uk-services-attachm-attachmentsbucket28b3ccf-uwfssb4vt2us.s3.eu-west-2.amazonaws.com https://i0.wp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.encore.dev *.segment.com https://*.posthog.com *.googletagmanager.com https://assets.calendly.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://vercel.live/ https://vercel.com https://*.i.posthog.com https://chat.cdn-plain.com; style-src 'self' 'unsafe-inline' https://assets.calendly.com https://fonts.googleapis.com; connect-src 'self' https://*.encore.dev wss://*.encore.dev wss://*.encore.cloud https://*.posthog.com https://*.google.com https://pagead2.googlesyndication.com https://api.segment.io https://cdn.segment.com https://*.algolia.net https://*.algolianet.com http://localhost:7000 ws://localhost:7000 https://vercel.live/ https://vercel.com https://*.pusher.com/ wss://*.pusher.com/ https://*.i.posthog.com https://chat.uk.plain.com https://prod-uk-services-attachm-attachmentsuploadbucket2-1l2e4906o2asm.s3.eu-west-2.amazonaws.com; font-src 'self'; frame-src *.googletagmanager.com https://streamyard.com https://calendly.com https://*.youtube.com https://*.doubleclick.net/ https://vercel.live/ https://vercel.com; frame-ancestors 'self' https://eu.posthog.com; worker-src 'self' blob: data: 2 frame-ancestors 'self' https://app.storyblok.com *.abtasty.com; 2 frame-ancestors 'self' *.richmondamerican.com *.zillow.com *.newhomesource.com *.casasnuevasaqui.com; 2 frame-ancestors 'self' ida-akdb.coyocloud.com *.akdb.de *.akdb.net *.gkds.bayern *.gkds.de *.bay-innovationsstiftung.de *.innovationsstiftung.bayern www.akdb-kommunalforum.de 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeos_google 2 default-src https:; style-src * 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests 2 font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.yamamotonutrition.com maxcdn.bootstrapcdn.com www.paypalobjects.com *.abtasty.com track.yamamotonutrition.it track.yamamotonutrition.fr track.yamamotonutrition.de track.yamamotonutrition.es track.yamamotonutrition.ch track.yamamotonutrition.co.uk track.iafstore.com *.usercentrics.eu *.indigo.ai cdn.eye-able.com pagead2.googlesyndication.com bat.bing.net d.clarity.ms www.google.com s.kk-resources.com *.bing.com *.clarity.ms *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://0merchantacsstag.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com https://player.vimeo.com *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net *.abtasty.com track.yamamotonutrition.it track.yamamotonutrition.fr track.yamamotonutrition.de track.yamamotonutrition.es track.yamamotonutrition.ch track.yamamotonutrition.co.uk track.iafstore.com *.usercentrics.eu *.indigo.ai cdn.eye-able.com pagead2.googlesyndication.com bat.bing.net d.clarity.ms www.google.com s.kk-resources.com *.bing.com *.clarity.ms *.weltpixel.com https://www.googletagmanager.com/ accounts.google.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.google.it https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: *.bird.eu *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net *.cdninstagram.com *.instagram.com meetanshi.com black.bird.eu criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com beacon.krxd.net e1.emxdgt.com exchange.mediavine.com id5-sync.com jadserve.postrelease.com matching.ivitrack.com s.thebrighttag.com visitor.omnitagjs.com bat.bing.com c.clarity.ms events.smct.co imgsct.cookiebot.com https://c.bing.com *.abtasty.com *.cloudfront.net track.yamamotonutrition.it track.yamamotonutrition.fr track.yamamotonutrition.de track.yamamotonutrition.es track.yamamotonutrition.ch track.yamamotonutrition.co.uk track.iafstore.com *.usercentrics.eu *.indigo.ai *.cloud-object-storage.appdomain.cloud cdn.eye-able.com https://mcstaging.iafstore.com https://mcprod.iafstore.com https://www.iafstore.com pagead2.googlesyndication.com bat.bing.net d.clarity.ms s.kk-resources.com *.bing.com *.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' data: *.facebook.com *.reddit.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://www.google.com https://www.gstatic.com https://c.paypal.com https://songbirdstag.cardinalcommerce.com *.attn.tv events.attentivemobile.com s7.addthis.com *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net static.zdassets.com *.newrelic.com *.nr-data.net *.cookiebot.com *.cookiebot.eu https://connect.facebook.net www.dwin1.com bat.bing.com static.hotjar.com analytics.tiktok.com smct.co script.hotjar.com js.smct.co www.clarity.ms www.google.it *.abtasty.com track.yamamotonutrition.it track.yamamotonutrition.fr track.yamamotonutrition.de track.yamamotonutrition.es track.yamamotonutrition.ch track.yamamotonutrition.co.uk track.iafstore.com *.sentry-cdn.com *.usercentrics.eu *.indigo.ai cdn.eye-able.com pagead2.googlesyndication.com *.bing.net d.clarity.ms www.google.com s.kk-resources.com *.bing.com *.clarity.ms *.addtoany.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io accounts.google.com connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net *.redditstatic.com *.reddit.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://www.gstatic.com *.yamamotonutrition.com maxcdn.bootstrapcdn.com *.abtasty.com track.yamamotonutrition.it track.yamamotonutrition.fr track.yamamotonutrition.de track.yamamotonutrition.es track.yamamotonutrition.ch track.yamamotonutrition.co.uk track.iafstore.com *.usercentrics.eu *.indigo.ai cdn.eye-able.com pagead2.googlesyndication.com bat.bing.net d.clarity.ms www.google.com s.kk-resources.com *.bing.com *.clarity.ms *.fontawesome.com https://static.klaviyo.com accounts.google.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.indigo.ai pagead2.googlesyndication.com bat.bing.net d.clarity.ms www.google.com s.kk-resources.com *.bing.com *.clarity.ms http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://centinelapistag.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com *.attn.tv events.attentivemobile.com ekr.zdassets.com/ *.yamamotonutrition.com yamamotonutrition.zendesk.com zendesk-eu.my.sentry.io invitejs.trustpilot.com *.newrelic.com *.nr-data.net measurement-api.criteo.com *.analytics.google.com www.google.it consentcdn.cookiebot.com consentcdn.cookiebot.eu js.smct.io js.smct.co analytics.tiktok.com z.clarity.ms ws.hotjar.com content.hotjar.io analytics.pangle-ads.com rest.iafnetwork.com metrics.hotjar.io w.clarity.ms wss://ws.hotjar.com *.abtasty.com track.yamamotonutrition.it track.yamamotonutrition.fr track.yamamotonutrition.de track.yamamotonutrition.es track.yamamotonutrition.ch track.yamamotonutrition.co.uk track.iafstore.com *.usercentrics.eu cdn.eye-able.com *.indigo.ai wss://platform.indigo.ai pagead2.googlesyndication.com bat.bing.net d.clarity.ms www.google.com s.kk-resources.com *.bing.com *.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io accounts.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.integration.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com t.elasticsuite.io *.google-analytics.com *.facebook.net *.redditstatic.com *.reddit.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors https://www.facebook.com/ https://www.messenger.com/ https://www.snaptravel.com/ https://www.livesuper.com/ https://www.super.com/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 2 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com *.minelab.com.br *.minelab.com.mx *.minelab.com *.minelab.cl *.minelab.co.id *.minelab.com.in maxcdn.bootstrapcdn.com in.au1.segmentapis.com fonts.gstatic.com 40220034.hs-sites.com www.minelab.com.mx www.minelab.cl usa.minelab.com minelab.com.in de.minelab.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://pay.google.com/ https://www.google.com/pay/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.ccavenue.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://forms.hsforms.com/ *.sagepay.com 'self' data: *.payu.in https://pay.google.com/ https://www.google.com/pay/ 'self' 'unsafe-inline'; frame-ancestors *.despegar.com/ *.meetanshi.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.google.com/ 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com *.stripe.com stripe.com *.link.com *.amazon.com ws://localhost:12387/ https://www.google.com/pay/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.ccavenue.com *.despegar.com/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.commercepartnerhub.com in.au1.segmentapis.com accounts.youtube.com js.hs-banner.com js.hsadspixel.net www.google.com.br forms.hsforms.com api.sunset.systems td.doubleclick.net www.google.com 40220034.hs-sites.com www.youtube.com h.online-metrix.net securegtm.despegar.com www.mercadolibre.com js.stripe.com m.stripe.network https://mercadopago.cl/ https://sandbox.mercadopago.cl/ js.digitalriverws.com checkoutshopper-live.adyen.com *.sagepay.com 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://app.hubspot.com/ https://www.google.com/pay/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com magefan.com cm.magefan.com *.ccavenue.com *.despegar.com/ *.disqus.com https://img.youtube.com *.meetanshi.com https://meetanshi.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.minelab.com.br *.minelab.com.mx *.minelab.com *.minelab.cl *.minelab.co.id *.minelab.com.in forms-na1.hsforms.com in.au1.segmentapis.com lh5.googleusercontent.com yt3.ggpht.com lh4.googleusercontent.com conectiva.io img.youtube.com perf-na1.hsforms.com www.gstatic.com track.hubspot.com *.hubspotusercontent-na1.net www.youtube.com http2.mlstatic.com h.online-metrix.net www.mercadolibre.com www.mercadopago.com.br www.google.com.br *.online-metrix.net https://c.clarity.ms/ https://www.mercadopago.com.mx/ https://www.mercadopago.cl/ https://c.bing.com/ *.e.aa.online-metrix.net www.minelab.com.mx www.mercadopago.com.mx www.mercadolivre.com www.minelab.cl www.mercadopago.cl usa.minelab.com minelab.com.in fonts.gstatic.com de.minelab.com cookie-cdn.cookiepro.com www.google.pt https://gateway.zscloud.net/ https://img.youtube.com/ https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/ https://meetanshi.com/media/logo.png https://pay.google.com/ https://www.google.com/pay/ https://forms.hsforms.com https://cdn.weglot.com/ https://app.usercentrics.eu https://uct.service.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.ccavenue.com *.despegar.com/ *.disqus.com *.meetanshi.com *.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.minelab.com.br *.minelab.com.mx *.minelab.com *.minelab.cl *.minelab.co.id *.minelab.com.in mcstaging.minelab.com.br js.digitalriverws.com apitest.payu.in www.mercadopago.com sdk.mercadopago.com js.stripe.com www.google.com www.gstatic.com http2.mlstatic.com cdn.segment.com securegtm.despegar.com js-agent.newrelic.com h64.online-metrix.net m.stripe.network *.sagepay.com js.hsforms.net in.au1.segmentapis.com *.cdn.segment.com/ https://cdn.segment.com/ translate.google.com js.hs-banner.com js.hubspot.com js.hsadspixel.net js.hs-analytics.net translate.googleapis.com i.k-analytix.com app.cartstack.com.br conectiva.io www.clarity.ms forms-na1.hubspot.com static.doubleclick.net js.hs-scripts.com static.hsappstatic.net www.youtube.com *.despegar.com *.google.com *.payu.in *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com h.online-metrix.net www.minelab.com.mx s7.addthis.com static.getbutton.io cdnjs.cloudflare.com www.minelab.cl usa.minelab.com minelab.com.in cdn.ampproject.org translate-pa.googleapis.com de.minelab.com cookie-cdn.cookiepro.com beacon-v2.helpscout.net *.amazon.com https://gateway.zscloud.net/ https://js-agent.newrelic.com/ https://40220034.hs-sites.com/ https://js.usemessages.com/ https://js.hubspot.com/web-interactives-container.js https://static.hsappstatic.net/content-cwv-embed/static-1.1293/embed.js https://pay.google.com/ https://www.google.com/pay/ https://js.hscollectedforms.net/collectedforms.js https://cdn.weglot.com/weglot.min.js https://cdn.weglot.com/ https://web.cmp.usercentrics.eu/ https://v1.api.service.cmp.usercentrics.eu https://48752163.fs1.hubspotusercontent-na1.net https://scripts.clarity.ms/0.8.23/clarity.js https://scripts.clarity.ms/0.8.25/clarity.js https://static.hotjar.com/* https://static.hotjar.com/c/hotjar-1996192.js https://script.hotjar.com/modules.79484904679daf64371c.js https://script.hotjar.com/ https://scripts.clarity.ms/0.8.30/clarity.js https://scripts.clarity.ms/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.minelab.com.br *.minelab.com.mx *.minelab.com *.minelab.cl *.minelab.co.id *.minelab.com.in maxcdn.bootstrapcdn.com in.au1.segmentapis.com www.youtube.com cdn-prod.securiti.ai www.gstatic.com js.digitalriverws.com www.minelab.com.mx cdnjs.cloudflare.com js.stripe.com www.minelab.cl usa.minelab.com minelab.com.in de.minelab.com *.stripe.network *.stripecdn.com *.amazon.com https://pay.google.com/ https://www.google.com/pay/ https://cdn.weglot.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://pay.google.com/ https://www.google.com/pay/ https://cdn.weglot.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com *.googleapis.com *.ccavenue.com *.despegar.com/ *.meetanshi.com *.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://region1.google-analytics.com/ *.minelab.com.br *.minelab.com.mx *.minelab.com *.minelab.cl *.minelab.co.id *.minelab.com.in https://api.segment.io/ https://cdn.segment.com/ *.clarity.ms *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.analytics.google.com api.performa.ai *.hs-banner.com cta-service-cms2.hubspot.com *.konduto.com api.hubapi.com *.segmentapis.com *.doubleclick.net *.youtube.com api.mercadolibre.com securegtm.despegar.com events.mercadopago.com *.online-metrix.net *.stripe.com minelab.local api.mercadopago.com www.mercadolibre.com cdn.segment.com in.au1.segmentapis.com m.stripe.com https://api.mercadopago.com/ www.minelab.com.mx p.clarity.ms forms.hsforms.com js.hs-banner.com api.segment.io forms-na1.hubspot.com bam.nr-data.net googleads.g.doubleclick.net jnn-pa.googleapis.com play.google.com www.youtube.com h.online-metrix.net region1.analytics.google.com js.stripe.com r.stripe.com www.minelab.cl region1.google-analytics.com usa.minelab.com minelab.com.in de.minelab.com cookie-cdn.cookiepro.com d3hb14vkzrxvla.cloudfront.net api.digitalriverws.com beacon.driv-analytics.com *.sagepay.com https://viacep.com.br *.payu.in klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com https://google.com/pagead/ https://geolocation.onetrust.com/ https://conectiva.io/ https://pagead2.googlesyndication.com/ https://privacyportal.cookiepro.com/ https://api2.cartstack.com.br/ https://munorwsmnxhbgr6s2umyxqojja0oyxuj.lambda-url.us-east-2.on.aws/ https://js-agent.newrelic.com/ ws://localhost:12387/ https://google.com/ https://*.hs-sites.com/ https://www.google.com/pay/ https://forms.hscollectedforms.net https://cdn.weglot.com/ https://cdn-api-weglot.com/ https://v1.api.service.cmp.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://pv.conectiva.io/ https://static.hsappstatic.net/conversations-embed/static-1.23920/bundles/project.js.map https://static.hsappstatic.net/adsscriptloaderstatic/static-1.2498/bundles/pixels-release.js.map https://static.hsappstatic.net/adsscriptloaderstatic/static-1.2545/bundles/pixels-release.js.map https://static.hsappstatic.net/conversations-embed/static-1.24044/bundles/project.js.map https://cdn.ampproject.org/ https://static.hsappstatic.net/ https://api.weglot.com/ https://api.zippopotam.us/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://www.google.com/pay/ http: https: blob: 'self' 'unsafe-inline'; default-src *.minelab.com.br *.minelab.com *.minelab.cl *.minelab.co.id *.minelab.com.in s.clarity.ms in.au1.segmentapis.com i.ytimg.com 40220034.hs-sites.com f.clarity.ms bam.nr-data.net www.google.com google.com apitest.payu.in h.online-metrix.net *.google-analytics.com https://region1.google-analytics.com/ https://api.mercadopago.com/ *.minelab.com.mx p.clarity.ms www.minelab.com.mx www.paypal.com r.stripe.com www.minelab.cl usa.minelab.com translate.googleapis.com minelab.com.in de.minelab.com js.digitalriverws.com https://l.clarity.ms/collect/ https://js-agent.newrelic.com/ https://pay.google.com/ https://www.google.com/pay/ https://www.google.com/recaptcha/api2/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self' https://mc.yandex.ru https://ser3.express.pptrf.ru 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://c.clarity.ms https://c.bing.com http://www.w3.org/2000/svg https://track.hubspot.com https://www.google.com/pagead/1p-user-list/10975822924/ https://www.googletagmanager.com https://forms-na1.hsforms.com/embed/v3/counters.gif https://perf-na1.hsforms.com/embed/v3/counters.gif https://kasmweb.com/assets/images/arw.svg https://b.sf-syn.com/badge_img/3267958/light-default https://cms.kasm.com https://cms.kasm.com/api/media/file; frame-ancestors 'self' https://app.hubspot.com; frame-src blob:https://license.kasmweb.com https://app.customgpt.ai https://www.youtube.com https://www.google.com https://recaptcha.google.com https://app.kasmweb.com https://challenges.cloudflare.com https://app.hubspot.com https://www.googletagmanager.com https://license.kasmweb.com https://app.termly.io https://kasmweb.com https://forms.hsforms.com https://td.doubleclick.net https://www.kasmweb.com https://app.kasm.com https://kasm.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://*.datatables.net https://*.jquery.com https://*.jsdelivr.net https://*.googleapis.com https://*.treasury.gov.my https://appscdn.joomla.org; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.datatables.net https://*.jquery.com https://*.jsdelivr.net https://fonts.googleapis.com https://*.mof.gov.my https://*.treasury.gov.my; img-src 'self' data: blob: https://*.mof.gov.my https://*.googleapis.com https://*.facebook.com https://*.instagram.com https://*.x.com https://*.treasury.gov.my https://www.joomshaper.com https://extensionscdn.joomla.org https://appscdn.joomla.org; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.mof.gov.my https://*.treasury.gov.my; connect-src 'self' https://*.cloudflare.com https://*.mof.gov.my https://*.jquery.com https://*.googleapis.com https://*.treasury.gov.my https://appscdn.joomla.org; frame-src 'self' https://rtm-player.glueapi.io https://www.youtube.com https://*.facebook.com https://*.instagram.com https://*.x.com https://*.treasury.gov.my; object-src 'none'; base-uri 'self'; form-action 'self'; 2 frame-ancestors 'self' https://app.contentful.com; object-src 'none'; base-uri 'none'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://service.force.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.osano.com https://www.youtube.com https://*.instagram.com https://acsbapp.com https://connect.facebook.net https://*.edology.com https://dev.visualwebsiteoptimizer.com https://*.bing.com https://*.bing.net https://snap.licdn.com https://*.googleadservices.com https://*.googlesyndication.com https://*.clarity.ms https://*.facebook.com https://*.youtube.com https://*.ads.linkedin.com https://px.ads.linkedin.com https://*.tiktok.com https://*.neutral.ttwstatic.com https://*.infisecure.com https://*.quora.com https://*.ofgreencolumn.com https://*.snapchat.com https://*.ue-germany.com https://sc-static.net https://*.visualwebsiteoptimizer.com https://pixel.byspotify.com https://*.pardot.com https://*.googleapis.com https://instapage-scripts.s3.amazonaws.com https://bat.bing-int.com; worker-src 'self' blob:; child-src 'self' blob:; style-src 'self' https://*.neutral.ttwstatic.com 'unsafe-inline' https://www.gstatic.com; img-src 'self' data: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.osano.com https://connect.facebook.net https://*.youtube.com https://*.linkedin.com https://*.ads.linkedin.com https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://c.bing.com https://*.bing.com https://*.bing.net https://*.googleadservices.com https://*.clarity.ms https://*.googlesyndication.com https://*.google.com https://*.facebook.com blob: https://*.gstatic.com https://*.ytimg.com https://*.quora.com https://*.snapchat.com https://*.ofgreencolumn.com https://*.google.ru https://*.google.es https://*.google.de https://*.google.gr https://*.google.com.ng https://*.google.lk https://*.google.co.in https://*.google.co.th https://*.google.it https://*.google.com.mx https://*.google.com.tr https://*.google.com.ke https://*.google.com.gh https://*.google.cm https://*.google.pl https://*.google.pt https://*.google.ie https://*.google.iq https://*.google.com.eg https://*.google.az https://*.google.com.pk https://*.google.ge https://*.google.com.np https://*.google.al https://*.google.bg https://*.google.hu https://*.google.co.uz https://*.google.ca https://*.google.com.bd https://*.google.co.kr https://*.google.dz https://*.google.ae https://*.google.by https://*.google.com.sa https://*.google.nl https://*.google.co.tz https://*.google.se https://*.google.com.pa https://*.google.com.hk https://*.google.co.ug https://*.google.es https://*.google.com.af https://*.google.kg https://*.google.com.my https://*.google.ch https://*.google.com.ph https://*.google.co.ke https://*.google.tn https://*.google.rs https://*.google.com.vn https://*.google.co.id https://*.google.com.au https://*.google.com.cy https://*.google.kz https://*.google.mn https://*.google.com.ua; media-src 'self' data:; connect-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.osano.com https://*.tiktok.com https://*.tiktokv.com https://*.tiktokw.us https://*.acsbapp.com https://acsbapp.com https://*.ads.linkedin.com https://px.ads.linkedin.com https://*.edology.com https://dev.visualwebsiteoptimizer.com https://*.bing.com https://*.bing.net https://*.googleadservices.com https://*.googlesyndication.com https://*.clarity.ms https://*.google.com https://google.com https://*.facebook.com https://connect.facebook.net https://capi.gus.global https://*.infisecure.com wp.globaluniversitysystems.com https://noembed.com https://*.ue-germany.com https://*.snapchat.com https://*.quora.com https://*.ofgreencolumn.com https://pixels.spotify.com https://bat.bing-int.com https://*.google.com.pk https://*.google.co.in https://*.google.de https://*.google.co.kr https://*.google.com.ng https://*.google.com.gh https://*.google.com.co https://*.google.ru https://*.google.com.eg https://*.google.com.tr https://*.google.ch https://*.google.al https://*.google.ge https://*.google.com.ua https://*.google.com.br https://*.google.es https://*.google.com.tj https://*.google.co.id; frame-src 'self' https://*.doubleclick.net https://*.googletagmanager.com https://youtube.com https://*.youtube.com https://youtu.be https://vimeo.com https://instagram.com https://*.instagram.com https://*.tiktok.com https://*.twitter.com https://*.spotify.com https://*.facebook.com https://*.google.com https://datawrapper.dwcdn.net https://*.snapchat.com https://open.spotify.com https://*.cloudfront.net; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com; report-to csp-endpoint; report-uri https://www.ue-germany.com/api/csp-report 2 default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.com https://refinemirror.com https://*.affirm.com https://mirror.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.com https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.com https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none' 2 default-src 'self' data: * blob: *; img-src 'self' data: * https://devusscksastrapifa.blob.core.windows.net; media-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com data: *; frame-src 'self' blob: * data: * 2 frame-ancestors 'self' https://www.quironsalud.com https://betaweb.quironsalud.es https://international.quironsalud.com https://olympia.quironsalud.com https://olympia.quironsalud.es https://overweightinstitute.fjd.es https://pacientes.healthdiagnostic.es https://rare-genomics.com https://www.cirujanosdelcorazon.es https://www.clinicadelpilar.org https://www.clinicavalles.com https://www.cuidamosdelamujer.es https://www.diverhospital.es https://www.e-quironsalud.com https://www.fjd.es https://www.fundacionquironsalud.org https://www.hgc.es https://www.hgvillalba.es https://www.hope-documental.es https://www.hospitalinfantaelena.es https://www.hospitalpublicocolladovillalba.es https://www.hospitalreyjuancarlos.es https://www.hscor.com https://www.idcsaludenfermeria.es https://www.idcsalud.es https://www.imbanaco.com https://www.jornadaspbp.es https://www.lungscreen.eu https://www.oncohealth.eu https://www.porquesabeselegir.es https://www.quironsalud.es https://www.quironsalud-hospitals.com https://www.rare-genomics.com https://www.recetaenergia.es https://www.redneurosalud.es https://www.ruber.es https://www.ruberinternacional.es https://www.teknonbarcelona.com https://www.teknonbarcelona.it https://www.teknonbarcelona.ru https://www.teknon.es https://www.tucanaldesalud.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com *.isicentral.com *.isicentral.net ajax.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.execute-api.us-west-2.amazonaws.com ; img-src 'self' data: blob:; 2 default-src * 'unsafe-eval' 'unsafe-inline' data: mediastream: blob: filesystem: mailto:; 2 frame-ancestors 'self' *.upc.sk *.upc.biz 2 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 2 frame-ancestors 'self' *.bancosantander.es; 2 frame-ancestors 'self' https://www.slipcase.com http://marketplace.marsh.com https://www.insubuy.com/travel-and-student-insurance-international-provider-network 2 "default-src 'self' *.gezondheid.be;" 2 default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.userback.io *.readspeaker.com https://www.canto.com https://www.dacast.com https://cdn.jsdelivr.net https://maps.googleapis.com https://unpkg.com https://skaoint.matomo.cloud https://cdn.matomo.cloud/skaoint.matomo.cloud; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.userback.io *.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.canto.com https://www.dacast.com https://unpkg.com https://skaoint.matomo.cloud https://cdn.matomo.cloud/skaoint.matomo.cloud; img-src 'self' 'unsafe-inline' data: https://www.canto.com https://*.tile.openstreetmap.org https://cdn.jsdelivr.net https://*.google.com https://maps.gstatic.com https://api.mapbox.com; media-src 'self' *.canto.global *.cloudfront.net; frame-src 'self' *.youtube.com *.vimeo.com https://airtable.com *.canto.com *.canto.global; frame-ancestors *; child-src 'self' *.youtube.com *.vimeo.com https://airtable.com *.canto.com *.canto.global; font-src 'self' data: https://fonts.gstatic.com *.readspeaker.com https://cdn.jsdelivr.net https://fonts.googleapis.com; connect-src 'self' https://skaoint.matomo.cloud https://oauth.canto.global; report-uri /report-csp-violation; upgrade-insecure-requests 2 frame-ancestors *.vakko.com 2 upgrade-insecure-requests; worker-src 'self' blob: ;style-src 'self' 'unsafe-inline' blob:; media-src 'self' ; manifest-src 'self' login.windows.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com *.cookielaw.org *.doubleclick.net connect.facebook.net www.youtube.com script.crazyegg.com www.google-analytics.com; font-src 'self' data: ; frame-ancestors 'none';frame-src 'self' *.doubleclick.net www.youtube-nocookie.com; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.facebook.com *.cookielaw.org i.ytimg.com www.googletagmanager.com *.doubleclick.net www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' *.contentful.com *.cookielaw.org *.google-analytics.com *.googlesyndication.com script.crazyegg.com *.doubleclick.net *.algolia.net *.algolianet.com; default-src 'none'; base-uri 'none'; 2 default-src 'self' data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.etracker.com; frame-src 'self' https://open.spotify.com https://mafo1.myaudience.de/ https://www.youtube-nocookie.com/ https://www.giscloud.nrw.de/ https://www.googletagmanager.com https://td.doubleclick.net https://www.bankenumfrage.de/; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://static.hotjar.com https://script.hotjar.com https://static.newsletter2go.com https://mafo1.myaudience.de https://static.etracker.com https://code.etracker.com https://www.etracker.de https://www.evergabe.nrw.de https://connect.facebook.net https://snap.licdn.com https://www.googletagmanager.com https://*.doubleclick.net https://et.nrwbank.de http://et.nrwbank.de https://www.bankenumfrage.de/; style-src 'self' https://static.hotjar.com https://script.hotjar.com https://www.bankenumfrage.de/ 'unsafe-inline'; object-src 'none'; worker-src 'self' blob:; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.newsletter2go.com https://www.etracker.de https://api.friendlycaptcha.com https://eu-api.friendlycaptcha.eu wss://chat.nrwbank.de https://connect.facebook.net https://snap.licdn.com https://www.googletagmanager.com https://*.linkedin.com https://www.google.com https://www.facebook.com https://www.google.de https://www.googleadservices.com https://et.nrwbank.de http://et.nrwbank.de; img-src 'self' data: https://static.hotjar.com https://script.hotjar.com https://files.newsletter2go.com https://images.fdbserver.de https://api.fdbserver.de https://mafo1.myaudience.de https://api-prod.wolterskluwer.plusline.net/ https://api-staging.wolterskluwer.plusline.net/ https://www.facebook.com https://px.ads.linkedin.com https://www.google.com https://www.google.de https://*.doubleclick.net https://www.bankenumfrage.de/; font-src 'self' https://script.hotjar.com; upgrade-insecure-requests 2 default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2 https: 'unsafe-inline' always 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * blob: data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 default-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com *.googletagmanager.com https://postnl-prod.eu.auth0.com; img-src 'self' data: *.google-analytics.com *.googletagmanager.com; frame-ancestors 'none'; form-action 'self'; font-src 'self'; script-src 'self' *.google-analytics.com *.googletagmanager.com; style-src 'self'; frame-src https://postnl-prod.eu.auth0.com 2 default-src 'unsafe-inline' 'unsafe-eval' none www.hostingschmiede.de; script-src 'unsafe-inline' 'unsafe-eval' none www.hostingschmiede.de; frame-ancestors www.hostingschmiede.de; base-uri 'self'; form-action 'self'; 2 default-src https: data: 'unsafe-hashes' 'unsafe-inline'; form-action https: 'self'; upgrade-insecure-requests 2 frame-ancestors 'self' https://app.contentful.com https://epic-mycharttst01.chsomaha.org https://connect.childrensnebraska.org https://*.chsomaha.org https://*.childrensnebraska.org 2 frame-ancestors 'self' https://assets.braintreegateway.com https://*.braintreegateway.com https://*.braintree-api.com https://www.paypal.com https://*.paypal.com https://www.paypalobjects.com https://*.paypalobjects.com 2 frame-src https://forms.cloud.microsoft https://button.ecal.com https://consentcdn.cookiebot.com https://8485264.fls.doubleclick.net https://platform.twitter.com https://www.riddle.com https://gaming.rugbyleague.mooo.com https://www.youtube.com https://www.google.com https://js.stripe.com https://www.facebook.com https://auth-stage.rugby-league.com https://auth.rugby-league.com https://iframe.smartenergygb.org 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.axept.io https://unpkg.com https://player.vimeo.com https://js.hsforms.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.tarteaucitron.io https://td.doubleclick.net https://forms.hsforms.com https://tarteaucitron.io https://*.vimeocdn.com; worker-src 'self' blob:; frame-src 'self' https://unpkg.com https://cdn.tarteaucitron.io https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://forms.hsforms.com https://tarteaucitron.io https://js.hsforms.net https://td.doubleclick.net https://player.vimeo.com https://adistaprod.service-now.com https://*.service-now.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: 2 frame-ancestors 'self' https://work.banzait.com https://crm.mycredit.kz https://pre-prod-crm.astana-motors.kz https://crm.astana-motors.kz; 2 report-uri https://app.glitchtip.com/api/11209/security/?glitchtip_key=183461c4612d412989b8da96e7459345;base-uri 'self';connect-src 'self' https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://visualsponline.azurewebsites.net https://translate.googleapis.com https://snap.licdn.com https://static.ads-twitter.com https://platform.twitter.com https://analytics.twitter.com https://js.adsrvr.org https://cdn.linkedin.oribi.io https://*.google-analytics.com https://www.google.com/recaptcha/api.js https://youtube.com https://cmp.osano.com https:;default-src 'self';form-action 'self';img-src 'self' data: https: https://jbs-foods.imgix.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com android-webview-video-poster: https://px.ads.linkedin.com;media-src 'self' https://swift-foods-site-uploads.s3.us-east-2.amazonaws.com https: data:;object-src 'none';script-src 'self' 'nonce-xk4qPrztTs34FWWJAqLK6GxbkYGTJQAK' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://connect.facebook.net https://legacypicturefill.s3.amazonaws.com https://ssl.google-analytics.com/ga.js https://snap.licdn.com https://static.ads-twitter.com https://platform.twitter.com https://analytics.twitter.com https://js.adsrvr.org https://cmp.osano.com https://cdnjs.cloudflare.com www.google.com 'sha256-g7GYTLqsnK48+lN58VWaViDRN4Qu8JDEnZqq6q0v2Os=' 'sha256-JRDV9if4UkkkXw7zxUwH/1zonOMxmBVcyYMHDZM42KE=' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.linkedin.oribi.io https://polyfill.io/v2/polyfill.min.js;style-src 'self' https://cdn.plyr.io/3.5.2/plyr.css 'unsafe-inline';font-src 'self' https://fonts.gstatic.com https://jbsfoodsgroup.com chrome-extension:;frame-src 'self' https://admin.foods.jbsfoodsgroup.com https://www.googletagmanager.com https://12694960.fls.doubleclick.net/ https://match.adsrvr.org https://www.google.com https://insight.adsrvr.org https://youtube.com https://www.youtube.com https://td.doubleclick.net *.doubleclick.net;worker-src 'self' blob: 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; connect-src 'self' https://*.in.bot; worker-src 'self' blob:; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gatekeeperconsent.com *.ezojs.com *.liadm.com *.adtrafficquality.google *.sparkloop.app *.googlesyndication.com *.omappapi.com omappapi.com cdn.discordapp.com discord.com e.widgetbot.io *.helpscout.net *.360yield.com bing.com *.bing.com youtube.com *.youtube.com *.wistia.net wistia.net wistia.com *.wistia.com cdn.ampproject.org happyfoxchat.com *.happyfoxchat.com *.dianomi.com tiktok.com *.tiktok.com decide.dev *.decide.dev itstracking.com *.itstracking.com *.optipub.com *.angelpub.com *.angelnexus.com *.wealthdaily.com *.energyandcapital.com *.outsiderclub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.gstatic.com *.googletagmanager.com *.google.com google.com anchor.fm *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleusercontent.com *.googleoptimize.com *.blueconic.net *.doubleclick.net pd.trysera.com *.cloudflare.com *.criteo.net *.criteo.com addevent.com *.addevent.com *.bootstrapcdn.com *.rawgit.com *.github.io *.jquery.com *.pingdom.net *.taboola.com *.outbrain.com *.hotjar.com *.yahoo.com *.liadm.com *.yimg.com *.twimg.com *.twitter.com *.ads-twitter.com *.pinimg.com *.pinterest.com *.onesignal.com onesignal.com *.litix.io *.soundcloud.com *.akamaihd.net *.amzglt.com amzglt.com t.co lockerdome.com trk.lockerdome.com *.zedo.com cm.mgid.com *.go2cloud.org bbm.iljmp.com secure.verifiedlink.net px.khmtrack.com tracking.imspublishergroup.com cdn.jsdelivr.net powerinboxedge.com *.powerinboxedge.com lockerdomecdn.com *.lockerdomecdn.com *.norton.com *.facebook.net *.facebook.com *.gravatar.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' *.gatekeeperconsent.com *.ezojs.com *.liadm.com *.sparkloop.app *.googlesyndication.com *.omappapi.com omappapi.com cdn.discordapp.com discord.com e.widgetbot.io onesignal.com *.github.io *.twitter.com *.twimg.com cdn.jsdelivr.net *.outsiderclub.com *.energyandcapital.com *.wealthdaily.com *.angelpub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.bootstrapcdn.com *.googleapis.com ; 2 block-all-mixed-content; frame-ancestors 'self'; object-src 'none'; base-uri 'self' 2 frame-ancestors 'self' https://www.growingio.com;base-uri 'self';upgrade-insecure-requests 2 frame-ancestors https://ads.tiktok.com 2 frame-ancestors 'self' *.netopia-payments.com 2 default-src 'self' www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.co.in adservice.google.com *.fls.doubleclick.net insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com *.onetrust.com *bat.bing.com *ib.adnxs.com parkwayhospitalssgp.aprimo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.hotjar.com *.moengage.com *.adnxs.com *.googleoptimize.com *.mookie1.com *.fls.doubleclick.net *.doubleclick.net *.outbrain.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://platform-api.sharethis.com https://buttons-config.sharethis.com unpkg.com/@frontify/ brandportal.ihhhealthcare.com assets.gathercontent.com www.googletagmanager.com media.istockphoto.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg http://admin-beta-mountelizabeth.com.sg insight.adsrvr.org quantserve.com googletagmanager.com secure.quantserve.com js.adsrvr.org rules.quantcount.com www.googleadservices.com adservice.google.com googleads.g.doubleclick.net admin-gleneagles.parkwayhealth.local admin-parkwayeast.parkwayhealth.local bat.bing.com staticcdn.enzymic.co cdn.polyfill.io static.site24x7rum.com www.google.co.in s.yimg.com www.instagram.com www.sc.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com https://rawgit.com https://cdnjs.cloudflare.com https://cdn.tailwindcss.com *.tiktok.com *.clarity.ms *.varify.io https://unpkg.com http://edge.quantserve.com/quant.js *bat.bing.com *ib.adnxs.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com beta.mountelizabeth.com.sg http://fonts.cdnfonts.com https://cdnjs.cloudflare.com googletagmanager.com *.googletagmanager.com *.bunny.net *.moengage.com unpkg.com *.typekit.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.mountelizabeth.com.sg https://cdn-assets-eu.frontify.com simsys.ent.ap-southeast-1.aws.found.io www.gleneagles.com.sg https://www.parkwayhospitals.com.cn *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com i.vimeocdn.com www.googletagmanager.com *.hotjar.com https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com countryflagsapi.com mountelizabeth.com *.mookie1.com *.google.com *.google.com.sg *.adnxs.com *.quantserve.com flagcdn.com ad.doubleclick.net google.co.in sdms-country-flag.s3.ap-southeast-1.amazonaws.com http://sitefinityprodpp.blob.core.windows.net googleads.g.doubleclick.net www.google.com/pagead bat.bing.com *.outbrain.com www.googleadservices.com www.google.co.in adservice.google.com fls.doubleclick.net insight.adsrvr.org quantserve.com s.yimg.com www.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com *.amazonaws.com s3-ihhsg-sdms-prod.sg.ihhhealthcare.com *.clarity.ms https://connect.facebook.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com cdnjs.cloudflare.com https://fonts.cdnfonts.com *.typekit.net; frame-src https://www.google.com/ https://www.youtube.com https://vimeo.com https://player.vimeo.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com brandportal.ihhhealthcare.com https://vars.hotjar.com https://*.moengage.com https://www.facebook.com https://m.facebook.com *.fls.doubleclick.net insight.adsrvr.org www.instagram.com adservice.google.com td.doubleclick.net https://my.matterport.com/ www.googletagmanager.com https://match.adsrvr.org metrics.mountelizabeth.com.sg 'self' forms.hsforms.com web-chat.nativechat.com; connect-src *.gstatic.com *.mktoresp.com *.google-analytics.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://l.sharethis.com *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://parkway-elastic-production.ent.ap-southeast-1.aws.found.io http://admin-beta-mountelizabeth.com.sg wss://*.hotjar.com *.hotjar.com *.hotjar.io *.moengage.com stats.g.doubleclick.net admin-parkwayeast.parkwayhealth.local admin-gleneagles.parkwayhealth.local analytics.google.com static.enzymic.co www.facebook.com metrics.mountelizabeth.com.sg insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com sp.analytics.yahoo.com https://cdn-apac.onetrust.com https://geolocation.onetrust.com *.onetrust.com *.outbrain.com *.tiktok.com *.google.com *.clarity.ms *.varify.io https://www.google.com.sg/ads/ga-audiences https://bat.bing.com *bat.bing.com *ib.adnxs.com parkwayhospitalssgp.aprimo.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.frontify.com brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://*.moengage.com countryflagsapi.com https://bat.bing.com 'self' web-chat.nativechat.com 2 default-src 'self'; script-src-elem 'self' 'unsafe-inline' *.attn.tv http://www.lightboxcdn.com https://www.lightboxcdn.com https://*.lightboxcdn.com https://*.segment.io/ https://*.segment.com/ https://*.rudderlabs.com/ https://*.rudderstack.com/ https://ps.staging.shoppable.com/checkout/addressInfo https://ps.staging.shoppable.com/checkout/create https://js.stripe.com/ https://js.stripe.com/v3 https://cdn.staging.shoppable.com/checkout/shoppable.js https://*.abtasty.com/ https://z.moatads.com https://pghub.io https://www.gstatic.com https://www.google.com https://api.lightboxcdn.com https://ct.pinterest.com https://connect.facebook.net https://script.crazyegg.com https://s.pinimg.com https://cdn.cookielaw.org https://match.adsrvr.org https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://haircodeai-web-stage-quiz.azurewebsites.net https://haircodeai-web-dev-quiz.azurewebsites.net https://quizai.haircode.com https://quizaisurfaceapi.haircode.com https://js.monitor.azure.com https://haircode-ai-function-app.azurewebsites.net https://dc.services.visualstudio.com https://dmaqfsvvftg8w.cloudfront.net https://api.hairode.com https://static.ssacdn.com https://cdn.shoppable.com https://ps.shoppable.com https://p808.shoppable.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://www.lightboxcdn.com https://www.lightboxcdn.com https://*.lightboxcdn.com *.attn.tv *.abtasty.com try.abtasty.com https://ps.staging.shoppable.com/checkout/addressInfo https://ps.staging.shoppable.com/checkout/create https://js.stripe.com/ https://js.stripe.com/v3 https://cdn.staging.shoppable.com/checkout/shoppable.js https://dev.haircode.com https://haircode.com https://tagmanager.google.com https://*.googletagmanager.com https://haircodeai-web-stage-quiz.azurewebsites.net https://haircodeai-web-dev-quiz.azurewebsites.net https://quizai.haircode.com https://quizaisurfaceapi.haircode.com https://js.monitor.azure.com https://haircode-ai-function-app.azurewebsites.net https://dc.services.visualstudio.com https://dmaqfsvvftg8w.cloudfront.net https://api.haircode.com https://static.ssacdn.com https://cdn.shoppable.com https://ps.shoppable.com https://p808.shoppable.com; style-src 'self' 'unsafe-inline' *.abtasty.com https://*.abtasty.com/ https://www.lightboxcdn.com https://*.lightboxcdn.com https://s3.lightboxcdn.com https://tagmanager.google.com https://fonts.googleapis.com https://haircodeai-web-stage-quiz.azurewebsites.net https://haircodeai-web-dev-quiz.azurewebsites.net https://quizai.haircode.com https://quizaisurfaceapi.haircode.com https://js.monitor.azure.com https://haircode-ai-function-app.azurewebsites.net https://dc.services.visualstudio.com https://dmaqfsvvftg8w.cloudfront.net https://api.haircode.com https://static.ssacdn.com https://cdn.shoppable.com https://ps.shoppable.com https://p808.shoppable.com; font-src 'self' *.abtasty.com https://s3.lightboxcdn.com https://haircodeai-web-stage-quiz.azurewebsites.net https://haircodeai-web-dev-quiz.azurewebsites.net https://quizai.haircode.com https://quizaisurfaceapi.haircode.com https://js.monitor.azure.com https://haircode-ai-function-app.azurewebsites.net https://dc.services.visualstudio.com https://dmaqfsvvftg8w.cloudfront.net https://api.haircode.com https://static.ssacdn.com https://cdn.shoppable.com https://ps.shoppable.com https://p808.shoppable.com https://fonts.gstatic.com data:; img-src 'self' *.attentivemobile.com *.attn.tv *.lightboxcdn.com *.abtasty.com https://www.operationgratitude.com/ https://*.impact.com/ https://ps.staging.shoppable.com/checkout/addressInfo https://ps.staging.shoppable.com/checkout/create https://cdn.staging.shoppable.com/checkout/shoppable.js https://*.akamaihd.net/ https://www.cvs.com/ https://pics.walgreens.com/ https://target.scene7.com/ https://www.google.co.in/ https://i5.walmartimages.com/ https://px.moatads.com https://www.lightboxcdn.com https://www.facebook.com https://ct.pinterest.com https://cdn.cookielaw.org https://www.googletagmanager.com https://ssl.gstatic.com https://images.ctfassets.net https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://haircodeai-web-stage-quiz.azurewebsites.net https://haircodeai-web-dev-quiz.azurewebsites.net https://quizai.haircode.com https://quizaisurfaceapi.haircode.com https://js.monitor.azure.com https://haircode-ai-function-app.azurewebsites.net https://dc.services.visualstudio.com https://dmaqfsvvftg8w.cloudfront.net https://api.haircode.com https://static.ssacdn.com https://cdn.shoppable.com https://ps.shoppable.com https://p808.shoppable.com https://d1zhwcq6n8o83m.cloudfront.net/public-images/close.svg https://d1zhwcq6n8o83m.cloudfront.net/public-images/shoppable-square.svg https://d1zhwcq6n8o83m.cloudfront.net/public-images/powered-by-shoppable.svg https://s3.us-east-2.amazonaws.com/cdn.shoppable.com/merchant-logos/walmart.png https://d1zhwcq6n8o83m.cloudfront.net/public-images/chevron-down.svg https://s3.us-east-2.amazonaws.com/cdn.shoppable.com/merchant-logos/target.png https://s3.us-east-2.amazonaws.com/cdn.shoppable.com/merchant-logos/cvs.png https://s3.us-east-2.amazonaws.com/cdn.shoppable.com/merchant-logos/walgreens.png https://d1zhwcq6n8o83m.cloudfront.net/public-images/trash.svg https://pixel.tapad.com data:; frame-src 'self' *.attn.tv *.abtasty.com https://safe.menlosecurity.com/ https://safe.rbi-umbrella.com/ https://ps.staging.shoppable.com/checkout/addressInfo https://ps.staging.shoppable.com/checkout/create https://js.stripe.com/ https://js.stripe.com/v3 https://cdn.staging.shoppable.com/checkout/shoppable.js https://haircode.com/ https://td.doubleclick.net/ https://pandg.tapad.com https://feed.pghub.io https://www.google.com https://ct.pinterest.com https://www.googletagmanager.com https://haircodeai-web-stage-quiz.azurewebsites.net https://haircodeai-web-dev-quiz.azurewebsites.net https://quizai.haircode.com https://quizaisurfaceapi.haircode.com https://js.monitor.azure.com https://haircode-ai-function-app.azurewebsites.net https://dc.services.visualstudio.com https://dmaqfsvvftg8w.cloudfront.net https://api.haircode.com https://static.ssacdn.com https://cdn.shoppable.com https://ps.shoppable.com https://p808.shoppable.com; connect-src 'self' *.attentivemobile.com *.attn.tv *.pg.com *.abtasty.com https://cdn.contentful.com https://cdn.contentful.com/ https://*.segment.io/ https://*.segment.com/ https://*.rudderlabs.com/ https://*.rudderstack.com/ https://api.rudderstack.com https://ps.staging.shoppable.com/checkout/addressInfo https://ps.staging.shoppable.com/checkout/create https://js.stripe.com/ https://js.stripe.com/v3 https://cdn.staging.shoppable.com/checkout/shoppable.js https://*.lightboxcdn.com/ https://*.abtasty.com/ https://*.onetrust.com/ https://privacyportal-eu.onetrust.com/ https://stats.g.doubleclick.net/ https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://analytics.google.com https://www.facebook.com https://www.google.com/ https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://ct.pinterest.com https://connect.facebook.net https://script.crazyegg.com https://s.pinimg.com https://www.lightboxcdn.com https://match.adsrvr.org https://cdn.cookielaw.org https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://graphql.contentful.com https://haircodeai-web-stage-quiz.azurewebsites.net https://haircodeai-web-dev-quiz.azurewebsites.net https://quizai.haircode.com https://quizaisurfaceapi.haircode.com https://js.monitor.azure.com https://haircode-ai-function-app.azurewebsites.net https://dc.services.visualstudio.com https://dmaqfsvvftg8w.cloudfront.net https://api.haircode.com https://static.ssacdn.com https://cdn.shoppable.com https://ps.shoppable.com https://cloud.shoppable.com/cart/optimize https://p808.shoppable.com; worker-src 'self' blob; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; 2 upgrade-insecure-requests; object-src 'none'; block-all-mixed-content; frame-ancestors 'self'; 2 block-all-mixed-content; frame-ancestors 'self' *.maxima.lt *.maxima.ee *.suvekeskus.ee; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.cookiebot.com *.issuu.com *.google.com *.adform.net *.doubleclick.net maxima.teamdash.com indd.adobe.com *.flipsnack.com view.publitas.com www.googletagmanager.com embed.figma.com www.figma.com viewer.ipaper.io; report-uri /csp/report 2 default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com; connect-src https: 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src https: 'self' https://*.hotjar.com; font-src https: 'self' https://*.hotjar.com; style-src https: 'self' 'unsafe-inline' https://*.hotjar.com; img-src https: 'self' data: https://*.hotjar.com; 2 frame-ancestors 'self' *.ssnc.cloud learningcenter.wealthmsi.com learningcenter-uat.wealthmsi.com *.vantagenetwork.net *.vantageira.net dev.missionsquare.com stage.missionsquare.com betaretirement.financialtrans.com retirement.financialtrans.com https://dev--missionsquare-edge-dev--web-msq.aem.page https://stage--missionsquare-edge-stage--web-msq.aem.page https://main--missionsquare-edge--web-msq.aem.page https://dev--missionsquare-edge-dev--web-msq.aem.live https://stage--missionsquare-edge-stage--web-msq.aem.live https://main--missionsquare-edge--web-msq.aem.live https://author-p159156-e1695911.adobeaemcloud.com https://author-p159156-e1695869.adobeaemcloud.com *.missionsquare.com missionsquare.com; 2 frame-ancestors 'self' https://bsp.hallmarkchannel.com https://xd.wayin.com https://open.spotify.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.origin.akamai.prod.serial-2.hallmark-channel.psdops.com https://*.akamaihd.net http://*.serial1.hallmark-channel.psdops.com https://ads.stickyadstv.com http://cms.verify.serial-2.hallmark-channel.psdops.com https://cms.prod.serial-2.hallmark-channel.psdops.com https://cms.hallmarkchannel.com http://hd.prod.hallmark-channel.psdops.com http://origin.akamai.prod.serial-2.hallmark-channel.psdops.com http://prod.serial-2.hallmark-channel.psdops.com http://verify.hallmark-channel.psdops.com http://verify.serial-2.hallmark-channel.psdops.com http://www.hallmarkchannel.com http://www.hallmarkfamily.com http://www.hallmarkmoviechannel.com https://asset.engagesciences.com http://www.hallmarkmystery.com https://*.adtrafficquality.google https://*.akstat.io https://*.analytics.edgekey.net https://*.googlesyndication.com https://*.go-mpulse.net https://*.uat.serial-2.hallmark-channel.psdops.com https://*.v.fwmrm.net https://ad.ipredictive.com https://i.ytimg.com https://googleads.g.doubleclick.net https://amp.akamaized.net https://bsp.hallmarkchannel.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.plyr.io https://connect.facebook.net https://crownmedia-vm.akamaized.net https://crownvideos.akamaized.net https://ep2.adtrafficquality.google https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://giftguide2024.si-hallmark.com https://hallmark-brightspot-lower.s3.amazonaws.com https://hallmark-channel-brightspot.s3.amazonaws.com https://hallmark.brightspotcdn.com https://googleads.g.doubleclick.net https://hcnews.crownmediaemail.com https://images.crownmediadev.com https://m.feiwei.tv https://master.d2zwwssdr9yxnk.amplifyapp.com https://mssl.fwmrm.net https://open.spotify.com https://pagead2.googlesyndication.com https://privacyportal.onetrust.com https://region1.google-analytics.com https://www.google-analytics.com https://s.adex2.fwmrm.net https://s.wayin.com https://sb.scorecardresearch.com https://b.scorecardresearch.com https://trial-eum-clientnsv4-s.akamaihd.net https://verify.serial-2.hallmark-channel.psdops.com https://web.hallmarkmoviechecklist.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.gravatar.com https://www.hallmarkchannel.com https://www.hallmarkfamily.com https://s1.fwmrm.net/ https://www.hallmarkmoviechannel.com https://www.hallmarkmystery.com https://www.youtube.com https://xd.wayin.com https://s.wayin.com https://a.wayin.com https://www.tiktok.com https://*.tiktokcdn.com https://*.tiktokcdn-us.com https://*.tiktok.com blob: data:; 2 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' ; style-src *.googleapis.com *.gstatic.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com *.google.com.my *.google.com.sg 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://td.doubleclick.net youtube.com https://www.googletagmanager.com/; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://*.googleapis.com/ https://analytics.google.com https://stats.g.doubleclick.net https://www.google.com/ccm/collect https://www.google.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' 2 default-src *; worker-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; object-src * blob: data:; font-src *; img-src * blob: data:; form-action *; frame-ancestors *; upgrade-insecure-requests; style-src * 'unsafe-inline'; 2 default-src 'self' *.sitevision-cloud.se *.sitevision.se data:; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com svanalytics.piwik.pro svanalytics.containers.piwik.pro *.youtube.com *.sitevision-cloud.se *.sitevision.se *.tt.se *.rekai.se *.twitter.com blob:; style-src 'self' *.bootstrapcdn.com *.readspeaker.com *.sitevision-cloud.se *.sitevision.se 'unsafe-inline'; font-src 'self' *.bootstrapcdn.com data: *.sitevision-cloud.se *.sitevision.se; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *.readspeaker.com svanalytics.piwik.pro svanalytics.containers.piwik.pro *.rekai.se *.youtube.com *.vimeo.com *.bootstrapcdn.com *.sitevision.se *.sitevision-cloud.se blob:; 2 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 2 default-src 'self'; style-src * 'unsafe-inline'; media-src *; connect-src *; img-src * data:; font-src *; script-src https://* 'unsafe-inline' 'unsafe-eval'; frame-src https://*.google.com https://player.vimeo.com https://*.facebook.com https://www.youtube.com https://maggioli.intervieweb.it https://crm.maggioli.it 'self'; frame-ancestors 'self' https://crm.maggioli.it http://sapmcq-01.maggioli.it:8080; 2 default-src 'self'; script-src 'self' 'unsafe-inline' bat.bing.com go.impact.com cdn.bizible.com www.googletagmanager.com player.vimeo.com munchkin.marketo.net www.google-analytics.com ws.zoominfo.com tracking.g2crowd.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' go.impact.com cdn.jsdelivr.net; frame-src 'self' go.impact.com player.vimeo.com info.saasquatch.com www.googletagmanager.com; font-src 'self' data:; connect-src 'self' www.g2.com www.googleadservices.com *.mktoresp.com www.google-analytics.com www.google.com analytics.google.com ws.zoominfo.com www.g2.com; img-src 'self' corpsquatch.wpengine.com cdn.bizible.com www.google.com www.google.ca googleads.g.doubleclick.net www.googleadservices.com www.g2.com www.googletagmanager.com; 2 frame-ancestors 'self' https://login.holobuilder.com https://workspace.holobuilder.com https://workspace.holobuilder.eu https://login.holobuilder.eu https://workspace.staging.holobuilder.com https://login.staging.holobuilder.com https://workspace.staging.holobuilder.eu https://login.staging.holobuilder.eu https://workspace.dev.holobuilder.com https://login.dev.holobuilder.com https://login.dev.holobuilder.eu https://workspace.dev.holobuilder.eu 2 frame-ancestors https://pages.sitecorecloud.io https://dev-xmc-investments.vercel.app https://tst-xmc-investments.vercel.app https://prd-xmc-investments.vercel.app https://aberdeeninvestments.com www.aberdeeninvestments.com connect.aberdeeninvestments.com open.spotify.com connect-test.aberdeeninvestments.com connect-preprod.aberdeeninvestments.com; 2 frame-ancestors 'self' id-logistics.my.salesforce.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io; img-src 'self' data: https://www.facebook.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://imgsct.cookiebot.com https://bat.bing.com/ https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google.be https://*.clarity.ms https://*.bing.net https://*.bing.com https://*.gstatic.com; font-src 'self' data: https://use.typekit.net https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io https://*.googleapis.com https://*.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://www.clarity.ms https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com https://*.ddev.site https://*.deltablue.io https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.recaptcha.net https://www.gstatic.com unpkg.com consent.cookiebot.com consentcdn.cookiebot.com https://*.doubleclick.net https://*.newrelic.com; frame-src 'self' https://www.recaptcha.net/ consentcdn.cookiebot.com *.youtube-nocookie.com *.youtube.com https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io https://*.doubleclick.net https://*.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io; connect-src 'self' https://*.ddev.site https://*.soenen-verzekeringen.be https://*.vanbreda-ausloos.be https://*.vanbreda-cornelis.be https://*.vanbreda-soenen.be https://*.justitia.be https://*.vanbreda-agencies.be https://*.vanbreda.com https://*.vanbreda.be https://*.vanbreda-medius.be https://*.vanbreda-dekerf.be https://*.vanbreda-huysmans.be https://*.vanbreda-geerts.be https://*.deltablue.io https://w.clarity.ms https://bat.bing.com/ https://px.ads.linkedin.com/ consentcdn.cookiebot.com https://*.craftcms.com https://craftcms.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.nr-data.net https://*.clarity.ms https://*.googlesyndication.com https://*.facebook.com https://*.bing.net 2 frame-ancestors https://booking.sunnycars.nl https://booking.sunnycars.de https://booking.sunnycars.fr https://booking.sunnycars.be https://booking.sunnycars.at https://booking.sunnycars.ch https://cms.sunnycars.app https://service.sunnycars.com https://b2b-content.sunnycars.nl https://b2b-content.sunnycars.fr https://b2b-content.sunnycars.be; 2 default-src 'self'; script-src 'self' inline 'unsafe-eval' https://www.youtube.com/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.youtube.com/ https://cdn.cookielaw.org/ https://cdn.matomo.cloud/ https://fimmoto.matomo.cloud/ https://public.flourish.studio/ https://cdn.picturemosaics.com/ https://www.picturemosaics.com/ https://static.axept.io/; script-src-attr 'self' 'unsafe-inline' inline https://maps.googleapis.com/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' inline https://fonts.googleapis.com/https://www.gstatic.com https://cdn.picturemosaics.com/; style-src-attr 'self' 'unsafe-inline' inline; style-src-elem 'self' 'unsafe-inline' inline https://fonts.googleapis.com/ https://cdn.picturemosaics.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.cookielaw.org/ https://fimmoto.matomo.cloud/ https://stats.g.doubleclick.net/ https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://region1.google-analytics.com/ https://client.axept.io/ https://api.axept.io/ https://axeptio.imgix.net/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.picturemosaics.com/ https://flo.uri.sh/ https://livemosaics.com/; img-src 'self' data: https://cdn.cookielaw.org/ https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://www.google-analytics.com https://maps.googleapis.com/ https://public.flourish.studio/ https://fimmoto.matomo.cloud https://cdn.picturemosaics.com/; manifest-src 'self' ; media-src 'self'; worker-src 'self' https://www.fim-moto.com/ 2 default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.buzzsprout.com/ cdn.jsdelivr.net/gh/ckeditor/ static.pathmotion.io pathmotion.com equans.career-inspiration.com/ *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net cdn.jsdelivr.net consent.cookiebot.com siteimproveanalytics.com cdn.matomo.cloud cdn.siteimprove.net www.youtube-nocookie.com unpkg.com odyssiant.azureedge.net *.bootstrapcdn.com js-agent.newrelic.com *.linkedin.com snippet.capybara.lmc.cz s.go-mpulse.net tags.data-driven.fr *.byspotify.com *.tiktok.com cdn.cookielaw.org eu.textrecruit.com *.hotjar.com sc-static.net secure.data-insight365.com cdn.leadinfo.net *.ldnfrpl.com *.youtube.com bat.bing.net bat.bing.com *.clarity.ms; object-src 'none' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net snippet.capybara.lmc.cz unpkg.com/leaflet@1.7.1/dist/leaflet.css unpkg.com/leaflet.markercluster/dist/MarkerCluster.css unpkg.com/leaflet.markercluster/dist/MarkerCluster.Default.css cdn.leadinfo.net; img-src 'self' data: https:;; media-src 'self' equans.widen.net; frame-src 'self' *.youtube.com/ *.youtube-nocookie.com/ *.vimeo.com/ apply.refline.ch engie.taleo.net www.google.com www.buzzsprout.com equans.career-inspiration.com/ facebook.com *.doubleclick.net/ cdn.linkedin.oribi.io www.facebook.com www.equans.co.uk json3d.tftlabs.com www.yousty.ch www.googletagmanager.com ohws.prospective.ch plan-group.acquiretm.com plan-groupca.acquiretm.com equans.widen.net; frame-ancestors 'self' https://n3g.4projects.com n3g.4projects.com; child-src 'self' https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ engie.taleo.net; font-src 'self' fonts.gstatic.com snippet.capybara.lmc.cz cdn.leadinfo.net data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ static.pathmotion.io pathmotion.com equans.career-inspiration.com api.mixpanel.com *.algolia.net equans.matomo.cloud privacyportal-fr.onetrust.com cdn.linkedin.oribi.io my2.siteimprove.com id.siteimprove.com contentassistant.eu.siteimprove.com id.eu.siteimprove.com *.algolianet.com *.odyssiant.com *.googlesyndication.com bam.nr-data.net *.linkedin.com *.algolianet.com api.capybara.lmc.cz *.ingest.sentry.io c.go-mpulse.net *.akstat.io *.tiktok.com *.byspotify.com *.textrecruit.tools *.akamaihd.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.data-driven.fr api.mapbox.com nominatim.openstreetmap.org siteimprove.com siteimproveanalytics.com siteimprove.net siteimproveanalytics.io api.leadinfo.com *.leadinfo.net *.ldnfrpl.com li-replay.s3-accelerate.amazonaws.com bat.bing.net bat.bing.com facebook.com *.clarity.ms; upgrade-insecure-requests 2 frame-ancestors 'self' https://kiosk.elwoodstaffing.com 2 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/ https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net https://api.steampowered.com https://steamvideo-a.akamaihd.net https://video.st.dl.eccdnx.com https://vd.queniujq.cn https://video.cdn.steamchina.eccdnx.com https://video.cdn.queniuqe.com https://video.cdn.steamchina.queniuam.com https://*.storage.googleapis.com https://sketchfab.com; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://checkout.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/ embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv; frame-ancestors 'none'; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 2 frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com stage.sitekreator.com; 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.buzzsprout.com/ https://code.visitor-track.com https://info.crd.com/analytics https://pi.pardot.com/pd.js https://fonts.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://s7.addthis.com https://siteimproveanalytics.com https://pi.pardot.com https://cdn.siteimprove.com https://maps.googleapis.com https://embed.typeform.com https://form.typeform.com https://app.termly.io; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://embed.typeform.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://cdn.jsdelivr.net https://www.google.co.za https://form.typeform.com https://api.typeform.com https://*.typeform.com https://app.termly.io https://cdn.termly.io https://api.termly.io https://us.consent.api.termly.io; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com data: https://s0.wp.com; frame-src 'self' https://*.brightcove.net https://*.crd.com https://*.google.com https://www.buzzsprout.com/ https://embed.typeform.com https://form.typeform.com https://app.termly.io; img-src 'self' https://*.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.co.za https://app.termly.io https://cdn.termly.io; manifest-src 'self'; media-src 'self'; report-uri https://65292a4da5a15fa1ff36ab6f.endpoint.csper.io/?v=0; worker-src 'self'; 2 default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.google.com www.nitrokey.com; object-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'unsafe-inline' 'self' safari-extension www.nitrokey.com embetty.nitrokey.com data:; media-src 'self'; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self'; font-src 'unsafe-inline' 'self' data:; connect-src 'self' https://api.github.com; report-uri /report-csp-violation 2 default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-src *; connect-src * 2 frame-ancestors 'self' https://www.google.com https://www.googletagmanager.com; 2 frame-ancestors 'self' *.hasselt.be *.visithasselt.be; report-uri /report-csp-violation 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' http://static.site24x7rum.com https://static.site24x7rum.com http://cdn.appdynamics.com https://cdn.appdynamics.com https://www.googletagmanager.com; object-src 'none' 2 frame-ancestors 'self' https://*.kontent.ai https://app.kontent.ai 2 default-src 'none'; connect-src 'self' wss: https://statistik.bundeswehrkarriere.de/; font-src 'self' data:; frame-src https://auth.pw6.de 'self' bundeswehr-karriere.novomind.com www.pw6.de; img-src 'self' data: tiles.mapz.com; media-src 'self'; script-src 'self' 'unsafe-inline' https://statistik.bundeswehrkarriere.de/; style-src 'self' 'unsafe-inline' 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com 'self' data: *.cloudfront.net *.iadvize.com *.twilio.com *.launchdarkly.com *.brandlock.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com *.meetanshi.com https://plumrocket.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.doubleclick.net www.googletagmanager.com *.webeyez.com tst.kaptcha.com diyrepairguide.softr.app *.iadvize.com *.twilio.com *.launchdarkly.com wss://*.twilio.com wss://*.iadvize.com *.brandlock.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com 'self' data: cdn.amplifi.pattern.com/ *.cloudfront.net meetanshi.com www.magecomp.com *.brandlock.io *.bing.com *.iadvize.com *.twilio.com *.launchdarkly.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.braintreegateway.com cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.meetanshi.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net static.klaviyo.com *.webeyez.com *.bing.com *.cloudfront.net cdnjs.cloudflare.com *.noibu.com static-tracking.klaviyo.com *.brandlock.io *.iadvize.com *.twilio.com *.launchdarkly.com *.purechatcdn.com *.purechat.com https://app.purechat.com https://ssl.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.googleapis.com *.cloudfront.net *.klaviyo.com *.iadvize.com *.twilio.com *.launchdarkly.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.braintreegateway.com *.braintree-api.com cdn.ampproject.org *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com *.meetanshi.com *.google-analytics.com https://www.google-analytics.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net cdn.amplifi.pattern.com fast.a.klaviyo.com static-forms.klaviyo.com *.cloudfront.net *.webeyez.com *.brandlock.io *.doubleclick.net *.iadvize.com *.twilio.com wss://*.twilio.com wss://*.iadvize.com *.launchdarkly.com *.purechat.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.iadvize.com *.brandlock.io https://ssl.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'sha256-52g6mY+P5et3wfpWsDFFu5Mu+Zm/ENQY0LoRweXZ7kk=' 'sha256-RE4OebMNw20VTHAG2qv8wZUgQG5SUv26ZJ2zdZxe4c0=' 'sha256-NfKpVnw+pPnZVcxmx7oEAO7D3wfRZlbP5oK7sKqblU0=' https://www.clarity.ms https://v2.clickguardian.app/track.js https://js-eu1.hs-scripts.com/25702117.js https://app.storyblok.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.googletagmanager.com *.vercel-insights.com *.gaconnector.com *.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://sc.lfeeder.com http://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hsadspixel.net/ https://js-eu1.hscollectedforms.net/ https://v2.clickguardian.app/ https://cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/ https://snap.licdn.com/ https://tag.clearbitscripts.com/ https://x.clearbitjs.com/; frame-src 'self' https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube-nocookie.com/; child-src *.google.com *.twitter.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src * blob: data: www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hsadspixel.net/ tps://v2.clickguardian.app/; media-src 'self'; connect-src * https://www.google-analytics.com; font-src 'self' data:; upgrade-insecure-requests; 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vizzit.se *.readspeaker.com *.episerver.net *.kiprotect.com *.lakemedelsverket.open-analytics.se *.azure.com *.vo.msecnd.net *.gstatic.com *.google.com *.cloudflare.com *.bootstrapcdn.com *.jquery.com *.jsdelivr.net *.aptrinsic.com *.hcaptcha.com *.aslint.org;style-src 'self' 'unsafe-inline' *.readspeaker.com *.bootstrapcdn.com *.episerver.net *.vizzit.se *.googleapis.com *.jsdelivr.net *.aptrinsic.com;font-src 'self' data: *.gstatic.com *.cloudfront.net *.episerver.net;img-src 'self' data: *.gstatic.com *.google.com *.lakemedelsverket.open-analytics.se *.episerver.net *.vizzit.se;frame-src 'self' *.screen9.com qcnl.tv *.google.com link.webropolsurveys.com *.hcaptcha.com *.google.com;frame-ancestors 'self';connect-src 'self' *.vizzit.se *.lakemedelsverket.open-analytics.se *.services.visualstudio.com *.aptrinsic.com *.hcaptcha.com *.google.com *.applicationinsights.azure.com *.monitor.azure.com;report-uri /api/csp/report; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://connect.facebook.net https://www.google-analytics.com https://apis.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' https://wpe-plugin-updates.wpengine.com https://plugin-updates.wpengine.com https://connect.advancedcustomfields.com https://www.googletagmanager.com https://wpengine.com https://optimizingmatters.com https://misc.optimizingmatters.com https://sp-ao.shortpixel.ai https://criticalcss.com https://wpforms.com https://ssl.gstatic.com https://www.paypalobjects.com https://www.paypal.com https://app-customerrors-uat-cc-1.azurewebsites.net https://www.magazinesocan.ca https://www.socanmagazine.ca https://secure.gravatar.com https://ps.w.org https://s.w.org https://i.ytimg.com data:; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; connect-src 'self' https://www.google-analytics.com https://yoast.com; media-src 'self'; object-src 'none'; frame-src 'self' https://content.googleapis.com https://www.youtube.com https://accounts.google.com; frame-ancestors 'self'; form-action 'self'; worker-src 'self' blob:; base-uri 'self'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 2 base-uri 'self'; default-src https: data: 'self' https://mppp.gob.ve 'unsafe-inline'; style-src https: data: 'self' https://mppp.gob.ve 'unsafe-inline'; script-src https: data: 'self' https://mppp.gob.ve 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:;img-src 'self' https://assets.elementor.com https://s.w.org https://secure.gravatar.com https://premiumaddons.com https://storage.googleapis.com https://ps.w.org https://s0.wp.com blob: data:;frame-src 'self' https://www.youtube.com https://leap13.github.io blob:;form-action 'self' https://mppp.gob.ve; upgrade-insecure-requests; 2 upgrade-insecure-requests ; frame-ancestors 'self' *.mpowerfinancing.com *.internationalstudent.com insight.adsrvr.org www.youtube.com widget.trustpilot.com *.google.com *.gaconnector.com *.googletagmanager.com *.google-analytics.com *.criteo.com 2 frame-ancestors 'self' nectar.ai app.nectar.ai http://localhost capacitor://localhost; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com *.fontawesome.com *.googleapis.com *.fonts.googleapis.com data: *.cloudflare.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.googlesyndication.com *.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com bid.g.doubleclick.net *.youtube-nocookie.com www.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.addthis.com *.pinterest.com www.xtento.com douglashoutopmaat.nl hout.xxldirect.nl www.googletagmanager.com td.doubleclick.net ct.pinterest.com app.zipchat.ai 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.tiktok.com https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com magefan.com cm.magefan.com *.sooqr.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com www.facebook.com bat.bing.net www.google.nl files.smartsuppcdn.com lisema.eu widgets.trustedshops.com *.spotlersearch.com xxldirect.de xxldirect.nl www.xxldirect.de www.xxldirect.nl bat.bing.com data: 'self' 'unsafe-inline'; script-src *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.jsdelivr.net *.tiktok.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io *.fontawesome.com *.googleapis.com *.sooqr.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com www.xtento.com cdn.xtento.com assets.exatom.io vmax.backend.verbolia.com cdn.backend.verbolia.com sdk.copernica.com app.zipchat.ai bat.bing.com bat.bing-int.com xxldirect.belris.nl s.pinimg.com connect.facebook.net ct.pinterest.com www.smartsuppchat.com www.clarity.ms widget-v3.smartsuppcdn.com widgets.trustedshops.com *.spotlersearch.com spotlersearchanalytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.tiktok.com *.fontawesome.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.sooqr.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.etrusted.com *.verbolia.com *.spotlersearch.com widget-v3.smartsuppcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src widget-v3.smartsuppcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.tiktok.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://hostedfields-externalapi.alpha.buckaroo.aws https://hostedfields-externalapi.prod-pci.buckaroo.io https://applepay.buckaroo.io *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site api.pro6pp.nl assets.exatom.io event.exatom.io douglashoutopmaat.nl region1.analytics.google.com sdk.copernica.com googleads.g.doubleclick.net jnn-pa.googleapis.com www.gstatic.com ct.pinterest.com www.pinterest.com play.google.com analytics.qa.backend.verbolia.com analytics.backend.verbolia.com app.zipchat.ai cdn.jsdelivr.net bat.bing.com xxldirect.belris.nl bat.bing.net bootstrap.smartsuppchat.com widget-v3.smartsuppcdn.com translations.smartsuppcdn.com wss://websocket-visitors.smartsupp.com vmax.backend.verbolia.com *.sooqr.com *.spotlersearch.com *.amazonaws.com *.google.nl cognito-identity.eu-central-1.amazonaws.com sst.xxldirect.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.net bat.bing.com www.google.com www.google-analytics.com www.google.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://cdnjs.cloudflare.com; img-src 'self' https://d1r14b87f0kylk.cloudfront.net; form-action 'self'; report-to sentry; 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.consentmanager.net https://datainsights-cdn.dm.aws.gartner.com/ https://www.googletagmanager.com https://www.google-analytics.com *.analytics.google.com https://www.google.com *.gstatic.com maps.googleapis.com www.facebook.com baramundi.live public-eur.mkt.dynamics.com assets-eur.mkt.dynamics.com cxppusa1formui01cdnsa01-endpoint.azureedge.net; style-src 'self' 'unsafe-inline' https://cdn.consentmanager.net/ fonts.googleapis.com www.gartner.com; img-src * data: blob: 'unsafe-inline' 'self' data: https://www.google-analytics.com www.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net maps.googleapis.com *.gstatic.com; frame-src 'self' https://td.doubleclick.net/ https://www.googletagmanager.com/ https://datainsights-cdn.dm.aws.gartner.com/ https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://www.gartner.com https://www.facebook.com/ https://baramundi.live/; connect-src 'self' https://td.doubleclick.net/ https://www.googletagmanager.com/ https://px.ads.linkedin.com/ https://analytics.ahrefs.com/ https://dmndfrcstng.com/ https://www.google.de/ https://cdn.linkedin.oribi.io/ https://cdn.consentmanager.net/ https://d.delivery.consentmanager.net/ https://www.google-analytics.com *.analytics.google.com maps.googleapis.com https://maps.googleapis.com/ www.google-analytics.com https://stats.g.doubleclick.net http://ipinfo.io https://www.google.com https://googleads.g.doubleclick.net https://public-eur.mkt.dynamics.com https://assets-eur.mkt.dynamics.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://bat.bing.net https://e.clarity.ms; frame-ancestors 'self' https://www.it-daily.net/ https://www.dataconnector1.com https://dataconnector1.com https://plugilo.com/ https://www.plugilo.com/ 2 frame-ancestors 'self' http://www.rslcontent.co.uk; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://localhost *.app.baqend.com b2c.benuta.at b2c.benuta.ch b2c.benuta.co.uk b2c.benuta.cz b2c.benuta.de b2c.benuta.dk b2c.benuta.es b2c.benuta.eu b2c.benuta.fi b2c.benuta.fr b2c.benuta.it b2c.benuta.nl b2c.benuta.no b2c.benuta.pl b2c.benuta.pt b2c.benuta.se b2c.benuta.com connect.getflowbox.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com maps.googleapis.com https://maps.googleapis.com x.klarnacdn.net pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com load.sumo.com vercel.live bat.bing.com connect.facebook.net sumo.com cdn.vercel-insights.com *.sovendus.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://collector-37445.tvsquared.com *.tvsquared.com https://pixel.biano.it https://it.bianopixel.com dynamic.criteo.com sslwidget.criteo.com static.ads-twitter.com widget.reviews.io *.newrelic.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com *.vimeo.com vimeo.com static.hotjar.com trck.linkster.co *.chat.getzowie.com ct.pinterest.com applepay.cdn-apple.com google.com/pay; worker-src 'self' blob: *.app.baqend.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu; connect-src 'self' data: blob: *.app.baqend.com sockjs-us3.pusher.com eu.playground.klarnaevt.com eu.klarnaevt.com https://wchat.freshchat.com *.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com www.google-analytics.com stats.g.doubleclick.net graphql.contentful.com *.ksearchnet.com ksearchnet.com www.google.com *.googleapis.com *.gstatic.com sumo.com ct.pinterest.com googleads.g.doubleclick.net bat.bing.com vitals.vercel-insights.com vercel.live *.pusher.com *.adyen.com wss://ws-us3.pusher.com *.klarnacdn.net *.klarna.com *.appspot.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://p.biano.it https://it.bianopixel.com ads.x.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com tiktok.com public.app.priceshape.io measurement-api.criteo.com api.reviews.io *.nr-data.net *.googlesyndication.com *.cnstrc.com cnstrc.com *.powerrobotflower.com *.hyr.so *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.vimeo.com vimeo.com *.hotjar.io wss://*.hotjar.com trck.linkster.co *.chat.getzowie.com *.parcellab.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat google.com/pay; style-src 'self' 'unsafe-inline' data: *.app.baqend.com tagmanager.google.com wchat.freshchat.com www.benuta.eu www.googletagmanager.com assets.reviews.io widget.reviews.io d1azc1qln24ryf.cloudfront.net d19ayerf5ehaab.cloudfront.net cdn.icomoon.io *.cnstrc.com cnstrc.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com; font-src 'self' data: *.app.baqend.com assets.vercel.com assets.reviews.io d19ayerf5ehaab.cloudfront.net cdn.icomoon.io; img-src 'self' blob: data: *.app.baqend.com ssl.gstatic.com www.gstatic.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com x.klarnacdn.net *.adyen.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com ct.pinterest.com bat.bing.com media.sumo.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com *.getflowbox.com https://collector-37445.tvsquared.com *.tvsquared.com checkoutshopper-live.adyen.com x.klarnacdn.net images.ctfassets.net downloads.ctfassets.net downloads.ctfassets.net www.paypalobjects.com www.checkoutshopper-live.adyen.com *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com *.b2b.benuta.com checkoutshopper-live.adyen.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co *.cnstrc.com cnstrc.com *.reviews.co.uk *.reviews.io *.powerrobotflower.com *.kameleoon.io *.kameleoon.com *.kameleoon.eu *.parcellab.com script.hotjar.com cdn.flbx.io benuta-sandbox.bynder.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; media-src 'self' videos.ctfassets.net *.vimeo.com vimeo.com; manifest-src 'self' 2 style-src 'unsafe-inline' 'self' https://*.fontawesome.com https://cdnjs.cloudflare.com https://platform.twitter.com https://ton.twimg.com https://*.plyr.io https://*.quantserve.com https://*.demdex.net https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://bat.bing.com https://*.schwab.com https://embeds.beehiiv.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.evidon.com https://*.twimg.com https://*.everesttech.net https://*.twitter.com https://*.cloudflare.com https://*.tiqcdn.com https://*.uplynk.com https://*.google.com https://*.addthisedge.com https://*.addthis.com https://www.googleadservices.com https://*.doubleclick.net https://*.wsod.com https://*.facebook.net https://*.facebook.com https://t.co https://*.tdameritrade.com https://*.adsrvr.org https://gateway.foresee.com https://www.googletagmanager.com https://*.moatads.com https://sc-static.net https://*.google.ru https://tr.snapchat.com https://pixel.tapad.com https://*.demdex.net https://*.quantserve.com https://rules.quantcount.com https://*.plyr.io https://www.redditstatic.com https://*.ads-twitter.com https://bat.bing.com https://*.schwab.com https://embeds.beehiiv.com blob:; default-src 'self' https://*.twimg.com https://*.everesttech.net https://*.twitter.com https://*.cloudflare.com https://*.tiqcdn.com https://*.uplynk.com https://*.google.com https://*.addthisedge.com https://*.addthis.com https://www.googleadservices.com https://*.doubleclick.net https://*.wsod.com https://*.facebook.net https://*.facebook.com https://t.co https://*.tdameritrade.com https://*.adsrvr.org https://gateway.foresee.com https://www.googletagmanager.com https://*.moatads.com https://sc-static.net https://*.google.ru https://tr.snapchat.com https://pixel.tapad.com https://*.demdex.net https://*.plyr.io https://*.quantserve.com https://*.fontawesome.com https://*.evidon.com https://*.rlcdn.com https://*.reddit.com https://*.ads-twitter.com tdameritradenetwork.com https://bat.bing.com https://*.schwab.com https://embeds.beehiiv.com blob: data:; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' always 2 report-uri /_csp;default-src 'self';media-src 'self' https://cdn.shopify.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://fonts.soundestlink.com https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.mailerlite.com https://*.typekit.net/ https://getsnap.eu/ https://*.cookiehub.net https://*.cookiehub.com https://*.cookiehub.eu https://cookiehub.net https://getsnap.tech https://storage.tellq.io;font-src 'self' https://*.gstatic.com https://*.typekit.net/ data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://getsnap.eu/ https://fonts.soundestlink.com;img-src 'self' data: http: https: blob:;script-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://snap.licdn.com/ https://*.facebook.net https://*.typekit.net/ https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.omnisend.com https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.mailerlite.com https://*.newrelic.com https://*.nr-data.net https://omnisnippet1.com https://getsnap.eu/ https://*.getsnap.me/ https://cookiehub.net https://*.cookiehub.eu https://getsnap.tech https://skaiciuokles.inbank.lt https://*.eskimi.com https://*.lupasearch.com https://*.googlesyndication.com https://web-sdk.smartlook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline';script-src-elem 'self' https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://snap.licdn.com/ https://*.facebook.net https://*.typekit.net/ https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://*.omnisend.com https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.mailerlite.com https://*.newrelic.com https://*.nr-data.net https://omnisnippet1.com https://getsnap.eu/ https://*.getsnap.me/ https://cookiehub.net https://*.cookiehub.eu https://getsnap.tech https://skaiciuokles.inbank.lt https://*.eskimi.com https://*.lupasearch.com https://*.googlesyndication.com https://web-sdk.smartlook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline';frame-src 'self' https://*.cookiebot.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.doubleclick.net https://led-labs.eu https://*.livechatinc.com https://www.facebook.com www.youtube.com https://*.google.com https://*.googletagmanager.com http://*.vimeo.com https://*.mailerlite.com https://subscribepage.com https://omniform1.com https://lemona.reeco.info/ https://www.marketing.patona.de/;frame-ancestors 'none';connect-src 'self' https://*.lupasearch.com https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://google.com https://*.doubleclick.net https://*.facebook.net https://*.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://multi-api-v3.tellq.io https://*.tellq.io https://*.livechatinc.com https://omnisrc.com https://p.osent.me https://*.omnisendlink.com https://*.soundestlink.com https://*.cookiebot.com https://*.nr-data.net https://*.sentry.io/ https://getsnap.eu/ https://*.getsnap.me/ https://*.cookiehub.net https://getsnap.tech https://live.tellq.io:* wss://live.tellq.io:* wss://chat.tellq.io:* https://skaiciuokles.inbank.lt https://*.eskimi.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://*.ads.linkedin.com https://*.contentsquare.net https://omnisnippet1.com https://*.eu.smartlook.cloud https://*.smartlook.cloud 2 frame-ancestors 'self' *.verti.es *.verti.it *.verti.com *.verti.de *.mazda.de; 2 default-src 'self' *.crazyegg.com; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; worker-src blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 upgrade-insecure-requests; block-all-mixed-content; default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.vidstack.io insight.adsrvr.org https://bynder-media-us-east-2.s3.us-east-2.amazonaws.com https://snippet.maze.co *.seaskylink.com search.adspipe.com search.adspipe.ca fr.search.adspipe.ca finder.adspipe.com finder.adspipe.ca fr.finder.adspipe.ca img.youtube.com *.insight.sitefinity.com go.adspipe.ca cdn.jsdelivr.net *.edgepilot.com *.onelink-edge.com *.reddit.com *.ipredictive.com data: blob: search.adspipe.com.pagescdn.com *.yext.com adspipe.tfaforms.net assets.ads-pipe.com assets.adspipe.com assets.sitescdn.net *.cmp.osano.com cmp.osano.com adswww.azureedge.net go.adspipe.com ndn.statistinamics.com *.facebook.com *.livechatinc.com *.juicer.io *.googleapis.com *.googleadservices.com *.gstatic.com *.googletagmanager.com *.google.com *.evgnet.com *.evergage.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/ platform.twitter.com *.googleadservices.com https://snap.licdn.com https://syndication.twitter.com/ *.ytimg.com https://publish.twitter.com *.twimg.com *.linkedin.com http://platform.stumbleupon.com/1/widgets.js ucv.bynder.com cdn.adspipe.com adspipeca.mpeasylink.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org use.typekit.net kit.fontawesome.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sharethis.com *.kbmax.com *.pardot.com *.ads-pipe.com *.qualtrics.com *.bing.com netdna.bootstrapcdn.com kendo.cdn.telerik.com https://dec.azureedge.net *.twimg.com use.typekit.net p.typekit.net kit-free.fontawesome.com https://p.adsymptotic.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com https://syndication.twitter.com https://static.licdn.com *.cloudfront.net https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com *.eloqua.com track.hubspot.com p.typekit.net *.ads-pipe.com *.nyloplast-us.com https://assets.sitescdn.net/answers-search-bar analytics.convertlanguage.com *.fontawesome.com fr-ca.adspipe.ca; child-src 'self' *.googletagmanager.com search.adspipe.com search.adspipe.ca fr.search.adspipe.ca finder.adspipe.com finder.adspipe.ca fr.finder.adspipe.ca *.ipredictive.com blob: search.adspipe.com.pagescdn.com *.ads-pipe.com *.adspipe.com adspipe.tfaforms.net *.juicer.io *.doubleclick.net https://platform.twitter.com/ https://info.nyloplast-us.com *.sharethis.com *.livechatinc.com https://platform.twitter.com/ https://*.google.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com *.hotjar.io https://c.sharethis.mgr.consensu.org *.kbmax.com *.qualtrics.com *.juicer.io adspipeca.mpeasylink.com; connect-src 'self' blob: *.googleadservices.com assets.sitescdn.net *.cmp.osano.com cmp.osano.com https://adservice.google.com https://prompts.maze.co *.seaskylink.com pixel-config.reddit.com *.insight.sitefinity.com www.redditstatic.com/ https://conversions-config.reddit.com/ *.googlesyndication.com *.onelink-edge.com *.linkedin.oribi.io bcp.crwdcntrl.net/6/map *.facebook.com *.evergage.com *.evgnet.com *.qualtrics.com *.livechatinc.com accounts.google.com https://maps.googleapis.com https://*.dec.sitefinity.com *.mktoresp.com *.hotjar.io performance.typekit.net wss://ws.hotjar.com https://*.hotjar.com vc.hotjar.io wss://*.hotjar.io *.fontawesome.com https://www.google-analytics.com *.doubleclick.net *.google-analytics.com analytics.google.com answers.yext-pixel.com *.yext.com *.api.osano.com *.sharethis.com *.kbmax.com *.ads-pipe.com *.dec.sitefinity.com *.nyloplast-us.com *.bing.com www.google.com google.com *.linkedin.com; object-src none; 2 frame-ancestors *.fraport.com *.fraport.de https://fraportag.sharepoint.com http://www.fra-spotterforum.de; 2 default-src 'self' *.quantummetric.com 'unsafe-inline' 'unsafe-eval';frame-src * 'unsafe-inline';connect-src * 'unsafe-inline'; font-src * 'unsafe-inline'; object-src 'self'; style-src * 'unsafe-inline'; media-src * 'unsafe-inline'; script-src 'self' *.privy.com analytics.tiktok.com cnstrc.com *.cloudfront.net *.wufoo.com *.gstatic.com js.hsforms.net *.orders.com *.googleapis.com *.clarity.ms *.navitor.com *.google.com *.yieldify.com *.hs-scripts.com *.visualwebsiteoptimizer.com tag.rmp.rakuten.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.rd.linksynergy.com *.googleadservices.com *.xg4ken.com *.andersons.com *.paperdirect.com *.rhymeuniversity.com *.alphabetu.com *.itselementary.com *.littlegraduates.com *.paradefloatsuppliesnow.com *.promnite.com *.yimg.com *.pinterest.com *.quantummetric.com *.pinimg.com *.google-analytics.com *.privy.com analytics.tiktok.com cnstrc.com *.cloudfront.net *.googletagmanager.com *.sc.pages03.net *.groupbycloud.com *.pinimg.com *.bing.com *.google-analytics.com *.g.doubleclick.net *.privy.com analytics.tiktok.com cnstrc.com *.cloudfront.net *.powerreviews.com *.pubhtml5.com *.facebook.net *.unbxdapi.com 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data:; worker-src blob:; child-src blob:;frame-ancestors 'self' *.theprom.us http://localhost:3000 2 frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com https://zingtree.com 2 default-src 'self'; img-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com data: https://*.natwest.com https://*.gstatic.com https://*.cookielaw.org *.natwestmentor.co.uk *.rbsmentor.co.uk https://*.doubleclick.net https://px.ads.linkedin.com https://*.linkedin.com https://*.facebook.com https://*.reddit.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://www.google.co.uk https://*.analytics.google.com; script-src 'self' 'unsafe-inline' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://*.google-analytics.com https://*.cookielaw.org https://*.onetrust.com https://snap.licdn.com https://*.facebook.net https://www.datadoghq-browser-agent.eu https://*.redditstatic.com https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com blob: https://*.googletagmanager.com; object-src 'none'; font-src 'self' https://*.gstatic.com; connect-src 'self' https://*.amazonaws.com https://*.path.co.uk https://*.natwestmentor.co.uk https://*.rbsmentor.co.uk https://*.cookielaw.org https://*.onetrust.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.browser-intake-datadoghq.eu https://browser-intake-datadoghq.eu https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.reddit.com https://*.redditstatic.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://*.analytics.google.com; media-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com *.natwestmentor.co.uk *.rbsmentor.co.uk; frame-src 'self' https://*.lpsnmedia.net https://*.lprnd.net https://*.liveperson.com https://*.liveperson.net https://player.vimeo.com https://view.officeapps.live.com *.natwestmentor.co.uk *.rbsmentor.co.uk https://www.googletagmanager.com https://td.doubleclick.net https://*.fls.doubleclick.net; worker-src blob:;form-action 'self' *.natwestmentor.co.uk *.rbsmentor.co.uk;frame-ancestors 'none'; manifest-src 'self' *.natwestmentor.co.uk *.rbsmentor.co.uk *.amazoncognito.com; 2 frame-ancestors 'none' script-src 'self' assets.adobedtm.com www.youtube.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://connect.facebook.net 'unsafe-inline' 2 default-src 'self'; base-uri 'none'; frame-src https:; object-src 'none'; img-src 'self' data: https:; font-src 'self' https:; connect-src 'self' https:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com stats.g.doubleclick.net connect.facebook.net www.facebook.com www.googletagmanager.com; 2 default-src https:; frame-src * data:; frame-ancestors 'self' https://www.huntswood.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; style-src https: 'unsafe-inline' api.mapbox.com; img-src * data:; worker-src blob:; object-src 'self' blob:; 2 default-src 'none'; script-src 'self' *.unpkg.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com 'nonce-c2NyaXB0X2dvb2dsZV9hbmFsaXR5Y3M=' 'nonce-c2NyaXB0X2dydXBvY3JpYXI=' 'nonce-c2NyaXB0X21haW5fZ3J1cG9jcmlhcg==' 'nonce-c2NyaXB0X3JlY2FwdGNoYQ==' 'nonce-c2NyaXB0X3JlY2FwdGNoYV9pbnZpc2libGU=' 'nonce-aG9tZS1zY3JpcHQ=' 'nonce-c2NyaXB0LXRyYWJhbGhlLWNvbm9zY28=' 'nonce-c2NyaXB0LW91dmlkb3JpYQ==' 'nonce-c2NyaXB0LW5hdGFs'; style-src 'self' *.googleapis.com 'nonce-c3R5bGVfZ3J1cG9jcmlhcg==' 'nonce-c3R5bGUtYS1oaXN0b3JpYQ==' 'nonce-c3R5bGUtaW5pY2lv' 'nonce-c3R5bGUtdHJlaW5hbWVudG8=' 'nonce-c3R5bGUtdmlkZW8=' 'nonce-c3R5bGUtY2xpcHBpbmc='; img-src 'self' data: *.gstatic.com *.google.com.br *.googletagmanager.com; frame-src 'self' *.google.com *.grupocriar.com.br https://localhost; connect-src 'self' *.analytics.google.com *.google-analytics.com *.doubleclick.net *.google.com; font-src 'self' *.googleapis.com *.gstatic.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' *.unpkg.com *.google.com; object-src 'self'; media-src 'self' 2 script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/ https://www.googletagmanager.com/ https://www.paypalobjects.com/ https://*.stripe.com/ https://leadbooster-chat.pipedrive.com/ https://*.idea-commerce.com https://www.googleadservices.com/ https://*.hs-scripts.com/ https://*.hsadspixel.net/ https://*.hscollectedforms.net/ https://*.licdn.com/ https://*.hs-banner.com/ https://*.hs-analytics.net/ https://hsadspixel.net/ https://*.facebook.net/ https://cdnjs.cloudflare.com/ https://*.com/recaptcha/ https://*.clickguard.com/ https://*.googleadservices.com/ https://*.googlesyndication.com/ https://*.livechatinc.com/ https://*.chatwoot.com/; img-src 'self' data: blob: https://www.paypalobjects.com/ https://www.google.pl/ https://s.w.org/ https://googleadservices.com/ https://*.linkedin.com/ https://*.hsforms.com/ https://*.facebook.com/ https://*.hubspot.com/ https://*.clickguard.com/ https://*.googletagmanager.com/ https://fonts.gstatic.com/ https://*.livechatinc.com/ https://cdn.files-text.com/ https://cdn.static-text.com/ https://cdn.livechat-static.com/; object-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.clickguard.com/ https://*.livechatinc.com/ https://*.chatwoot.com/; frame-src 'self' data: blob: https://idea-commerce.com/ https://elegantthemes.com/ https://*.elegantthemes.com/ https://*.paypal.com/ https://*.stripe.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.clickguard.com/ https://*.livechatinc.com/ https://*.chatwoot.com/; 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https: 'self' https:; frame-ancestors 'self'; img-src 'self' data: https: 'self' data: https:; object-src 'self' https: 'self' https:; script-src-attr 'self' https: 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-src 'self' https: 'self' https:; media-src 'self' https: 'self' https:; worker-src 'self' blob:; 2 frame-src https://forms.hsforms.com https://app.hubspot.com https://orionvm-com.hs-sites.com https://www.google.com 'self'; 2 default-src 'self' cocubes.com *.cocubes.com cocubes.in cdn.cookielaw.org www.youtube.com player.vimeo.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' cocubes.com *.cocubes.com cdn.cookielaw.org blob:; connect-src 'self' cocubes.com *.cocubes.com cocubes.in *.blob.core.windows.net cdn.cookielaw.org *.onetrust.com; img-src data: https: blob:; style-src 'unsafe-inline' https:; media-src 'self' blob: *.blob.core.windows.net cocubes.com *.cocubes.com cocubes.in; font-src data: https:;object-src 'self' cocubes.com *.cocubes.com cocubes.in *.blob.core.windows.net youtube.com player.vimeo.com; 2 default-src 'self' https://connect.facebook.net https://e.issuu.com; font-src 'self' 'unsafe-inline' data: webchat.keyreply.com https://fonts.googleapis.com https://fonts.gstatic.com https://static.juicer.io https://edge.addthis.com; connect-src 'self' www.ktph.com.sg nhg.app.keyreply.com www.juicer.io https://graph.facebook.com www.google-analytics.com www.google.com https://v1.addthis.com m.addthis.com https://edge.addthis.com https://stats.g.doubleclick.net ; frame-src 'self' youtu.be www.youtube.com https://staticxx.facebook.com https://platform.twitter.com https://www.selfhelpguides.ntw.nhs.uk www.selfhelpguides.ntw.nhs.uk www.google.com s7.addthis.com https://e.issuu.com https://player.vimeo.com https://edge.addthis.com https://www.canva.com; frame-ancestors 'self'; img-src *; media-src 'self' data: https://images.pexels.com https://e.issuu.com; object-src 'self' 'none' youtu.be www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: assets.juicer.io static.juicer.io www.juicer.io graph.facebook.com i.imgur.com scontent.xx.fbcdn.net www.google-analytics.com www.google.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com https://edge.addthis.com youtu.be www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com www.gstatic.com www.googletagmanager.com https://connect.facebook.net http://connect.facebook.net https://platform.twitter.com https://v1.addthisedge.com https://v1.addthis.com https://z.moatads.com https://e.issuu.com https://edge.addthis.com; style-src 'self' 'unsafe-inline' data: assets.juicer.io static.juicer.io www.juicer.io graph.facebook.com i.imgur.com scontent.xx.fbcdn.net www.google-analytics.com www.google.com www.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com youtu.be www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com www.gstatic.com https://e.issuu.com https://edge.addthis.com; base-uri 'none'; 2 default-src 'none'; connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.posthog.com; form-action 'self'; manifest-src 'self'; img-src 'self' https://media.onlyfinder.com https://public.onlyfans.com https://thumbs.onlyfans.com https://www.googletagmanager.com data: https://fonts.gstatic.com https://analytics.twitter.com https://t.co https://d.adroll.com https://s.adroll.com https://x.adroll.com https://d.adroll.mgr.consensu.org https://dsum-sec.casalemedia.com https://eb2.3lift.com https://googleads.g.doubleclick.net https://cm.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://pixel.advertising.com https://pixel.rubiconproject.com https://image2.pubmatic.com/AdServer https://simage2.pubmatic.com/AdServer https://snap.licdn.com https://sync.outbrain.com https://sync.taboola.com https://trc.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com/ups https://www.facebook.com https://connect.facebook.com https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://us-u.openx.net/w/1.0; script-src 'self' 'unsafe-inline' https://static.cloudflareinsights.com https://*.googletagmanager.com https://cdn.jsdelivr.net https://unpkg.com/htmx.org@1.9.11 https://*.adroll.com https://hw-cdn2.adtng.com https://connect.facebook.net https://static.ads-twitter.com https://*.posthog.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.googletagmanager.com https://fonts.googleapis.com https://*.posthog.com; frame-ancestors 'none'; frame-src https://x.adroll.com; font-src https://fonts.gstatic.com; report-to https://onlyfinder.co/api/v1/csp/report; 2 prefetch-src 'none' 2 base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 2 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 2 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.cybersource.com; object-src 'none'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.trakkr.ai https://*.6sc.co https://*.semrush.com https://static.hsappstatic.net https://866b018c.delivery.rocketcdn.me https://www.redditstatic.com https://s3-us-west-2.amazonaws.com https://r2.leadsy.ai https://tag.trovo-tag.com https://cdn.cr-relay.com https://js.storylane.io https://opps-widget.getwarmly.com http://www.geoplugin.net https://www.clickcease.com https://vd.trinitymedia.ai https://trinitymedia.ai https://assets.apollo.io https://script.hotjar.com https://static.hotjar.com https://ipinfo.io https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://js.zi-scripts.com https://www.youtube.com https://cdn.jsdelivr.net https://tracking.g2crowd.com https://cdn-cookieyes.com https://unpkg.com https://js.hsforms.net https://pageimprove.io https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.partnerstack.com https://*.clarity.ms https://api.social9.com https://maps.googleapis.com https://ajax.googleapis.com https://snap.licdn.com https://cdnjs.cloudflare.com https://d.adroll.com https://s.adroll.com https://d.adroll.mgr.consensu.org https://analytics.twitter.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.linkedin.com https://www.gstatic.com https://a.quora.com https://api.amplitude.com https://cdn.amplitude.com https://api-iam.intercom.io https://widget.intercom.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://apis.google.com https://www.googleanalytics.com https://graph.facebook.com https://js.intercomcdn.com https://z.moatads.com https://sjs.bizographics.com https://www.googletagmanager.com https://cdn.wpcc.io; frame-src 'self' https://*.visualwebsiteoptimizer.com https://*.semrush.com https://*.spin.ai https://meetings.hubspot.com https://api.wp-rocket.me https://tag.trovo-tag.com https://app.storylane.io https://www.googletagmanager.com https://trinitymedia.ai https://*.g2.com https://td.doubleclick.net https://forms.hsforms.com https://*.hsforms.net https://wp-rocket.me https://apis.google.com https://ssl.google-analytics.com *.facebook.com https://api-iam.intercom.io https://s.adroll.com https://www.google.com https://cdnjs.cloudflare.com https://cdn.social9.com https://www.youtube.com;connect-src 'self' wss://www.semrush.com wss://ws.hotjar.com https://static.hsappstatic.net https://*.intercom.io https://*.6sc.co https://*.6sense.com https://*.rocketcdn.me https://beaconapi.helpscout.net https://pipedream.wistia.com https://d3hb14vkzrxvla.cloudfront.net https://www.redditstatic.com https://alocdn.com https://pro.ip-api.com https://api.instantly.ai https://api.cr-relay.com https://*.g2.com wss://opps-api.getwarmly.com https://opps-api.getwarmly.com https://*.clickcease.com https://depart.trinitymedia.ai https://tracking.g2crowd.com https://googleads.g.doubleclick.net https://aplo-evnt.com https://www.googleadservices.com https://*.reddit.com https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://*.linkedin.com https://ws.zoominfo.com https://js.zi-scripts.com https://app.clearbit.com https://google.com https://*.google.com https://pagead2.googlesyndication.com https://*.cookieyes.com https://cdn-cookieyes.com https://forms.hscollectedforms.net https://cdn.jsdelivr.net https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://grsm.io https://partnerlinks.io https://pageimprove.io https://api.hubapi.com https://forms-na1.hubspot.com https://forms.hubspot.com https://*.clarity.ms wss://nexus-websocket-a.intercom.io https://www.chromestatus.com https://api.amplitude.com https://api-iam.intercom.io https://maps.googleapis.com https://snap.licdn.com https://api.social9.com https://www.facebook.com https://stats.g.doubleclick.net https://*.google-analytics.com;object-src 'self'; frame-ancestors 'self' *.spinbackup.com *.spin.ai 2 base-uri 'self'; frame-ancestors 'none'; object-src 'none'; worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content 2 manifest-src 'self' cdn.yello.link; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.jsdelivr.net sanomapro.containers.piwik.pro sanomapro.piwik.pro www.youtube-nocookie.com api.addsearch.com zefzhat.appspot.com storage.googleapis.com commondatastorage.googleapis.com stats.livezhat.com yoast.com unpkg.com youtube-nocookie.com google.com www.google.com fonts.gstatic.com fonts.googleapis.com www.instagram.com googletagmanager.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' sanomapro.containers.piwik.pro cdn.jsdelivr.net connect.facebook.net googleads.g.doubleclick.net google.com www.google.com www.gstatic.com zefzhat.appspot.com storage.googleapis.com commondatastorage.googleapis.com stats.livezhat.com yoast.com unpkg.com www.instagram.com googletagmanager.com www.googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cdn.jsdelivr.net google.com www.google.com commondatastorage.googleapis.com fonts.googleapis.com sanomapro.containers.piwik.pro www.googletagmanager.com tagmanager.google.com; img-src 'self' data: s3-eu-west-1.amazonaws.com d20vwa69zln1wj.cloudfront.net spro-trinity-wordpress-prod.s3.eu-west-1.amazonaws.com spro-magento2-prod.sanomapro.fi i.ytimg.com www.facebook.com www.google.com www.google.es www.google.fi zefzhat.appspot.com tuotteet.sanomapro.fi sanomapro.containers.piwik.pro googletagmanager.com www.googletagmanager.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data:; connect-src 'self' sanomapro.containers.piwik.pro sanomapro.piwik.pro api.addsearch.com stats.livezhat.com zefzhat.appspot.com google.com www.google.com googletagmanager.com www.googletagmanager.com; font-src 'self' data: storage.googleapis.com fonts.gstatic.com sanomapro.containers.piwik.pro data:; frame-src 'self' youtube-nocookie.com www.youtube-nocookie.com www.google.com td.doubleclick.net www.facebook.com plugins.flockler.com www.instagram.com googletagmanager.com www.googletagmanager.com www.youtube.com; child-src 'self' *.sanomapro.fi blob: www.youtube.com www.googletagmanager.com; 2 script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleadservices.com bat.bing.com s.yimg.com sp.analytics.yahoo.com; 2 default-src 'self' https://*.findmyshift.com https://*.findmyshift.co.uk; frame-src 'self' https://*.findmyshift.com https://*.findmyshift.co.uk https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.findmyshift.com https://*.findmyshift.co.uk https://www.google.com https://www.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://region1.google-analytics.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.findmyshift.com https://*.findmyshift.co.uk https://www.google.com https://www.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.analytics.google.com https://analytics.google.com https://region1.google-analytics.com; style-src 'self' 'unsafe-inline' data: https://*.findmyshift.com https://*.findmyshift.co.uk https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' data: https://*.findmyshift.com https://*.findmyshift.co.uk https://www.gstatic.com; connect-src 'self' data: https://*.findmyshift.com https://*.findmyshift.co.uk *; font-src 'self' data: https://*.findmyshift.com https://*.findmyshift.co.uk https://fonts.gstatic.com; img-src 'self' data: blob: https://*; media-src 'self' data: blob: https://*.findmyshift.com https://*.findmyshift.co.uk; worker-src 'self' blob: https://*.findmyshift.com https://*.findmyshift.co.uk; frame-ancestors 'self' https://*.findmyshift.com https://*.findmyshift.co.uk; manifest-src 'self' * 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 2 base-uri 'self';frame-ancestors 'self';frame-src *;object-src 'none'; 2 default-src 'self'; connect-src 'self'; worker-src 'self' blob:; font-src 'self'; frame-src 'self' https://www.youtube.com https://tools.akismet.com; img-src 'self' https://tools.akismet.com https://secure.gravatar.com https://*.w.org https://www.nlr.nl data:; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://eu2.snoobi.com https://eu2.snoobi.eu https://yoast.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; form-action-objective 'self'; frame-ancestors 'self'; 2 default-src * data:;img-src * blob: data:;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * data: blob:;font-src * data:; 2 upgrade-insecure-requests; default-src 'self' ; script-src-elem 'self' 'unsafe-inline' blob: https://web.cvent.com https://static.hsappstatic.net https://*.hs-analytics.net https://*.hsadspixel.net https://js.zi-scripts.com https://darkbeam-3424022.hs-sites.com https://js.hubspot.com https://*.hubspot.com https://*.hs-banner.com https://*.hsleadflows.net/ https://js-agent.newrelic.com https://js.usemessages.com https://googleads.g.doubleclick.net https://t.sharethis.com https://js.sentry-cdn.com https://px4.ads.linkedin.com https://*.hs-scripts.com/ https://*.hsforms.net https://*.hsforms.com https://fast.wistia.net https://fast.wistia.com https://buttons-config.sharethis.com https://platform-api.sharethis.com https://static-assets.ripplingcdn.com https://ws.zoominfo.com https://lltrck.com https://www.clarity.ms https://snap.licdn.com https://unpkg.com https://code.jquery.com https://js.hsforms.net https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://td.doubleclick.net https://global.apexanalytix.com; worker-src 'self' blob: data: https://ws.zoominfo.com https://lltrck.com https://www.clarity.ms https://snap.licdn.com https://unpkg.com https://code.jquery.com https://js.hsforms.net https://www.googletagmanager.com; connect-src 'self' https://bam.nr-data.net https://embed-cloudfront.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://unpkg.com https://static.hsappstatic.net https://fast.wistia.net https://stats.g.doubleclick.net https://*.google-analytics.com https://*.google.com.au https://*.hubspot.com https://*.hubapi.com https://*.zoominfo.com https://js.zi-scripts.com https://bcp.crwdcntrl.net https://distillery.wistia.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://fast.wistia.com https://l.sharethis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://px.ads.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-3.6.0.min.js https://global.apexanalytix.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.hubspot.com https://*.hs-banner.com https://*.hsleadflows.net/ https://px4.ads.linkedin.com https://*.hsforms.net https://*.hsforms.com https://js.hubspot.com https://js.hsforms.net https://lltrck.com https://snap.licdn.com https://darkbeam-3424022.hs-sites.com https://unpkg.com https://ws.zoominfo.com https://www.clarity.ms https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' blob: data: https://pipedream.wistia.com https://distillery.wistia.com https://px4.ads.linkedin.com https://*.hsforms.net https://*.hsforms.com https://dev-apexanalytix.pantheonsite.io; img-src 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://px4.ads.linkedin.com https://sync.sharethis.com https://stats.g.doubleclick.net https://*.google.pt https://*.hsforms.com https://px4.ads.linkedin.com https://*.hsappstatic.net https://*.hubspot.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.google.com.ae https://*.google.com.au https://td.doubleclick.net https://l.sharethis.com https://embed-ssl.wistia.com https://fast.wistia.com https://*.linkedin.com https://platform-cdn.sharethis.com https://fast.wistia.net https://secure.gravatar.com https://forms-na1.hsforms.com https://forms.hsforms.com https://lltrck.com https://px.ads.linkedin.com; font-src 'self' 'unsafe-inline' data: https://fast.wistia.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://insider.spendmatters.com https://www.canva.com https://td.doubleclick.net https://web.cvent.com https://darkbeam-3424022.hs-sites.com https://w.soundcloud.com https://www.googletagmanager.com https://t.sharethis.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.com.au https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://www.youtube.com https://*.gartner.com https://*.hubspot.com https://content.googleapis.com https://accounts.google.com https://forms.hsforms.com https://fast.wistia.net https://ats.rippling.com; frame-ancestors 'self'; object-src 'self'; form-action 'self' https://forms.hsforms.com https://*.hsforms.net https://*.hsforms.com https://*.hubspot.com ; 2 base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/ https://irc.reelflix.cc https://irc.reelflix.xyz; connect-src 'self' https://reelflix.cc/socket.io/ wss://reelflix.cc/socket.io/ https://api.themoviedb.org/ https://reelflix.cc/socket.io/ wss://reelflix.cc/socket.io/ https://reelflix.xyz/socket.io/ wss://reelflix.xyz/socket.io/; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https:; media-src 'self' https://www.youtube-nocookie.com/embed/; object-src 'none'; script-src 'self' 'unsafe-eval' https://reelflix.cc https://reelflix.xyz; script-src-elem 'self' 'unsafe-inline' https://reelflix.cc https://reelflix.xyz; style-src 'self' 'unsafe-inline' gitcdn.xyz github.io *.github.io github.com; block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self' data: blob: https://b2b-cms.globalconnect.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://b2b-cms.globalconnect.net https://*.globalconnect.dk https://globalconnect.dk https://*.globalconnect.fi https://*.globalconnect.no https://*.globalconnect.de https://globalconnect.de https://*.globalconnect.se https://globalconnect.se https://globalconnectcarrier.com https://*.globalconnectcarrier.com https://globalconnectgroup.com https://*.globalconnectgroup.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.googletagmanager.com/ https://mktdplp102cdn.azureedge.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apps.mypurecloud.de/ https://*.tryg.dk/ https://sleeknotecustomerscripts.sleeknote.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://*.sleeknote.com/ https://sc.lfeeder.com/ https://globalconnect-2.mynewsdesk.com/ https://assets.calendly.com/ https://globalconnect-se.mynewsdesk.com/ https://globalconnect-com.mynewsdesk.com/ https://cdn.jobylon.com/ https://static-eu.jobylon.com/; style-src 'unsafe-inline' 'self' data: blob: https://b2b-cms.globalconnect.net; img-src 'self' data: blob: https://b2b-cms.globalconnect.net https://imgsct.cookiebot.com https://secure.gravatar.com/ https://*.tryg.dk/ https://*.sleeknote.com/; font-src 'self' data: blob: https://fonts.gstatic.com/ https://*.tryg.dk/ https://www.mynewsdesk.com/ https://sleeknotestaticcontent.sleeknote.com/; connect-src 'self' data: https://b2b-cms.globalconnect.net https://globalconnectcarrier.com https://*.globalconnectcarrier.com https://globalconnectgroup.com https://*.globalconnectgroup.com https://*.globalconnect.no https://*.globalconnect.dk https://globalconnect.dk https://*.globalconnect.fi https://*.globalconnect.de https://globalconnect.de https://*.globalconnect.se https://globalconnect.se https://consentcdn.cookiebot.com/ https://region1.google-analytics.com/ https://yoast.com/ https://*.dynamics.com/ https://api.mypurecloud.de/ https://apps.mypurecloud.de/ https://api-cdn.mypurecloud.de/ https://*.googlesyndication.com/ https://*.tryg.dk/ https://*.tryg.com/ https://*.sleeknote.com/ https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/; frame-src 'self' data: blob: https://b2b-cms.globalconnect.net https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://*.dynamics.com/ https://apps.mypurecloud.de https://www.googletagmanager.com/ https://player.vimeo.com/ https://network-map.globalconnect.net/ https://globalconnect-2.mynewsdesk.com/ https://calendly.com/ https://globalconnect-se.mynewsdesk.com/ https://globalconnect-com.mynewsdesk.com/ https://cdn.jobylon.com/ https://*.sleeknote.com/; media-src 'self' data: blob: https://b2b-cms.globalconnect.net; form-action 'self' https://b2b-cms.globalconnect.net; 2 frame-ancestors https://*.etracker.com; 2 frame-ancestors 'self';base-uri 'none';object-src 'none' 2 base-uri 'self'; upgrade-insecure-requests; default-src 'self' *.youtube-nocookie.com *.ytimg.com; style-src 'self' 'unsafe-inline'; 2 default-src https://disqus.com https://*.disquscdn.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://c.disquscdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.disquscdn.com https://*.disqus.com https://gapl.hit.gemius.pl https://ssl.google-analytics.com https://cdnjs.cloudflare.com; img-src 'self' data: https://ssl.google-analytics.com https://cdn.viglink.com https://*.disqus.com https://juicebox.net https://stats.g.doubleclick.net; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; frame-src 'self' https://www.gstatic.com https://www.google.com https://ls.hit.gemius.pl https://disqus.com https://ljsp.lwcdn.com https://*.dcs.redcdn.pl https://www.facebook.com https://www.youtube.com; frame-ancestors 'self'; connect-src 'self' https://*.google-analytics.com https://*.disqus.com; base-uri 'self'; 2 upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; 2 frame-ancestors 'self' https://app.safe.global https://dexscreener.com 2 frame-ancestors 'self' https://*.my.site.com https://*.wabco-customercentre.com ; default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 2 default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; font-src * data:; img-src * data: blob:; media-src 'self' * data: blob:; connect-src 'self' * blob:; 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://www.roechling.com https://jobs.roechling.com https://www.roechling.com.cn https://roechling.com.cn https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://editors.roechling.com https://roechling.concludis.de *.algolia.net *.licdn.com *.algolianet.com *.hs-scripts.com blob: *.hsadspixel.net *.hs-analytics.net js-eu1.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspotfeedback.com feedback-eu1.hubapi.com; style-src 'unsafe-inline' https://www.roechling.com/ https://jobs.roechling.com https://www.roechling.com.cn https://roechling.com.cn https://editors.roechling.com https://roechling.concludis.de https://*.algolia.net https://*.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://cdn2.hubspot.net https://fonts.googleapis.com; img-src 'self' https://www.roechling.com https://roechling.com https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://www.roechling.com.cn https://roechling.com.cn https://roechling.concludis.de data: * no-cache.hubspot.com js-eu1.hscta.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net; frame-src 'self' https://forms.office.com https://player.vimeo.com/ *.algolia.net *.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://www.youtube-nocookie.com/ *.hubspot.com *.hs-sites-eu1.com play-eu1.hubspotvideo.com *.hubspot.net *.hsforms.net *.hsforms.com https://www.roechling.com.cn https://roechling.com.cn https://roechling.concludis.de; connect-src https://www.roechling.com/ https://jobs.roechling.com/ https://www.roechling.com.cn/ https://roechling.com.cn/ https://editors.roechling.com https://recruiting.roechling.com https://analytics.roechling.com https://roechling.containers.piwik.pro https://roechling.piwik.pro https://roechling.concludis.de px.ads.linkedin.com *.algolia.net *.algolianet.com *.hubapi.com js-eu1.hscta.net *.hubspot.com *.hs-banner.com *.hs-collectedforms.net *.hsforms.com; font-src 'self' https://jobs.roechling.com https://www.roechling.com https://www.roechling.com.cn https://roechling.com.cn https://roechling.containers.piwik.pro https://roechling.piwik.pro https://fonts.gstatic.com filesystem: *.algolia.net *.algolianet.com; object-src 'self' https://www.roechling.com https://www.roechling.com.cn https://roechling.com.cn https://roechling.concludis.de *.algolia.net *.algolianet.com https://roechling.containers.piwik.pro https://roechling.piwik.pro; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://online.gamingcampus.fr https://gamingcampus.fr https://wordpress.gamingcampus.fr https://online.guardia.school https://guardia.school https://wordpress.guardia.school https://player.gamingcampus.fr https://player.guardia.school https://*.questeducation.fr data: blob:; 2 frame-ancestors 'self' https://content.snowplow.io https://snowplow.pathfactory.com; 2 default-src 'self' localhost static.formstack.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: siteimproveanalytics.com js-agent.newrelic.com www.youtube.com *.visualwebsiteoptimizer.com app.vwo.com browser-update.org api.eventcalendarapp.com *.formstack.com www.google.com www.gstatic.com web2.production.gyantts.com *.vimeocdn.com cdnjs.cloudflare.com hcaptcha.com newassets.hcaptcha.com stripe.com *.stripe.com *.stripecdn.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.gstatic.com fonts.googleapis.com s3.amazonaws.com *.typekit.net *.vimeocdn.com cdnjs.cloudflare.com js.stripe.com; img-src * data:; media-src assets.gyant.com; form-action 'self' *.formstack.com https://bellin.org http://bellin.docksal.site:8080; frame-src 'self' www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; frame-ancestors 'self'; child-src 'self' blob: www.youtube-nocookie.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com player.vimeo.com newassets.hcaptcha.com *.stripe.com *.stripecdn.com maps.google.com; font-src 'self' data: fonts.gstatic.com *.typekit.net api.eventcalendarapp.com s3.amazonaws.com *.formstack.com; connect-src 'self' bam.nr-data.net *.visualwebsiteoptimizer.com app.vwo.com api.eventcalendarapp.com *.formstack.com wss://web2.production.gyantts.com web2.production.gyantts.com *.hcaptcha.com stripe.com *.stripe.com; base-uri 'self'; report-uri /report-csp-violation 2 frame-ancestors 'self' https://flemingcollege.ca https://*.flemingcollege.ca https://*.flemingc.on.ca:* https://fleming.desire2learn.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com tag.manager.google.com tagmanager.google.com/ https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.sift.com https://maps.googleapis.com https://widget.trustpilot.com https://hexagon-analytics.com http://bat.bing.com http://*.taboola.com https://*.taboola.com https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com/ https://static.zdassets.com https://static.doubleclick.net https://connect.facebook.net https://www.dwin1.com http://*.scarabresearch.com https://*.scarabresearch.com https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://pay.google.com https://trck.spoteffects.net https://googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com *.ratepay.com https://zenloop-website-overlay-production.s3.amazonaws.com https://channels-api.zenloop.com https://www.google.com/pagead/ https://*.clarity.ms https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://pagead2.googlesyndication.com/ https://eu.fw-cdn.com https://chronext.wchat.eu.webpush.myfreshworks.com https://chronextag.myfreshworks.com https://wchat.freshchat.com/ https://kabilanpari-593373390124817132-83eaaf5d74e543316879879.freshchat.com https://*.cdn.adyen.com https://cookie-monster-api.stage.chronext.com https://f.vimeocdn.com https://*.calendly.com https://lantern.roeyecdn.com https://www.google.de/ads/ https://bat.bing.net https://www.facebook.com/tr https://cdn.eye-able.com https://www.eye-able-cdn.com https://*.klaviyo.com https://1918907638.chronext.at https://4237685217.chronext.ch https://1073703160.chronext.de https://1052094264.chronext.com https://*.licdn.com https://px.ads.linkedin.com https://*.trustedshops.com https://widgets.trustedshops.com http://widgets.trustedshops.com https://*.etrusted.com http://*.trustedshops.com; img-src 'self' data: * blob: * https://ssl.gstatic.com/ https://hexagon-analytics.com http://cdn.taboola.com https://cdn.taboola.com http://bat.bing.com https://bat.bing.com https://*.hotjar.com/ https://static.zdassets.com https://pay.google.com https://googleads.g.doubleclick.net https://*.creativecdn.com https://website-overlay.zenloop.com https://kabilanpari-593373390124817132-83eaaf5d74e543316879879.freshchat.com https://*.cdn.adyen.com https://*.calendly.com https://bat.bing.net https://www.facebook.com/tr https://cdn.eye-able.com https://*.klaviyo.com https://*.licdn.com https://px.ads.linkedin.com https://*.trustedshops.com http://*.trustedshops.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://tagmanager.google.com www.googletagmanager.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.hotjar.com/ https://static.zdassets.com https://pay.google.com https://*.creativecdn.com https://website-overlay.zenloop.com https://kabilanpari-593373390124817132-83eaaf5d74e543316879879.freshchat.com https://*.cdn.adyen.com https://*.calendly.com https://www.facebook.com/tr https://cdn.eye-able.com https://www.eye-able-cdn.com https://*.klaviyo.com https://*.licdn.com https://px.ads.linkedin.com https://www.googleadservices.com; font-src 'self' https://themes.googleusercontent.com data: * https://fonts.gstatic.com http://fonts.gstatic.com https://*.hotjar.com/ https://static.zdassets.com https://pay.google.com https://*.cdn.adyen.com https://*.calendly.com https://cdn.eye-able.com https://*.trustedshops.com http://*.trustedshops.com https://www.googleadservices.com; frame-src 'self' https: https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com http://widget.trustpilot.com https://*.hotjar.com/ https://static.zdassets.com https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net https://connect.facebook.net https://*.sift.com https://pay.google.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.cdn.adyen.com https://*.calendly.com https://bat.bing.net https://www.facebook.com/tr https://*.klaviyo.com https://cdn.eye-able.com/ https://www.googleadservices.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: https://www.google-analytics.com https://analytics.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://hexagon-analytics.com http://bat.bing.com https://bat.bing.com http://*.taboola.com https://*.taboola.com https://ctx-nsp-sell-watches-stage.s3.eu-central-1.amazonaws.com https://ctx-nsp-sell-watches.s3.eu-central-1.amazonaws.com https://ctx-nsp-sell-watches-prod.s3.eu-central-1.amazonaws.com https://*.g.doubleclick.net https://*.intercom.io https://*.hotjar.com/ https://*.hotjar.io/ https://static.zdassets.com https://kreditrechner-long-test.creditplus.de https://kess.creditplus.de https://j4s6cgablv-dsn.algolia.net https://cdn.contentful.com https://connect.facebook.net https://*.sift.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.emarsys.net https://*.scarabresearch.com https://*.execute-api.eu-central-1.amazonaws.com https://pricing-engine.ful.chronext.com https://pay.google.com https://prs.stage.chronext.com https://prs.ful.chronext.com *.ratepay.com https://zenloop-website-overlay-production.s3.amazonaws.com https://channels-api.zenloop.com https://api.zenloop.com https://maps.googleapis.com https://*.clarity.ms https://region1.google-analytics.com https://region1.analytics.google.com https://workshop.stage.chronext.com https://workshop.ful.chronext.com https://support-service.stage.chronext.com https://support-service.ful.chronext.com https://google.com https://www.gstatic.com/recaptcha https://*.creativecdn.com https://website-overlay.zenloop.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googlesyndication.com https://*.cdn.adyen.com https://cookie-monster-api.stage.chronext.com https://f.vimeocdn.com https://www.google.com/pagead/landing https://*.calendly.com https://www.google.com/ccm/ https://www.google.de/ads/ https://lantern.roeyecdn.com https://bat.bing.net https://www.facebook.com/tr https://cdn.eye-able.com/ https://*.klaviyo.com http://a.klaviyo.com https://1918907638.chronext.at https://4237685217.chronext.ch https://1073703160.chronext.de https://1052094264.chronext.com https://july.klarinsights.net https://september.klarinsights.net https://*.licdn.com https://px.ads.linkedin.com https://*.trustedshops.com http://*.trustedshops.com https://*.etrusted.com http://*.etrusted.com https://*.trustbadge.com http://*.trustbadge.com https://www.googleadservices.com; worker-src 'self' blob: 2 default-src 'self'; connect-src 'self' https://api.friendlycaptcha.com https://bat.bing.com https://camptocamp.matomo.cloud https://*.datareporter.eu https://dev.to https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://stats.g.doubleclick.net; img-src 'self' data: https://www.google.com https://bat.bing.com https://i.ytimg.com/* https://www.googletagmanager.com https://media2.dev.to https://syndication.twitter.com https://webcache-eu.datareporter.eu https://*.google.ch https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' https://www.xing-share.com https://webcache-eu.datareporter.eu https://api.tiles.mapbox.com https://unpkg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://camptocamp.matomo.cloud https://www.youtube.com https://cdn.matomo.cloud https://bat.bing.com https://www.xing-share.com https://platform.twitter.com https://platform.linkedin.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://*.datareporter.eu https://snap.licdn.com https://connect.facebook.net; font-src 'self' https://unpkg.com; frame-src 'self' https://www.youtube-nocookie.com/ https://platform.twitter.com https://www.googletagmanager.com https://td.doubleclick.net https://www.facebook.com/; worker-src blob: ; child-src blob: ; 2 base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://mpsnare.iesnare.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://region1.google-analytics.com https://region2.google-analytics.com https://region3.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://region1.analytics.google.com https://region2.analytics.google.com https://region3.analytics.google.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sdk.privacy-center.org https://api.privacy-center.org https://sibautomation.com https://in-automate.brevo.com https://pagead2.googlesyndication.com https://widget.botmind.io https://api.widget.botmind.ai https://matomo.123roulement.com https://matomojs.trackify.info https://checkoutshopper-live.adyen.com https://checkoutshopper-live.cdn.adyen.com https://checkoutanalytics-live.adyen.com https://applepay.cdn-apple.com https://x.klarnacdn.net https://pay.google.com https://insights.algolia.io https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/search-insights 2 frame-ancestors 'self' *.saleshood.com 2 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://cdn.trkkn.com https://*.p7s1.io https://*.usercentrics.eu https://walls.io https://*.walls.io;style-src 'self' 'unsafe-inline';img-src 'self' https://*.p7s1.io https://*.usercentrics.eu https://*.googletagmanager.com blob: data:;font-src 'self' blob: data:;object-src 'none';frame-src 'self' https://*.online-report.eu https://*.google.com https://*.eurolandir.com https://walls.io https://*.walls.io https://*.promeas.com https://player.live.p7s1video.net;base-uri 'self';form-action 'self';frame-ancestors 'none';upgrade-insecure-requests;connect-src 'self' https://*.p7s1.io https://*.usercentrics.eu https://*.google-analytics.com 2 default-src *; object-src 'none'; base-uri 'none'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * blob: data:; font-src * data:; frame-ancestors 'self' *.nyla.app *.nyla.vercel.app; 2 child-src 'self' www.googletagmanager.com https:; connect-src 'self' *.hsforms.com www.googletagmanager.com *.ctfassets.net vimeo.com https: consentcdn.cookiebot.com consent.cookiebot.com; default-src 'self' https:; font-src data: 'self' https: *.vimeocdn.com; frame-src 'self' www.googletagmanager.com https: consentcdn.cookiebot.com consent.cookiebot.com; img-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; media-src data: 'self' https: *.ctfassets.net *.vimeocdn.com *.akamaized.net; object-src 'none'; script-src data: 'unsafe-inline' 'wasm-unsafe-eval' 'self' https: www.googletagmanager.com *.hsforms.net vimeo.com *.vimeocdn.com player.vimeo.com consentcdn.cookiebot.com consent.cookiebot.com; style-src data: 'unsafe-inline' 'self' https: *.vimeocdn.com; worker-src 'none'; form-action 'self' *.hsforms.com https:; frame-ancestors 'self' app.contentful.com https:; upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cloudflare.com https://unpkg.com *.unpkg.com *.gstatic.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.vimeo.com *.onetrust.com *.newrelic.com *.nr-data.net *.hotjar.com *.jsdelivr.net *.pingdom.net *.klastaf.com *.cqc.org.uk *.carehome.co.uk *.facebook.com *.facebook.net *.gtranslate.net *.mediahawk.co.uk https://v4in1-si.click4assistance.co.uk https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://connect.facebook.net; object-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' *.googleapis.com *.jsdelivr.net *.cloudflare.com *.hotjar.com *.cqc.org.uk *.carehome.co.uk *.gstatic.com *.facebook.com *.gtranslate.net https://unpkg.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.google.co.uk *.google.com *.google.de *.google.ie *.google.com.mx *.doubleclick.net *.onetrust.com *.jsdelivr.net *.hotjar.com *.cqc.org.uk *.carehome.co.uk *.gstatic.com *.facebook.com *.gtranslate.net *.ytimg.com https://v4in1-si.click4assistance.co.uk https://imgsct.cookiebot.com https://img.sct.eu1.usercentrics.eu; media-src 'self'; frame-src 'self' *.vimeo.com *.youtube.com *.hotjar.com *.google.com *.google.co.uk *.doubleclick.net *.matterport.com *.gstatic.com *.facebook.com https://tour.vieweet.com https://after-image.co.uk https://app.cloudpano.com https://v4in1-ti.click4assistance.co.uk https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://fourwalls-group.com https://www.sanctuary-homes.co.uk/ https://www.sanctuary.co.uk/ https://www.googletagmanager.com; child-src 'self' ; font-src 'self' data: *.gstatic.com *.hotjar.com *.gtranslate.net; connect-src 'self' *.nr-data.net https://adservice.google.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.co.uk *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.onetrust.com *.onetrust.io *.pingdom.net *.cqc.org.uk *.carehome.co.uk *.gstatic.com *.facebook.com *.facebook.net https://dn.mediahawk.co.uk https://consentcdn.cookiebot.com https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu; report-uri /report-csp-violation; upgrade-insecure-requests 2 frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; 2 default-src 'self';script-src 'self' blob: https://www.google-analytics.com/ https://prep-edit.senedd.wales/ https://senedd.wales https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs=' 'unsafe-eval' 'unsafe-inline';style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline';child-src https://www.youtube.com/ https://www.google.com/;connect-src 'self' https://www.google-analytics.com https://prep-edit.senedd.wales/ https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv https://busnes.senedd.cymru https://business.senedd.wales https://region1.google-analytics.com;font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales;img-src 'self' https://* data:;object-src 'none';frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com https://cy.ons.gov.uk https://instagram.com https://www.instagram.com 2 frame-ancestors 'self' *.v12finance.com 2 frame-ancestors 'self', upgrade-insecure-requests; 2 sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox; upgrade-insecure-requests; default-src 'none'; base-uri 'none'; object-src 'none'; frame-ancestors 'none'; frame-src https://challenges.cloudflare.com/ https://www.youtube.com/embed/ https://cdn.embedly.com/widgets/media.html; form-action 'self'; manifest-src 'self'; worker-src blob: data: 'self'; child-src blob: data: 'self'; connect-src 'self' https://webflow.com/api/v1/form/66bccf01c71e88c5938199b8 https://hubspotonwebflow.com/assets/js/ https://hubspotonwebflow.com/api/forms/blockList https://hubspotonwebflow.com/api/forms/2114e479-9af6-44a8-81cf-c398ee6a5247 https://hubspotonwebflow.com/api/forms/5144b2e3-52dd-41ff-b645-256e21ed0162 https://www.googletagmanager.com/ https://www.google-analytics.com/g/collect https://cdn-cookieyes.com/client_data/36782011e68448c75ff6eea8/ https://prod.spline.design/IANd8ce4rF5Yt5dY/scene.splinecode https://prod.spline.design/X0xjcvVZIwSpe5VA/scene.splinecode https://prod.spline.design/TXUG-wQFYIdtBoj3/scene.splinecode https://prod.spline.design/XI6xHcqQwrkDRIBJ/scene.splinecode; img-src blob: data: 'self' https://cdn.prod.website-files.com/ https://www.googletagmanager.com/ https://cdn-cookieyes.com/assets/images/ https://d3e54v103j8qbb.cloudfront.net/static/ https://i.ytimg.com/vi/GxDPFBr1Rko/; media-src blob: data: 'self' https://cdn.prod.website-files.com/66bccf01c71e88c5938199b8/; font-src data: 'self' https://fonts.gstatic.com/s/inter/v20/ https://fonts.gstatic.com/s/poppins/v23/ https://fonts.gstatic.com/s/googlesans/v62/ https://cdn.prod.website-files.com/66bccf01c71e88c5938199b8/; style-src 'self' 'sha256-qjoAI4KiIYHdYTwKas2/OZ51AD1oiebWZuEe8WMi4sM=' 'sha256-zxGOzjgy/hl9ZMrvfwlF6uWFLZA+Y7gm8NRiNkgtRlM=' 'sha256-alQkhzRik30p4D42M4x52HUwzK1/HLrcDh9ydLkkoOI=' 'sha256-uou/vGYZxTHbd+9vyi0TLwbRdwMzkz0ZAwKGnkPKQ58=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-LucggBdGqZAVx0FEcHY4BId4IjslIMgii2J/cmL7Eis=' 'sha256-l0votuewRRO55Y2vk0h3Vj7oUu1FaRIpQ5UHtaE5fcg=' 'sha256-yfDxjpyZOYiFA9fC3O3BcBMWNjj214qpMjESFdOj/ak=' https://cdn.prod.website-files.com/66bccf01c71e88c5938199b8/css/ https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://fonts.googleapis.com/icon https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/; style-src-attr 'unsafe-hashes' 'sha256-l32kuTgbhZFV7YL2q1Sv/65m8dy+QzAV1CjPDUML0hE=' 'sha256-0LLA+I2JnZK1umVBjTUkRD8IqUM4UqQ85v3MS88iu/I=' 'sha256-uHJYy9RvK7uEz9frGIqGeXtVCRaMYjmv4hCMhkPCZpg=' 'sha256-EuBOW3rzX3Kz0WlSJfEr7N5flw8SUnkjkAhtbSNu5sw=' 'sha256-88EvfemNd/IWjYeAan7qPqMxZpj5tXu38pYpMH1VvoU=' 'sha256-ZE9cmGIwGaE8QIu7xdu01TgxdNL1kl16UGh7ujlqrOY='; script-src 'sha256-6K8IPxJPkDwu5GMWxbsC0VZEPJRJojz4p7qk7n8tia8=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-8CNiQEQWSzIUEwPehK8VMRe3MOVDgSlYFhixyBBTDi0=' 'sha256-LMlpt/GN6K8OvlPerqJU1wU45bVjIB72em+3zyZtYXM=' 'sha256-O0096PBZaSFRTdLpU866bCe62Cc5nw1kAe5Z/DyNms4=' 'sha256-FFwZihO0RBgiEPosuZPlPqdp3qMPVbT/2moLpAzjmM8=' https://challenges.cloudflare.com/ https://cdn.prod.website-files.com/66bccf01c71e88c5938199b8/ https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://cdn.jsdelivr.net/npm/lazy-load-video@latest/dist/custom-video.js https://ajax.googleapis.com/ajax/libs/webfont/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://cdn.prod.website-files.com/gsap/3.13.0/ https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/ https://cdn.jsdelivr.net/npm/@splinetool/runtime/build/ https://hubspotonwebflow.com/assets/js/form-124.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://cdn-cookieyes.com/client_data/36782011e68448c75ff6eea8/; 2 base-uri 'self';object-src 'none' 2 default-src 'self' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://stats.wpmudev.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://stats.wpmudev.com https://stats.wpmucdn.com https://code.jquery.com https://js-cdn.dynatrace.com https://www.youtube.com https://cdn.datatables.net https://www.instagram.com/embed.js https://www.clarity.ms; style-src 'unsafe-inline' 'self' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com https://cdn.datatables.net; img-src 'self' blob: data: https://www.google.cl https://analytics.tiktok.com https://stats1.wpmudev.com https://www.facebook.com https://secure.gravatar.com https://www.google.com.co https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.arauco.cl https://www.arauco.com https://i.ytimg.com https://arauco.com/argentina http://arauco-qas.arauco.com https://arauco.com/chile https://arauco.com https://www.googletagmanager.com https://placehold.it https://www.placeholder.com https://via.placeholder.com https://ps.w.org https://cdn1.iconfinder.com https://cdn.datatables.net https://scontent-scl2-1.cdninstagram.com https://img.youtube.com https://www.instagram.com https://scontent-iad3-2.cdninstagram.com https://scontent-iad3-1.cdninstagram.com https://instagram.fbaq6-1.fna.fbcdn.net; connect-src 'self' https://analytics.tiktok.com https://stats1.wpmudev.com https://analytics.google.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bf72388lyn.bf.dynatrace.com https://ipinfo.io https://cdn.datatables.net https://www.facebook.com https://www.google.com; font-src 'self' data: https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com; media-src 'self'; child-src 'self' https://www.araucoonline.com https://www.arauco.cl https://www.arauco.com; form-action 'self' https://www.facebook.com https://www.googletagmanager.com; frame-ancestors 'self' https://www.imperial.cl; object-src 'self'; frame-src 'self' https://www.google.com https://td.doubleclick.net https://www.araucoonline.com https://www.arauco.cl https://www.arauco.com https://www.youtube.com https://www.youtube-nocookie.com https://arauco-qas.arauco.com https://arauco.com https://arauco.b3dservice.de https://arauco.esignserver3.com https://orbitvu.co https://issuu.com https://www.facebook.com https://www.googletagmanager.com https://www.optimizadoronline.com https://www.instagram.com/ https://e.issuu.com/; worker-src 'self' blob:; manifest-src 'self'; 2 frame-ancestors 'self' http://localhost:3333 http://localhost:3000 https://www.sanity.io https://*.sanity.studio https://*.vercel.app https://*.mmhmm.app https://*.airtimetools.com https://*.airtime.com https://*.youtube.com 2 default-src 'self' https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com https://svrdntfctn.com; script-src 'self' https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com https://svrdntfctn.com; style-src 'self' 'unsafe-inline' https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com https://svrdntfctn.com; img-src 'self' data: https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com https://svrdntfctn.com; frame-src 'self' https://youtube-nocookie.com https://www.youtube-nocookie.com https://player.youku.com; font-src 'self' data: https://tags.tiqcdn.com https://cdn.cookielaw.org https://tag.aticdn.net https://my-basf-privacy.my.onetrust.com https://strawberry.basf.com https://geolocation.onetrust.com 2 base-uri 'self' https:; font-src 'self' 'unsafe-inline' https: data:; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' data: blob: https:; object-src 'self' data: https:; script-src-attr 'self' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: localhost:8085 *.cookieinformation.com *.googletagmanager.com *.googleapis.com *.ingest.de.sentry.io; upgrade-insecure-requests; frame-src 'self' data: https: https://hr-skyen.dk *.vimeo.com *.youtube.com; 2 default-src https:;style-src 'self' 'unsafe-inline';img-src https: data:;media-src https: data: blob:;font-src https: data:;script-src https: 'nonce-noeEtracker' 'nonce-noeGdpr'; frame-ancestors 'self' https://newspilot.noerr.com; 2 connect-src *;default-src 'self' https://*.cardsdirect.com https://contactpro.taylor.com https://static.zdassets.com https://www.google.com; frame-src 'self' https://copilotstudio.microsoft.com https://gleam.io https://ct.pinterest.com https://td.doubleclick.net https://*.sharethis.com https://*.criteo.com https://*.secure.orders.com https://secure.orders.com https://static.criteo.net https://*.cardsdirect.com https://www.google.com https://widget.trustpilot.com https://www.facebook.com https://www.youtube.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; font-src 'self' https://*.wpengine.com https://cdn.icomoon.io https://cdn.openshareweb.com https://fonts.gstatic.com https://d1azc1qln24ryf.cloudfront.net; object-src 'none'; script-src-elem 'self' 'unsafe-inline' * 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; worker-src blob: ; child-src blob: ; 2 object-src 'none'; script-src 'self' https://*.rmbl.ws https://ads.pubmatic.com https://polyfill.io https://js.ad-score.com https://*.revcontent.com https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://ads.scored.co 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' *.mytolino.com *.mytolino.de data: *.pageplace.de www.googletagmanager.com *.doubleclick.net www.google.com www.google.de www.googleadservices.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.gstatic.com connect.facebook.net www.facebook.com 'unsafe-inline' www.youtube.com *.digiaccess.org 2 font-src * data: blob: 'unsafe-inline' js.stripe.com fonts.gstatic.com;script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 2 default-src 'none'; child-src 'self'; connect-src 'self' https://*.bynder.com https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://adservice.google.com https://bat.bing.com https://brandportal.falck.com https://browser-intake-datadoghq.eu https://collect.falck.dk https://consent.app.cookieinformation.com https://esp-eu.aptrinsic.com https://googleads.g.doubleclick.net/ https://js.monitor.azure.com https://maps.googleapis.com https://policy.app.cookieinformation.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://tracker.falck-sverige.open-analytics.se https://westeurope-5.in.applicationinsights.azure.com https://www.falck.com https://www.google-analytics.com https://www.google.com https://www.google.dk; font-src 'self' https://*.bynder.com https://*.cloudfront.net https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://bot.ivy.ai https://cdn-gw-prd.azureedge.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://prd-falckcdn.azureedge.net; frame-src 'self' blob: https://*.fls.doubleclick.net https://*.microsoft.com https://*.office.com https://bot.ivy.ai https://dashboard.find.episerver.net https://falck.23video.com https://forms.office.com https://maps.googleapis.com https://paybill.falck.us https://player.vimeo.com/ https://policy.app.cookieinformation.com https://www.google.com https://www.googletagmanager.com; img-src 'self' blob: data: https://*.bynder.com https://*.cloudfront.net https://*.global.siteimproveanalytics.io https://ad.doubleclick.net https://ai1.ivy-cdn.com https://analytics.sleeknote.com https://bat.bing.com https://brandportal.falck.com https://cdn.honey.io https://connect.facebook.net https://falck.dk https://fonts.gstatic.com https://khm.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://khms2.googleapis.com https://khms3.googleapis.com https://lh3.ggpht.com https://lh4.ggpht.com https://lh5.ggpht.com https://lh6.ggpht.com https://maps.googleapis.com https://maps.gstatic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://streetviewpixels-pa.googleapis.com https://translate.google.com https://www.facebook.com https://www.falck.dk/ https://www.google-analytics.com https://www.google.at https://www.google.co.id https://www.google.co.uk https://www.google.com https://www.google.com.tr https://www.google.com.ua https://www.google.com.uy https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.se https://www.googletagmanager.com https://www.linkedin.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudflare.com https://*.jsdelivr.net https://bat.bing.com https://bot.ivy.ai https://cdn-4.convertexperiments.com https://cdn-gw-prd.azureedge.net https://code.jquery.com https://connect.facebook.net https://consent.app.cookieinformation.com https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com https://policy.app.cookieinformation.com https://prd-falckcdn.azureedge.net https://siteimproveanalytics.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://snap.licdn.com https://tracker.falck-sverige.open-analytics.se https://widget.trustpilot.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://*.bynder.com https://*.cloudflare.com https://*.jsdelivr.net https://bat.bing.com https://bot.ivy.ai https://cdn-4.convertexperiments.com https://cdn-gw-prd.azureedge.net https://cdn.treasuredata.com https://code.jquery.com https://connect.facebook.net https://consent.app.cookieinformation.com https://eu01.in.treasuredata.com https://js.monitor.azure.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://policy.app.cookieinformation.com https://prd-falckcdn.azureedge.net https://siteimproveanalytics.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://snap.licdn.com https://tracker.falck-sverige.open-analytics.se https://web-sdk-eu.aptrinsic.com https://widget.trustpilot.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.jsdelivr.net https://cdn-gw-prd.azureedge.net https://fonts.googleapis.com https://prd-falckcdn.azureedge.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.cloudfront.net https://*.jsdelivr.net https://cdn-gw-prd.azureedge.net https://cdn.honey.io https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://prd-falckcdn.azureedge.net https://web-sdk-eu.aptrinsic.com https://www.gstatic.com; media-src data: https://*.bynder.com https://*.cloudfront.net https://brandportal.falck.com; manifest-src https://landesite.falck.com https://www.falck.co https://www.falck.com https://www.falck.com.au https://www.falck.de https://www.falck.es https://www.falck.fi https://www.falck.fr https://www.falck.nl https://www.falck.no https://www.falck.pl https://www.falck.pt https://www.falck.ro https://www.falck.sk https://www.falck.uk https://www.falck.us https://www.falckbrasil.com.br https://www.falckhealthcare.dk https://www.falckitalia.it https://www.falcksverige.se https://www.mit.falck.dk; worker-src blob:; report-to stott-security-endpoint;report-uri https://www.falck.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: wss: *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data: *; img-src * 'unsafe-inline' 'unsafe-eval' data: *; frame-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src * 'unsafe-inline' 'unsafe-eval' data: * 2 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none' 2 default-src 'self' https://matomo.synlab-marketing.com https://www.synlab.com/ https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.facebook.com/ https://analytics.ahrefs.com/; script-src 'self' https://matomo.synlab-marketing.com https://www.synlab.com/ https://*.googleapis.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://*.facebook.net/ https://*.facebook.com/ https://analytics.ahrefs.com/ 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.synlab.com/ https://*.googleapis.com; frame-src 'self' https://vimeo.com/ https://*.vimeo.com/ https://*.facebook.com/ https://*.equitystory.com/ https://irpages2.eqs.com/; img-src 'self' data: https://www.synlab.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.google.de/ https://*.google.com/ https://*.google-analytics.com/ https://*.facebook.com/ https://*.googletagmanager.com/; frame-ancestors 'self' https://www.synlab.com; 2 base-uri 'none'; font-src 'self' data: shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.fontawesome.com dev.visualwebsiteoptimizer.com fonts.gstatic.com; form-action 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.coupahost.com *.facebook.com *.paypal.com *.paypalobjects.com; frame-ancestors 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.orbitvu.cloud *.orbitvu.co *.paypal.com *.paypalobjects.com orbitvu.cloud orbitvu.co; img-src 'self' blob: data: shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.bing.com *.bing.net *.clarity.ms *.cloudfront.net *.consensu.org *.consentmanager.net *.criteo.net *.facebook.com *.facebook.net *.googleadservices.com *.google-analytics.com *.google.com *.google.de *.googletagmanager.com *.gstatic.com *.hsforms.com *.hubspot.com *.orbitvu.co *.orbitvu.cloud *.paypal.com *.paypalobjects.com *.spoteffects.net *.tinymce.com *.ytimg.com a.twiago.com aa.agkn.com ad.360yield.com ads.yieldmo.com c1.adform.net ad.yieldlab.net beacon.krxd.net b.stats.paypal.com cm.adform.net cm.g.doubleclick.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dev.visualwebsiteoptimizer.com dpm.demdex.net e1.emxdgt.com eb2.3lift.com exchange.mediavine.com googleads.g.doubleclick.net gum.criteo.com hb.yahoo.net ib.adnxs.com id5-sync.com jadserve.postrelease.com maps.googleapis.com match.sharethrough.com matching.ivitrack.com orbitvu.co pixel.rubiconproject.com public-prod-dspcookiematching.dmxleo.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com s3-eu-west-1.amazonaws.com sbp-plugin-images.s3.amazonaws.com sbp-plugin-images.s3.eu-west-1.amazonaws.com simage2.pubmatic.com sync.1rx.io sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.targeting.unrulymedia.com sync.outbrain.com *.trustpilot.com ups.analytics.yahoo.com visitor.omnitagjs.com x.bidswitch.net; object-src 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu; script-src-attr 'unsafe-hashes'; style-src 'self' 'unsafe-inline' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.cloudfront.net *.consensu.org *.criteo.com *.fontawesome.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hubspot.com *.orbitvu.co *.orbitvu.cloud *.typekit.net cdn.consentmanager.net fonts.googleapis.com dev.visualwebsiteoptimizer.com hb.yahoo.net unpkg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.attributy.com *.bing.com *.clarity.ms *.cloudfront.net *.consensu.org *.consentmanager.net *.criteo.com *.doofinder.com *.googleadservices.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hubspot.com *.intedia.de *.jsdelivr.net *.newrelic.com *.orbitvu.co *.orbitvu.cloud *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.sentry.io *.sentry-cdn.com *.sovendus.com *.spoteffects.net *.taboola.com *.tiny.cloud *.tinymce.com *.trustpilot.com cdnjs.cloudflare.com connect.facebook.net dev.visualwebsiteoptimizer.com googleads.g.doubleclick.net orbitvu.cloud orbitvu.co unpkg.com; upgrade-insecure-requests; connect-src 'self' ws: localhost:3000 *.arbeitsschutz-express.de *.asx.eu *.attributy.com *.bing-int.com *.bing.com *.bing.net *.clarity.ms *.consensu.org *.consentmanager.net *.criteo.com *.doofinder.com *.doubleclick.net *.etrusted.com *.facebook.com *.google-analytics.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hscollectedforms.net *.hsforms.com *.hubapi.com *.hubspot.com *.nr-data.net *.orbitvu.cloud *.paypal.com *.paypalobjects.com *.sentry.io *.sovendus.com *.solutenetwork.com *.taboola.com *.trustpilot.com arbeitsschutz-express.de asx.eu asx.local chatbotapi.catalogueflow.com dev.visualwebsiteoptimizer.com google.com maps.googleapis.com scnem2.com shopware.api static.hsappstatic.net stats.g.doubleclick.net; default-src 'self' localhost:3000 asx.local shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu; frame-src 'self' data: *.arbeitsschutz-express.de *.asx.eu *.braintreegateway.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.googleadservices.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hubspot.com/ *.orbitvu.cloud *.orbitvu.co *.paypal.com *.paypalobjects.com *.sovendus-connect.com *.sovendus.com *.trustpilot.com *.youtube-nocookie.com *.youtube.com arbeitsschutz-express.de asx.eu chatbot.catalogflow.ai dev.visualwebsiteoptimizer.com orbitvu.cloud orbitvu.co pay.google.com shopware.api; media-src 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de dev.visualwebsiteoptimizer.com asx.eu *.asx.eu *.orbitvu.cloud; worker-src 'nonce-vDlG5YmGUoLm1tYCRwe+sfsH' 'self' blob: arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu; 2 default-src 'unsafe-inline' https:; img-src data: https: 2 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com; connect-src 'self' https://*.google-analytics.com; img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com 2 frame-ancestors 'self' https://preview.touchsource.com 2 frame-ancestors 'self'; default-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com *.ggpht.com tracking.edugroup.at; img-src 'self' data: *.gstatic.com *.googleapis.com *.ggpht.com; frame-src 'self' *.vimeo.com *.youtube-nocookie.com *.google.com *.ggpht.com *.googlevideo.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.gstatic.com *.googleapis.com *.marketingsuite.info tracking.edugroup.at; style-src 'self' *.marketingsuite.info 'unsafe-inline' 2 default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 2 default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.culturaldistrict.org *.typeform.com *.googleapis.com *.googletagmanager.com https://static.formstack.com *.pittsburghsymphony.org *.citytheatrecompany.org https://cdnjs.cloudflare.com *.unpkg.com *.typekit.net *.gbox.me *.addressy.com; connect-src 'self' *.amazonaws.com *.tidio.co *.googlesyndication.com/ https://pct.formstack.com *.addressy.com https://trustarts.queue-it.net https://analytics.tiktok.com *.purechat.com https://adservice.google.com https://analytics.google.com *.postcodeanywhere.co.uk https://stats.g.doubleclick.net https://www.facebook.com *.google-analytics.com *.googleapis.com https://online.anyflip.com https://checkoutshopper-live-us.adyen.com/ *.typeform.com *.datadome.co ct.captcha-delivery.com https://rum.browser-intake-datadoghq.com https: wss:; img-src cdnjs.cloudflare.com https: data:; font-src 'self' https://fonts.gstatic.com *.tidiochat.com *.tidio.co *.formstack.com https://use.typekit.net; object-src 'none'; media-src 'self' *.tidiochat.com *.tidio.co *.culturaldistrict.org; frame-src 'self' *.googletagmanager.com *.approveforgood.com/ https://geo.captcha-delivery.com *.applytojob.com/ *.doubleclick.net https://aa.trkn.us *.culturaldistrict.org *.formstack.com *.googlesyndication.com/ *.jotform.com/ *.pittsburghsymphony.org *.citytheatrecompany.org https://form.typeform.com/ *.youtube.com *.youtube-nocookie.com/ https://w.soundcloud.com/ *.issuu.com https://insight.adsrvr.org *.vimeo.com *.facebook.com *.google.com *.recaptcha.net https://online.anyflip.com *.albumizr.com/ https://checkoutshopper-live-us.adyen.com/; frame-ancestors 'self'; worker-src blob:; 2 object-src 'none'; script-src 'self' 'unsafe-inline' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://www.googletagmanager.com https://cdn01.basis.net/assets/up.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js http://cdn.jsdelivr.net http://d3js.org/d3.v4.min.js http://cdnjs.cloudflare.com http://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.0/Chart.min.js http://cdnjs.cloudflare.com/ajax/libs/chartjs-plugin-doughnutlabel/2.0.3/chartjs-plugin-doughnutlabel.js https://static.hotjar.com https://www.googletagmanager.com https://cdn01.basis.net/assets/up.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self' 2 child-src blob: https://ads.stickyadstv.com https://gum.criteo.com https://ups.analytics.yahoo.com https://*.digipix.com.br https://*.fotoregistro.com.br; connect-src 'self' https://472n075u3a.ucarecd.net https://648a146b4be7429c6dd2eac3.config.smooch.io https://648a146b4be7429c6dd2eac3.webloader.smooch.io https://adservice.google.com https://analytics-ahrefs.com https://analytics-google.com https://analytics-ipv6.tiktokw.us https://analytics-pangle-ads.com https://analytics-tiktok.com https://api-js.mixpanel.com https://api-pushowl.com https://api-reviews.io https://ara.paa-reporting-advertising.amazon https://bam.nr-data.net https://bat.bing.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cloud.umami.is https://browser.sentry-cdn.com https://ct.pinterest.com https://fotoregistrobr.api.useinsider.com https://google.com https://hit.api.useinsider.com https://inference.api.useinsider.com https://locationv2.api.useinsider.com https://logger.uol.com.br https://measurement-api.criteo.com https://metrics.fotoregistro.com.br https://pixel.byspotify.com https://pixels.spotify.com https://region1.analytics.google.com https://s.amazon-adsystem.com https://segment.api.useinsider.com https://server-side-tagging-gbb3efdyoq-uc.a.run.app https://ssl.google-analytics.com https://stats.g.doubleclick.net https://the.sciencebehindecommerce.com https://trustvox.com.br https://ucarecdn.com https://*.uploadcare.com https://uploadcare.s3-accelerate.amazonaws.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com.br https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.pinterest.com https://www.wepowerconnections.com https://*.api.useinsider.com https://*.clarity.ms https://*.digipix.com.br https://*.digipix.dev https://*.digipix.io https://*.facebook.com https://*.firebaseio.com https://*.fotoregistro.com.br https://*.google.com https://*.ingest.sentry.io https://*.sentry.io https://*.trustvox.com.br https://*.useinsider.com wss://*.firebaseio.com wss://*.useinsider.com wss://ws.pusherapp.com ws://ws.pusherapp.com; default-src 'self' data: blob:; font-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://*.api.useinsider.com https://*.useinsider.com https://assets.reviews.io https://cdn.convrrt.com https://cdnjs.cloudflare.com https://cdn.smooch.io https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://use.fontawesome.com https://trustvox.com.br https://*.trustvox.com.br https://use.typekit.net; frame-src 'unsafe-eval' 'unsafe-inline' 'self' blob: https://*.digipix.com.br https://*.facebook.com https://*.firebaseio.com https://*.fotoregistro.com.br https://*.api.useinsider.com https://*.prismic.io https://*.useinsider.com https://*.criteo.com https://*.vimeo.com https://ct.pinterest.com https://digipix.prismic.io https://event.getblue.io https://fledge.us.criteo.com https://fotoregistrobr.api.useinsider.com https://gum.criteo.com https://indexanetwork.go2cloud.org https://m.youtube.com https://direto-digipix-com.os.tc https://platform.twitter.com https://s.amazon-adsystem.com https://server-side-tagging-gbb3efdyoq-uc.a.run.app https://sibautomation.com https://static.criteo.net https://td.doubleclick.net https://tm.uol.com.br https://social.uploadcare.com https://tpc.googlesyndication.com https://www.awin1.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.api.useinsider.com https://*.clarity.ms https://*.criteo.com https://*.digipix.com.br https://*.facebook.com https://*.facebook.net https://*.fotoregistro.com.br https://*.liadm.com https://*.prismic.io https://*.useinsider.com https://aa.agkn.com https://ad.360yield.com https://ad.tpmn.co.kr https://ad.yieldlab.net https://ade.clmbtech.com https://adgen.socdm.com https://ads.stickyadstv.com https://adx.dable.io https://analytics.ahrefs.com https://analytics.google.com https://analytics.pangle-ads.com https://analytics.tiktok.com https://api.amedigital.com https://assets.reviews.io https://bat.bing.com https://bh.contextweb.com https://c.bing.com https://c1.adform.net https://cdn.aralego.net https://cdn.convrrt.com https://cdn.smooch.io https://cdnjs.cloudflare.com https://cm.adform.net https://cm.adgrx.com https://cm.g.doubleclick.net https://cm.t.tailtarget.com https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://cs.adingo.jp https://csi.gstatic.com https://csm.va.us.criteo.net https://ct.pinterest.com https://digipix.cdn.prismic.io https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://eugen.go2cloud.org https://exchange.mediavine.com https://fonts.gstatic.com https://fotoregistrobr.api.useinsider.com https://googleads.g.doubleclick.net https://hb.yahoo.net https://ib.adnxs.com https://id5-sync.com https://idsync.rlcdn.com https://img.mailinblue.com https://jadserve.postrelease.com https://live.rezync.com https://log.api.useinsider.com https://match.prod.bidr.io https://match.sharethrough.com https://matching.ivitrack.com https://p.rfihub.com https://pagead2.googlesyndication.com https://partner.mediawallahscript.com https://pixel-sync.sitescout.com https://pixel.rubiconproject.com https://pixel.tapad.com https://public-prod-dspcookiematching.dmxleo.com https://ucarecdn.com https://pr-bh.ybp.yahoo.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://simage2.pubmatic.com https://ssl.google-analytics.com https://trustvox.com.br https://*.trustvox.com.br https://stats.g.doubleclick.net https://sync.cootlogix.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.1rx.io https://sync.aralego.com https://sync.crwdcntrl.net https://sync.outbrain.com https://sync.targeting.unrulymedia.com https://syndication.twitter.com https://t.tailtarget.com https://tags.bluekai.com https://tapestry.tapad.com https://tg.socdm.com https://theme.zdassets.com https://tr.superoferta.online https://trends.revcontent.com https://ups.analytics.yahoo.com https://user-sync.fwmrm.net https://visitor.omnitagjs.com https://wl-production-assets-uk.s3.eu-west-1.amazonaws.com https://www.awin1.com https://www.google-analytics.com https://www.google.ca https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.ar https://www.google.com.br https://www.google.com.np https://www.google.com.py https://www.google.com.sg https://www.google.com.uy https://www.google.dz https://www.google.fi https://www.google.nl https://www.google.pt https://www.googleadservices.com https://www.googletagmanager.com https://www.pinterest.com https://www.wepowerconnections.com https://x.bidswitch.net https://472n075u3a.ucarecd.net https://x.dlx.addthis.com; manifest-src 'self' blob:; media-src 'self'; object-src 'unsafe-eval' 'unsafe-inline' https://*.api.useinsider.com https://*.useinsider.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.digipix.com.br https://*.digipix.io https://*.digipx.dev https://platform.twitter.com https://*.api.useinsider.com https://*.bing.com https://*.facebook.net https://*.fotoregistro.com.br https://*.google.com https://*.useinsider.com https://analytics.tiktok.com https://assets.reviews.io https://b.t.tailtarget.comb https://bat.bing.combat.js https://c.amazon-adsystem.com https://cdn.convrrt.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cdn.pushowl.com https://cloud.umami.is https://dynamic.criteo.com https://event.getblue.io https://googleads.g.doubleclick.net https://s.pinimg.comct/core.js https://sibautomation.comsa.js https://sslwidget.criteo.comevent https://static.cdn.prismic.io/prismic.js https://the.sciencebehindecommerce.comd9core https://tm.jsuol.com.bruoltm.js https://tracker.bt.uol.com.brpartner https://tt-10162-1.seg.t.tailtarget.com https://ucarecdn.com/libs/widget/3.x/uploadcare.full.min.js https://ucarecdn.com/libs/widget-tab-effects/1.x/uploadcare.tab-effects.js https://widget.getblue.io/event https://www.awin1.comsread.js https://www.dwin1.com17835.js https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.api.useinsider.com https://*.bing.com https://*.digipix.com.br https://*.facebook.net https://*.firebaseio.com https://*.prismic.io https://*.useinsider.com https://analytics.ahrefs.com https://analytics.tiktok.com https://apis.google.com https://b.t.tailtarget.com https://c.amazon-adsystem.com https://cdn.convrrt.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cdn.pushowl.com https://cdnjs.cloudflare.com https://cdn.smooch.io https://netdna.bootstrapcdn.com https://cloud.umami.is https://code.jquery.com https://rate.trustvox.com.br https://ct.pinterest.com https://dynamic.criteo.com https://edge.fullstory.com https://event.getblue.io https://fotoregistrobr.api.useinsider.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://*.sentry-cdn.com https://metrics.fotoregistro.com.br https://metrics.fotoregistro.com.br/gtm.js https://pixel.byspotify.com https://prismic.io https://s.pinimg.com https://sibautomation.com https://*.googleapis.com https://ssl.google-analytics.com https://sslwidget.criteo.com https://static.cdn.prismic.io https://the.sciencebehindecommerce.com https://tm.jsuol.com.br https://tpc.googlesyndication.com https://tracker.bt.uol.com.br https://trustvox.com.br https://static.trustvox.com.br https://staging.trustvox.com.br https://colt.trustvox.com.br https://ucarecdn.com/libs/widget/3.x/uploadcare.full.min.js https://ucarecdn.com/libs/widget-tab-effects/1.x/uploadcare.tab-effects.js https://tt-10162-1.seg.t.tailtarget.com https://use.fontawesome.com https://widget.getblue.io https://widget.reviews.io https://widget.trustpilot.com https://472n075u3a.ucarecd.net https://www.awin1.com https://www.dwin1.com https://www.clarity.ms https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.api.useinsider.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.trustvox.com.br https://use.fontawesome.com https://*.useinsider.com https://www.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' data: https://*.useinsider.com https://*.firebaseio.com https://assets.reviews.io https://cdn.convrrt.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.smooch.io https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://www.googletagmanager.com https://trustvox.com.br https://*.trustvox.com.br https://use.fontawesome.com; worker-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://*.api.useinsider.com https://*.useinsider.com https://api.useinsider.com; 2 img-src 'self' data:; 2 img-src 'self' data: https: images.ctfassets.net cookie-cdn.cookiepro.com lux.speedcurve.com *.reciteme.com *.googleapis.com; media-src 'self' https: *.ctfassets.net/; connect-src 'self' https: cookie-cdn.cookiepro.com *.applicationinsights.azure.com *.google-analytics.com *.reciteme.com *.googletagmanager.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.googletagmanager.com js.monitor.azure.com cookie-cdn.cookiepro.com cdn.speedcurve.com www.youtube.com api.reciteme.com; style-src 'self' 'unsafe-inline' api.reciteme.com fonts.googleapis.com fast.fonts.net *.typekit.net; frame-src 'self' *.googletagmanager.com www.youtube.com www.instagram.com my.matterport.com viewings.ehouse.co.uk www.google.com universe.queue-it.net universe.com *.universe.com priorptnrs.s3.eu-west-2.amazonaws.com; 2 img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: 2 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://bat.bing.com https://bat.bing.net https://channel.me https://engie.conversationalsdevelopment.nl https://cdn.conversationalsdevelopment.nl https://api.seamly.ai wss://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://engie-engie.digitalcx.com https://api.digitalcx.com https://www.50five-engie.nl https://engie.pti.nl https://api.ipdata.co https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://td.doubleclick.net/ https://ad.doubleclick.net/ https://8158725.fls.doubleclick.net/ https://google.com https://www.google.com https://www.google.nl https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://adservice.google.com https://storage.googleapis.com https://www.gstatic.com https://s.ytimg.com https://code.jquery.com https://snap.licdn.com https://px.ads.linkedin.com https://api.membergetmember.co https://embedded.membergetmember.co https://events.membergetmember.co https://heartbeat.membergetmember.co https://tracking.membergetmember.co https://prod-mgw.engie-app.nl/api/v1/opening-hours https://prod-mgw.engie-app.nl/api/v1/waiting-times https://prod-mgw.engie-app.nl/api/v1/opening-hours/waiting-time https://*.optimizely.com https://ws.pushcall.com https://smartcontactbutton.pushcall.com https://api.storyteq.com https://assets.storyteq.com https://www.youtube.com https://www.youtube-nocookie.com https://v2.zopim.com wss://widget-mediator.zopim.com https://static.zdassets.com https://ekr.zdassets.com;font-src 'self' data:;img-src https://bat.bing.com https://cdn.conversationalsdevelopment.nl https://newstat.net https://ds1.nl https://www.google.nl https://www.google.com https://storage.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://*.googlesyndication.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.optimizely.com https://api.storyteq.com https://assets.storyteq.com 'self' data:;style-src 'self' 'unsafe-inline' https://www.50five-engie.nl https://storage.googleapis.com https://fonts.googleapis.com https://cdn.conversationalsdevelopment.nl; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ccm19.de *.googletagmanager.com *.facebook.net *.tiktok.com *.youtube.com *.vimeo.com vercel.live charts3.equitystory.com *.pinimg.com *.pinterest.com ir-api.eqs.com https://googleads.g.doubleclick.net https://platform.contentfry.com/sdk/embed.js; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.ccm19.de *.googletagmanager.com *.facebook.net *.tiktok.com *.youtube.com *.vimeo.com vercel.live *.bic-media.com charts3.equitystory.com *.pinterest.com *.doubleclick.net ir-api.eqs.com https://www.facebook.com https://tracking.bastei-luebbe.de https://gtm-747961606695.europe-west3.run.app https://display.contentfry.com/; style-src 'self' 'unsafe-inline' *.ccm19.de ir-api.eqs.com https://fonts.googleapis.com; img-src 'self' blob: data: https:; font-src 'self' https:; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' *.contentful.com https://app.contentful.com; connect-src 'self' https: wss: localhost; media-src 'self' https: *.ctfassets.net; worker-src 'self' blob:; manifest-src 'self' 2 font-src data: https://app.kaplanpathways.com/ https://cdn.livechatinc.com/ https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://kaplanpathways.com/ https://pathways-wp.eu-west-1.prd.pathways-wp.ki-emea-prd.aws.kapintdc.com/ https://www.kaplanpathways.com/ https://use.typekit.net/ https://static.formstack.com/ https://www.studentgriefnetwork.co.uk/ https://studentgriefnetwork.co.uk/ https://www.kaplanintl.com/ https://kaplanintl.com/ kaplan.altis.dev:* kaplan-dev.altis.cloud:* kaplan-staging.altis.cloud:* kaplan-prod.altis.cloud:* 'self'; frame-src *.flywire.com https://anchor.fm/ https://app.kaplanpathways.com/ https://embed.acast.com/ https://embed.podcasts.apple.com/ https://embed.ted.com/ https://giphy.com/ https://gtm.kaplanpathways.com/ https://j.map.baidu.com https://kaplaninternational--stage.sandbox.my.site.com/ https://kaplaninternational.my.salesforce-scrt.com/ https://kaplaninternational.my.site.com/ https://kaplanpathways.com/ https://map.baidu.com https://open.spotify.com/ https://pathways-wp.eu-west-1.prd.pathways-wp.ki-emea-prd.aws.kapintdc.com/ https://pathways-wp.eu-west-1.stg.pathways-wp.ki-emea-stg.aws.kapintdc.com/ https://pathways-wp.eu-west-1.tst.pathways-wp.ki-emea-tst.aws.kapintdc.com/ https://payment.flywire.com/ https://player.bilibili.com/ https://player.vimeo.com/ https://podcasts.apple.com/ https://podcasters.spotify.com/ https://popcard.unibuddy.co/ https://s3-eu-west-1.amazonaws.com/ https://secure.livechatinc.com/ https://static.addtoany.com/ https://td.doubleclick.net/ https://tr.snapchat.com/ https://unibuddy.co/ https://vimeo.com/ https://w.soundcloud.com/ https://www.facebook.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.kaplanpathways.com/ https://www.youtube.com/ https://static.formstack.com/ https://14392685.fls.doubleclick.net/; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval' 2 base-uri *; font-src 'self' data: https://cdn.recruiting-solutions.org https://rmkcdn.successfactors.com https://chat2050.realperson.de; form-action *; frame-ancestors 'self' https://app.storyblok.com; img-src https://www.dm-jobs.de https://www.dm-jobs.ba https://www.dm-jobs.bg https://www.dm-jobs.it https://www.dm-jobs.hr https://www.dm-jobs.mk https://www.dm-jobs.at https://www.dm-jobs.pl https://www.dm-jobs.ro https://www.dm-jobs.rs https://www.dm-jobs.sk https://www.dm-jobs.si https://www.dm-jobs.cz https://www.dm-jobs.hu https://preview.dm-jobs.de https://preview.dm-jobs.ba https://preview.dm-jobs.bg https://preview.dm-jobs.it https://preview.dm-jobs.hr https://preview.dm-jobs.mk https://preview.dm-jobs.at https://preview.dm-jobs.pl https://preview.dm-jobs.ro https://preview.dm-jobs.rs https://preview.dm-jobs.sk https://preview.dm-jobs.si https://preview.dm-jobs.cz https://preview.dm-jobs.hu 'self' data: https://a.storyblok.com https://storage.googleapis.com https://widgets.kununu.com https://assets.kununu.com https://www.googletagmanager.com https://www.facebook.com https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.google.de https://csi.gstatic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://fonts.gstatic.com https://cdn.recruiting-solutions.org https://chat2050.realperson.de https://*.usercentrics.eu https://*.usercentrics.com https://assets.dm.de https://*.seznam.cz; object-src *; script-src-attr 'unsafe-inline' *; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://skk.erecruiter.pl https://csbcomponents.firebaseapp.com https://csbep-dm-quality.firebaseapp.com https://csbep-firmen-karriereseite.firebaseapp.com https://chat2050.realperson.de https://*.usercentrics.eu https://*.usercentrics.com https://*.seznam.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://searchui.search.windows.net https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://apis.google.com https://www.dropbox.com https://js.live.net https://app.storyblok.com https://connect.facebook.net https://pagead2.googlesyndication.com https://skk.erecruiter.pl https://snap.licdn.com https://googleads.g.doubleclick.net https://csbcomponents.web.app https://csbep-dm-quality.firebaseapp.com https://csbep-firmen-karriereseite.firebaseapp.com https://chat2050.realperson.de https://*.usercentrics.eu https://*.usercentrics.com https://*.seznam.cz; upgrade-insecure-requests; default-src https://www.dm-jobs.de https://www.dm-jobs.ba https://www.dm-jobs.bg https://www.dm-jobs.it https://www.dm-jobs.hr https://www.dm-jobs.mk https://www.dm-jobs.at https://www.dm-jobs.pl https://www.dm-jobs.ro https://www.dm-jobs.rs https://www.dm-jobs.sk https://www.dm-jobs.si https://www.dm-jobs.cz https://www.dm-jobs.hu https://preview.dm-jobs.de https://preview.dm-jobs.ba https://preview.dm-jobs.bg https://preview.dm-jobs.it https://preview.dm-jobs.hr https://preview.dm-jobs.mk https://preview.dm-jobs.at https://preview.dm-jobs.pl https://preview.dm-jobs.ro https://preview.dm-jobs.rs https://preview.dm-jobs.sk https://preview.dm-jobs.si https://preview.dm-jobs.cz https://preview.dm-jobs.hu 'self'; connect-src https://www.dm-jobs.de https://www.dm-jobs.ba https://www.dm-jobs.bg https://www.dm-jobs.it https://www.dm-jobs.hr https://www.dm-jobs.mk https://www.dm-jobs.at https://www.dm-jobs.pl https://www.dm-jobs.ro https://www.dm-jobs.rs https://www.dm-jobs.sk https://www.dm-jobs.si https://www.dm-jobs.cz https://www.dm-jobs.hu https://preview.dm-jobs.de https://preview.dm-jobs.ba https://preview.dm-jobs.bg https://preview.dm-jobs.it https://preview.dm-jobs.hr https://preview.dm-jobs.mk https://preview.dm-jobs.at https://preview.dm-jobs.pl https://preview.dm-jobs.ro https://preview.dm-jobs.rs https://preview.dm-jobs.sk https://preview.dm-jobs.si https://preview.dm-jobs.cz https://preview.dm-jobs.hu 'self' https://api.storyblok.com https://*.googleapis.com https://searchui.search.windows.net https://region1.google-analytics.com https://pagead2.googlesyndication.com https://graph.microsoft.com https://www.google.com https://google.com https://www.google.de https://www.googleadservices.com https://www.facebook.com https://px.ads.linkedin.com https://europe-west1-csbcomponents.cloudfunctions.net https://europe-west1-firmen-karriereseite.cloudfunctions.net https://csbep-dm-quality.firebaseapp.com https://px.ads.linkedin.com https://chat2050.realperson.de wss://chat2050.realperson.de https://*.usercentrics.eu https://*.usercentrics.com https://*.seznam.cz; frame-src https://login.dm-jobs.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://td.doubleclick.net https://www.facebook.com https://accounts.google.com https://csbcomponents.firebaseapp.com https://*.usercentrics.eu https://*.usercentrics.com https://cdn.recruiting-solutions.org; media-src https://a.storyblok.com https://a2.storyblok.com; worker-src 'self' blob:; 2 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; 2 default-src 'self' https://*.ipc-computer.de https://*.ipc-computer.eu https://*.ipc-computer.fr https://*.ipc-computer.es https://*.sparepartworld.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ipc-computer.de https://widgets.trustedshops.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://checkout.dibspayment.eu https://unpkg.com https://cdn.botpress.cloud https://*.bpcontent.cloud https://*.contentsquare.net https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://checkout.dibspayment.eu https://*.googleapis.com https://www.googletagmanager.com https://*.ipc-computer.de https://*.bpcontent.cloud; img-src 'self' data: https://*.ipc-computer.de https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.ytimg.com https://img.youtube.com https://widgets.trustedshops.com https://www.paypalobjects.com https://*.paypal.com https://cdn.botpress.cloud https://*.bpcontent.cloud https://*.contentsquare.net https://*.clarity.ms; media-src 'self' data:; font-src 'self' data: https://*.gstatic.com; connect-src 'self' https://*.ipc-computer.de https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.etrusted.com https://*.trustedshops.com https://*.paypal.com https://checkout.dibspayment.eu https://vendorlist.consensu.org https://*.botpress.cloud wss://*.botpress.cloud https://*.bpcontent.cloud https://*.contentsquare.net https://*.clarity.ms; object-src 'none'; frame-src 'self' https://*.ipc-computer.de https://*.paypal.com https://checkout.dibspayment.eu https://www.google.com https://www.youtube-nocookie.com; worker-src 'self' blob:; report-uri https://www.ipc-computer.de/csp-violation-log.php 2 default-src 'self';connect-src 'self' *.elfsight.com *.googlesyndication.com *.google-analytics.com *.cookiebot.com *.google.com *.doubleclick.net *.facebook.com https://analytics.tiktok.com https://*.linkedin.com;font-src 'self' data:;style-src 'self' 'unsafe-inline';img-src 'self' *.elfsightcdn.com *.googlesyndication.com *.google-analytics.com https://cdn.allwyn.com https://i.ytimg.com *.cookiebot.com *.facebook.com https://*.linkedin.com data:;script-src 'self' 'unsafe-inline' https://static.elfsight.com *.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com *.cookiebot.com https://www.youtube.com https://connect.facebook.net https://analytics.tiktok.com https://*.licdn.com;frame-src https://www.youtube.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com *.cookiebot.com *.doubleclick.net;media-src https://cdn.allwyn.com 2 default-src *; style-src * 'unsafe-inline'; img-src 'self' https://*.optimole.com https://*.facebook.com https://*.google.com https://googleads.g.doubleclick.net https://*.gravatar.com https://*.linkedin.com https://*.bing.com https://cdn-cookieyes.com https://*.google.co.uk/ https://*.hubspot.com https://*.hs-scripts.com https://forms-na1.hsforms.com https://perf-na1.hsforms.com https://forms.hsforms.com https://c.clarity.ms https://*.clarity.ms data: blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data: https://*.widget.insent.ai; frame-ancestors 'self' https://resources.tangoanalytics.com https://*.tangoanalytics.com https://*.tangodev.wpengine.com https://*.tangostg.wpengine.com https://*.tangoprd.wpengine.com 2 default-src 'self' 'unsafe-inline'; connect-src *; frame-src *; img-src *; media-src *; object-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 2 default-src 'self' *.slotex.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.slotex.pl https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' *.slotex.pl https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' *.slotex.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' *.slotex.pl https://*.youtube.com https://*.ytimg.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; style-src 'self' 'unsafe-inline' *.slotex.pl; 2 default-src 'self';script-src 'self' 'unsafe-inline' https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://*.histats.com https://static.cloudflareinsights.com https://e.dtscout.com https://p.mrktmtrcs.net https://t.dtscout.com https://tags.crwdcntrl.net https://t.dtscdn.com;style-src 'self' 'unsafe-inline' https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com;connect-src 'self' https://*.histats.com https://cloudflareinsights.com https://e.dtscout.com https://p.mrktmtrcs.net https://t.dtscout.com https://tags.crwdcntrl.net https://t.dtscdn.com;frame-src 'self' https://www.youtube.com https://t.dtscout.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 2 upgrade-insecure-requests; frame-ancestors 'self' nats.aero *.nats.aero nats.co.uk *.nats.co.uk; 2 default-src 'self' *.grubhub.com grubhub.com *.dine.online *.datadog.hq cdn.contentful.com *.forter.com maps.googleapis.com six.cdn-net.com www.cdn-net.com; frame-src 'self' *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com analytics.tiktok.com analytics.twitter.com analytics.churnzero.com apps.rokt.com apps.rokt-api.com apps-demo.rokt.com everestjs.net *.doubleclick.net accounts.google.com checkout.paypal.com googletagmanager.com www.googletagmanager.com insight.adsrvr.org match.adsrvr.org na.account.amazon.com prod.accdab.net six.cdn-net.com www.cdn-net.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com *.amazon-adsystem.com *.facebook.com *.ispot.tv *.w55c.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.payments-amazon.com *.tags.tiqcdn.com redditstatic.com js.adsrvr.org *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com *.forter.com *.rokt.com *.rokt-api.com *.cookielaw.org *.everestjs.net six.cdn-net.com www.cdn-net.com https://cdn.prod.uidapi.com https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.grubhub.com grubhub.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com analytics.churnzero.net analytics.tiktok.com analytics.twitter.com tags.tiqcdn.com www.google-analytics.com google-analytics.com *.forter.com *.cookielaw.org *.payments-amazon.com platform.twitter.com static.ads-twitter.com www.googletagmanager.com *.cdn-net.com apps.rokt.com apps.rokt-api.com apps-demo.rokt.com maps.googleapis.com cdn.branch.io www.googleadservices.com *.mountain.com app.link googleads.g.doubleclick.net connect.facebook.net assets.loginwithamazon.com accounts.google.com apis.google.com analytics.tiktok.com c.amazon-adsystem.com google-analytics.com google.com googleads.g.doubleclick.net googleadservices.com googletagmanager.com gstatic.com prod.accdab.net redditstatic.com s.pinimg.com everestjs.net d.impactradius-event.com tag.havasedge.com pixel.mathtag.com www.gstatic.com bat.bing.com px.airpr.com www.redditstatic.com js.adsrvr.org ext.chtbl.com www.google.com collector-21091.us.tvsquared.com innovid.com www.everestjs.net six.cdn-net.com www.cdn-net.com https://*.js.stripe.com https://js.stripe.com https://maps.googleapis.com; img-src 'self' *.cloudinary.com *.grubhub.com grubhub.com *.cloudfront.net *.instacart.com *.pinterest.com *.cookielaw.org cm.everesttech.net t.co www.google-analytics.com google-analytics.com analytics.twitter.com *.doubleclick.net maps.gstatic.com *.googleapis.com www.google.com data: www.facebook.com trkn.us event.havasedge.com grubhubimages-dev.s3.amazonaws.com tags.w55c.net data.adxcel-ec2.com b.videoamp.com ext.chtbl.com bat.bing.com px.airpr.com redditstatic.com js.adsrvr.org adservice.google.com alb.reddit.com b.videoamp.com www.googletagmanager.com insight.adsrvr.org s3.amazonaws.com collector-21091.us.tvsquared.com innovid.com; style-src-elem 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.googleapis.com accounts.google.com pixel.mathtag.com; style-src 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.googleapis.com six.cdn-net.com www.cdn-net.com; font-src 'self' 'unsafe-inline' *.grubhub.com grubhub.com fonts.gstatic.com; connect-src 'self' *.grubhub.com grubhub.com browser-intake-datadoghq.com *.px-cloud.net preview.connectful.com *.braze.com *.google-analytics.com www.google.com google.com google-analytics.com *.rokt-api.com *.cookielaw.org *.forter.com wss://cdn0.forter.com analytics.tiktok.com geolocation.onetrust.com preview.contentful.com stats.g.doubleclick.net privacyportal.onetrust.com *.googleapis.com sentry.io api2.branch.io *.facebook.com facebook.com bat.bing.com api.braintree.com *.braintreegateway.com *.braintree-api.com braintreegateway.com apay-us.amazon.com www.gstatic.com maps.gstatic.com data: cdn.contentful.com collect.tealiumiq.com b.px-cdn.net 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 prod.accdab.net trkn.us seamless.dcm9zy.net s3.amazonaws.com conversions-config.reddit.com pixel-config.reddit.com www.redditstatic.com web.chtbl.com grubhub.vdcy.net insight.adsrvr.org collector-21091.us.tvsquared.com innovid.com six.cdn-net.com www.cdn-net.com https://*.prod.uidapi.com https://prod.uidapi.com https://api.stripe.com https://maps.googleapis.com *.devcycle.com; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.google.com 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2 report-uri /assets/includes/csp-report.php; base-uri 'self'; connect-src 'self' data: *.vfu.cz *.vetuni.cz *.vetuni.eu *.openalex.org *.google-analytics.com; default-src 'self'; font-src 'self' data: *.cloudflare.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.google.com *.live.com *.cloudflare.com; img-src 'self' 'unsafe-inline' data: blob: *.vfu.cz *.vetuni.cz *.vetuni.eu *.openalex.org *.gstatic.com *.google.com *.googletagmanager.com *.cloudflare.com; media-src 'self' data:; object-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vfu.cz *.vetuni.cz *.vetuni.eu *.googletagmanager.com *.cloudflare.com; style-src 'self' 'unsafe-inline' data: *.vfu.cz *.vetuni.cz *.vetuni.eu *.gstatic.com *.cloudflare.com; 2 default-src 'self' 'unsafe-inline' https://*.enahost.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.bootstrap.com https://*.fontawesome.com https://code.jquery.com; object-src 'none'; frame-ancestors 'self'; 2 font-src https://widgets.trustedshops.com *.fontawesome.com *.gstatic.com *.hotjar.com *.slant.co data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.paypal.com *.aiden.cx *.zdassets.com *.zendesk.com *.bing.com *.cookiebot.com *.doubleclick.net *.facebook.com *.girav.de *.girav.nl *.girav.at *.girav.com *.girav.be *.google.com *.opendns.com *.zscloud.net *.googletagmanager.com *.loyaltyinabox.com *.criteo.com js.mollie.com 'self' 'unsafe-inline'; img-src cdn.girav.nl widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://portal.payconiq.com https://static.buckaroo.nl https://www.paypalobjects.com https://images.unsplash.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.doubleclick.net *.girav.de *.girav.nl *.girav.at *.girav.com *.girav.be www.magmodules.eu *.squeezely.tech https://www.mollie.com data: https: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://www.paypal.com https://maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.aiden.cx *.zdassets.com *.zendesk.com https://api.eu-1.smooch.io wss://api.eu-1.smooch.io *.bing.com *.cloudflareinsights.com *.convertexperiments.com *.cookiebot.com *.doubleclick.net *.facebook.net *.google.com *.googleapis.com *.hotjar.com *.kickbite.io *.mouseflow.com *.newrelic.com *.realytics.io *.realytics.net *.cloudfront.net *.spoteffects.net *.trustedshops.com *.squeezely.tech *.girav.de *.girav.nl *.girav.at *.girav.com *.girav.be *.criteo.com *.tiktok.com *.adnxs.com squeezely.tech www.squeezely.tech js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.fontawesome.com *.googleapis.com *.gstatic.com *.girav.de *.girav.nl *.girav.at *.girav.com *.girav.be 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com wss://websocketservice-externalapi.prod.buckaroo.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://applepay.buckaroo.io https://www.paypal.com https://maps.googleapis.com https://player.vimeo.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.aiden.cx *.zdassets.com *.zendesk.com https://api.eu-1.smooch.io wss://api.eu-1.smooch.io *.bing.com *.convertexperiments.com *.cookiebot.com *.doubleclick.net *.facebook.com *.girav.de *.girav.nl *.girav.at *.girav.com *.girav.be *.google.com google.com *.googleapis.com *.hotjar.com *.hotjar.io *.kickbite.io *.mouseflow.com *.nr-data.net *.realytics.io *.sentry.io *.amazonaws.com *.criteo.com *.tiktok.com *.adnxs.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sunypoly.edu https://*.bing.com *.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.google-analytics.com *.google.com *.googletagmanager.com *.doubleclick.net www.suny.edu *.office365.com *.cdninstagram.com *.everwall.com *.instagram.com *.youtube.com *.livechatinc.com *.twitter.com *.twimg.com *.knowmia.com tscpressunypoly.azureedge.net *.techsmith.com *.useriq.com *.youvisit.com *.paypal.com iframe.dacast.com *.heyhalda.com sc-static.net *.snapchat.com *.facebook.net *.facebook.com *.issuu.com *.technolutions.net https://acsbapp.com cdn.acsbapp.com analytics.tiktok.com https://sunypoly.campuslabs.com *.googleadservices.com *.doubleclick.net; img-src 'self' data: *.acsbapp.com https://*.bing.com cdn.acsbapp.com *.cdninstagram.com scontent-lga3-1.cdninstagram.com scontent-lga3-2.cdninstagram.com https://*.everwall.com *.google.com *.google-analytics.com tr.snapchat.com www.facebook.com connect-sunypoly-edu.cdn.technolutions.net https://www.googletagmanager.com https://*.youvisit.com; frame-src 'self' https://sunypoly.campuslabs.com https://www.youtube.com https://e.issuu.com https://www.google.com/ https://secure.livechatinc.com/ https://*.doubleclick.net https://*.heyhalda.com https://view.genially.com https://*.dacast.com https://*.office365.com https://*.office.com https://*.googletagmanager.com https://*.everwall.com https://*.youvisit.com; font-src 'self' data: *.bootstrapcdn.com https://*.everwall.com *.fontawesome.com *.gstatic.com *.sunypoly.edu; 2 default-src 'self' blob: data:;font-src 'self' https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:;img-src 'self' https://cdn.jiostar.com https://www.googletagmanager.com data: blob:;style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com blob: data:;script-src * 'unsafe-inline' blob: data: https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://cdnjs.cloudflare.com https://documentcloud.adobe.com https://emailoctopus.com blob: data:;style-src 'self' 'unsafe-inline';connect-src 'self' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://cdn.jiostar.com https://www.google-analytics.com https://cdn.colorstv.com blob:;media-src 'self' https://cdn.jiostar.com https://cdn.colorstv.com blob:;object-src 'self' blob:;frame-src 'self' https://www.google.com https://docs.google.com/ https://www.gstatic.com https://www.recaptcha.net https://cdn.jiostar.com https://maps.app.goo.gl;worker-src 'self' blob:; 2 frame-ancestors 'self' https://blot.im 2 frame-ancestors 'self' https://app.gather.town; 2 default-src 'self';connect-src 'self' https://google.com *.google.com *.google-analytics.com *.googletagmanager.com *.linkedin.com https://*.hotjar.com *.hotjar.io *.cookiebot.com wss://ws.hotjar.com https://*.lmc.cz https://pagead2.googlesyndication.com *.usercentrics.eu;font-src 'self' data: https://fonts.gstatic.com https://*.lmc.cz;style-src 'self' 'unsafe-inline' https://*.lmc.cz *.googletagmanager.com *.googleapis.com;img-src 'self' *.google.cz *.google.com *.googletagmanager.com https://fonts.gstatic.com https://i.ytimg.com https://www.google-analytics.com https://d2siyfee4b4l4q.cloudfront.net https://cdn.kkcg.com *.linkedin.com *.cookiebot.com *.usercentrics.eu data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com *.licdn.com *.cookiebot.com *.hotjar.com https://*.lmc.cz https://www.youtube.com https://web.cmp.usercentrics.eu;frame-src *.doubleclick.net https://www.youtube.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com *.cookiebot.com;media-src https://d2siyfee4b4l4q.cloudfront.net https://cdn.kkcg.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.bing.com https://*.amplitude.com https://*.hotjar.com https://*.sentry.io https://*.privacy-center.org https://*.launchdarkly.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com https://*.gstatic.com; img-src * data: blob:; frame-src 'self' https://*.googletagmanager.com; connect-src 'self' https: wss: *.packitos.com; media-src 'self' data:; font-src 'self' data: *.packitos.com https://*.packlink.com https://*.hotjar.com https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'none'; report-uri https://o90715.ingest.us.sentry.io/api/5675883/security/?sentry_key=a06b36e8665147f8a1ec3e1f84a15483; 2 default-src 'none'; img-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' blob:; media-src 'self' 2 upgrade-insecure-requests default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.auroraplatform.com *.finderby.net *.utex.io *.whattobuy.today *.utex.work ; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.site24x7rum.in https://websdk.appsflyer.com https://www.googletagmanager.com https://www.google-analytics.com https://static.ads-twitter.com https://snap.licdn.com https://connect.facebook.net https://toolassets.haptikapi.com https://cdn.mouseflow.com https://ciwss.com https://d2r1yp2w7bby2u.cloudfront.net https://*.hotjar.com https://eu1.clevertap-prod.com https://*.youtube.com https://s3-eu-west-1.amazonaws.com https://c.go-mpulse.net https://s.go-mpulse.net https://maps.googleapis.com https://esg.churchgatepartners.com; child-src 'self'; worker-src 'self' https://s3-eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://toolassets.haptikapi.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://maps.gstatic.com https://maps.googleapis.com https://*.googletagmanager.com https://deviserve.z10.web.core.windows.net https://storage.googleapis.com https://i.ytimg.com https://px.ads.linkedin.com https://prod-iifl-assets.storage.googleapis.com https://www.facebook.com https://haptikappimg.haptikapi.com https://www.google-analytics.com https://www.google.co.in data: https://analytics.twitter.com https://*.google.com https://www.google.com/ads/ga-audiences https://t.co/i/adsct https://ciwss.com https://brkuatiiflsecurities.blob.core.windows.net https://*.iiflcapital.com https://*.indiainfoline.com https://azprdbrkiiflsecurities.blob.core.windows.net; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://*.youtube.com https://esg.churchgatepartners.com; connect-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://px.ads.linkedin.com https://col.site24x7rum.in https://*.google.com https://stats.g.doubleclick.net https://iifl.haptikapi.com https://broking-uat-apigateway.indiainfoline.com https://broking-apigateway.indiainfoline.com https://dataservice.iiflcapital.com/iiflcrm/ https://dataservice.iiflcapital.com https://*.indiainfoline.com https://deviserve.z10.web.core.windows.net https://*.iiflsecurities.com https://esg.churchgatepartners.com; form-action 'self'; 2 frame-ancestors 'self' temenos.seismic.com 2 default-src 'self'; script-src 'self' https://l.sharethis.com https://prod.impartner.live https://ellucian25stg.prod.acquia-sites.com https://*.ellucian.com https://code.jquery.com https://packages.prmcdn.io 'unsafe-inline' 'unsafe-eval' https://ws.sharethis.com https://maps.googleapis.com https://jamaica.value-cloud.com https://*.sharethis.com https://www.buzzsprout.com https://consent.cookiebot.com https://www.googletagmanager.com https://cdn.bizible.com https://script.crazyegg.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com https://munchkin.marketo.net https://abrtp2-cdn.marketo.com https://tag.simpli.fi https://assets.adoberesources.net https://cdn-public.sociabble.com https://cdn01.basis.net https://www.youtube.com https://googleads.g.doubleclick.net https://tracking.intentsify.io https://consentcdn.cookiebot.com https://js.zi-scripts.com https://j.6sc.co https://i.simpli.fi https://*.marketo.com https://static.addtoany.com blob: https://unpkg.com https://a.usbrowserspeed.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://085-mht-312.mktoutil.com https://user-sync.fwmrm.net https://pbutcher.uk; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://*.ellucian.com https://packages.prmcdn.io https://*.sharethis.com https://rtp-static.marketo.com https://www.googletagmanager.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ellucian.com data: https://impartner.blob.core.windows.net https://maps.googleapis.com https://*.sharethis.com https://maps.gstatic.com https://cnv.event.prod.bidr.io https://www.google.com https://imgsct.cookiebot.com https://*.linkedin.com https://t.co https://pixel.sitescout.com https://cdn.bizible.com https://t.co https://analytics.twitter.com https://cdn.bizible.com https://b.6sc.co https://www.facebook.com https://www.googletagmanager.com https://attribution.sitescout.com https://assets.adoberesources.net https://cdn.bizibly.com https://um.simpli.fi https://cm.g.doubleclick.net https://cdn.bizibly.com https://fei.pro-market.net https://www.googleadservices.com https://ps.eyeota.net https://s.ad.smaato.net https://sync.1rx.io https://eb2.3lift.com https://simplifi.partners.tremorhub.com https://aa.agkn.com https://sync.intentiq.com https://image2.pubmatic.com https://ads.stickyadstv.com https://loadm.exelator.com https://ups.analytics.yahoo.com https://sync.bfmio.com https://bcp.crwdcntrl.net https://ce.lijit.com https://idsync.rlcdn.com https://ib.adnxs.com https://pixel.rubiconproject.com https://us-u.openx.net https://fei.pro-market.net https://googleads.g.doubleclick.net https://pixel.tapad.com https://pippio.com https://syncv4.intentiq.com https://dsum-sec.casalemedia.com https://d.agkn.com https://sync.taboola.com https://capi.connatix.com https://rtb-csync.smartadserver.com https://cs.lkqd.net https://sync.inmobi.com https://s.amazon-adsystem.com; frame-src 'self' https://www.youtube.com https://youtu.be https://lp.ellucian.com https://www.youtube-nocookie.com https://demo.arcade.software https://*.sharethis.com https://maps.googleapis.com https://calculator.value-cloud.com https://www.buzzsprout.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://pixel-sync.sitescout.com https://player.vimeo.com https://vimeo.com https://static.addtoany.com https://unpkg.com https://*.monday.com https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.geoplugin.net https://www.geoplugin.net https://ellucian25stg.prod.acquia-sites.com https://partners.ellucian.com https://maps.googleapis.com https://*.sharethis.com https://event.on24.com https://bcp.crwdcntrl.net https://www.google.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.linkedin.com https://085-mht-312.mktoresp.com https://*.crazyegg.com https://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io https://js.zi-scripts.com https://js.zi-scripts.com https://*.mktoresp.com https://js.zi-scripts.com https://c.6sc.co https://*.marketo.com https://ws.zoominfo.com https://ipv6.6sc.co wss://*.cloud.adobe.io https://secure.adnxs.com https://www.facebook.com https://*.6sense.com https://unpkg.com https://assets.adoberesources.net https://browser.sentry-cdn.com https://o4510076484911104.ingest.us.sentry.io https://static.addtoany.com https://impartner.blob.core.windows.net https://www.googletagmanager.com https://085-mht-312.mktoutil.com https://lp.ellucian.com https://*.monday.com; upgrade-insecure-requests 2 script-src 'self' 'unsafe-inline' data: https://*.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.payahost.net https://*.nik.ir; style-src 'self' 'unsafe-inline' data: https://*.google.com https://*.recaptcha.net; upgrade-insecure-requests; reflected-xss block; base-uri https://*.nik.ir:* https://*.payahost.net:* https://*.google.com:*; frame-src 'self' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 2 default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.bugherd.com *.pusher.com;connect-src 'self' stats.g.doubleclick.net consent.cookiefirst.com *.cookiefirst.com region1.google-analytics.com consentcdn.cookiebot.com *.pusher.com sessions.bugsnag.com; img-src 'self' data: www.gravatar.com umbraco.tv consent.cookiefirst.com www.google-analytics.com fakeimg.pl dashboard.umbraco.com tracking.monsido.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com *.bugherd.com;font-src 'self' *.cloudflare.com fonts.googleapis.com data: fonts.gstatic.com; style-src * 'unsafe-inline'; form-action 'self' login.microsoftonline.com bvic-12784.design-portfolio.info *.cloudflare.com www.britvic.com cdnjs.cloudflare.com 'self' ddlnk.net;frame-src 'self' ir.design-portfolio.co.uk platform.twitter.com consentcdn.cookiebot.com;media-src 'self' player.vimeo.com vod-progressive.akamaized.net download-video-ak.vimeocdn.com download-video.akamaized.net; 2 frame-ancestors 'self' https://*.bigbrotherawards.nl 2 default-src 'self' *.soundcloud.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.amazonaws.com *.googletagmanager.com *.enefit.lt ws: *.redditstatic.com *.doubleclick.net *.enefit.pl *.enefit.com *.enefit.ee *.enefitgreen.ee *.enefitgreen.com *.cookiebot.com *.mypurecloud.de *.energia.ee *.visualwebsiteoptimizer.com px.ads.linkedin.com dev.visualwebsiteoptimizer.com *.enefit.lv *.rexplorer.ee pixel-config.reddit.com *.nasdaqbaltic.com *.openstreetmap.fr bat.bing.com c.bing.com bing.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com c.bing.com bing.com *.google.com *.googleadservices.com *.enefit.lt *.enefit.pl *.enefit.com *.enefit.ee *.enefit.lv *.enefitgreen.ee *.enefitgreen.com static.cloudflareinsights.com *.cookiebot.com *.mypurecloud.de *.energia.ee px.ads.linkedin.com *.visualwebsiteoptimizer.com *.facebook.net snap.licdn.com *.amazonaws.com *.googletagmanager.com *.redditstatic.com *.adform.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.enefit.pl *.enefit.com *.enefit.ee *.enefit.lt *.enefit.lv *.enefitgreen.ee *.enefitgreen.com *.cookiebot.com *.energia.ee unpkg.com; img-src 'self' bat.bing.com c.bing.com bing.com *.tile.openstreetmap.org *.googleadservices.com *.enefit.lt *.energia.ee *.google-analytics.com *.enefit.pl *.enefit.com *.enefit.ee *.enefit.lv *.enefitgreen.ee *.enefitgreen.com *.cookiebot.com *.cloudinary.com *.google.ee *.google.com *.facebook.com *.ytimg.com *.doubleclick.net alb.reddit.com px.ads.linkedin.com *.analytics.google.com stats.g.doubleclick.net googleads.g.doubleclick.net *.visualwebsiteoptimizer.com i.ytimg.com data: *.linkedin.com *.google.lv; object-src 'none'; upgrade-insecure-requests; base-uri 'none'; frame-ancestors 'self' https://enefit.ee https://*.enefit.ee https://enefit.com https://*.enefit.com https://enefitgreen.ee https://*.enefitgreen.ee; 2 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; media-src * data: blob:; font-src * data: blob:; connect-src *; frame-src *; object-src * 2 frame-ancestors 'self' nosocoair.org sonomacounty.gov *.sonomacounty.gov sonomacounty.ca.gov *.sonomacounty.ca.gov; frame-src 'self' sonomacounty.ca.gov *.sonomacounty.ca.gov sonomacounty.gov *.sonomacounty.gov app.powerbi.com calendar.google.com docs.google.com iframe.publicstuff.com kiosk.na1.qless.com merchant.na10.qless.com onbaseprodext.sonoma-county.org w.soundcloud.com www.alltrails.com www.facebook.com 1drv.ms abc7news.com app.powerbigov.us e.infogram.com infogram.com login.live.com login.microsoftonline.com oauth.officeapps.live.com onedrive.live.com player.vimeo.com powerpoint.officeapps.live.com public.tableau.com shared.officeapps.live.com sonoma.prod.simpligov.com sonomacounty.maps.arcgis.com sonomamap.maps.arcgis.com usc-excel.officeapps.live.com us-east-1-renderer-read.knack.com us-east-1-renderer-write.knack.com user.govoutreach.com wchat.freshchat.com www.arcgis.com www.google.com www.nytimes.com www.youtube.com www.youtube-nocookie.com; report-to csp-report; report-uri https://sonomacounty.gov/api/CSPReport?controlID=x5; 2 frame-ancestors 'self' https://z1.le.liveperson.net; 2 frame-ancestors pastes.io; 2 frame-ancestors 'self'; form-action 'self' https://forms-eu1.hsforms.com; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.cookielaw.org https://www.googletagmanager.com https://ajax.googleapis.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://apis.google.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://tag.demandbase.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://pi.pardot.com https://*.onetrust.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.griddynamics.net https://*.griddynamics.com https://*.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://riovizual.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://i.vimeocdn.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://v.fastcdn.co https://cdn.buttercms.com https://cdn.filestackcontent.com https://img.youtube.com https://i.ytimg.com https://www.googletagmanager.com https://storage.pardot.com https://grid-dynamics-blog.ghost.io https://secure.gravatar.com https://id.rlcdn.com https://www.google.com https://segments.company-target.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://use.fontawesome.com https://*.griddynamics.net https://*.griddynamics.com https://cdnjs.cloudflare.com https://*.onetrust.com; connect-src 'self' https://yoast.com https://*.griddynamics.net https://*.griddynamics.com https://player.vimeo.com https://vimeo.com https://apis.google.com https://www.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com https://ipapi.co https://api.company-target.com https://tag-logger.demandbase.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.io wss://ws.hotjar.com https://segments.company-target.com https://cdn.buttercms.com https://cdnjs.cloudflare.com https://*.onetrust.com; media-src 'self' https://*.griddynamics.net https://cdn.buttercms.com https://*.griddynamics.com; object-src 'none'; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.gstatic.com https://www.google.com https://player.vimeo.com https://www.googletagmanager.com https://*.griddynamics.net https://*.griddynamics.com https://s.company-target.com https://td.doubleclick.net; frame-ancestors 'self' https://*.griddynamics.net https://*.griddynamics.com; base-uri 'self'; upgrade-insecure-requests 2 frame-ancestors 'self' https://secure.helpscout.net 2 default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://alicetraininginstitute.formstack.com; 2 connect-src *; default-src 'self' *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net; font-src 'self' *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net *.reviews.io https://heapanalytics.com; img-src * data: blob:; media-src *.comparaonline.com https://res.cloudinary.com s3.amazonaws.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net *.youtube.com https://comparaonline-design.s3.amazonaws.com; frame-src *.youtube.com *.hotjar.com https://bid.g.doubleclick.net *.doubleclick.net *.hsforms.com https://www.google.com/ https://www.googletagmanager.com/ https://tracking.bciplus.cl/ csxd.domain1.com csxd.domain2.com *.abtasty.com; script-src 'self' 'unsafe-inline' 'report-sample' *.comparaonline.com *.comparaonline.cl https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net client.perimeterx.net *.youtube.com googleads.g.doubleclick.net https://*.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com connect.facebook.net bat.bing.com *.hotjar.com *.dwin1.com https://*.google.com https://purecatamphetamine.github.io https://js.hsforms.net https://*.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hubspot.com *.reviews.io *.visualwebsiteoptimizer.com https://www.gstatic.com/recaptcha/ https://cdn.heapanalytics.com tracking.bciplus.cl https://cdn.us.heap-api.com https://www.clarity.ms/ https://heapanalytics.com t.contentsquare.net app.contentsquare.com https://analytics.tiktok.com/ *.abtasty.com *.licdn.com; style-src 'self' 'unsafe-inline' data: *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net *.reviews.io https://heapanalytics.com *.abtasty.com; worker-src blob:; child-src blob:; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 2 font-src *.googleapis.com *.gstatic.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.stripe.network *.google.com *.sagepay.com *.opayo.eu.elavon.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.stripe.network *.link.com *.amazon.com *.google.com pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com account.fetchify.com *.google.com *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googletagmanager.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.stripe.com *.stripe.network *.google.com ebizmarts-website.s3.amazonaws.com *.sagepay.com *.opayo.eu.elavon.com magefan.com cm.magefan.com https://www.magezon.com flagpedia.net *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.reddit.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.stripe.com *.stripe.network *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.amazon.com *.link.com *.google.com *.sagepay.com *.opayo.eu.elavon.com maps.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com unpkg.com *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.stripe.network *.stripecdn.com *.amazon.com *.google.com *.sagepay.com *.opayo.eu.elavon.com cc-cdn.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.tagmanager.google.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com *.sagepay.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk www.gstatic.com maps.googleapis.com *.cloudflare.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.analytics.google.com *.facebook.net *.redditstatic.com *.reddit.com *.tiktok.com *.doubleclick.net *.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; media-src 'self' data: http: file:; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.htwsaar.de; style-src 'unsafe-inline' 'self'; img-src data: blob: 'self' a.tile.openstreetmap.de *.ytimg.com *.kununu.com; font-src 'self';frame-src 'self' eveeno.com *.youtube-nocookie.com *.htwsaar.de *.vimeo.com *.blitzvideoserver.de intocities.com; connect-src 'self' *.htwsaar.de 2 frame-ancestors 'self' https://fingov-prod.softco.com:8443 https://fingov-prod.softco.com; 2 frame-ancestors *.imu.nl *.phoenixsite.nl www.thehuddle.nl 2 default-src www.youtube.com www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' *.etracker.com www.etracker.de https://*.jwpcdn.com; connect-src 'self' www.etracker.de https://*.jwpcdn.com; img-src 'self' data: i.creativecommons.org licensebuttons.net/l *.bmwi.de www.existenzgruender.de; style-src 'self' 'unsafe-inline' https://*.jwpcdn.com; font-src 'self' https://*.jwpcdn.com; frame-ancestors 'self'; form-action 'self'; media-src 'self'; 2 frame-ancestors https://*.adobeaemcloud.com https://*.sfmc-content.com; 2 default-src 'self' *.vanheusenindia.com *.yellowmessenger.com *.trendin.com *.abfrl.net *.abfrl.in *.paytm *.louisphilippe.com *.reebok.in *.aeo.in *.forever21.in *.simoncarter.in *.peterengland.com *.allensolly.com *.trustarc.com *.gstatic.com data:; img-src * 'self' https://*.akstat.io vanhuesenindia.imgix.net blob: data:;script-src 'self' *.juspay.in assets.abfrlcdn.com *.google.com pantaloons.imgix.net tr.snapchat.com tags.creativecdn.com asia.creativecdn.com *.artfut.com t07-vtr-plugin.tryndbuy.com t07plugin.tryndbuy.com *.yellowmessenger.com *.limechat.ai tsm.s3g6.com retag.crossdevicetracking.com static-cdn.trackier.com wd-ret.io in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com targetinng.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com *.trustarc.com go-mpulse.net sc-static.net sdk.rsut.io router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.primeai4.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.abfrl.in *.abfrl.net *.trendin.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com google.com *.googletagmanager.com *.usersnap.com *.clevertap.com https://c.amazon-adsystem.com/ *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com; connect-src 'self' *.juspay.in *.tryndbuy.com widget.usersnap.com wd-ret.io targetinng.com asia.creativecdn.com tr.snapchat.com wss://cloud.yellow.ai *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.yellow.ai *.paytm.in *.akamaihd.net *.limechat.ai wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io https://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com *.trustarc.com *.abfrl.in *.abfrl.net *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com pantaloons.imgix.net bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.primeai4.in https://integration.richrelevance.com/* https://integration.richrelevance.com https://recs.richrelevance.com/* https://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in; style-src 'self' 'unsafe-inline' *.google.com accounts.google.com *.abfrl.in *.abfrl.net *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.primeai4.in *.limechat.ai *.crazyegg.com *.streamoid.com *.trustarc.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net *.abfrl.in *.abfrl.net *.trendin.com *.elastic-cloud.com *.scene7.com *.trustarc.com assets.abfrlcdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' t07-vtr-plugin.tryndbuy.com t07plugin.tryndbuy.com tr.snapchat.com *.juspay.in *.paytm.in afftracer.g2afse.com *.limechat.ai tsm.s3g6.com tracking.icubeswire.co static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.trustarc.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com *.abfrl.in *.abfrl.net *.trendin.com *.youtube.com; child-src pantaloons.imgix.net *.googleapis.com; worker-src localhost:3000 blob: *.vanheusenindia.com *.abfrl.in *.abfrl.net *.louisphilippe.com *.peterengland.com *.allensolly.com; prefetch-src *.googleapis.com *.abfrl.in assets.abfrlcdn.com imagescdn.abfrl.in connect.facebook.net cdn.yellowmessenger.com script.crazyegg.com 2 upgrade-insecure-requests; script-src 'wasm-unsafe-eval' 'unsafe-eval' 'self' 'unsafe-inline' *.yupaowang.com https://hm.baidu.com/hm.js *.wx.qq.com *.geevisit.com *.gsensebot.com *.geetest.com *.amap.com *.yupao.com ; style-src 'self' 'unsafe-inline' *.yupaowang.com static.geevisit.com; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; worker-src 'self' blob: ; 2 default-src 'self';script-src 'self' *.husky.ca *.husky.co *.episerver.net *.google.com *.google.co.in *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.licdn.com *.gstatic.com *.onetrust.com *.hs-analytics.net *.hs-banner.com https://cdn.cookielaw.org https://az416426.vo.msecnd.net https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://img.en25.com https://ajax.googleapis.com/ajax/libs/ https://code.jquery.com https://*.eloqua.com http://d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js *.hs-scripts.com https://cdn.gbqofs.com/husky/p/detector-dom.min.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://js.hsforms.net/forms/v2.js https://challenges.cloudflare.com/turnstile/v0/api.js https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://jelly.mdhv.io/ https://web-sdk-eu.aptrinsic.com/api/aptrinsic.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://forms.hsforms.com https://js.hsforms.net 'unsafe-inline' 'unsafe-eval';connect-src 'self' *.linkedin.com *.episerver.net *.google.com *.google.co.in *.google-analytics.com *.doubleclick.net *.services.visualstudio.com *.onetrust.com https://api.hubapi.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://forms.hscollectedforms.net https://cdn.cookielaw.org https://ws.sessioncam.com/ https://analytics.google.com/g/collect https://analytics.google.com https://api.hubapi.com https://cdn.cookielaw.org https://dc.services.visualstudio.com https://forms.hscollectedforms.net https://forms.hsforms.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.co.in https://www.google.com https://esp-eu.aptrinsic.com https://web-sdk-eu.aptrinsic.com;frame-src 'self' *.google.com *.google.co.in *.googletagmanager.com *.microsoftonline.com www.youtube.com *.spotify.com *.apple.com https://app.tealbook.com https://td.doubleclick.net https://challenges.cloudflare.com https://www.googletagmanager.com https://forms.hsforms.com https://js.hsforms.net https://app.powerbi.com https://content.powerapps.com ;style-src 'self' *.episerver.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://ajax.googleapis.com/ajax/libs/ https://maxcdn.bootstrapcdn.com https://web-sdk-eu.aptrinsic.com 'unsafe-inline';font-src 'self' https://fonts.gstatic.com *.cloudfront.net;img-src 'self' *.husky.ca *.husky.co *.episerver.net *.adsymptotic.com *.linkedin.com *.doubleclick.net *.google.com *.google.ca *.google.co.in *.googletagmanager.com *.google-analytics.com *.ytimg.com *.hsforms.com *.hubspot.com https://cdn.cookielaw.org https://img.en25.com https://s1893.t.eloqua.com https://ajax.googleapis.com/ajax/libs/ https://jelly.mdhv.io/ data:;object-src 'none';base-uri 'self'; upgrade-insecure-requests; 2 frame-ancestors 'self' http://localhost:3000 https://mni-editor-test.vercel.app https://cms.mnimarkets.com/ https://cms.marketnews.com 2 default-src'self; 2 frame-ancestors 'self'; object-src 'none'; base-uri 'self' 2 default-src * blob:; img-src * data: blob:; connect-src * wss: blob: resource:; frame-src *;script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline'; font-src * data:; 2 default-src 'self' https:; style-src-elem 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'wasm-unsafe-eval'; img-src 'self' data: https:; style-src-attr 'unsafe-inline'; font-src 'self' data: https:; frame-ancestors https://audi-admin.porsche-holding.com; connect-src 'self' https: wss: ws: data:; manifest-src 'self' https:; media-src 'self' https: data:; frame-src 'self' https:; upgrade-insecure-requests 2 default-src 'self'; script-src 'unsafe-eval' 'self' stats.aws.at unpkg.com www.google.com www.gstatic.com www.youtube.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com 'nonce-W59jk9Di9' 'nonce-fs4B35gA'; style-src 'self' 'unsafe-inline' fast.fonts.net unpkg.com fonts.gstatic.com; img-src 'self' data: unpkg.com *.tile.openstreetmap.org stats.aws.at; frame-src www.google.com www.youtube.com www.youtube-nocookie.com aws.jobbase.io aws.onlyfy.jobs letter.eyepin.com; font-src 'self' data: fast.fonts.net fonts.gstatic.com; connect-src 'self' stats.aws.at nominatim.openstreetmap.org api.mapbox.com letter.eyepin.com; frame-ancestors 'none' 2 default-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'self' stelter.ziflow.io cms.stelter.com; 2 frame-ancestors 'self' https://preprod-verdant.eventvr.fr/ https://preprod-obsidian.eventvr.fr/ https://preprod-ashblue.eventvr.fr/ https://preprod-amberlight.eventvr.fr/ https://www.forumretraite.groupama.fr/ https://www.forumretraite.ganpatrimoine.fr/ https://www.forumretraite.ganprevoyance.fr/ https://www.forumretraite.gan.fr/ 2 default-src 'self' ws: wss: https: data: 'unsafe-inline' 'unsafe-eval'; 2 frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 2 frame-ancestors thelibrarydistrict.org *.thelibrarydistrict.org lvccld.bibliocms.com *.lvccld.bibliocms.com d4804za1f1gw.cloudfront.net d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src thelibrarydistrict.org *.thelibrarydistrict.org lvccld.bibliocms.com *.lvccld.bibliocms.com d4804za1f1gw.cloudfront.net d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 2 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 2 default-src 'self' https://stm.smile.eu https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com https://www.youtube.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://b.tile.openstreetmap.org https://a.tile.openstreetmap.org https://c.tile.openstreetmap.org https://lh7-eu.googleusercontent.com https://maps.gstatic.com https://exceptions.hs-embed-reporting.com https://translate.google.com https://www.collinsdictionary.com https://www.facebook.com https://c.clarity.ms https://forms-na1.hubspot.com; connect-src 'self' https://static.hsappstatic.net https://forms.hsforms.com https://forms-na1.hsforms.com https://api.hubspot.com https://track.hubspot.com https://*.hubspot.com https://*.hs-banner.com https://*.linkedin.com https://*.pa-cd.com https://*.abtasty.com https://www.google-analytics.com https://www.googletagmanager.com https://stm.smile.eu; font-src *; img-src 'self' https://fonts.gstatic.com data: https://*.hubspot.com https://*.hsforms.com https://*.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://try.abtasty.com https://stm.smile.eu https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://js.hs-scripts.com https://js.hubspot.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.addtoany.com https://www.googletagmanager.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://static.addtoany.com https://unpkg.com js.hsforms.net unpkg.com https://bwkjgjr.pa-cd.com https://forms.hscollectedforms.net https://track.hubspot.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hsforms.com https://perf-na1.hsforms.com https://app.hubspot.com http://www.w3.org/2000/svg https://www.google.com https://www.gstatic.com data: https://forms-na1.hsforms.com/ https://forms-na1.hsforms.com https://try.abtasty.com https://www.clarity.ms https://analytics.tiktok.com https://api.livechatinc.com https://s.yimg.jp https://www.google-analytics.com https://cdn.qgraph.io https://script.infinity-tracking.com https://loader.wisepops.com https://connect.facebook.net https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://b92.yahoo.co.jp/ https://img.macromill.com https://platform.linkedin.com https://www.linkedin.com https://*.licdn.com https://stm.smile.eu https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com/pagead/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com 2 default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 2 default-src 'self' https://api.certspotter.com https://web.api.sslmate.com data: blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri https://web.api.sslmate.com/csp-report 2 default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: 'self' *; media-src *; object-src *; script-src data: 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 2 default-src 'self' https: 'unsafe-inline';img-src 'self' data: https:;font-src 'self' data: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:;object-src 'none';form-action 'self';frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2 frame-ancestors 'self' https://content.radiosystemscorporation.com https://www.google.com; style-src 'self' 'unsafe-inline' * 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; img-src https: data: ; worker-src blob: https: ; connect-src https: wss: 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2 default-src *; connect-src * blob: https://ajax.googleapis.com https://www.googletagmanager.com; font-src * data:; img-src * blob: data: https://ajax.googleapis.com; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; worker-src * https://ajax.googleapis.com; report-uri /System/API/ContentSecurityPolicy.php 2 upgrade-insecure-requests; frame-ancestors https://willowpointrehab.com; 2 default-src 'self' 'unsafe-inline' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.cookielaw.org www.googletagmanager.com sitime.componentsearchengine.com go.sitime.com player.vimeo.com/api/player.js js.driftt.com *.googlesyndication.com lltrck.com/scripts/lt-v3.js www.google-analytics.com www.youtube.com *.6sc.co *.6sense.com www.vimeo.com vimeo.com www.google.com www.gstatic.com documentcloud.adobe.com *.licdn.com script.crazyegg.com *.marketo.net d1af033869koo7.cloudfront.net bat.bing.com *.marketo.com turbo.engageclick.com www.clarity.ms *.247-inc.net *.sitime.com *.supplyframe.com *.vimeocdn.com *.bizible.com js-agent.newrelic.com *.visualwebsiteoptimizer.com www.redditstatic.com app.vwo.com stage-intellimatch.sitime.com st-static-tools-stage.herokuapp.com st-internal-png-stage.herokuapp.com st-static-tools-dev-4c07d454bc8a.herokuapp.com dev-tools.sitime.com staging-tools.sitime.com; object-src 'self'; style-src 'self' 'unsafe-inline' blob: data: fonts.googleapis.com go.sitime.com *.marketo.com *.sitime.com www.gstatic.com www.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com stage-intellimatch.sitime.com st-static-tools-stage.herokuapp.com st-internal-png-stage.herokuapp.com st-static-tools-dev-4c07d454bc8a.herokuapp.com dev-tools.sitime.com staging-tools.sitime.com; img-src 'self' 'unsafe-inline' blob: data: cdn.cookielaw.org sitime.componentsearchengine.com lltrck.com www.google-analytics.com *.vimeocdn.com px.ads.linkedin.com b.6sc.co *.bing.com *.247-inc.net *.clarity.ms *.sitime.com *.supplyframe.com *.marketo.com *.globenewswire.com *.businesswire.com *.bizible.com *.bizibly.com *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io alb.reddit.com www.googletagmanager.com; frame-src 'self' tools.sitime.com staging-tools.sitime.com sitime.azurewebsites.net intellimatch.sitime.com go.sitime.com player.vimeo.com js.driftt.com www.youtube.com www.google.com documentcloud.adobe.com sitime.componentsearchengine.com workforcenow.adp.com *.doubleclick.net d1af033869koo7.cloudfront.net dilp.netcomponents.com/ www.googletagmanager.com players.brightcove.net *.visualwebsiteoptimizer.com app.vwo.com stage-intellimatch.sitime.com st-static-tools-stage.herokuapp.com st-internal-png-stage.herokuapp.com st-static-tools-dev-4c07d454bc8a.herokuapp.com dev-tools.sitime.com staging-tools.sitime.com; child-src 'self' tools.sitime.com staging-tools.sitime.com sitime.azurewebsites.net intellimatch.sitime.com go.sitime.com player.vimeo.com js.driftt.com www.youtube.com blob: stage-intellimatch.sitime.com st-static-tools-stage.herokuapp.com st-internal-png-stage.herokuapp.com st-static-tools-dev-4c07d454bc8a.herokuapp.com dev-tools.sitime.com staging-tools.sitime.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cdn.cookielaw.org *.onetrust.com *.algolia.net *.algolianet.com *.googleadsyndication.com www.google-analytics.com *.googlesyndication.com tools.sitime.com *.6sc.co *.6sense.com *.vimeocdn.com viewlicense.adobe.io sitime.componentsearchengine.com *.doubleclick.net *.google.com px.ads.linkedin.com *.crazyegg.com d1af033869koo7.cloudfront.net *.247-inc.net *.mktoresp.com *.marketo.com *.clarity.ms bat.bing.com bam.nr-data.net *.visualwebsiteoptimizer.com app.vwo.com www.googletagmanager.com www.redditstatic.com pixel-config.reddit.com conversions-config.reddit.com; report-uri /report-csp-violation 2 default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; worker-src blob: 2 script-src 'self' 'unsafe-inline' http://js.hs-scripts.com http://js.hsforms.net https://cdn.cookielaw.org https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://static.addtoany.com https://www.google.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' 2 frame-ancestors 'self' http://localhost:3030 https://grate-cms.gr-dev.com https://grate-cms.dev.gri.rate.com https://grate-cms.prate-dev.com https://grate-cms.prate-stage.com https://grate-cms.gr-stage.com grate-cms-stage.dev.gri.rate.com https://grate-cms.gra-stage.com https://*.rate.com https://*.grarate.com https://*.properrate.com https://*.originpoint.com https://my.gr-dev.com/ https://www.my.gr-dev.com/ https://stage-my.guaranteedrate.com/ https://www.stage-my.guaranteedrate.com/ https://my.rate.com/ https://www.my.rate.com/ https://my.guaranteedrate.com/ https://www.my.guaranteedrate.com/ https://www.atproperties.com https://atproperties.com https://www.myatproperties.com https://myatproperties.com https://www.staging.atproperties.com https://staging.atproperties.com https://www.staging-website.myatproperties.com https://staging-website.myatproperties.com http://www.website.local http://website.local https://www.venturephilly.com https://venturephilly.com https://www.corcoranpacific.com https://corcoranpacific.com https://*.yextpages.net http://*.yextpages.net https://rcm.rockco.com https://www.yourhomehub.com/ https://yourhomehub.com https://kbhshomeloans.com https://www.kbhshomeloans.com https://citywidehomeloans.com https://www.citywidehomeloans.com https://citywidehm.com https://www.citywidehm.com https://certaintyhomeloans.com https://www.certaintyhomeloans.com https://premiarelocationmortgage.com https://www.premiarelocationmortgage.com https://equitymortgagegroup.com https://www.equitymortgagegroup.com https://ansleyre.com https://www.ansleyre.com https://owning.com https://www.owning.com https://advhypo.morningstar.com https://advhypo-uat.morningstar.com https://awsstghypo.morningstar.com https://awse2webqa.morningstar.com https://dev.certaintyhomelending.com https://staging.certaintyhomelending.com https://certaintyhomelending.com https://searchdfwareahomes.com https://www.searchdfwareahomes.com https://www.ericatexada.com https://www.sellatexashome.com https://ericatexada-brawnsterling.sites.erarealestate.com https://www.brawnsterling.com https://www.discoverrealestate.org https://www.corcoran.com https://www.remopacker.com https://remopacker.com https://www.onqhomeloans.com https://onqhomeloans.com https://onqfinancial.wpenginepowered.com 2 frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot hcaptcha.com *.hcaptcha.com *.nhsggc.org.uk msk.testing.nhsscotland.net; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 2 default-src 'self' cdn.staging.sigmasoftware.pp.ua cdn.sigma.software; script-src 'nonce-4baymDLvjSZ3laloZfZDVWhsD1kkLRm5' 'sha256-x5/Wpvmgi/b94lESssE71PTBYgd6Mx4P6NpAyLwz1qI=' 'sha256-HH/bz5PkgmJywIYn4ev/qmwwQ+qAFSt4jvF3vMNyzCc=' 'sha256-1VDFRQ4Ld2qO0b1bq1HR+WmTsA4+ndSkCyhXXikt9XM=' 'sha256-tM+MTwJg0/y7RZXRg1sBIZXKicmsojbDdlMxJ7Y2SEU=' 'sha256-FTNeBqquNuBhHaNZc8wTDo/rUGf3rCftdPtVU04t4YY=' 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.sigma.software sigma.software code.jquery.com www.googletagmanager.com geolocation.onetrust.com cdn.cookielaw.org cdn.staging.sigmasoftware.pp.ua staging.sigmasoftware.pp.ua maps.googleapis.com ipinfo.io bat.bing.com snap.licdn.com connect.facebook.net sc.lfeeder.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net api.w3-edge.com *.clarity.ms stackpath.bootstrapcdn.com ajax.googleapis.com www.behance.net api.behance.net ajax.aspnetcdn.com cse.google.com www.google.com clients1.google.com googleads.g.doubleclick.net *.googleadservices.com *.google.com yoast.com *.jotfor.ms blob:; style-src 'self' 'unsafe-inline' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software data: fonts.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com code.jquery.com cdn.jsdelivr.net www.google.com images.dmca.com; img-src 'self' 'unsafe-inline' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.staging.sigmasoftware.pp.ua cdn.cookielaw.org cdn.sigma.software sigma.software data: sc.lfeeder.com px.ads.linkedin.com *.bing.com www.facebook.com tr.lfeeder.com p.adsymptotic.com *.google-analytics.com *.analytics.google.com www.google.com www.google.com.ua *.gstatic.com www.googletagmanager.com maps.googleapis.com secure.gravatar.com wpmudev.com c.clarity.ms mir-s3-cdn-cf.behance.net assets.goodfirms.co www.googleapis.com clients1.google.com *.google.com googleads.g.doubleclick.net tr-rc.lfeeder.com bat.bing.net; font-src 'self' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software data: *.gstatic.com use.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net; frame-src 'self' 'unsafe-inline' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software *.jotform.com www.facebook.com www.youtube.com submit.jotformeu.com player.vimeo.com cse.google.com bid.g.doubleclick.net td.doubleclick.net www.googletagmanager.com; connect-src 'self' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se adservice.google.com googleads.g.doubleclick.net www.google.com ipinfo.io maps.googleapis.com *.google-analytics.com *.analytics.google.com cdn.staging.sigmasoftware.pp.ua cdn.sigma.software sigma.software stats.g.doubleclick.net yoast.com cdn.cookielaw.org *.clarity.ms geolocation.onetrust.com www.facebook.com privacyportal-eu.onetrust.com bat.bing.com cse.google.com cdn.linkedin.oribi.io analytics.google.com pagead2.googlesyndication.com my.yoast.com *.hotjar.io *.hotjar.com *.googleadservices.com wss://ws.hotjar.com px.ads.linkedin.com bat.bing.net; base-uri 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.google.at *.google.be *.google.bg *.google.hr *.google.com.cy *.google.cz *.google.dk *.google.ee *.google.fi *.google.fr *.google.de *.google.gr *.google.hu *.google.ie *.google.it *.google.lv *.google.lt *.google.lu *.google.com.mt *.google.nl *.google.pl *.google.pt *.google.ro *.google.sk *.google.si *.google.es *.google.se cdn.sigma.software sigma.software code.jquery.com www.googletagmanager.com geolocation.onetrust.com cdn.cookielaw.org cdn.staging.sigmasoftware.pp.ua staging.sigmasoftware.pp.ua maps.googleapis.com ipinfo.io bat.bing.com snap.licdn.com connect.facebook.net sc.lfeeder.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net api.w3-edge.com *.clarity.ms stackpath.bootstrapcdn.com ajax.googleapis.com www.behance.net api.behance.net ajax.aspnetcdn.com cse.google.com www.google.com clients1.google.com googleads.g.doubleclick.net *.googleadservices.com *.google.com yoast.com px.ads.linkedin.com *.hotjar.com *.googlesyndication.com *.jotfor.ms blob:; 2 frame-ancestors 'self' https://app.makeswift.com 2 connect-src 'self' *;default-src * *;img-src 'self' data: *.dataweavers.io *;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.dataweavers.io *.googleapis.com data: *;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.dataweavers.io * *.peoplefirstbank.com.au; 2 default-src https:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: blob:; worker-src blob:; font-src data: https:; report-uri /internal/csp_report; connect-src https: wss://ws.beaconama.net; frame-ancestors https://tradeshowkiosk.badgermeter.com/ 2 frame-ancestors https://*.mofosnetwork.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com ssl.google-analytics.com cdnjs.cloudflare.com waust.at *.waust.at amung.us *.amung.us s3.deovr.com mechbunny.com ie7-js.googlecode.com *.jwpcdn.com ssl.p.jwpcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com s3.deovr.com mechbunny.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: https://www.lesbians666.com https://lesbians666.com whos.amung.us *.mmcdn.com *.googletagmanager.com *.chaturbate.com thumb.live.mmcdn.com; frame-src 'self' *.chaturbate.com chaturbate.com *.pornhub.com embed.pornhub.com www.mechbunny.com *.redgifs.com redgifs.com *.bngdin.com bngdin.com *.xhamster.com xhamster.com *.hclips.com hclips.com *.spankbang.com spankbang.com *.xvideos.com xvideos.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net waust.at; object-src 'none'; base-uri 'self' 2 upgrade-insecure-requests; default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' *.flipaio.de *.seniorenportal.de; object-src 'none'; frame-ancestors 'self' *.flipaio.de *.seniorenportal.de 2 script-src http: https: https://www.petit-fernand.it/ 'unsafe-eval' *.adyen.com 'unsafe-inline' mpsnare.iesnare.com https://*.iadvize.com; style-src 'self' blob: https: 'unsafe-inline' https://www.petit-fernand.it/ https://*.iadvize.com; img-src data: http: https: blob: https://*.iadvize.com; object-src 'none'; base-uri https://cmonetiquette.matomo.cloud; child-src 'self'; font-src data: 'self' fonts.gstatic.com https://*.iadvize.com; frame-src *; frame-ancestors 'self' https://www.terredemarins.fr/; 2 base-uri 'self'; default-src 'self' *.airdolomiti.it *.airdolomiti.eu *.airdolomiti.de https://www.google.it https://www.google.de https://*.google.com https://*.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://dynamic.criteo.com https://consent.cookiebot.com https://*.criteo.com https://*.doubleclick.net https://*.h-care.eu https://consentcdn.cookiebot.com www.google-analytics.com unpkg.com https://*.googlesyndication.com https://www.google.com https://*.elmobot.eu analytics.tiktok.com https://bat.bing.com https://www.clarity.ms ; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://api.airdolomiti.it https://applogs.sdch.develondigital.com https://*.geocode.earth https://consentcdn.cookiebot.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clarity.ms https://engagent.h-care.eu https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com wss://engagent.h-care.eu https://www.google.com https://pagead2.googlesyndication.com https://*.privacylab.it https://*.elmobot.eu https://*.airdolomiti.it https://*.airdolomiti.eu https://*.airdolomiti.de https://ad.doubleclick.net https://analytics.tiktok.com https://measurement-api.criteo.com https://bat.bing.net https://bat.bing.com https://analytics-ipv6.tiktokw.us https://c.clarity.ms https://gum.criteo.com https://sync.1rx.io https://www.googleadservice.com ; font-src data: 'self' https://fonts.gstatic.com https://engagent.h-care.eu ; frame-src 'self' https://www.google.com https://recaptcha.google.com/recaptcha/ https://www.googletagmanager.com https://consentcdn.cookiebot.com https://www.facebook.com https://*.doubleclick.net https://gum.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://apps.joinsherpa.io https://engagent.h-care.eu https://widget.spreaker.com https://td.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://fledge.criteo.com https://fledge.eu.criteo.com https://youtube.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://engagent.h-care.eu ; form-action https://*.airdolomiti.it https://*.airdolomiti.de https://*.airdolomiti.eu https://book.en.amadeus.com https://www.facebook.com ; object-src engagent.h-care.eu; img-src 'self' data: https://*.airdolomiti.it https://*.airdolomiti.de https://*.airdolomiti.eu https://www.google-analytics.com https://www.facebook.com www.google.com https://analytics.google.com https://www.google.de https://googleads.g.doubleclick.net https://www.google.it https://engagent.h-care.eu https://cm.g.doubleclick.net https://sync.outbrain.com https://criteo-sync.teads.tv https://ups.analytics.yahoo.com https://cm.adform.net https://gum.criteo.com https://criteo-partners.tremorhub.com https://sync-criteo.ads.yieldmo.com https://imgsct.cookiebot.com https://*.privacylab.it https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://ad.360yield.com https://ad.doubleclick.net https://ad.yieldlab.net https://contextual.media.net https://eb2.3lift.com https://exchange.mediavine.com https://id5-sync.com https://jadserve.postrelease.com https://pixel.rubiconproject.com https://r.casalemedia.com https://simage2.pubmatic.com https://sync-t1.taboola.com https://sync.1rx.io https://www.googletagmanager.com https://x.bidswitch.net https://bat.bing.com https://ad.doubleclick.net https://rtb-csync.smartadserver.com https://www.googleadservice.com https://c.clarity.ms 2 frame-ancestors 'self' https://stat.seedwebs.com; 2 style-src *.oktacdn.com *.onetrust.com *.five9.com *.five9.net drivindealer.com https://www.autocheck.com https://service.force.com https://maxcdn.bootstrapcdn.com https://*.vauto.com *.coxautoinc.com *.salesforceliveagent.com *.google-analytics.com *.amazonaws.com *.adesa.com *.kar-hosting.com *.openlane.com *.walkme.com d3b3ehuo35wzeh.cloudfront.net d23hg7shjgee1t.cloudfront.net d17jiyme3nuvu6.cloudfront.net *.google-analytics.com d1pbabo9xtn2jv.cloudfront.net d1juah2crhkf49.cloudfront.net d2osjqv7vgkgrl.cloudfront.net appresource.standard-auctiongenius-np.com appresource.standard-auctiongenius.com *.googleapis.com *.fontawesome.com *.cloudflare.com *.intercomcdn.com *.intercom.io 'self' 'unsafe-inline' *.gmfdealersource.com *.dealersource.com 2 script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' publish-p53544-e423795.adobeaemcloud.com publish-p53544-e423852.adobeaemcloud.com s7.addthis.com j.6sc.co www.googletagmanager.com secure.ship7oven.com z.moatads.com m.addthis.com player.vimeo.com v1.addthisedge.com go.prounlimited.com documentcloud.adobe.com www.google-analytics.com ajax.cloudflare.com www.google.com www.gstatic.com www.googleadservices.com platform.twitter.com munchkin.marketo.net static.ads-twitter.com static.ads-twitter.com snap.licdn.com cdn.jsdelivr.net documentservices.adobe.com static.hotjar.com script.hotjar.com assets.adoberesource.net assets.adoberesources.net privacyportalde-cdn.onetrust.com *.d41.co tracking.intentsify.io acrobatservices.adobe.com *.rlcdn.com *.onetrust.com *.cookielaw.org *.usbrowserspeed.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get.mycounter.ua https://*.googletagmanager.com https://*.google-analytics.com https://*.speedtestcustom.com; img-src * data: ; style-src 'self' 'unsafe-inline' https://*.speedtestcustom.com; frame-src 'self' https://maps.google.com https://www.google.com https://*.speedtestcustom.com; connect-src 'self' https://www.google-analytics.com https://*.speedtestcustom.com; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://pagead2.googlesyndication.com https://scripts.clarity.ms/0.8.33/clarity.js https://sgtm.365.bank https://sgtm.365.bank/g/ https://fonts.gstatic.com https://fonts.googleapis.com https://365.bank https://boarding.sk https://365.bank/boardingapp/ https://*.luigisbox.com https://api.luigisbox.com https://www.googletagmanager.com https://p.teads.tv https://api.ipify.org https://s2.adform.net https://connect.facebook.net https://www.clarity.ms https://api.adalytics.adastra.digital https://bat.bing.com https://track.adform.net https://www.facebook.com https://q.clarity.ms https://googleads.g.doubleclick.net https://static.hotjar.com https://analytics.tiktok.com https://s.pinimg.com https://www.google.com https://www.gstatic.com https://blocked.pabk.sk https://unpkg.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.exponea.com https://track.exponea.com https://api.exponea.com https://sdk.exponea.com https://collector.exponea.com 2 report-uri https://chalet.report-uri.com/r/d/csp/reportOnly; default-src 'self' data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.nl https://*.gstatic.com https://*.googleapis.com https://*.ingest.sentry.io https://sentry.io https://t.chalet.nl https://t.chalet.be https://t.chaletonline.de https://t.chaletonline.com https://t.zomerhuisje.nl https://pagead2.googlesyndication.com https://squeezely.tech https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://*.livechatinc.com https://bat.bing.net https://google.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.chalet.nl https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://squeezely.tech https://*.awin1.com https://*.dwin1.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net http://connect.facebook.net https://*.livechatinc.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://player.vimeo.com https://bat.bing.com https://bat.bing.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.chalet.nl https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com https://squeezely.tech https://*.awin1.com https://*.dwin1.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net http://connect.facebook.net https://*.livechatinc.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://player.vimeo.com https://bat.bing.com https://bat.bing.net; style-src 'self' 'unsafe-inline' data: https://*.googletagmanager.com https://*.googleapis.com https://static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://*.livechatinc.com; img-src 'self' data: https://www.chalet.nl https://*.awin1.com https://*.dwin1.com https://*.matterport.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.ggpht.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.googleadservices.com https://*.squeezely.tech https://static.hotjar.com https://script.hotjar.com https://www.facebook.com https://connect.facebook.net https://*.livechatinc.com https://livechat.s3.amazonaws.com https://*.livechat-files.com https://*.livechat-static.com https://cdnjs.cloudflare.com https://*.tradetracker.net https://uicdn.toast.com https://i.vimeocdn.com https://cdn.tourploeg.nl https://my.matterport.com https://bat.bing.net https://google.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; media-src 'self' data: https://cdn.livechatinc.com; frame-src 'self' https://*.google.com https://td.doubleclick.net https://www.googletagmanager.com https://tpc.googlesyndication.com https://www.youtube.com https://vars.hotjar.com https://www.facebook.com https://*.livechatinc.com https://player.vimeo.com https://my.matterport.com https://verzekeringskaarten.nl https://t.chalet.nl https://t.chalet.be https://t.chaletonline.de https://t.chaletonline.com; base-uri 'none' 2 default-src 'self' reserve.sandsresortsmacao.com; worker-src 'self' blob:; connect-src 'self' ad.doubleclick.net bat.bing.net insight.adsrvr.org ampcid.google.com.hk reserve.sandsresortsmacao.com assets.sandsresortsmacao.cn *.wistia.com *.google.com stats.g.doubleclick.net *.litix.io www.google-analytics.com bat.bing.com i.ctnsnet.com; frame-src 'self' *.adsrvr.org *.doubleclick.net www.googletagmanager.com consentag.eu; img-src 'self' ib.adnxs.com bat.bing.net data: *.sandsresortsmacao.cn www.google.com.hk www.google-analytics.com www.googletagmanager.com *.wistia.com *.doubleclick.net bat.bing.com *.tribalfusion.com www.facebook.com *.google.com fourier.alibaba.com hm.baidu.com sp.analytics.yahoo.com; font-src 'self' data: assets.sandsresortsmacao.cn img.yzcdn.cn; media-src 'self' assets.sandsresortsmacao.cn blob:; style-src 'self' 'unsafe-inline' assets.sandsresortsmacao.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tribalfusion.com *.ipinyou.com *.sentry-cdn.com assets.sandsresortsmacao.cn bat.bing.com bj.openstorage.cn cdn.ctnsnet.com cdnjs.cloudflare.com connect.facebook.net consentag.eu fast.wistia.com googleads.g.doubleclick.net js.adsrvr.org s.salecycle.com s.yimg.com tags.tiqcdn.cn tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com g.alicdn.com cf.aliyun.com ynuf.aliapp.org *.tdum.alibaba.com www.googleadservices.com ampcid.google.com.hk hm.baidu.com fxgate.baidu.com js.queentm.com customs.affilired.com i.ctnsnet.com https://g.alicdn.com cf.aliyun.com ynuf.aliapp.org *.tdum.alibaba.com www.google.com.hk www.google.com sp.analytics.yahoo.com; 2 child-src 'self'; connect-src 'self' *.analytics.google.com *.aptrinsic.com *.cookiebot.com *.decibelinsight.net *.flippingbook.com *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.hotjar.com *.interactive-img.com *.kampyle.com *.litix.io *.medallia.eu *.mouseflow.com *.pure.cloud *.reciteme.com *.veritonicmetrics.com/ *.wistia.com *.wistia.net api.srv247app.com ask.hotjar.io cdn.jsdelivr.net chats.landbot.io https://atr-eu.veritonicmetrics.com/ https://cdn.veritonic.com/ https://content.hotjar.io https://dc.services.visualstudio.com https://kappa-nwl-webapp1-prod.azurewebsites.net https://metrics.hotjar.io/ https://stats.g.doubleclick.net https://vc.hotjar.io https://webservices.data-8.co.uk https://www.googletagmanager.com ib.adnxs.com interactive-img.com js.monitor.azure.com kappa-esw-webapp1-prod.azurewebsites.net messages.landbot.io sitepixel.blis.com stats.g.doubleclick.net surveystats.hotjar.io tr.blismedia.com welcome.landbot.io wss://collection.decibelinsight.net wss://webmessaging.euw2.pure.cloud wss://ws.hotjar.com www.nwl.co.uk; default-src 'self' *.apple.com https://www.googletagmanager.com nowa02mstrou583prod-slot.dxcloud.episerver.net www.nwl.co.uk; font-src 'self' data: *.cloudfront.net *.gstatic.com *.hotjar.com *.kampyle.com *.medallia.eu *.reciteme.com *.survicate.com *.wistia.com *.wistia.net cdn.landbot.io cdn.scite.a cdn.scite.ai pouch-global-font-assets.s3.eu-central-1.amazonaws.com; frame-src 'self' *.cookiebot.com *.flippingbook.com *.google.com *.kampyle.com *.medallia.eu *.mimecastprotect.com *.pure.cloud *.realexpayments.com *.wistia.com *.wistia.net app.powerbi.com biteable.com forms.office.com https://kappa-nwl-webapp1-prod.azurewebsites.net kappa-esw-webapp1-prod.azurewebsites.net td.doubleclick.net view.pagetiger.com www.watersafe.org.uk www.youtube-nocookie.com www.youtube.com; img-src 'self' data: *.adnxs.com *.cloudfront.net *.cookiebot.com *.facebook.com *.flippingbook.com *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.gstatic.com *.interactive-img.com *.kampyle.com *.medallia.eu *.reciteme.com *.wistia.com *.wistia.net cdn.honey.io https://www.googletagmanager.com i.ytimg.com interactive-img.com nowa02mstrou583prod-slot.dxcloud.episerver.net sitepixel.blis.com static.landbot.io stats.g.doubleclick.net td-prep.nwl.co.uk tr.blismedia.com www.google.ch www.google.fr www.google.ie www.google.pl www.nwl.co.uk; media-src 'self' blob: data: *.reciteme.com *.wistia.com *.wistia.net www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adnxs.com *.aptrinsic.com *.cloudfront.net *.cookiebot.com *.decibelinsight.net *.episerver.net *.flippingbook.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.hotjar.com *.interactive-img.com *.kampyle.com *.medallia.eu *.mouseflow.com *.pure.cloud *.reciteme.com *.sentry-cdn.com *.survicate.com *.wistia.com *.wistia.net auth.lrcontent.com cdn.jsdelivr.net cdn.landbot.io cdnjs.cloudflare.com connect.facebook.net data1.oitep.com https://*.msecnd.net https://cdn.veritonic.com/ https://dc.services.visualstudio.com https://webservices.data-8.co.uk https://www.googletagmanager.com interactive-img.com js-agent.newrelic.com js.monitor.azure.com nowa02mstrou583prod-slot.dxcloud.episerver.net sitepixel.blis.com tr.blismedia.com www.nwl.co.uk www.pagespeed-mod.com; style-src 'self' 'unsafe-inline' *.aptrinsic.com *.episerver.net *.googleapis.com *.gstatic.com *.kampyle.com *.medallia.eu *.reciteme.com *.survicate.com cdn.honey.io cdn.jsdelivr.net cdn.landbot.io https://www.googletagmanager.com nowa02mstrou583prod-slot.dxcloud.episerver.net www.nwl.co.uk; worker-src blob:; base-uri *.kampyle.com *.medallia.eu; 2 default-src 'self' https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline' data:; img-src * data: blob:; font-src https: data:; connect-src https: wss: data:; media-src https: blob: data:; frame-src https:; object-src 'none'; base-uri 'self'; frame-ancestors *; 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bulgarianproperties.bg *.bulgarianproperties.com *.bulgarianproperties.ru *.bulgarianproperties.com.ua *.dir.bg *.unpkg.com *.getfloorplan.com *.planner5d.com *.web.app cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com *.google.com *.google.bg *.youtube.com *.instagram.com *.gstatic.com *.office.com *.ytimg.com *.googleapis.com cdninstagram.com platform.twitter.com *.istaging.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.facebook.com *.googlevideo.com *.youtube-nocookie.com *.matterport.com ; style-src 'self' 'unsafe-inline' *.bulgarianproperties.bg *.bulgarianproperties.com *.bulgarianproperties.ru *.bulgarianproperties.com.ua *.dir.bg *.unpkg.com *.getfloorplan.com *.planner5d.com *.web.app cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com *.google.com *.google.bg *.youtube.com *.instagram.com *.gstatic.com *.office.com *.ytimg.com *.googleapis.com cdninstagram.com platform.twitter.com *.istaging.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.facebook.com *.googlevideo.com *.youtube-nocookie.com *.matterport.com; font-src 'self' *.bulgarianproperties.bg *.bulgarianproperties.com *.bulgarianproperties.ru *.bulgarianproperties.com.ua *.dir.bg *.unpkg.com *.getfloorplan.com *.planner5d.com *.web.app cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com *.google.com *.google.bg *.youtube.com *.instagram.com *.gstatic.com *.office.com *.ytimg.com *.googleapis.com cdninstagram.com platform.twitter.com *.istaging.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.facebook.com *.googlevideo.com *.youtube-nocookie.com *.matterport.com; img-src 'self' *.bulgarianproperties.bg *.bulgarianproperties.com *.bulgarianproperties.ru *.bulgarianproperties.com.ua *.dir.bg *.unpkg.com *.getfloorplan.com *.planner5d.com *.web.app cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com *.google.com *.google.bg *.youtube.com *.instagram.com *.gstatic.com *.office.com *.ytimg.com *.googleapis.com cdninstagram.com platform.twitter.com *.istaging.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.facebook.com *.googlevideo.com *.youtube-nocookie.com *.matterport.com; object-src 'self' *.bulgarianproperties.bg *.bulgarianproperties.com *.bulgarianproperties.ru *.bulgarianproperties.com.ua *.dir.bg *.unpkg.com *.getfloorplan.com *.planner5d.com *.web.app cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com *.google.com *.google.bg *.youtube.com *.instagram.com *.gstatic.com *.office.com *.ytimg.com *.googleapis.com cdninstagram.com platform.twitter.com *.istaging.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.facebook.com *.googlevideo.com *.youtube-nocookie.com *.matterport.com; connect-src 'self' *.bulgarianproperties.bg *.bulgarianproperties.com *.bulgarianproperties.ru *.bulgarianproperties.com.ua *.dir.bg *.unpkg.com *.getfloorplan.com *.planner5d.com *.web.app cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com *.google.com *.google.bg *.youtube.com *.instagram.com *.gstatic.com *.office.com *.ytimg.com *.googleapis.com cdninstagram.com platform.twitter.com *.istaging.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.facebook.com *.googlevideo.com *.youtube-nocookie.com *.matterport.com; frame-src 'self' *.bulgarianproperties.bg *.bulgarianproperties.com *.bulgarianproperties.ru *.bulgarianproperties.com.ua *.dir.bg *.unpkg.com *.getfloorplan.com *.planner5d.com *.web.app cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com *.google.com *.google.bg *.youtube.com *.instagram.com *.gstatic.com *.office.com *.ytimg.com *.googleapis.com cdninstagram.com platform.twitter.com *.istaging.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.facebook.com *.googlevideo.com *.youtube-nocookie.com *.matterport.com; frame-ancestors 'self' *.bulgarianproperties.bg *.bulgarianproperties.com *.bulgarianproperties.ru *.bulgarianproperties.com.ua *.dir.bg *.unpkg.com *.getfloorplan.com *.planner5d.com *.web.app cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com *.google.com *.google.bg *.youtube.com *.instagram.com *.gstatic.com *.office.com *.ytimg.com *.googleapis.com cdninstagram.com platform.twitter.com *.istaging.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com connect.facebook.net *.doubleclick.net *.facebook.com *.googlevideo.com *.youtube-nocookie.com *.matterport.com ; 2 frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-modals; default-src 'self'; base-uri 'none'; script-src 'self' 'unsafe-inline'; 2 'self' *.model-t.cc.commerce.ondemand.com 2 default-src 'self' *.infinity-tracking.net *.infinity-tracking.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com static.cloudflareinsights.com *.licdn.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.infinity-tracking.com *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp *.plavxml.com *.onetrust.com *.cookielaw.org js.monitor.azure.com *.msecnd.net *.hscta.net tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com cdn.userway.org static.hsappstatic.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com tags.srv.stackadapt.com *.hubspotusercontent-na1.net; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.ediscovery.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp *.onetrust.com *.cookielaw.org tags.srv.stackadapt.com; media-src 'self' data: blob: *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com *.ediscovery.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.youtube-nocookie.com youtube-nocookie.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.doubleclick.net *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net forms.monday.com; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.infinity-tracking.com *.hsforms.com blob:; connect-src 'self' wss: *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com cloudflareinsights.com *.infinity-tracking.net *.infinity-tracking.com google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com *.onetrust.com *.cookielaw.org tags.srv.stackadapt.com *.hs-sites.com *.azure.com *.hsappstatic.net *.cloudflare.com *.bootstrapcdn.com api.userway.org; 2 frame-ancestors https://plm.corp.global https://plm.corp.global:4430 https://partmatrix.ad.corp.global https://partmatrix.ad.corp.global:2100 https://partmatrix.ad.corp.global:3100 https://nva-av-partm01p.ad.corp.global:3100 https://plmuat.corp.global https://plmuat.corp.global:4430 https://plmuat.corp.global:443 https://partmatrixawsdev.ad.corp.global:8100 https://partmatrixawsdev.ad.corp.global https://plmdr.corp.global https://plmtrn.corp.global https://staging.portal.mythermoking.com https://nva-av-tkweb1pr.ad.corp.global https://login.microsoftonline.com https://hub.tranetechnologies.com 2 default-src 'self' ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.esputnik.com *.cloudflare