Values for content-security-policy:
upgrade-insecure-requests 7,351
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 5,288
upgrade-insecure-requests; 3,927
frame-ancestors 'self' 2,295
block-all-mixed-content 1,559
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 858
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 514
frame-ancestors 'self'; 509
frame-ancestors 'none' 404
default-src https: data: 'unsafe-inline' 'unsafe-eval' 317
255
block-all-mixed-content; 193
default-src * data: 'unsafe-eval' 'unsafe-inline' 167
frame-ancestors 'self' ; 152
img-src https: data:; upgrade-insecure-requests 151
frame-ancestors 'none'; 133
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests; 131
report-uri /report-csp-violation 131
upgrade-insecure-requests; frame-ancestors 'self' 114
frame-ancestors 'self' http://webvisor.com 113
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 94
frame-ancestors 'self' https://app.kajabi.com 85
default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 76
frame-ancestors 'self'; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 74
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 65
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 57
frame-ancestors 'self' live.sagepay.com 56
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://bam.nr-data.net https://chaturbateapps.disqus.com https://*.disquscdn.com https://disqus.com https://certify-js.alexametrics.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.disquscdn.com ;  img-src 'self' data: https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://bam.nr-data.net https://*.disquscdn.com https://links.services.disqus.com https://referrer.disqus.com https://certify.alexametrics.com ;  font-src 'self' data: https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ;  connect-src 'self' blob: blob https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://bam.nr-data.net https://*.chaturbate.com https://chaturbate.com wss://recommend.chaturbate.com:8443 https://www.google-analytics.com https://links.services.disqus.com sentry.io https://cbvideoupload.s3-accelerate.amazonaws.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  media-src 'self' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.highwebmedia.com https://download.macromedia.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://disqus.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ;  manifest-src 'self' https://*.highwebmedia.com ;  report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 52
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 51
frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com 50
frame-ancestors about: 'self' 50
frame-ancestors 'self' *.google.com *.googleusercontent.com 47
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 43
self 40
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 37
default-src 'self' http: https: data: blob: 'unsafe-inline' 36
default-src 'self' 35
default-src 'self'; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 34
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net; 34
* 33
frame-ancestors 'self'; upgrade-insecure-requests 31
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.git.pepabo.com media.git.pepabo.com www.githubstatus.com git.pepabo.com wss://git.pepabo.com; font-src assets.git.pepabo.com; form-action 'self' git.pepabo.com gist.git.pepabo.com pages.git.pepabo.com; frame-ancestors 'none'; frame-src render.git.pepabo.com; img-src * data:; manifest-src 'self'; media-src 'none'; script-src assets.git.pepabo.com; style-src 'unsafe-inline' assets.git.pepabo.com 31
frame-ancestors https://*.poki.io http://localhost:1234 30
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js 29
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 28
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.exosrv.com *.realsrv.com *.adtng.com *.adglare.net *.bngpt.com *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com servingmillions.com super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com; 25
script-src 'self'    25
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 25
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:;  23
default-src 'self'; connect-src https:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 23
frame-ancestors 'self' hubpages.com tatring.com marinascats.com pethelpful.com bellatory.com delishably.com dengarden.com axleaddict.com levelskip.com exemplore.com reelrundown.com toughnickel.com caloriebee.com stylemountain.com feltmagnet.com spinditty.com wehavekids.com kindredbond.com healdove.com turbofuture.com wanderwisdom.com letterpile.com holidappy.com pairedlife.com owlcation.com soapboxie.com hobbylark.com skyaboveus.com howtheyplay.com hubpageshelp.com remedygrove.com equalstyle.com healthproadvice.com youmemindbody.com patientslounge.com 22
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 22
frame-ancestors * 22
frame-ancestors 'self' azeu.marketing.adobe.com 22
frame-ancestors 'self' https://widget.stackla.com https://app-sj14.marketo.com https://store.nvidia.com https://resources.nvidia.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com https://www.nvidia.cn https://wwwqa.nvidia.com https://preview.nvidia.com https://www.nvidia.com https://events.rainfocus.com https://store.nvidia.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in; 21
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 21
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 20
script-src *; 20
upgrade-insecure-requests; block-all-mixed-content; 19
default-src 'none'; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; connect-src 'self' wss://*.socialengagementcoaching.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com 19
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 19
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 18
default-src 'none' 18
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 18
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 18
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 18
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 18
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 17
default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net *.edge-cdn.net s.ytimg.com *.multichannelacd.de lidl.media01.eu form.lidl.com *.lidl.com *.ccmp.eu *.lidl *.lidl.net d.adroll.mgr.consensu.org www.googleadservices.com lidlqform.omax.cz track.adform.net *.lidl-flyer.com *.google-analytics.com *.bing.com *.virtualearth.net *.googletagmanager.com tagmanager.google.com assets.zendesk.com connect.facebook.net *.cookiebot.com *.secrz.de *.google-analytics.com connect.facebook.net c.imedia.cz www.dwin1.com www.youtube.com ads.yahoo.com advdl.ammadv.it cm.g.doubleclick.net d.adroll.com s.adroll.com us-u.openx.net lidlplus-prod-api.azurewebsites.net; img-src 'self' data: lidlplusprod.blob.core.windows.net *.edge-cdn.net *.lidl *.lidl.net *.ccmp.eu *.lidl.com *.lidl-flyer.com *.google-analytics.com *.bing.com *.virtualearth.net *.osm.org *.openstreetmap.org track.adform.net www.googletagmanager.com *.doubleclick.net s-static.ak.facebook.com assets.zendesk.com *.secrz.de *.google-analytics.com www.facebook.com c.imedia.cz x.bidswitch.net advdl.ammadv.it d.adroll.com idsync.rlcdn.com ib.adnxs.com stats.g.doubleclick.net lidlplusstoragestaging.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net; style-src 'self' 'unsafe-inline' form.lidl.com fonts.googleapis.com *.bing.com assets.zendesk.com *.secrz.de; font-src 'self' 'unsafe-inline' form.lidl.com data: themes.googleusercontent.com fonts.gstatic.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' content.lidlplus.com appgateway.lidlplus.com *.video-cdn.net *.analytics.edgekey.net *.edge-cdn.net *.multichannelacd.de lidl.media01.eu form.lidl.com *.lidl *.test *.lidl.net *.lidl.com *.bing.com *.ccmp.eu *.virtualearth.net *.osm.org *.openstreetmap.org *.secrz.de *.google-analytics.com lidlplus-uat-api.azurewebsites.net lidlplus-prod-api.azurewebsites.net; frame-ancestors 'self' *.lidl *.ccmp.eu *.lidl.com *.test *.lidl.net *.bing.com *.googletagmanager.com *.secrz.de *.google-analytics.com *.poi-service.de *.lidl.ch website-lidl-account-dev.azurewebsites.net accounts-stg.lidl.com accounts-qa.lidl.com accounts-uat.lidl.com accounts.lidl.com; 17
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 17
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 16
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; 16
frame-ancestors self 16
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 16
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 16
frame-ancestors 'self' https://sage.pathfactory.com; 16
frame-ancestors https:; 16
default-src https: 'unsafe-inline' 'unsafe-eval' 16
frame-ancestors https://*.ionos.at https://*.ionos.co.uk https://*.ionos.com https://*.ionos.de https://*.ionos.it https://*.ionos.mx https://*.ionos.fr https://*.ionos.es https://*.ionos.ca https://*.ionos.us 16
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 15
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 15
img-src * data: blob:; 15
report-uri //report-csp-violation 15
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 15
frame-ancestors  'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 14
upgrade-insecure-requests; block-all-mixed-content 14
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 14
frame-ancestors 'self' https://*.adobe.com 14
default-src 'self' 'unsafe-inline'; 14
policy-definition 14
frame-ancestors accounts.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 'self' 14
child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv; frame-ancestors 'self' https://b2b.verizonmedia.com 13
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 13
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 13
default-src 'self'; script-src 'self' 'unsafe-inline' 13
prefetch-src *.metartnetwork.com; default-src 'self' blob: *.metartnetwork.com; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metartnetwork.com *.metart.network *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com *.zdassets.com; worker-src 'self' data: blob: wss:; object-src 'none' 13
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 13
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self' 13
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; 13
frame-ancestors 'self'; img-src 'self' i.notino.com cdn.notinoimg.com blob: data: *; 13
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 12
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com; 12
img-src data: https: 12
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 12
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 12
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com  http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe  https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com  https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js  https://ajax.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com;frame-src 'self' https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://cdn.quantummetric.com/qscripts/quantum-seaworld.js https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/; 12
referrer origin 12
default-src http: data: 'unsafe-inline' 'unsafe-eval' 12
default-src 'none' ; child-src 'self' *.ihk.de  ; connect-src 'self' *.ihk.de live.c3networking.de ihk-ar.ycms.rocks wss://chat.userlike.com/chat/ *.etracker.de b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com cdn.contentful.com pam.ihk-schleswig-holstein.de *.google-analytics.com *.dvinci-hr.com *.ihk24.de *.userlike.com *.twitter.com expertenpool.automatisierungsregion.de static.dvinci-easy.com *.googleapis.com *.b-ite.com *.newsletter2go.com www.powr.io  ; default-src *.ihk.de  ; font-src 'self' data: ihk-ar.ycms.rocks *.googleapis.com dq4irj27fs462.cloudfront.net *.gstatic.com  ; form-action 'self' *.ihk.de *.highcharts.com *.twitter.com www.tfaforms.com www.forschungsfinder-hessen.de routenplaner.bus-bahn-thueringen.de *.wirecard.com *.ihk24.de web.ihk-pfalz.net  ; frame-src 'self' www.ihk-lehrstellenboerse.de  24703.online-adventskalender.de www.etermin.net www.forschungsfinder-hessen.de livestream.watch/vp/nachhaltigkeitsdialog.html *.wahlplus.de *.google.de www.berufe.tv hk24.perbit-job.de *.twitter.com ihk.selbstdenker.com walls.io *.bright-guide.de www.leg-thueringen.de detmold.ihk-beitragsrechner.de www.ihk-ecofinder.de www.hk24.de covid19.webtvcampus.de www.ihkac-anwendungen.de *.ihk.de consentcdn.cookiebot.com *.vimeo.com b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com ihk-schwerin.wahlplus.de www.onlinebewerbungsserver.de hk24.perbit-job.de  www.gatewatch.eu www.ihk-praktikumsportal.de *.flickr.com geoportal-hamburg.de w.soundcloud.com static-exp1.licdn.com *.xing-events.com vimeo.com *.exmap.de isi.hdb-hamburg.de *.highcharts.com *.facebook.com www.plattform-i40.de www.finest-jobs.com link.webropolsurveys.com *.youtube.com ihk-potsdam.perbit-job.de handelskammer-bremen.appointmind.net cdn.doo.net/assets/js/viovendi-embed-static-1.js *.google.com www.azubi-magdeburg-ihk.de cottbus-ihk-pruefungen.de www.youtube-nocookie.com www.powr.io inx.odav.de www.unikam.de ihkob.wekando.eu www.ausbildungslauf.de app.cituro.com static.issuu.com html5-player.libsyn.com www.iwd.de tuerchen.com www.vvs.de corona.conterra.de live.c3networking.de www.praktikum.info dihk.imageplant.de ihk-weiterbildung-oldenburg.de cdn.contentful.com ihk-darmstadt-portal.rexx-recruitment.com umap.openstreetmap.fr www.ihk-magdeburg.de www.ihk-berlin.org kvg-kassel.widget-generator.de e.issuu.com www.instagram.com komsis.inecos.de code.createjs.com www.ihk-bw.digital berufsausbildung-aachen-ihk.de expertenpool.automatisierungsregion.de roundme.com bc.pressmatrix.com doo.net www.terminland.de www.giu-kalender.org *.b-ite.com www.kandidatenmanagement.de  ; img-src 'self' data: ihk-ar.ycms.rocks userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.etracker.de www.forschungsfinder-hessen.de *.etracker.com editor.signavio.com *.google.de pam.ihk-schleswig-holstein.de *.userlike.com www.ihk-berlin.de *.twitter.com www.hvv.de www.rmv.de dq4irj27fs462.cloudfront.net *.staticflickr.com www.ihk-wiesbaden.de *.newsletter2go.com *.ihk.de live.c3networking.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-lueneburg.de *.google-analytics.com www.ihk-rlp.de static-exp1.licdn.com infographic.statista.com *.ihk24.de *.gstatic.com *.exmap.de kvg-kassel.widget-generator.de *.facebook.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.finest-jobs.com expertenpool.automatisierungsregion.de roundme.com www.ihk-ostbrandenburg.de www.bso-hessen.de *.googleapis.com *.twimg.com *.google.com *.b-ite.com vstdbv3 www.ihk-koblenz.de www.ihk-gfi.de www.bahn.de  ; manifest-src *.ihk.de  ; media-src 'self' *.youtube.com dq4irj27fs462.cloudfront.net ims-files-cdn.net www.ihk-ecofinder.de  ; object-src 'self' www.berufe.tv  ; script-src 'unsafe-inline' 'unsafe-eval' 'self' ihk-ar.ycms.rocks  24703.online-adventskalender.de *.cdn.office.net www.etermin.net www.forschungsfinder-hessen.de editor.signavio.com cdn.rlets.com *.twitter.com walls.io *.bright-guide.de www.ihkac-anwendungen.de *.ihk.de *.flickr.com *.google-analytics.com connect.facebook.net static-exp1.licdn.com *.xing-events.com *.exmap.de *.highcharts.com *.facebook.com www.finest-jobs.com *.linkedin-ei.com *.youtube.com *.googleapis.com *.twimg.com cdn.doo.net/assets/js/viovendi-embed-static-1.js *.google.com www.powr.io *.etracker.de *.etracker.com pam.ihk-schleswig-holstein.de *.userlike.com www.tfaforms.com www.googletagmanager.com static.dvinci-easy.com dq4irj27fs462.cloudfront.net imagemarker.com www.google.analytics.com *.newsletter2go.com tuerchen.com live.c3networking.de *.cookiebot.com www.ihk-magdeburg.de code.jquery.com/jquery-3.1.1.min.js *.ihk24.de kvg-kassel.widget-generator.de userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.instagram.com code.createjs.com expertenpool.automatisierungsregion.de routenplaner.bus-bahn-thueringen.de doo.net *.b-ite.com  ; style-src 'self'  'unsafe-inline' *.ihk.de live.c3networking.de ihk-ar.ycms.rocks *.etracker.de editor.signavio.com maxcdn.bootstrapcdn.com pam.ihk-schleswig-holstein.de static-exp1.licdn.com *.ihk24.de *.twitter.com www.tfaforms.com www.finest-jobs.com expertenpool.automatisierungsregion.de static.dvinci-easy.com cdnjs.cloudflare.com routenplaner.bus-bahn-thueringen.de *.googleapis.com *.twimg.com imagemarker.com *.b-ite.com  ; worker-src *.ihk.de  ; report-uri /blueprint/servlet/serviceport/rest/csplogging/logViolation ;  12
script-src 'self' 'unsafe-inline' 'unsafe-eval'  connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 12
object-src 'self' 12
default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' 12
frame-ancestors 'self' https://preview.citynavigator.nl 12
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net 'self' blob:; frame-src *;  12
upgrade-insecure-requests; base-uri 'self' 11
report-uri /report-csp-violation; upgrade-insecure-requests 11
frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 11
frame-ancestors 'self' *.freshworks.com *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com 11
script-src 'unsafe-inline' 'unsafe-eval' http: https: 11
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 11
frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ 11
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 11
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.youtube.com *.ytimg.com *.ads-twitter.com *.twitter.com *.cloudfront.net *.google-analytics.com *.hotjar.com *.googletagmanager.com *.jnhuigao1.cn *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.geetest.com; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 11
script-src * 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: 11
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru stat.sputnik.ru mc.yandex.ru *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' megatimer.ru stat.sputnik.ru *.stat.sputnik.ru tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' megatimer.ru mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru stat.sputnik.ru cnt.sputnik.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru newapp.bonus-tv.ru *.newapp.bonus-tv.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru yandex.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 11
frame-ancestors 'self' facebook.com vk.com 11
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.demandbase.com *.ametek.com *.ametekweb.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.leadfeeder.com *.surveymonkey.com *.hsforms.net *.hsforms.com 'unsafe-eval';style-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data:;frame-src * 'unsafe-inline';connect-src * 'unsafe-inline';worker-src 'self' blob:;media-src 'self' *.boltdns.net *.akamaihd.net blob:;object-src 'unsafe-inline' 'self' 11
frame-ancestors 'self' https://*.etracker.com 11
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 11
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 11
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline' 11
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 10
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 10
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 10
frame-ancestors 'self' https://immobilier.jll.be https://jll.maps.arcgis.com; 10
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 10
frame-ancestors 10
default-src 'self'  http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com 'unsafe-inline'; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com ;  connect-src 'self' http://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; img-src * data: 10
frame-ancestors 'self' *.pubble.nl *.pubble.cloud *.pubble.dev *.omnyo.nl 10
block-all-mixed-content; frame-ancestors 'self' 10
frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 10
default-src 'self' http: https: *.yandex.ru *.google.com googleads.g.doubleclick.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://top-fwz1.mail.ru/ https://yastatic.net *.googlesyndication.com *.yandex.ru cdn.ampproject.org pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googletagservices.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com securepubads.g.doubleclick.net www.google-analytics.com *.googleadservices.com cse.google.com *.google.com; img-src 'self'  data: *.gstatic.com  *.yandex.ru *.yandex.net https://top-fwz1.mail.ru/ https://edugram.com *.doubleclick.net *.googleads.g.doubleclick.net *.googlesyndication.com storage.googleapis.com pagead2.googlesyndication.com  securepubads.g.doubleclick.net google-analytics.com *.googleapis.com *.google.com *.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com; font-src 'self' *.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 10
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com  https://go.indeedassessments.com/ https://take.indeedassessments.com/; frame-src 'self' *.indeed.com  https://accounts.google.com/ https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' *.indeed.com  data: d13w2n5a9i6r56.cloudfront.net d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://res.cloudinary.com www.google-analytics.com https://www.google.com/ads https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://stats.g.doubleclick.net https://pt.ispot.tv; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://d13w2n5a9i6r56.cloudfront.net/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net https://privacyportal.onetrust.com https://stats.g.doubleclick.net d3fw5vlhllyvee.cloudfront.net https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://pxl.indeed.com/* https://match.prod.bidr.io/cookie-sync/indeed; 9
frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 9
frame-ancestors https://*.gov.cn  http://*.gov.cn http://zwfw.cq.gov.cn 9
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 9
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 9
default-src http://ip-api.com/ 'self' 'unsafe-inline' 'unsafe-eval' https: data: 9
default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 9
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline' ;img-src * 'self' data: ;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net; worker-src  * 'self' blob: ; connect-src * 'self' blob:; font-src * 'self' data: ; frame-src * 'self' ;media-src * 'self' blob: ;object-src * 'self'; report-uri https://paxil3koxi.execute-api.eu-central-1.amazonaws.com/prod/report; 9
frame-ancestors 'self' *.vergic.com 9
img-src * 9
default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn https://www.ford.com.au https://www.ford.co.th https://www.india.ford.com; connect-src https: wss:; font-src  https: data:; img-src https: data: blob:; media-src https: blob:; object-src 'self'; script-src  https:  'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self'; 9
frame-ancestors 'self' *.tunegenie.com http://127.0.0.1:* https://127.0.0.1:* *; 9
frame-ancestors none; 9
frame-ancestors 'self' https://*.facebook.com; 9
frame-ancestors 'self' http://localhost:* https://*.bustle.com 8
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 8
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 8
frame-ancestors x-sign.benq.com 8
block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline'  'unsafe-eval'; 8
default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline';  font-src * 'unsafe-inline' 8
reflected-xss block 8
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 8
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 8
default-src 'self'; 8
; 8
'self' https://ajax.googleapis.com 8
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net tagmanager.google.com platform.twitter.com;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.twimg.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com *.adzip.co cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.tmol.co *.tmol.io csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de api.permutive.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com player.vimeo.com secureframe.doubleclick.net universe.queue-it.net www.google.com www.universe.com www.youtube.com *.youtube.com *.youtu.be youtu.be;worker-src 'self' blob: 8
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 8
none 8
default-src 'self' 'unsafe-inline' http://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs-cdn.deviceatlas.com data: 8
base-uri 'self'; 8
frame-ancestors 'self' http://*.elsevier.es/ 8
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 8
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 8
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 7
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 7
frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 7
frame-ancestors https://*.marketo.com 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com; object-src 'self' 7
script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com 'unsafe-eval' 'unsafe-inline'; 7
frame-ancestors https://nurture.solarwinds.com 7
frame-ancestors none 7
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 7
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 7
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 7
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; 7
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob: https://apis.google.com; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com https://accounts.google.com/; object-src 'none'; upgrade-insecure-requests 7
object-src 'none' 7
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 7
frame-ancestors 'self' learn.arcgis.com *.esri.com 7
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 7
frame-ancestors 'self' *.roomlynx.net  7
frame-ancestors 'self'; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; 7
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 7
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 6
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 6
frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com; default-src https: blob: about: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: blob: android-webview-video-poster: about:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 6
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 6
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com 6
frame-ancestors http://kpmg.experiencecloud.adobe.com 6
frame-ancestors https://*.canalplus.com https://*.cnews.fr 6
child-src * blob: 6
frame-ancestors https://*.flexera.com https://*.flexerasoftware.com https://*.revenera.com; 6
default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src data: *; font-src https://cdnjs.cloudflare.com data: 'self'; 6
img-src *; 6
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 6
base-uri 'self' 6
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 6
default-src blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com  data: *.accesso.com; img-src 'self' https: data: blob:; 6
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 6
default-src https: 'unsafe-eval' 'unsafe-inline' 6
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 6
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; connect-src 'self' *; media-src 'self' *; frame-src 'self' *; object-src 'self' *; 6
connect-src 'self' habboo-a.akamaihd.net *.habbo.com www.facebook.com *.googlesyndication.com *.g.doubleclick.net hb.improvedigital.com pub.tunnl.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com notify.bugsnag.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com d2wy8f7a9ursnm.cloudfront.net connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net hb.improvedigital.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br hb.improvedigital.com; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; upgrade-insecure-requests; report-uri /csp/report 6
default-src 'self' *.cscglobal.com *.swiftypecdn.com  *.swiftype.com *.doubleclick.net *.google-analytics.com geoip-js.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com; script-src 'self' ws.zoominfo.com js.hs-banner.com js.hsadspixel.net *.swiftypecdn.com  *.swiftype.com *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.maxmind.com 'unsafe-inline' 'unsafe-eval' *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com snap.licdn.com; style-src 'self' ocp.cscglobal.com ocu.cscglobal.com gateway.zscalertwo.net *.swiftypecdn.com fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com *.swiftype.com *.cscglobal.com  *.googletagmanager.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' 'unsafe-inline' ocp.cscglobal.com ocu.cscglobal.com data: fonts.gstatic.com *.typekit.net; frame-src 'self' *.youtube.com *.wufoo.com forms.hsforms.com *.zmags.com drive.google.com 6
frame-ancestors 'self' *.betssongroupaffiliates.com 6
frame-ancestors 'self' https://shopproxy.p-s-s.de 6
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com code.jquery.com sentry.io stats.g.doubleclick.net sumo.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net data: dp8k5pf9le6li.cloudfront.net static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com themes.googleusercontent.com wrss-2c7e.kxcdn.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.libsyn.com *.twitter.com sumo.com twitter.com; img-src 'self' *.bbb.org *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com about: assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net data: dp8k5pf9le6li.cloudfront.net extended-validation-ssl.thawte.com https://seal.verisign.com pubads.g.doubleclick.net seal.thawte.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com syndication.twitter.com twitter.com verify.authorize.net wrss-2c7e.kxcdn.com; manifest-src ammo.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com wrss-2c7e.kxcdn.com www.ammoforsale.com www.ammoman.com www.ammunitiontogo.com www.bulkammo.com www.cheapammo.com www.luckygunner.com www.targetbarn.com www.wideners.com; media-src 'self' *.facebook.com; object-src 'self' *.facebook.com www.luckyreferrals.com; report-uri https://sentry.io/api/1201369/security/?sentry_key=66651cc2476b475987e75acc58880acc; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.bbb.org *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.twitter.com api.bufferapp.com assets.targetbarn.com blob: browser.sentry-cdn.com buttons.reddit.com cdn-secure.luckygunner.com cdn.ravenjs.com code.jquery.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net reddit.com seal.thawte.com seal.verisign.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com verify.authorize.net widgets.pinterest.com wrss-2c7e.kxcdn.com www.linkedin.com www.luckyreferrals.com www.reddit.com; style-src 'self' 'unsafe-inline' *.bbb.org *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net sload.sumo.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com sumo.b-cdn.net wrss-2c7e.kxcdn.com 6
worker-src 'self'; 6
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 6
default-src * 'unsafe-inline' 'unsafe-eval' data: 6
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 6
default-src * 'unsafe-inline' 'unsafe-eval'; 6
frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 6
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 6
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 6
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 6
default-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://www.google-analytics.com http://cdn.sendpulse.com https://*.twitch.tv https://cdn.jsdelivr.net https://www.youtube.com https://widget.gleamjs.io https://gleam.io https://www.google.com https://www.gstatic.com https://www.recaptcha.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://cdn.jsdelivr.net https://cdn.sendpulse.com 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://v2assets.zopim.io https://static.zdassets.com data: https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://static-cdn.jtvnw.net https://cdn.sendpulse.com https://*.gravatar.com https://graph.facebook.com https://i0.wp.com/www.allkeyshop.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://js.gleam.io https://static-cdn.jtvnw.net https://i.ytimg.com 6
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; object-src 'none'; base-uri 'self'; 6
referrer no-referrer 6
default-src https: data: 'unsafe-inline' 'unsafe-eval' always; upgrade-insecure-requests 6
upgrade-insecure-requests; base-uri 'self'; 6
default-src * 'unsafe-inline' 'unsafe-eval' 6
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; 6
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 6
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 6
default-src: https: 'unsafe-inline' 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=anonweb 5
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net clients.opinary.com compass.pressekompass.net; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 5
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io; upgrade-insecure-requests 5
media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 5
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 5
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 5
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https:  5
default-src * data: 'unsafe-inline' 'unsafe-eval'; 5
script-src 'self' 5
frame-ancestors 'self' *.windy.com:* 5
frame-ancestors *.adobe.com 5
block-all-mixed-content;frame-ancestors *.mail.com 5
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com; 5
value 5
connect-src * 'self' 5
upgrade-insecure-requests; connect-src * https:; img-src * data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 5
frame-ancestors 'self' https://app.brandwatch.com https://login.brandwatch.com https://app.stage.brandwatch.net https://auth-gateway.platform-stage.gcp0.bwcom.net https://login.brndwt.ch; 5
default-src 'self' *.googleapis.com *.vdo.ai *.vlitag.com *.adnxs.com *.avantisvideo.com *.addthis.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5
block-all-mixed-content; upgrade-insecure-requests 5
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.googleapis.com translate.google.com ajax.cloudflare.com www.google-analytics.com www.googletagmanager.com deepknow.egoid.me static.geetest.com dn-staticdown.qbox.me api.geetest.com *.ronghub.com *.udesk.cn qiyukf.com c.cnzz.com s9.cnzz.com z12.cnzz.com https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; style-src 'unsafe-inline' 'self' 'unsafe-eval' static.geetest.com translate.googleapis.com *.udesk.cn https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; frame-src 'self' https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com *.bitz-service.com *.bitz.com *.bit-z.com *.bit-z.pro *.bitz.top *.bitz.so *.bitz.bz *.bitz.info *.bitz.tech *.bitzhd.com *.bitz.cm *.hyjztc.cn *.bitzapp.top appad.ahighapp.com qiyukf.com *.udesk.cn; frame-ancestors *.bitz-service.com; font-src 'self' data: https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; img-src 'self' data: blob: www.gxchaintop.org static.gxb.io translate.googleapis.com *.google.com bit-z-frontdesk.oss-cn-hongkong.aliyuncs.com www.gstatic.com static.geetest.com stats.g.doubleclick.net www.google-analytics.com sensors.ahighapi.com *.127.net qiyukf.com *.qiyukf.com *.bibidev.com *.udesk.cn z12.cnzz.com cnzz.mmstat.com https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; media-src 'self' static.geetest.com qiyukf.com *.bibidev.com *.127.net *.udesk.cn; connect-src 'self' wss://ws.ahighapi.com wss://*.s2.udesk.cn translate.googleapis.com stats.g.doubleclick.net www.google-analytics.com monitor.geetest.com api.geetest.com *.udesk.cn qiyukf.com https://sensors.ahighapi.com https://ucapi.ahighapi.com https://otcapinew.ahighapi.com https://app.ahighapi.com https://v2.ahighapi.com https://api.ahighapi.com wss://ws.ahighapi.com wss://pushser.ahighapi.com https://app.ahighapi.com 5
frame-src *; 5
default-src 'self' *.kpn.com; frame-ancestors 'self' app.optimizely.com kpn.blueconic.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.optimizely.com cdn.blueconic.net kpn.blueconic.net assets.adobedtm.com *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-reload.liquix.eu dwin1.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com cacheorcheck.mopinion.com survey.mopinion.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com *.optimizely.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com cacheorcheck.mopinion.com survey.mopinion.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com; frame-src *.optimizely.com *.doubleclick.net ezpay.liquix.eu callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com; connect-src 'self' api-accept.customersaas.com *.optimizely.com kpn.blueconic.net *.kpn.com *.mouseflow.com api.api.ai tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com; object-src 'self' 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.recaptcha.net https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://change.my.salesforce.com https://help.change.org https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://px-cdn.net https://*.px-cloud.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://p2a.co https://code.jquery.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://bat.bing.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://*.px-client.net https://*.px-cloud.net https://pxchk.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://api.stripe.com https://api.soundcloud.com https://api.airbrake.io https://api.zippopotam.us; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com; img-src * blob: data:; form-action 'self'; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net d.la1-c2-frf.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com d.la2-c2-cdg.salesforceliveagent.com d.la2-c1cs-cdg.salesforceliveagent.com c.la2-c1cs-cdg.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com 5
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 5
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/ 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.googleapis.com https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 5
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.naladhu.com *.telerain.com:* 5
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 5
frame-ancestors 'self' *.psplugin.com 5
frame-ancestors 'self' https://*.adventhealth.com 5
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline';script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *;frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 5
default-src 'self'; connect-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; font-src 'self' http://script.hotjar.com https://script.hotjar.com; frame-src https://vars.hotjar.com; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com *.hotjar.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 5
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 5
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none' 5
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.devplayground.com.br *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com; connect-src 'self' data: https://freegeoip.app *.plyr.io https://noembed.com *.devplayground.com.br *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com; img-src 'self' data: *.youtube.com *.ytimg.com *.devplayground.com.br *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.devplayground.com.br *.googleapis.com *.google.com *.shopback.net; font-src 'self' data: *.devplayground.com.br *.gstatic.com script.hotjar.com; worker-src https: blob: 5
default-src * data: 'unsafe-inline' 'unsafe-eval' 5
require-sri-for script style 5
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 5
frame-ancestors 'self'; base-uri 'self'; 5
frame-ancestors 'self' analytics.pt-dlr.de 5
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org 5
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 5
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com 5
upgrade-insecure-requests; report-uri /__csp-collector/index 5
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 5
frame-ancestors *.ivanti.com https://dash.cloudflare.com 5
block-all-mixed-content; upgrade-insecure-requests; 5
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 5
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 5
frame-ancestors 'self' https://api.opentlv.com 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 5
frame-ancestors https://*.asus.com http://*.asus.com https://*.asus.com.cn http://*.asus.com.cn https://asus.todayir.com.tw http://asus.todayir.com.tw https://tongji.baidu.com 5
child-src 'self' blob: https://*.tagcommander.com *.tagcommander.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com iadvize.com lc.iadvize.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com 5
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 5
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 5
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 5
default-src * data: blob: about:;script-src 'self' https://*.vk.com https://static.vk.me https://*.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 4
default-src 'self' https://sb.scorecardresearch.com 'unsafe-inline' 'unsafe-eval' data: https: blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 4
frame-ancestors *.nypost.com *.decider.com *.pagesix.com http://www.stumbleupon.com https://www.stumbleupon.com 4
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 4
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 4
default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 4
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com; object-src 'self' 4
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.wired2fish.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 4
connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://js.hs-banner.com https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 4
frame-ancestors https://*.ionos.com https://ionos.com; 4
frame-ancestors *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 4
frame-ancestors https://*.complex.com 4
default-src *; object-src *; script-src 'unsafe-eval' * 'unsafe-inline' *; connect-src *; img-src * data:; style-src 'unsafe-inline' *; font-src * data:; frame-src * 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://api.amplitude.com https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://checkout.stripe.com https://embed.typeform.com https://admin.typeform.com https://platform.twitter.com https://cdn.syndication.twimg.com; connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https: http: https://api.amplitude.com https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://api.segment.io https://checkout.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://api.unsplash.com; font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com; img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://platform.twitter.com https://ton.twimg.com; frame-src https: http:; media-src https: http: 4
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self'  *.bigcommerce.com 4
frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://outlook.live.com https://outlook.office365.com https://outlook.office.com 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/conde-nast-traveler 4
frame-ancestors 'self' sharepoint.com *.sharepoint.com https://ukom.uk.net; 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 4
default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 4
script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https: https://api.useinsider.com; 4
frame-ancestors 'self' *.movavi.de *.movavi.com *.movavi.ru 4
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 4
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au 4
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.mk-sense.com https://optanon.blob.core.windows.net https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://bam.nr-data.net https://sentry.io https://capture.trackjs.com https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com 4
frame-ancestors 'self' http://*.mybigcommerce.com; 4
frame-ancestors 'self' orange.com *.orange.com *.orange-business.com *.cops-prp.multimediabs.com *.cops-prod.multimediabs.com *.multimediabs.com; 4
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 4
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 4
frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com https://www-dev.tibco.com https://tibco.seismic.com 4
frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 4
frame-ancestors https: 'self' *.typetastic.com; child-src https: 'self'; 4
upgrade-insecure-requests ; 4
frame-ancestors 'self' https://webvisor.com 4
frame-ancestors warnermediagroup.com hackerone.com 4
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 4
default-src https: js-callback: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://*.m-pathy.com https://*.omtrdc.net https://*.simpletrip.de https://*.demdex.net https://*.realperson.de wss://*.realperson.de https://*.eurowings.com https://*.germanwings.com https://*.usabilla.com https://*.md-nx.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com; 4
frame-ancestors 'self' http://www.dove.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 4
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https:; upgrade-insecure-requests; 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 4
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://optimize.google.com https://*.inside-graph.com https://use.typekit.net https://p.typekit.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://*.inside-graph.com https://use.typekit.net https://p.typekit.net data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.inside-graph.com https://use.typekit.net https://p.typekit.net; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 4
nosniff 4
default-src  https: *.willistowerswatson data: blob: 'unsafe-eval' 'unsafe-inline' 4
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestor 'self' 4
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 4
default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src http: https: data: 4
default-src * 'unsafe-inline' data:; img-src     * 'unsafe-inline' 'unsafe-eval' data:;  script-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com https://www.googletagmanager.com/ https://connect.facebook.net/ *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com;  style-src   'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com;  font-src    'self' data: *.googleapis.com *.gstatic.com *.wpengine.com;  object-src  'self' ;  frame-src   'self' data: *.facebook.com https://platform.twitter.com/ *.google.com; 4
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: https://assets.turtl.co https://code.jquery.com https://maps.googleapis.com https://ecn.dev.virtualearth.net https://form.jotformeu.com https://www.youtube.com https://ssl.google-analytics.com https://pi.pardot.com https://www.google-analytics.com https://consent.cookiebot.com https://js.hsforms.net https://maps.googleapis.com https://maps.gstatic.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' https://feedback.saberfeedback.com/ https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: https://maps.googleapis.com https://maps.gstatic.com https://cloud.google.com/maps-platform https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self'; frame-src https: https://public.tableau.com https://kantar.turtl.co https://go.millwardbrown.com https://go.pardot.com https://go.tnsglobal.com https://html5-player.libsyn.com https://kantar.wd3.myworkdayjobs.com https://kantar1.wd3.myworkdayjobs-impl.com https://player.vimeo.com https://s3-eu-west-1.amazonaws.com https://www.googletagmanager.com https://www.youtube.com https://www2.kantar.com https://form.jotformeu.com https://www.kantarworldpanel.com; font-src data: https: https://fonts.google.com 4
frame-ancestors 'self' https://tektronix.lookbookhq.com https://buzz.tek.com 4
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 4
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 4
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org 4
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 4
frame-ancestors 'self' https://partners.arozone.com https://treehousei.com https://www.impartner.com *.3sharecorp.com 4
frame-ancestors 'self' https://*.experiencecloud.adobe.com https://experiencecloud.adobe.com https://experience.adobe.com 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 4
frame-ancestors http://webvisor.com 4
default-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com; img-src * data:; style-src 'self' 'unsafe-inline' *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com; font-src * data:; 4
frame-ancestors 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com  www.onlinechatcenters.com *.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net data:; style-src 'unsafe-inline' 'self' fonts.gstatic.com www.gstatic.com  fonts.googleapis.com tagmanager.google.com 4
font-src *;img-src * data:;  4
<options and value> 4
frame-ancestors 'self' https://www.growingio.com 4
font-src * 4
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: 4
default-src 'self' 'unsafe-inline' 4
default-src 'self'; connect-src 'self' *.yandex.ru *.google-analytics.com *.facebook.com *.vk.com *.branch.io *.google.com *.google.ru *.livetex.ru *.livetex.me *.mail.ru *.google.com.ua odds.ru *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; script-src-elem 'self' 'unsafe-inline' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; img-src 'self' *.wp.com *.w.org *.gravatar.com www.facebook.com *.youtube.com *.livetex.ru *.livetex.me *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googleapis.com graph.facebook.com vk.com *.vk.com *.yandex.ru odds.ru opentracking.ru www.opentracking.ru *.twimg.com *.twitter.com *.gstatic.com data: *.googletagmanager.com *.google.com.ua *.yastatic.net *.adfox.ru *.yandex.net; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com odds.ru *.twitter.com *.twimg.com *.yastatic.net *.adfox.ru *.yandex.net; child-src 'self' *.youtube.com *.vimeo.com *.facebook.com *.vk.com vk.com *.twitter.com twitter.com *.livetex.ru *.livetex.me onesignal.com *.onesignal.com www.instagram.com *.google.com *.yandex.ru webvisor.com blob: https://mc.yandex.ru *.imgur.com imgur.com *.yastatic.net *.adfox.ru *.yandex.net; font-src 'self' 'unsafe-inline' *.gstatic.com *.livetex.ru *.livetex.me data:; media-src 'self' *.livetex.ru *.livetex.me *.yastatic.net *.adfox.ru *.yandex.net; frame-ancestors 'self' https://metrika.yandex.ru http://webvisor.com https://yastatic.net https://mc.yandex.ru; 4
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://my.navingo.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src https: data: 'unsafe-inline'; font-src https: data:; img-src https: data: https://secure.gravatar.com 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; 4
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.traderstation-international.com; 4
default-src 'self'; connect-src 'self'; img-src 'self' data: 'unsafe-eval' ;  style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' data:  4
frame-ancestors 'self' https://commerceinsights.ibmcloud.com 4
connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com; frame-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 4
form-action 'self' 4
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 4
frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 4
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 4
upgrade-insecure-requests;connect-src * 4
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-cloud.net https://*.usercentrics.eu ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/ 4
worker-src 'self' http://*.austlii.edu.au *.datalex.org www.lawnet.sg; 4
frame-ancestors 'self' weleda.sabio.de 4
frame-ancestors 'self' http://*.olympus-ims.com http://*.olympus-lifescience.com *.olympus-ims.com *.olympus-lifescience.com www.olympusamerica.com *.aspiresoft.com *.ceros.com; 4
default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl www.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com  ads.creative-serving.com www.browsealoud.com www.defriesland.nl static2.creative-serving.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com www.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl www.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com www.defriesland.nl *.r42tag.com admin.relay42.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content; 4
Content-Security-Policy-Report-Only 4
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; 4
report-uri https://sentry.io/api/1481323/security/?sentry_key=6a0d90a447e5404786cce69b90774dbc https://sentry.io/api/1481316/security/?sentry_key=5ed17bd323a34165b4278b59fe665e28 4
frame-ancestors 'self' https://secure.safecharge.com; 4
frame-src * 4
; frame-ancestors 'self' 4
frame-ancestors cuedev.ece.ksml.fi cue.media.fi; 4
default-src 'self'; connect-src 'self' *; font-src 'self' data: fonts.googleapis.com *.fonts.googleapis.com *.gstatic.com *.tagmanager.google.com tagmanager.google.com *.paypalobjects.com *.cloudfront.net; img-src 'self' data: *; object-src jsctool.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; media-src 'self' *.youtube.de *.youtube.com *.youtu.be; frame-src 'self' *.adup-tech.com adup-tech.com *.youtube.de youtube.de *.youtube.com youtube.com *.youtu.be youtu.be *.herma.de *.umfragen-einfach.de *.test.umfragen-einfach.de umfragen-einfach.de *.doubleclick.net *.criteo.com *.webmasterplan.com *.paypal.com paypal.com *.paypal.de paypal.de uc8.tv *.uc8.tv; manifest-src 'self'; upgrade-insecure-requests 4
upgrade-insecure-requests; default-src https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' 4
frame-ancestors 'self' https://booking2.centerparcs.fr https://booking2.centerparcs.nl https://booking2.centerparcs.de https://booking2.centerparcs.com https://booking2.centerparcs.eu https://booking2.centerparcs.ch https://booking2.centerparcs.be 4
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 4
default-src *;     frame-src 'self' *.google.com *.youtube.com https://staticxx.facebook.com https://dw408jcu6cqwk.cloudfront.net https://accounts.livechatinc.com https://secure.livechatinc.com http://4511566.fls.doubleclick.net/ http://tags.tiqcdn.com/ https://bid.g.doubleclick.net/;     font-src * 'self' data: fwd-chatbot-tools.s3-ap-southeast-1.amazonaws.com cdn.livechatinc.com livechat.s3.amazonaws.com fonts.gstatic.com fonts.googleapis.com;     img-src * 'self' data: chatbot-ph.s3-ap-southeast-1.amazonaws.com cdn.livechatinc.com livechat.s3.amazonaws.com;     style-src * 'self' 'unsafe-inline' cdnjs.cloudflare.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fwd.com.hk cdnjs.cloudflare.com execution-apn.ci360.sas.com browser-update.org cdn.mouseflow.com https://api.fwd.co.th https://kkbv2.api.sociaplus.com https://fwd.api.useinsider.com *.useinsider.com https://search.fwd.com.hk http://search.fwd.com.hk https://search.fwd.com.ph http://search.fwd.com.ph https://connect.fwd.co.th https://line.fwd.co.th https://www.gstatic.com https://www.google.com https://maps.googleapis.com www.google-analytics.com tagmanager.google.com *.googleapis.com www.googletagmanager.com *.livechatinc.com connect.facebook.net *.turn.com *.zopim.com *.zopim.io cdn-akamai.mookie1.com tags.tiqcdn.com t.mookie1.com b3.mookie1.com *.zopim.com api.map.baidu.com *.maxmind.com *.map.bdimg.com *.bdstatic.com wss://*.zopim.com https://*.zopim.io *.googleadservices.com *.adnxs.com *.doubleclick.net *.cloudfront.net *.mimecast.com *.adsrvr.org *.facebook.com *.youtube.com *.bing.com *.ytimg.com *.visualwebsiteoptimizer.com *.yahoo.com bs.serving-sys.com https://*.analytics.yahoo.com *.yimg.com *.taboola.com *.innity.net *.innity.com *.zdassets.com wss://chatbot.fwd.com.hk https://portal.fwd.com.vn https://dw408jcu6cqwk.cloudfront.net;     connect-src 'self' *.fwd.com.hk geoip-js.com execution-apn.ci360.sas.com https://api.fwd.co.th https://kkbv2.api.sociaplus.com https://api.useinsider.com https://location.api.useinsider.com https://hit.api.useinsider.com https://fwd.api.useinsider.com https://category-collector.api.useinsider.com http://dev.surfer.seasonalife.com https://surfer.seasonalife.com *.surfer.seasonalife.com *.seasonalife.com https://image.useinsider.com https://*.api.useinsider.com wss://directline.botframework.com https://search.fwd.com.hk https://search.fwd.com.ph http://search.fwd.com.ph http://search.fwd.com.hk https://connect.fwd.co.th https://line.fwd.co.th https://portal.fwd.com.vn wss://*.zopim.com *.maxmind.com api.map.baidu.com *.adnxs.com *.turn.com *.adsrvr.org *.botframework.com *.facebook.com *.vimeo.com *.youtube.com *.taboola.com *.yimg.com *.innity.net *.innity.com wss://*.fwd.com.hk *.yahoo.com *.mouseflow.com wss://chatbot.fwd.com.hk trc.taboola.com cdn.taboola.com *.zdassets.com *.doubleclick.net *.tigcdn.com www.google-analytics.com wss://api.livechatinc.com https://api.livechatinc.com https://h49u5ppoz9.execute-api.ap-southeast-1.amazonaws.com https://1z4ebxptw1.execute-api.ap-southeast-1.amazonaws.com https://hooks.slack.com;     object-src 'none';     form-action 'self' *.fwd.com.hk;  4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net *.googletagmanager.com tagmanager.google.com www.gstatic.com *.google-analytics.com www.googleadservices.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io connect.facebook.net *.blueconic.net knltb.sb.blueconic.net service.force.com *.salesforceliveagent.com *.googleapis.com knltb.my.salesforce.com knltb.secure.force.com ajax.aspnetcdn.com *.cloudfront.net www.instagram.com www.mollie.com; style-src 'self' 'unsafe-inline' *.blueconic.net tagmanager.google.com fonts.googleapis.com service.force.com knltb.secure.force.com *.cloudfront.net www.mollie.com; img-src 'self' data: dashboard.umbraco.org our.umbraco.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io www.facebook.com *.ytimg.com *.googleapis.com *.gstatic.com *.blueconic.net stats.g.doubleclick.net; connect-src 'self' our.umbraco.com tagmanager.google.com www.google-analytics.com *.hotjar.com:* *.hotjar.io *.blueconic.net knltb.sb.blueconic.net service.force.com knltb.secure.force.com homerun.co; frame-src 'self' www.google.com www.youtube.com bid.g.doubleclick.net *.hotjar.com *.hotjar.io service.force.com www.facebook.com widgets.knltb.club www.instagram.com www.mollie.com nlpadel.meshlink.nl; style-src-elem 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.blueconic.net service.force.com knltb.secure.force.com *.cloudfront.net; font-src 'self' data: fonts.gstatic.com *.hotjar.com *.hotjar.io *.sfdcstatic.com; child-src 'self' *.hotjar.com *.hotjar.io *.youtube.com *.blueconic.net knltb.sb.blueconic.net; frame-ancestors 'self' *.blueconic.net knltb.sb.blueconic.net; block-all-mixed-content; 4
script-src 'unsafe-inline' 'unsafe-eval' *.brandshelter.com *.webinarjam.com diffuser-cdn.app-us1.com prism.app-us1.com cdnjs.cloudflare.com trackcmp.net www.google-analytics.com data:; style-src 'unsafe-inline' *.brandshelter.com fonts.googleapis.com fonts.gstatic.com *.webinarjam.com 4
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 4
default-src * data: blob:;script-src *.hibet.cc *.hibet998.com *.hibetstore.com *.hi.bet *.hibettest.com *.hibet.ph *.hibet.com www.hibet.com *.hibet.cc *.hibet.co *.hibet.ca *.hibet.me *.hibet.hk *.hibet588.com *.hibet.ag *.9mbv.com:6501 https://hm.baidu.com htts://hm.baidu.com *.hibetzx.com *.hibetpc.com *.hibet88.com *.hibet.com.ph *.hibet.casino *.hibet.asia 'unsafe-inline' 'unsafe-eval';style-src *.hi.bet *.hibet.cc *.hibet998.com *.hibetstore.com *.hibettest.com *.hibet.ph *.hibet.com *.hibet.cc *.hibet.co *.hibet.ca *.hibet.me *.hibet.hk *.hibet588.com *.hibetzx.com *.hibetpc.com *.hibet.ag *.hibet.com.ph  *.hibet88.com *.hibet.casino *.hibet.asia  'unsafe-inline';img-src *.hi.bet *.hibet.cc *.hibet998.com *.hibetstore.com *.hibet.ph *.hibet.com *.hibet.cc *.hibet.co *.hibet.ca *.hibet.me *.hibet.hk *.hibet588.com *.hibettest.com *.hibetzx.com *.hibetpc.com *.hibet.ag https://hm.baidu.com *.hibet88.com *.hibet.com.ph *.hibet.casino *.hibet.asia  'unsafe-inline';connect-src *.hi.bet *.hibet.cc *.hibet.ph *.hibetstore.com  *.hibet.com *.hibet.cc *.hibet.com.ph  *.hibet.co *.hibet.ca *.hibet.me *.hibet.hk *.hibet588.com *.hibet.ag *.hibet88.com *.hibetzx.com *.hibetpc.com *.9mbv.com:6501 *.hibet.casino *.hibet.asia  data: blob: 'self'; 4
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com 4
default-src 'self' wss://www.mataharirama.xyz wss://mataharirama.xyz http://www.mataharirama.xyz https://www.mataharirama.xyz http://www.mataharirama.xyz http://www.mataharirama.xyz wss://www.reasedoper.pw wss://nathetsof.com wss://www.nathetsof.com http://nathetsof.com https://nathetsof.com http://reasedoper.pw https://reasedoper.pw wss://sparnove.com wss://www.sparnove.com https://sparnove.com http://sparnove.com https://pagead2.googlesyndication.com https://api.push.world/ http://banners.mlgame.org https://*.pozvonim.com/ http://api.pozvonim.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self'  blob: ;img-src * data:;media-src *;font-src *;script-src http://sdnats.com http://vuryua.ru/ https://adservice.google.de/ http://sparnove.com https://sparnove.com http://zstat.org https://zstat.org https://gridiogrid.com/ https://www.gridiogrid.com/ http://www.gridiogrid.com/ https://wwwgridiogrid.com/ http://bstat.org/  http://igrid.org/ http://ogrid.org/ http://code.moviead55.ru http://mataharirama.xyz http://rigaletto.info/ https://cdnjs.cloudflare.com/ http://syndication.exdynsrv.com https://syndication.exdynsrv.com http://vogozaw.ru http://cdn.jsdelivr.net https://cdn.jsdelivr.net http://adcentr.info https://adcentr.info http://listat.org https://listat.org https://static.reasedoper.pw http://nathetsof.com https://nathetsof.com http://www.nathetsof.com https://www.nathetsof.com http://static.reasedoper.pw http://polldaddy.com/ https://relap.io/ http://*.poll.fm/ https://relboxru.push.world http://vogorana.ru/ http://vogozaq.ru/ http://videopotok.pro/ http://youtuibes.com http://t.insigit.com/ http://front.facetz.net http://kitbit.net/ http://*.pluso.ru http://*.pinterest.com 'self' http://m.addthis.com/ http://wqogrp.yjgmmpkot.xyz/ http://m.addthisedge.com/ http://myhit.cc http://zdravv.ru/ http://zebroid.tv/ http://*.linkedin.com/ http://api.pinterest.com/ http://feeds.delicious.com/ https://dl.metabar.ru/ http://azbns.com/  http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ https://*.pozvonim.com/ http://*.pozvonim.com/ http://rt.intarget.ru/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' https://gridiogrid.com/ wss://gridiogrid.com/ https://ogrid.org wss://www.igrid.org wss://www.mataharirama.xyz https://mataharirama.xyz https://www.mataharirama.xyz wss://mataharirama.xyz http://api.pozvonim.com/ https://api.push.world/ https://static.reasedoper.pw/ http://nathetsof.com https://nathetsof.com wss://nathetsof.com wss://www.nathetsof.com wss://www.reasedoper.pw/ wss://sparnove.com wss://www.sparnove.com http://sparnove.com https://sparnove.com http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com https://stats.lptracker.ru 4
default-src 'self' wss://www.reasedoper.pw wss://www.nathetsof.com https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src *;script-src 'self' http://sdnats.com http://zstat.org/ http://www.sparnove.com/ https://www.sparnove.com/ http://sparnove.com/ https://sparnove.com/ http://sparnove.com https://sparnove.com http://www.sparnove.com https://www.sparnove.com http://igropoisk.com http://www.igropoisk.com http://rigaletto.info/ http://listat.org https://listat.org https://static.reasedoper.pw https://nathetsof.com https://www.nathetsof.com http://nathetsof.com http://www.nathetsof.com http://static.reasedoper.pw https://dl.metabar.ru/ http://azbns.com/ http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://sparnove.com https://api.push.world/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.nathetsof.com wss://nathetsof.com wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 4
frame-ancestors 'self'; form-action 'self' 4
frame-ancestors https://www.hk-laisee.com https://www.hk-rewards.com https://www.myopinions.com.au 4
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 4
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors *; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; form-action 'self'; frame-ancestors 'self'; object-src 'none' 4
default-src data: https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src data: https: 'self' 'unsafe-eval' 'unsafe-inline' 4
frame-ancestors 'none'; connect-src http://127.0.0.1:*; default-src https: 'unsafe-inline' 4
frame-ancestors 'self' godaddy.com *.godaddy.com test-godaddy.com *.test-godaddy.com dev-godaddy.com *.dev-godaddy.com 4
default-src 'self'; script-src 'self' https://ajax.googleapis.com https://adservice.google.co.uk https://adservice.google.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://survey.g.doubleclick.net https://ajax.googleapis.com https://www.googletagmanager.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.mouseflow.com https://sharecdn.social9.com https://share.social9.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://sharecdn.social9.com https://sharec.social9.com; font-src 'self' https://fonts.gstatic.com; img-src * data:; frame-src 'self' https://bid.g.doubleclick.net https://platform.twitter.com https://syndication.twitter.com; connect-src 'self' https://www.google.com https://www.google.co.uk https://www.google-analytics.com 4
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' *.cnbc.com *.acorns.com; 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.exosrv.com *.realsrv.com *.adtng.com *.adglare.net *.bngpt.com *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com servingmillions.com super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/wired 3
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca an.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.net verify.yandex.ru *.verify.yandex.ru 'self'; frame-src http: https: awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; font-src http: https: data: an.yandex.ru yastatic.net yastat.net 'self'; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru static-mon.yandex.net 'self'; media-src http: https: data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net report-uri https://livejournal.com/csp_reports 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/; 3
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net survey-d.dynata.com 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com static.xx.fbcdn.net data:; 3
frame-ancestors https://www.incimages.com http://www.inc.com https://www.inc.com http://www.stumbleupon.com https://www.google.com https://cdn.ampproject.org 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 3
frame-ancestors https://*.verizon.com http://*.verizon.com https://*.verizonwireless.com http://*.verizonwireless.com https://*.verizonbusinessfios.com/  https://*.consensuscorp.com http://*.consensuscorp.com  https://vbmbos.lightning.force.com  http://vbmbos.lightning.force.com https://vbmbos--c.na73.visual.force.com http://vbmbos--c.na73.visual.force.com https://vbmbos.my.salesforce.com http://vbmbos.my.salesforce.com 3
frame-ancestors 'self' hhs.gov *.hhs.gov 3
upgrade-insecure-requests; frame-ancestors 'self' *.nhs.uk 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com tagmanager.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com cdn.nativemsg.com hm.baidu.com optimize.google.com siteimproveanalytics.com downloads.mailchimp.com mc.us2.list-manage.com sjs.bizographics.com unicef.us2.list-manage.com s3.amazonaws.com www.googleadservices.com *.doubleclick.net cdn.curator.io eisi-ext.azurewebsites.net; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com downloads.mailchimp.com l.sharethis.com platform.twitter.com optimize.google.com *.unicef.org cdn.curator.io *.twimg.com; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com  *.sharethis.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google.com *.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io syndication.twitter.com *.twimg.com platform.twitter.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com; media-src 'self' *.cdninstagram.com video.twimg.com; frame-src 'self' *.facebook.com www.google.com *.twitter.com e.infogram.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org optimize.google.com embed.ted.com *.doubleclick.net player.vimeo.com forms.office.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org cdn.curator.io; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com getchute.com *.getchute.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org api.curator.io bam.nr-data.net rpapigatewaytest.azurewebsites.net i2e.azurewebsites.net; report-uri /report-csp-violation 3
report-uri /v1/csplog; block-all-mixed-content 3
default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://builds.coreos.fedoraproject.org;  3
default-src 'self' http: https: 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 3
frame-ancestors delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.findzen.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 3
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz; 3
frame-ancestors *.motor1.com 3
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com agent.bold360.com *.cox-ondemand.com *.yext-cdn.com *.yextpages.net 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.treehugger.com *.qa.aws.treehugger.com apollo.treehugger.com apollo.local.treehugger.com atlas.treehugger.com atlas.local.treehugger.com 3
default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com *.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://*.decibelinsight.net *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com ad.atdmt.com connect.facebook.net www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com *.youtube.com *.ytimg.com;style-src data: blob: 'unsafe-inline' * *.oculus.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com data: blob: www.google-analytics.com stats.g.doubleclick.net ad.atdmt.com www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com *.ytimg.com; 3
frame-ancestors https://app.c-spanbus.org 3
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net code.org studio.code.org curriculum.code.org codecurricula.com 3
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 3
block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 3
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net s7.addthis.com ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com;frame-ancestors *.ci360.sas.com *.gatheriq.analytics *.curriculumpathways.com 3
'frame-ancestors' http://localhost:8100 https//*.tn.gov 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob: 3
default-src 'self' *.binomoofficial.com *.binomo.com; child-src *; connect-src 'self' stats.g.doubleclick.net *.optimizely.com *.zopim.com *.launchdarkly.com api.exponea.com ekr.zdassets.com analytics.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com app.getsentry.com *.binomoofficial.com *.binomo.com wss://as.binomoofficial.com:* wss://as.binomo.com:* wss://ws.binomoofficial.com:* wss://ws.binomo.com:* s.yimg.com; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomoofficial.com *.binomo.com; img-src * data:; media-src 'self' *.binomoofficial.com *.binomo.com; script-src 'self' static.hotjar.com *.googleoptimize.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co *.adroll.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomoofficial.com *.binomo.com; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.binomoofficial.com *.binomo.com 3
default-src 'none'; script-src 'self'; style-src 'self'; connect-src 'self' https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://createsend.com/t/getsecuresubscribelink; font-src 'self'; object-src 'self'; img-src 'self' https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://secure.livechatinc.com; form-action 'self' https://agilemail.createsend.com https://www.createsend.com/t/subscribeerror https://www.createsend.com/t/securedsubscribe https://start.1password.com; prefetch-src https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors 'none' 3
frame-ancestors *.web.com *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 3
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https: blob: data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src https: blob: 3
frame-ancestors 'self' https://10.52.170.242 https://ecorptst.anz.com https://10.52.69.124 https://eprotectst https://10.52.170.242 https://globaltest.anz.com https://10.52.29.238 https://10.52.29.234 https://10.52.69.133 https://qaecorp.anz.com https://eprqa.onepath.dev.anz https://10.54.112.2 https://10.46.168.45 https://eprotecttraining https://10.54.109.30 https://172.31.217.15 https://epr.onepath.com.au https://eprotecttrng.service.dev https://eprotectqa https://eprotectauthST3.service.dev https://eprotectst.service.dev https://eprst.onepath.dev.anz https://eprotectprivst.service.dev https://eprotectauthSIT.service.dev https://eprotectauthST.service.dev https://eprotectqapriv.service.dev https://eprotectqa.service.dev https://eprotectauthqa.service.dev https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprst.onepath.com.au https://eprotect https://global.anz.com https://172.31.194.107 https://172.21.194.107 https://ecorp.anz.com https://172.21.217.15 https://eprqa.onepath.com.au; 3
frame-ancestors 'self' http://*.bbt.com https://*.bbt.com; 3
default-src 'self'; script-src 'self' c.mql5.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com connect.facebook.net www.facebook.com player.youku.com mc.yandex.ru https://c.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com pagead2.googlesyndication.com www.googletagservices.com adservice.google.com.cy adservice.google.com tpc.googlesyndication.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com 'unsafe-inline'; img-src 'self' msg1.mql5.com c.mql5.com www.mql5.com content.mql5.com download.mql5.com charts.mql5.com www.metatrader5.com www.metatrader4.com www.metaquotes.net www.metaquotes.ru trade.mql5.com blob: data: *.tile.openstreetmap.org connect.facebook.net www.facebook.com mc.yandex.ru https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com pagead2.googlesyndication.com; media-src 'self' msg1.mql5.com trade.mql5.com c.mql5.com; font-src c.mql5.com trade.mql5.com; connect-src 'self' content.mql5.com trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com connect.facebook.net www.facebook.com mc.yandex.ru https://www.google-analytics.com pagead2.googlesyndication.com; frame-src 'self' c.mql5.com trade.mql5.com content.mql5.com player.youku.com www.youtube.com www.facebook.com https://c.paypal.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; worker-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; 3
frame-ancestors 'self' www.facebook.com www.messenger.com; report-uri /vsctcspreport 3
frame-ancestors 'self' tvn24.pl *.tvn24.pl 3
frame-ancestors  myos.banggood.com 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' investor.cmegroup.com  http://investor.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com  www.straitsfinancial.com http://straitsfinancial.com https://datamine.cmegroup.com http://dataminelocal.cmegroup.com https://dataminedev.cmegroup.com https://login.cmegroup.com https://www.home.saxo https://go.cmegroup.com https://app.topsteptrader.com https://help.topsteptrader.com https://staging.topsteptrader.com https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com  https://www.investing.com https://www.benzinga.com https://m.benzinga.com https://amp.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com  https://benzinga.com https://www.benzinga.com https://m.benzinga.com  https://bz.benzinga.com https://zingbot.bz https://www.zingbot.bz https://m.zingbot.bz https://bz.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://stage.barchart.com https://www.barchart.com https://www.infinityfutures.com https://datamineuat.cmegroup.com https://next.benzinga.com https://quotes.benzinga.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com https://uatm.cqg.com  https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com; 3
frame-ancestors www.namesilo.com namesilo.com namesilo.vegas 3
frame-ancestors 'self' https://auth.flock.com https://auth.flock-staging.com https://web.flock.com https://web.flock-staging.com https://updates.flock.co file://* chrome-extension://eaelpbcbablcdbbocfbfnedfmgjaoicj chrome-extension://jaafanpjodcobojibapcmbdcphbafnfc chrome-extension://enfaahabcinohafeakbliimmoholjeip 3
default-src blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 3
frame-ancestors 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se http://*.dm.sr.se https://*.dm.sr.se; report-uri /csp-error; 3
default-src * data: blob: ;script-src * 'self' 'unsafe-inline' 'unsafe-eval' ;worker-src * blob: ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' static-s.aa-cdn.net *.appannie.com *.appannie.org;img-src * data: blob: ;font-src * data: ;media-src * data: blob: ;base-uri 'self' d6tizftlrpuof.cloudfront.net manifest.prod.boltdns.net secure.brightcove.com ;connect-src * data: blob: wss://api.appcues.net;report-uri https://sentry.smart-sense.org/api/96/csp-report/?sentry_key=28d56c139d1542a19730a3eb84757027; 3
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ *.litix.io data: blob:; object-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; 3
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 3
base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'; 3
frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://assets.secure.checkout.visa.com https://static.masterpass.com https://www.paypalobjects.com https://thm.visa.com https://insights.algolia.io; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://*.checkout.visa.com https://*.visa.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com https://ct.pinterest.com https://scontent.xx.fbcdn.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://www.myregistry.com https://www.babylist.com/ https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://*.checkout.visa.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.masterpass.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://thm.visa.com https://static.hotjar.com https://script.hotjar.com https://ln-rules.rewardstyle.com https://members.cj.com https://s.pinimg.com https://s.yimg.com https://sp.analytics.yahoo.com/; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.masterpass.com https://masterpass.com https://*.smartrecruiters.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://web.delighted.com https://www.facebook.com https://ct.pinterest.com https://insights.algolia.io https://graph.instagram.com https://*.algolianet.com https://*.algolia.net https://s.yimg.com; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com https://members.cj.com; frame-src 'self' https://*.bazaarvoice.com blob: https://www.myregistry.com https://www.babylist.com/ https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://*.checkout.visa.com https://thm.visa.com https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://*.masterpass.com https://masterpass.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 3
style-src 'unsafe-inline' 'self' *.yximgs.com https://captcha.gtimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.yximgs.com hm.baidu.com/hm.js retcode.alicdn.com/retcode/bl.js https://captcha.guard.qcloud.com https://captcha.gtimg.com; img-src 'self' *.yximgs.com data: http: *.kuaishou.com hm.baidu.com/hm.gif arms-retcode.aliyuncs.com/r.png; media-src 'self' *.yximgs.com data:; font-src 'self' *.yximgs.com data:; worker-src 'self' *.yximgs.com blob:; report-uri /api/csp-report 3
frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors https://*.ionos.fr https://ionos.fr; 3
font-src * data:; img-src * data:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com; 3
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://rum-http-intake.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://*.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 3
frame-ancestors  'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com 3
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com https://com-avaya.netmng.com https://nan.netmng.com https://audiences.ignitionone.com https://a.rfihub.com https://c1.rfihub.net https://4529201.fls.doubleclick.net https://sp.analytics.yahoo.com com-avaya.qa.netmng.com https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.adroll.com https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://avaya.greenshootlabs.com https://*.kaltura.com https://*.linkedin.com https://*.serving-sys.com https://*.webengage.co https://*.webengage.com https://*.webtrends.com https://*.webtrendslive.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com; style-src 'self' 'unsafe-inline' https://*.avaya.com https://*.kaltura.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://avaya.greenshootlabs.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://www.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.kaltura.com https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://c.webengage.com https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://avaya.greenshootlabs.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca; frame-ancestors 'self' ; report-uri https://ce4597319c39d6fb9172e9cd9821a217.report-uri.io/r/default/csp/enforce; 3
frame-ancestors 'self' www.haier.com *.haier.com https://mgta.trs.cn http://mgta.trs.cn http://devta.trs.cn *.haier.net *.tongshuai.com *.casarte.com *.geappliances.cn 3
frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com https://confluence.acquia.com; report-uri /report-csp-violation 3
frame-ancestors 'self' https://app.optimizely.com 3
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 3
frame-ancestors 'self' *.eur.nl 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 3
connect-src consumer.krxd.net https://connect.facebook.net edgeapi.ace.teliacompany.net webprovisions-labs.humany.net 'self' stats.g.doubleclick.net www.google.se cgchat.callguide.telia.com pwe.callguide.telia.com *.usabilla.com www.google.com telia.humany.net chat.ace.teliacompany.com www.google-analytics.com; default-src localhost:41680 'self'; font-src https://fonts.gstatic.com webprovisions-labs.humany.net 'self' telia.humany.net data:; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' cdn.krxd.net *.doubleclick.net https://www.facebook.com www.youtube.com wds.ace.teliacompany.com go.pardot.com youtube.com; img-src img.youtube.com https://optimize.google.com webprovisions-labs.humany.net 'self' https://www.facebook.com stats.g.doubleclick.net www.google.se beacon.krxd.net d6tizftlrpuof.cloudfront.net *.usabilla.com www.haynespro-assets.com www.google.com www.haynespro-services.com telia.humany.net gentle-tor-21016.herokuapp.com data: media.krxd.net www.google-analytics.com; report-uri /.api/csp-report/v1/report?teamId=7dfafa39-0cc44b25-8e7c83f0; script-src 'unsafe-inline' https://optimize.google.com webprovisions-labs.humany.net 'self' cdn.krxd.net https://www.facebook.com www.googletagmanager.com core.dch.got.telia.se wds-s.ace.teliacompany.com portal-hosting.humany.net pi.pardot.com www.google-analytics.com consumer.krxd.net https://connect.facebook.net https://tagmanager.google.com core.dc.teliacompany.net wds.ace.teliacompany.com beacon.krxd.net cdn.pardot.com d6tizftlrpuof.cloudfront.net *.usabilla.com telia.humany.net gentle-tor-21016.herokuapp.com 'unsafe-eval' media.krxd.net; style-src https://tagmanager.google.com 'unsafe-inline' core.dc.teliacompany.net https://optimize.google.com webprovisions-labs.humany.net 'self' wds.ace.teliacompany.com d6tizftlrpuof.cloudfront.net core.dch.got.telia.se telia.humany.net gentle-tor-21016.herokuapp.com media.krxd.net https://fonts.googleapis.com 3
frame-ancestors www.red-gate.com; 3
upgrade-insecure-requests; frame-ancestors 'none'; 3
frame-ancestors 'self' connectappypie.com; 3
frame-ancestors https://*.ionos.es https://ionos.es; 3
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https:; font-src 'self' data: https:; connect-src 'self' https:; frame-ancestors 'self' https://vshow.on24.com; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests; 3
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: mediastream: https:; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https: 3
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 3
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 3
frame-ancestors 'self' ' *.ampproject.org .zdbb.net 3
frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; report-to https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 3
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.zoeasher.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com *.zoeasher.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.zoeasher.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src   av.estdosc.com  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  3
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com google.com; frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; 3
default-src 'none'; connect-src https:; font-src https: data:; frame-src https://www.youtube.com/ https://*.siemens.com https://diswlogintest.siemens.com https://*.sw.siemens.com https://*.sw.siemens-test.com https://*.sw.siemens-dev.com https://*.mentor.com https://*.mentor-test.com https://*.mentor-dev.com https://*.mentorvlab.com https://video.mentor.com https://*.mentor.com https://*.ias.plm.automation.siemens.com https://*.pads.com https://www.pads.com https://*.auth0.com https://s7.addthis.com https://www.linkedin.com; img-src https: data:; media-src https://videos.mentor-cdn.com; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; manifest-src 'self';  report-uri https://csp.mentor-apis.com/Prod/report 3
frame-ancestors 'self' translate.google.com; 3
frame-ancestors 'self' https://*.radford.edu; upgrade-insecure-requests; 3
default-src https: *.hwcdn.net *.teeitup.com *.golfid.io; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval'; style-src https: data: *.hwcdn.net 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 3
frame-ancestors 'self' https://de.page4.com https://en.page4.com; 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net  *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js cdn.bizible.com *.consensu.org; img-src 'self' data: pixel.advertising.com *.forcepoint.com analyticsssl.forcepoint.com analyticsnossl.forcepoint.com ssl.google-analytics.com *.marinsm.com *.google-analytics.com s.ml-attr.com *.doubleclick.net *.facebook.com *.adroll.com *.yahoo.com *.google.com *.getsmartcontent.com *.pubmatic.com *.adnxs.com t.co attr.ml-api.io pixel.rubiconproject.com trc.taboola.com sync.outbrain.com *.casalemedia.com idsync.rlcdn.com *.bidswitch.net us-u.openx.net bsw.digitru.st ps.eyeota.net match.adsrvr.org sync-tm.everesttech.net dmp.adform.net i.w55c.net d.turn.com tags.w55c.net sync.tidaltv.com sync.mathtag.com in.v12group.com sync.adap.tv eyeota-sync.dotomi.com p.rfihub.com *.demdex.net *.tealiumiq.com *.vidyard.com *.bing.com s3.amazonaws.com *.s3.amazonaws.com *.driftt.com eb2.3lift.com *.gartner.com *.liadm.com *.krxd.net *.pippio.com *.amazon-adsystem.com *.visualwebsiteoptimizer.com *.cloudfront.net *.cdnwidget.com tags.bluekai.com *.adsymptotic.com cm.everesttech.net pippio.com secure.adnxs.com su.addthis.com lrpush.apxlv.com global.ib-ibi.com bcp.crwdcntrl.net analytics.twitter.com api.bizographics.com sync.placelocal.com segments.company-target.com pixel.tapad.com lrp.mxptint.net match.prod.bidr.io p.univide.com rp.gwallet.com ds.reson8.com dmp.truoptik.com aa.agkn.com bs.serving-sys.com *.entitytag.co.uk token.rubiconproject.com liveramp-eicm-global.dsp.io thrtle.com apolloprogram.io live.rzsync.com *.youtube.com insight.adsrvr.org *.crazyegg.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.cloudflare.com px.ads.linkedin.com cdn.bizible.com; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.auth0.com cdn1.polaris.com cdn2.polaris.com cloudfront.loggly.com fonts.googleapis.com fonts.gstatic.com googleads.g.doubleclick.net nebula-cdn.kampyle.com polaris-tagging-prod.azureedge.net polaris-tagging-tagserver-prod.azurewebsites.net s.ytimg.com script.hotjar.com static.hotjar.com udc-neb.kampyle.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com static.doubleclick.net vars.hotjar.com servedby.flashtalking.com data: etc.polaris.com logs-01.loggly.com login.dotomi.com maps.googleapis.com bid.g.doubleclick.net cdn.jsdelivr.net maps.gstatic.com stats.g.doubleclick.net in.hotjar.com cdn-gen.polaris.com connect.facebook.net www.facebook.com; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com *.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com *.tiqcdn.com *.jwpcdn.com *.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com *.facebook.com *.pinterest.com *.googleapis.com *.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com *.addtoany.com *.github.io *.aspnetcdn.com s.gravatar.com *.wp.com *.amazonaws.com *.googleadservices.com *.microsoft.com *.jquery.com *.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com *.nr-data.net tagmanager.google.com *.surveymonkey.com *.brightwhistle.com *.callrail.com *.healthwise.net *.merklesearch.com *.rkdms.com *.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net *.creative-serving.com *.invocacdn.com *.invoca.net *.adsrvr.org *.acquia.com *.segment.com *.rdcdn.com *.msecnd.net *.mymarketingreports.com *.optimizely.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.salesforceliveagent.com *.sanzone.io api.dpx.northwell.io *.yimg.com *.yahoo.com; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com *.acquia.com *.syllable.ai *.force.com *.salesforce.com api.dpx.northwell.io *.yimg.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com *.rdcdn.com https://rdcdn.com clickserv.pixel.ad *.syllablecdn.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.sanzone.dev *.northwell.io api.dpx.northwell.io *.yimg.com; media-src 'self' blob: *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' blob: cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com www.facebook.com insight.adsrvr.org *.acquia.com *.segment.com *.optimizely.com *.force.com *.salesforce.com; child-src 'self' blob:; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com api.dpx.northwell.io; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com *.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com *.cloudfront.net *.acquia.com *.segment.com *.visualstudio.com *.bugsnag.com *.mktoresp.com *.nr-data.net *.optimizely.com *.syllable.ai *.locationiq.com *.conveythis.com *.force.com *.sanzone.io *.sanzone.dev *.northwell.io *.yimg.com; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.bootstrapcdn.com *.facebook.net *.tctm.co *.clickdimensions.com *.googleadservices.com *.doubleclick.net *.trustarc.com globalstar.clarip.com *.addthis.com *.addthisedge.com *.bizographics.com *.linkedin.com *.gstatic.com unpkg.com rawgit.com *.avmws.com *.incontact.com jira.globalstar.com *.licdn.com *.zoominfo.com *.xg4ken.com 3
form-action https: 3
default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: 3
frame-src 'self' https://www.terminland.de *.novomind.com *.datev.de *.datev.com 3
default-src 'none'; connect-src https://hqiem7393d.execute-api.us-west-2.amazonaws.com https://myscript.prismic.io https://myscript.cdn.prismic.io; font-src data:; img-src 'self' https://cdn-images-1.medium.com https://cdn.myscript.com data:; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.myscript.com https://cloud.typography.com; media-src 'self'; manifest-src 'self'; object-src 'none' 3
default-src 'self' *.infinity-tracking.net ict.infinity-tracking.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.trustpilot.com cdn.jsdelivr.net unpkg.com www.googletagmanager.com static.hotjar.com script.hotjar.com https://code.jquery.com stats.g.doubleclick.net www.kldiscovery.com *.googleusercontent.com code.jquery.com *.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net bh.krollontrack.com stackpath.bootstrapcdn.com momentjs.com *.typeform.com cbs.krollontrack.com *.infinity-tracking.net js.usemessages.com js.hsleadflows.net api.hubspot.com js.hsforms.net forms.hsforms.com forms.hubspot.com api.hubapi.com js.hscollectedforms.net *.hsforms.net js.hs-banner.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net perf.hsforms.com unpkg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net *.trustpilot.com stackpath.bootstrapcdn.com code.jquery.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: assets.krollontrack.com *.typekit.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com assets.krollontrack.com assets.ontrack.com assets.ibas.com *.blob.core.windows.net *.cleverbridge.com assets.kldiscovery.com *.googleusercontent.com stats.g.doubleclick.net www.google.com forms.hubspot.com forms.hsforms.com track.hubspot.com perf.hsforms.com *.google.co.uk; media-src 'self' data: blob: assets.krollontrack.com youtu.be youtube.com *.blob.core.windows.net assets.kldiscovery.com *.googleusercontent.com; frame-src 'self' *.google.com https://youtu.be/ https://www.youtube.com/ https://app.hubspot.com/ https://ldiscovery.taleo.net/ *.trustpilot.com api.hubapi.com vars.hotjar.com bid.g.doubleclick.net bh.krollontrack.com forms.hsforms.com *.typeform.com eenvandaag.avrotros.nl; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://youtu.be/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.trustpilot.com stats.g.doubleclick.net forms.hubspot.com *.infinity-tracking.net forms.hsforms.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com in.hotjar.com *.infinity-tracking.net google-analytics.com unpkg.com forms.hubspot.com forms.hsforms.com api.hubspot.com api.hubapi.com; 3
default-src https://player.vimeo.com www.abtasty.com wss://*.hotjar.com try.abtasty.com https://*.hotjar.io stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl data: 'self'; style-src *.googleads.g.doubleclick.net https://tagmanager.google.com bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://teddytor.abtasty.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl googleads.g.doubleclick.net https://skk.erecruiter.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl https://www.ytimg.com 52.166.95.107 https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://www.facebook.com https://pixel.wp.pl https://cm.g.doubleclick.net https://*.googleapis.com stats.g.doubleclick.net *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl *.app.abtasty.com www.google.com bcp.crwdcntrl.net *.ratatu.pl www.google-analytics.com www.0.s-nk.pl *.googleads.g.doubleclick.net https://www.i1.ytimg.com bnp-paribas.user.com *.gstatic.com https://www.googleapis.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com bnp-optima-uat-search01.squiz.pl https://ib.adnxs.com https://dot.wp.pl https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com teddytor.abtasty.com *.abtasty.com https://www.emplocity.com clients1.google.com https://tbl.tradedoubler.com https://ad.doubleclick.net www.linkedin.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com *.ratatu.pl https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net www.facebook.com *.googleads.g.doubleclick.net https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://script.hotjar.com https://app.ehoundplatform.com https://pixel.wp.pl https://www.ssl.gstatic.com https://*.googleapis.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net *.ratatu.pl www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://cse.google.com *.vimeo.com bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://www.bnpparibas.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.googleads.g.doubleclick.net https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com *.ratatu.pl 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.facebook.com try.abtasty.com bnp-optima-uat-search01.squiz.pl stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net wss://ws9.hotjar.com https://vc.hotjar.io bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 https://insights.hotjar.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self' 3
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' wss://*.firebaseio.com wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://intldashboard.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://www.google.co.in https://connect.facebook.net http://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com http://logs.redbus.com/ https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://www.googletagservices.com https://bam.nr-data.net https://securepubads.g.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com/ http://cdn-jp.gsecondscreen.com https://googleads.g.doubleclick.net http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com http://www.googleadservices.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com/sessionstack.js http://www.googletagmanager.com http://connect.facebook.net http://www.googleadservices.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com; img-src 'self' data: blob: https://*.online-metrix.net https://*.goibibo.com https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com  https://s3-ap-southeast-1.amazonaws.com https://*.s3-ap-southeast-1.amazonaws.com https://googleads.g.doubleclick.net https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com https://stats.g.doubleclick.net http://origin-st.redbus.in https://pilgrimages-cms.s3-ap-southeast-1.amazonaws.com https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://s-static.ak.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://www.facebook.com https://api.midtrans.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in;  font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' https://*.firebaseapp.com https://*.firebaseio.com  https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://bid.g.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com/ https://googleads.g.doubleclick.net https://staticxx.facebook.com https://dis.as.criteo.com; object-src 'self' 3
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 3
frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 3
default-src 'self' https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com;script-src-elem 'self' 'unsafe-inline' https://microapps.pf-labs.net https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com;script-src 'self' 'unsafe-inline' https://microapps.pf-labs.net https://cdn.inspectlet.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://stats.g.doubleclick.net 3
upgrade-insecure-requests; block-all-mixed-content; disown-opener 3
script-src 'self'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com; report-uri /admin/config/system/seckit/csp-report 3
frame-ancestors 'self' *.dnc.io 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self' 'unsafe-inline' *.tableau.com *.vimeo.com *.youtube.com cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com fonts.gstatic.com www.google.com *.googleapis.com maps.gstatic.com developers.google.com tagmanager.google.com ssl.gstatic.com www.gstatic.com tagmanager.google.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com data:; 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com idtechex.bamboohr.com platform.twitter.com ssl.google-analytics.com www.googleadservices.com *.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://cdn.syndication.twimg.com www.google.com www.gstatic.com ajax.googleapis.com tsys.arcot.com 3
frame-ancestors https://nxs.tookanapp.com/ 3
frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 3
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 3
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 3
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' blob: data: * 3
default-src 'self' cdn.register.to 'unsafe-eval' https:; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.register.to tld.register.to cdn.ywxi.net www.google-analytics.com seal.websecurity.norton.com s3-us-west-2.amazonaws.com www.trustedsite.com cdn.jsdelivr.net www.google.com cdn.datatables.net https:; style-src 'unsafe-inline' https:; manifest-src 'self' cdn.register.to 'unsafe-eval' https:; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline'  data: https://wapi.nic.fr https://www.google.com http://www.afnic.fr/  http://s7.addthis.com https://s7.addthis.com http://m.addthisedge.com/ https://m.addthisedge.com/ http://m.addthis.com/ https://m.addthis.com/ platform.twitter.com http://www.google-analytics.com https://ssl.google-analytics.com/ https://www.afnic.fr/  https://cdn.syndication.twimg.com/widgets/ ; object-src 'self' https://s7.addthis.com https://www.google.com/jsapi https://cdn.syndication.twimg.com ; form-action 'self'; child-src https://www.openstreetmap.org/ https://platform.twitter.com https://maps.google.fr/ https://www.dailymotion.com https://www.youtube.com/ https://s7.addthis.com https://www.google.com https://www.facebook.com/ http://www.facebook.com/ http://eyedo.tv/ https://eyedo.tv/ ;frame-ancestors https://www.facebook.com/ http://www.facebook.com/ 3
default-src 'self' https://tramitesanonimos.cnmc.es;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;  child-src 'self' https://www.google.com/recaptcha/ https://docs.google.com https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: https://translate.google.com https://getbootstrap.com https://www.jsdelivr.com https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://blog.cnmc.es;  media-src 'self';  style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com  https://www.gstatic.com/recaptcha/;  font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://www.gstatic.com/recaptcha/;  object-src 'self';  connect-src 'self' https://bootswatch.com https://translate.googleapis.com;  3
default-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital; base-uri 'self'; img-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: localhost stats.g.doubleclick.net via.placeholder.com biglotteryfund-assets.imgix.net i.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-inline' *.typekit.net; script-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; child-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital www.google.com https://vars.hotjar.com; connect-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; report-uri https://sentry.io/api/226416/csp-report/?sentry_key=53aa5923a25c43cd9a645d9207ae5b6c 3
frame-ancestors 'self' blaetterkatalog.musicstore.de  ; 3
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.qbrick.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com video.qbrick.com dreambroker.com; font-src 'self' 3
frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net 3
default-src 'self'; object-src 'self'; child-src 'self' ujet.co *.ujet.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; connect-src 'self' kampyle.com *.kampyle.com mobileapi.locatorsearch.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; img-src 'self' *.tvsquared.com google-analytics.com *.google-analytics.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob:; style-src 'self' 'unsafe-inline' kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com; font-src 'self' data: kampyle.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com; frame-src 'self' ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com; 3
frame-ancestors 'self'; object-src 'none'; form-action 'self'; base-uri 'none'; data: http://portal.comunique-se.com.br 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data: 3
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 3
default-src 'self' blob: data:  *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org *.mediawiki.org mediawiki.org *.wikidata.org wikidata.org *.wmflabs.org *.google.com *.gstatic.com *.addthis.com *.youtube.com *.youtube-nocookie.com maxcdn.bootstrapcdn.com twitter.com *.creativecommons.org images.uncyc.org www.mikrodev.com *.reviservices.com *.twitter.com www.sciencedaily.com *.googleapis.com *.twimg.com discordapp.com *.tile.openstreetmap.org *.freenode.net *.sorcery.net *.fontawesome.com *.a.wmflabs.org nenawiki.org *.cloudytheology.com i.imgur.com na.llnet.sims3store.cdn.ea.com cdn.discordapp.com m.media-amazon.com image.tmdb.org *.stripe.com *.twitch.tv *.fastly.net *.facebook.com *.shields.io *.bilibili.com *.163.com discord.com googleusercontent.com imgbox.com cdnjs.cloudflare.com cdn.jsdelivr.net reddit.com *.reddit.com redd.it *.redd.it redditmedia.com *.redditmedia.com dropbox.com *.dropbox.com dropboxstatic.com *.dropboxstatic.com disqus.com *.disqus.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'  *.miraheze.org 3
frame-ancestors 'self' https://www.clearslide.com https://www.purdueglobalpresents.com http://upload.clearslide.com 3
frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com https://suggestqueries.google.com https://pagead2.googlesyndication.com www.google-analytics.com yastatic.net https://relap.io https://ad.mail.ru stat.adlabs.ru mc.yandex.ru *.criteo.com *.googleapis.com luxadv.com *.luxadv.com psma02.com *.betweendigital.com *.doubleclick.net share.pluso.ru w.uptolike.com *.am15.net am15.net psma03.com *.onedmp.com *.eboundservices.com eboundservices.com uk-ads.openx.net *.openx.net *.metabar.ru *.orange81safe.com *.creativecdn.com *.googletagservices.com *.googleadservices.com psma01.com *.atemda.com *.nativeroll.tv *.criteo.net fycapi.ru ijquery5.com acvatic.ru mycpm.ru igithab.com *.yandex.ru franecki.net v.kost.tv *.g.doubleclick.net bnstero.com *.google.ru cdn.onesignal.com *.yakutia.io yakutia.io *.onesignal.com static.amgmedia.net onesignal.com *.sendpulse.com sendpulse.com bnster.com myhappy-news.com *.republer.com 3
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 3
script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src 'self' http://tribeca.vidavee.com https://www.facebook.com https://assets.adobedtm.com https://connect.facebook.net https://ad.doubleclick.net https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com https://*.map2.ssl.hwcdn.net https://feeds.standardbank.com https://noembed.com; font-src 'self' https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://www.homeloans1.standardbank.co.za https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://i.ytimg.com https://developers.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.facebook.com https://www.youtube.com https://connect.facebook.net https://ad.doubleclick.net https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net https://tpc.googlesyndication.com https://snap.licdn.com https://px.ads.linkedin.com https://s.ytimg.com; style-src 'unsafe-inline' 'self' https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-ancestors 'self'; 3
default-src * 'unsafe-eval' 'unsafe-inline' data:; 3
default-src 'self' *.comaweb.de *.aticdn.net *.bootstrapcdn.com cdn.matomo.cloud *.clickdimensions.com data: *.easyway.site *.firebot.io *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.gstatic.com *.msecnd.net *.netrk.net *.randomuser.me randomuser.me s3-eu-west-1.amazonaws.com *.usercentrics.eu webasto-comfort.com *.webasto-comfort.com *.webasto.com webasto.matomo.cloud wss://firebot.galacticweb.net *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.aticdn.net *.bootstrapcdn.com *.clickdimensions.com *.easyway.site *.firebot.io *.formsite.com *.galacticweb.net *.googleapis.com *.gstatic.com *.msecnd.net *.netrk.net *.randomuser.me *.webasto.com *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.aticdn.net *.bootstrapcdn.com cdn.matomo.cloud *.clickdimensions.com *.easyway.site *.firebot.io firebot.io *.formsite.com *.galacticweb.net *.google.com *.google.de googleads.g.doubleclick.net *.googleadservices.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.msecnd.net *.netrk.net *.randomuser.me randomuser.me *.usercentrics.eu *.webasto.com webasto.matomo.cloud *.xiti.com *.youtube-nocookie.com *.youtube.com *.ytimg.com; 3
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; 3
frame-ancestors 'self' goqubit.net ; 3
frame-ancestors self *.haagendazs.us; report-uri /report-csp-violation 3
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.surveymonkey.com https://www.youtube.com; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 3
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 3
default-src  'self'  https://*.myligue.fr     https://*.lfp.fr     https://*.ligue1.fr     https://*.ligue2.fr  https://*.googlesyndication.com/  https://www.tntv.pf     https://opt-out.ferank.eu;  media-src *  'self'     https://ooyalaeuwest.streaming.mediaservices.windows.net  blob:  https://www.tntv.pf     https://www.youtube.com     https://www.dailymotion.com;  font-src  'self'  data:  https://use.fontawesome.com  https://fonts.gstatic.com  https://player.ooyala.com  ;  script-src  'self'  'unsafe-inline'  'unsafe-eval'  https://az416426.vo.msecnd.net  https://cdn.ampproject.org  https://cdn.syndication.twimg.com  https://ssl.google-analytics.com  https://player.ooyala.com  https://www.googletagmanager.com  https://www.google.com  https://www.gstatic.com  https://www.google-analytics.com     http://www.google-analytics.com  https://www.googletagservices.com  https://adservice.google.fr  https://adservice.google.com  https://*.googlesyndication.com  https://securepubads.g.doubleclick.net  https://connect.facebook.net  https://platform.twitter.com  https://analytics.ooyala.com  https://imasdk.googleapis.com  http://imasdk.googleapis.com  https://s0.2mdn.net     https://www.youtube.com     https://www.dailymotion.com     https://opt-out.ferank.eu     http://opt-out.ferank.eu     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr  http://player.ooyala.com  http://players.brightcove.net     https://players.brightcove.net  https://vjs.zencdn.net  https://analytics.ooyala.com/     https://www.instagram.com;  style-src  'self'  'unsafe-inline'  https://cdnjs.cloudflare.com  https://use.fontawesome.com  https://fonts.googleapis.com  https://player.ooyala.com/     https://platform.twitter.com     https://www.youtube.com     https://www.dailymotion.com     https://opt-out.ferank.eu     http://opt-out.ferank.eu     http://players.brightcove.net     https://players.brightcove.net     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr     https://www.instagram.com;  child-src  'self'  blob:     https://*.myligue.fr  https://www.google.com/  https://tpc.googlesyndication.com  https://player.ooyala.com/  https://platform.twitter.com/  https://staticxx.facebook.com/  https://syndication.twitter.com/  https://widgets.lfp.stats.com  https://l.ooyala.com/  https://imasdk.googleapis.com/     https://www.youtube.com     https://www.dailymotion.com     https://cartemercatoligue1.com     https://11type.lfp.fr     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr     https://snapshots.playingsurface.net  http://player.ooyala.com     http://players.brightcove.net     http://players.brightcove.net  http://l.ooyala.com     https://twitter.com     https://www.facebook.com     https://m.facebook.com     https://www.instagram.com     https://imasdk.googleapis.com  http://imasdk.googleapis.com     https://www.google-analytics.com     http://www.google-analytics.com     https://www.sporcle.com     ;  img-src  'self'     data:  https://www.google.com  https://*.doubleclick.net  https://*.googlesyndication.com  https://lspcridevglcdn.azureedge.net  https://lspemeintglcdn.azureedge.net  https://lspsapuatglcdn.azureedge.net  https://lsprubpreglcdn.azureedge.net  https://lspisphereglcdn.azureedge.net  https://ssl.google-analytics.com  https://stats.g.doubleclick.net  https://lfpimageproxy.azureedge.net  https://secure-cf-c.ooyala.com  https://player.ooyala.com     https://www.blogduparieur.com     https://publish.lfpstg.ooflex.net      https://syndication.twitter.com/     https://abs.twimg.com     https://platform.twitter.com     https://pbs.twimg.com     https://www.youtube.com     https://www.dailymotion.com     https://www.google-analytics.com     http://www.google-analytics.com     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr  https://metrics.brightcove.com     http://metrics.brightcove.com  https://cf-images.us-east-1.prod.boltdns.net     https://www.instagram.com     https://cf-images.eu-west-1.prod.boltdns.net     http://cf-images.eu-west-1.prod.boltdns.net     https://tarteaucitron.io;  connect-src  'self'  https://securepubads.g.doubleclick.net  https://dc.services.visualstudio.com  https://metrics-api.librato.com  https://player.ooyala.com  https://licensing.bitmovin.com  https://*.mediaservices.windows.net     https://csi.gstatic.com  https://edge.api.brightcove.com  http://edge.api.brightcove.com  http://player.ooyala.com  http://manifest.prod.boltdns.net  http://house-fastly-signed-us-east-1-prod.brightcovecdn.com     https://house-fastly-signed-us-east-1-prod.brightcovecdn.com     https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com     http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com     https://bcbolt446c5271-a.akamaihd.net     https://*.googlesyndication.com     ;  frame-ancestors  'self'  ; 3
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * blob: data:; 3
frame-ancestors 'self' www.nassp.org www.nhs.us www.njhs.us www.nehs.org www.natstuco.org www.principalsmonth.org files.nassp.org; 3
default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline';font-src https: data:;img-src https: data: 3
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 3
frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com 3
frame-ancestors  *.marincounty.org *.marinpublic.com *.mcera.org *.marinfair.org *.marincountyhr.org *.marincountyparks.org *.marinhhs.org 3
frame-ancestors 'self'  wbpa.wdo.io ru.wotblitz.com eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 3
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://script.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://cloud.webtype.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' https://cloud.webtype.com https://static.hotjar.com https://fonts.gstatic.com data:; img-src 'self' https://pls.webtype.com https://insights.hotjar.com https://static.hotjar.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data:; connect-src 'self' https://*.hotjar.com:* wss://*.hotjar.com https://embedwistia-a.akamaihd.net https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com; child-src 'self' https://vars.hotjar.com; media-src 'self' blob:; frame-ancestors 'self'; 3
frame-ancestors 'self' http://jobcloud.ch http://*.jobcloud.ch http://jobs.ch http://*.jobs.ch http://jobup.ch http://*.jobup.ch http://ingjobs.ch http://ictcareer.ch http://jobs4sales.ch http://financejobs.ch http://medtalents.ch http://jobwinner.ch http://alpha.ch http://topjobs.ch http://*.jobscout24.ch http://impieghi.ch http://*.impieghi.ch http://*.stellenmarkt.ch 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /security-report.php 3
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; frame-src 'self' data: fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/  https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com  https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.postcodeanywhere.co.uk https://*.visa.com	https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com https://www.paypalobjects.com; 3
frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 3
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 3
frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com wss://*.screenmeet.com https://*.screenmeet.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com http://youtube.com/iframe_api https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://player.vimeo.com/api/player.js https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www.googletagmanager.com/gtm.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://analytics.twitter.com/i/adsct https://tagmanager.google.com/debug https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://tagmanager.google.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js https://cdn1.readspeaker.com/script/9190/webReader/webReader.js https://cdn1.readspeaker.com/script/9190/webReader/ReadSpeaker.pub.Config.js https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Core.js https://cdn1.readspeaker.com/ *.lfeeder.com *.leadfeeder.com https://code.jquery.com/jquery-3.4.1.min.js https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles-Button.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles.css https://cdn1.readspeaker.com/script/9190/webReader/r/ https://cdn1.readspeaker.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ https://www.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://media-eu.readspeaker.com/ https://www.digitale-exzellenz.de/feed/ https://www.digitale-exzellenz.de/category/branchen/ https://www.digitale-exzellenz.de/tag/ https://www.instagram.com/ https://www.instagram.com/soprasteria_fr/ https://www.instagram.com/instagram/ *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/; 3
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 3
frame-ancestors 'self' *.valassis.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 3
frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 3
manifest-src 'self' https://*.ng-source.com 3
frame-ancestors 'self' app.contentful.com 3
default-src https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://*.gstatic.com/ 'self'; connect-src wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/  wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ 'self'; frame-src https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; img-src https://*.optnmstr.com/ https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/ 'self'  'unsafe-inline' 'unsafe-eval' data: javascript:; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss: 3
frame-ancestors 'self' https://www.bosoy-online.com 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.valcartier.com *.calypsopark.com gcv-static.azureedge.net gcv-cms-static.azureedge.net gcv-staging-static.azureedge.net gcv-dev-static.azureedge.net gcv-qa-static.azureedge.net gcv-qa2-static.azureedge.net gcv-qa3-static.azureedge.net www-gcv-static.azureedge.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.ticket-ops.com data: *.tripadvisor.ca *.tripadvisor.com *.jscache.com static.tacdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google.com fonts.gstatic.com facebook.net *.facebook.com *.google.ca *.googleadservices.com *.doubleclick.net acuityplatform.com securecode.com *.securecode.com moneris.com *.moneris.com visa.com *.visa.com verifiedbyvisa.com *.verifiedbyvisa.com *.arcot.com *.vgdelivery.com vgdelivery.com *.cardinalcommerce.com cardinalcommerce.com *.online-metrix.net online-metrix.net securesuite.net *.securesuite.net az416426.vo.msecnd.net dc.services.visualstudio.com connect.facebook.net player.vimeo.com; 3
default-src 'self' http://www.cmbwinglungbank.com https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com https://demo02.etwealth.com http://demo02.etwealth.com https://m2.cmbwinglungbank.com *.cmbchina.com https://cms.aqumon.com https://push.cmbwinglungbank.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; frame-ancestors 'self' fc10.etwealth.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 3
default-src 'self' https://*.google.ie https://*.facebook.com https://*.facebook.net https://*.expediapartnersolutions.com https://*.leadspace.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com data: 'unsafe-eval' 'unsafe-inline' 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 3
script-src 'self' 'unsafe-inline' www.google-analytics.com quadia.webtvframework.com code.createjs.com ssl.p.jwpcdn.com www.youtube.com s.ytimg.com;style-src 'self' 'unsafe-inline';img-src 'self' www.google-analytics.com data:;media-src 'self';frame-src 'self' g.jwpsrv.com www.youtube.com tools.eurolandir.com quadia.webtvframework.com ahold.hostedby.quadia.com aholddelhaize.projects.quadia.net streams.nfgd.nl;font-src 'self' ssl.p.jwpcdn.com;form-action 'self';report-uri /WebResource.axd?cspReport=true 3
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.netinnederland.nl *.2doc.nl *.vprogids.nl; 3
upgrade-insecure-requests; frame-ancestors 'self'; 3
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;font-src * data: 3
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 3
default-src 'self' gap: 'unsafe-inline'; script-src 'self' data: https://c.mql5.com/ data: https://cdn.ampproject.org/ data: https://content.mql5.com/ data: https://connect.facebook.net/ data: https://ifccd.net data: www.google-analytics.com data: www.googletagmanager.com data: trade.mql5.com data: https://ipinfo.io 'unsafe-eval' 'unsafe-inline'; frame-src 'self' data: https://www.mql5.com data: https://www.facebook.com data: https://www.youtube.com/ data: https://chat.ifcir.asia/ data: https://chat.trifcm.asia/ data: https://chat.ifcmarkets.com data: https://trade.mql5.com data: *.googletagmanager.com; object-src *; style-src 'self' data: https://ifccd.net data: https://pr.ifccd.net data: https://fonts.googleapis.com/css 'unsafe-inline'; img-src * data: http://www.w3.org; font-src 'self' data: https://ifccd.net data: https://fonts.gstatic.com data: https://fonts.googleapis.com data: https://pr.ifccd.net; connect-src *;  manifest-src 'self' data: https://ifccd.net 3
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 3
default-src 'none'; object-src 'self'; media-src blob: https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.okadoc.com https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://*.createsend.com https://cdn.dotcy.com.cy https://script.crazyegg.com https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://browser-update.org https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com; connect-src 'self'  https://*.okadoc.com https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://*.wistia.com https://*.litix.io https://www.facebook.com/ https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://ton.twimg.com; frame-src 'self' https://*.okadoc.com https://*.onedoc.ch https://onedoc.ch https://vimeo.com/ https://*.vimeo.com/ https://mixlr.com/ https://*.mixlr.com/ https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://*.createsend.com https://*.google.com https://w.soundcloud.com/ https://cdn.dotcy.com.cy https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.ch https://*.datahouse.ch/ https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com; 3
frame-src https:; report-uri /csp-violation-endpoint/ 3
default-src 'self' *.fluvius.be; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com maps.googleapis.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net https://amp.cloudflare.com cdn.sparkcentral.com *.smooch.io *.hotjar.com https://*.geopunt.be static.ads-twitter.com analytics.twitter.com *.bizographics.com translate.google.com translate.googleapis.com; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com cdnjs.cloudflare.com  https://amp.cloudflare.com cdn.sparkcentral.com translate.googleapis.com; img-src 'self' data: www.google-analytics.com *.gstatic.com maps.googleapis.com www.eandis.be stats.g.doubleclick.net www.facebook.com www.google.be www.google.com  https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com www.gravatar.com media.eu-1.smooch.io *.fluvius.be https://s3.eu-central-1.amazonaws.com blob: t.co *.linkedin.com translate.googleapis.com cdn-fluvius.azureedge.net; media-src 'self' https://cdn.sparkcentral.com; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube-nocookie.com https://www.google.com https://www.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com *.hotjar.com; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.sparkcentral.com data:; connect-src 'self' www.google-analytics.com https://discovery.amp.cloudflare.com https://stats.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com cdn.sparkcentral.com *.eu-1.smooch.io wss://*.smooch.io *.geopunt.be *.hotjar.com *.hotjar.io translate.googleapis.com; report-uri /report-csp-violation 3
default-src https: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://cvonline.lt https://www.cvonline.lt; 3
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-8e633a01-7f47-4dfd-9d85-f36ee549c35c'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-8e633a01-7f47-4dfd-9d85-f36ee549c35c'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi; form-action 'self' 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: 3
frame-ancestors 'self' *.moneyam.com; 3
default-src 'self' https://www-cdn01.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://proxy.ay.prod.3whst.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://tagmanager.google.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://proxy.ay.prod.3whst.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com/ https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com; connect-src 'self' https://www.google-analytics.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 3
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 3
frame-ancestors 'self' *.facebook.com 3
frame-ancestors 'self' fbgeneralivers.generali.de www.facebook.com 3
unsafe-inline 3
default-src *     ;report-uri /xp/CSPReport.ashx     ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:     ;style-src * 'unsafe-inline'     ;connect-src * blob:     ;font-src * data:     ;object-src *     ;img-src * data: blob:     ;media-src * blob:     ;frame-src * data: gsa: ajaxhandler:     ;child-src * blob:     ;worker-src * blob:     ;form-action * javascript:     ;frame-ancestors * 3
frame-ancestors 'self' https://sunlifeassurance.experiencecloud.adobe.com https://sunlifeassurance.marketing.adobe.com; 3
default-src 'none'; script-src 'self' connect.facebook.net graph.facebook.com *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com; connect-src 'self' *; img-src 'self' data: *.facebook.com *.youtube.com *.twimg.com *.twitter.com *; style-src 'self' 'unsafe-inline'; media-src 'self' *.youtube.com; font-src 'self'; object-src 'none'; frame-src 'self' *.bmlfuw.gv.at *.bmnt.gv.at *.bmlrt.gv.at https://*.youtube.com *.facebook.com https://*.umweltbundesamt.at https://*.laola1.tv https://*.europa.eu https://*.facebook.com https://www.google.com 3
frame-ancestors *.entertainmentcruises.com *.odysseycruises.com *.spiritcruises.com *.mysticbluecruises.com *.seadogcruises.com *.bateauxnewyork.com reservations.entertainmentcruises.com; 3
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3
frame-ancestors 'self' tvoy-priz.ru lasterlast.ru guru-games.ru gigath.oneth.ru oneth.ru netheml.ru gamazer.ru gamcloud.ru maigamers.ru sotgame.ru igamir.ru girgame.ru vk.com livehelp.trueplay.io 3
frame-ancestors 'self' nurture.solarwinds.com; 3
connect-src 'self' disqus.com *.disqus.com *.disquscdn *.addthis.com *.gstatic.com *.googlesyndication.com 3
frame-ancestors 'self' https://*.castlery.com https://*.castlery.com.au https://*.castlery.sg https://*.castlery.co 3
script-src 'self' https://maps.googleapis.com https://www.google.com 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://pagead2.googlesyndication.com https://adservice.google.es https://adservice.google.com https://www.googletagservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.cloudflare.com 3
default-src  http:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  http:; style-src http:  'unsafe-inline'; img-src 'self' data: http:; connect-src http:  ws:; 3
upgrade-insecure-requests; frame-ancestors 'self'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.google.com.au *.google.ca *.gstatic.com *.google-analytics.com *.googleadservices.com *.pingdom.net js.hs-analytics.net *.cloudfront.net js-agent.newrelic.com *.doubleclick.net *.nr-data.net *.mastersoftgroup.com *.quantserve.com *.idmanagedsolutions.com *.addthis.com *.xg4ken.com *.lightboxcdn.com *.brightcove.net *.youtube.com player.vimeo.com *.cloudflare.com *.onmodulus.net *.bootstrapcdn.com *.tradingroom.com.au *.services.visualstudio.com *.azurewebsites.net *.windows.net *.msecnd.net *.bing.com  is-ff-cdn-www.azureedge.net is-gb-cdn-www.azureedge.net is-rs-cdn-www.azureedge.net is-pz-cdn-www.azureedge.net is-ct-cdn-www.azureedge.net is-jw-cdn-www.azureedge.net is-develop-cdn-www.azureedge.net is-uat-cdn-www.azureedge.net is-master-stg-cdn-www.azureedge.net  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.yourshare.com.au image.mail.eurekareport.com.au ii-uploads.s3.amazonaws.com *.intercom.io wss://*.intercom.io *.intercom.com *.intercomcdn.com *.intercomassets.com dnn506yrbagrg.cloudfront.net/pages/scripts/0018/4016.js *.crazyegg.com s3.amazonaws.com/trk.cetrk.com/ gtrk.s3.amazonaws.com *.disqus.com disqus.com *.disquscdn *.disquscdn.com *.typekit.net pub.s7.exacttarget.com cl.s7.exct.net *.coveritlive.com *.segment.com *.segment.io *.kissmetrics.com https://pixel.tapad.com *.quantcount.com *.dianomi.com *.jquery.com cdn.jsdelivr.net *.highcharts.com *.mypropertytools.com.au *.static.omnilife.com.au static.omnilife.com.au outlook.office365.com  placehold.it placeholdit.imgix.net fakeimg.pl fullstory.com *.fullstory.com *.facebook.net *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.mixpanel.com *.mxpnl.com *.bugherd.com *.bugsnag.com https://omny.fm/ marketo.net *.marketo.net *.mktoresp.com app-sn04.marketo.com *.dacast.com *.viglink.com *.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com *.bloomberg.com *.afr.com *.2gb.com *.forbes.com *.smh.com.au *.economist.com *.asx.com.au *.abc.net.au *.skynews.com.au *.theaustralian.com.au *.seniorsnews.com.au *.appcues.com *.firebaseio.com *.firebase.com appcues-quickstart.s3-us-west-2.amazonaws.com *.cloudinary.com *.appcues.net appcues-content-api-prod.herokuapp.com nh436jpc4i.execute-api.us-west-2.amazonaws.com 104cl9psz3.execute-api.us-west-2.amazonaws.com wss://api.appcues.net wss://*.firebaseio.com cdn.jsdelivr.net calendly.com *.calendly.com https://portal.ttds.com.au/ http://thetermdepositshop.com.au/ *.inspectlet.com https://*.buzzsprout.com www.buzzsprout.com *.imgix.net vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com *.zoho.com abr.business.gov.au https://www.googleoptimize.com 3
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: piwik.bmvg.de *.video-cdn.net *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://piwik.bmvg.de/report-uri/ 3
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com bam.nr-data.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.flickr.com *.staticflickr.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline'; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube.com *.vimeo.com country-profiles.unstatshub.org; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com; report-uri /report-csp-violation 3
default-src 'self' static.mycity.travel static.j3l.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 3
default-src 'self' data: 'unsafe-inline' https: *; 3
default-src https: data: 'unsafe-inline' 3
default-src 'none'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.vo.msecnd.net/ https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://*.blueconic.net https://*.hotjar.com https://*.hotjar.io https://extend.vimeocdn.com https://www.google-analytics.com https://js.driftt.com https://connect.facebook.net https://www.youtube.com https://*.ytimg.com https://*.bizographics.com https://*.linkedin.com https://*.licdn.com; connect-src 'self' https://dc.services.visualstudio.com https://www.googletagmanager.com https://*.blueconic.net https://api.ipify.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.vilans.nl https://*.blueconic.net https://*.linkedin.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net; frame-src 'self' https://w.soundcloud.com https://www.youtube.com https://player.vimeo.com https://www.google.com https://www.facebook.com https://js.driftt.com https://*.hotjar.com https://www.veiligheid.nl; frame-ancestors 'self'; object-src 'self'; 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; upgrade-insecure-requests; report-uri https://drinksco.report-uri.io/r/default/csp/enforce 3
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/; 3
default-src https: 'unsafe-inline' 3
default-src 'self' static.mycity.travel static.www.villars-diablerets.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 3
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 3
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 3
upgrade-insecure-requests;block-all-mixed-content; 3
frame-ancestors 'self'; block-all-mixed-content 3
frame-ancestors 'self' *.swoogo.com 3
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.bunrattycastle.ie https://www.craggaunowen.ie https://www.dunguairecastle.com https://www.gpowitnesshistory.ie https://www.kingjohnscastle.com https://www.knappoguecastle.ie https://www.malahidecastleandgardens.ie https://www.newbridgehouseandfarm.com https://www.shannonheritage.com https://www.modelrailwaymuseum.ie data: https://*.facebook.net https://*.facebook.com https://*.hotjar.com https://*.bing.com https://*.typekit.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://*.crazyegg.com https://*.youtube.com https://*.youtu.be https://youtu.be https://*.instagram.com https://*.cdninstagram.com; 3
default-src *; block-all-mixed-content; base-uri 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.sndcdn.com https://*.soundcloud.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com https://*.soundcloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.linkedin.com https://*.twitter.com https://view.ceros.com https://dl.episerver.net https://connect.facebook.net https://polyfill.io https://*.bizographics.com https://*.datatables.net  https://maps.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.optimizely.com https://code.jquery.com https://*.googletagmanager.com https://*.episerver.net https://*.msecnd.net https://*.getsitecontrol.com https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com https://*.sndcdn.com; img-src 'self' data: https://*.datatables.net https://www.grantthornton.global https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://pixel.newscred.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.googletagmanager.com https://*.marketo.com https://grant-thornton.vuturevx.com https://*.youtube.com https://stats.g.doubleclick.net https://*.grantthornton.sg; style-src 'self' https://*.datatables.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.marketo.com 'unsafe-inline' https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; font-src 'self' data: https://*.gstatic.com https://*.getsitecontrol.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; frame-src https://*.google.com https://*.optimizely.com https://*.googletagmanager.com https://*.marketo.com https://*.getsitecontrol.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com https://optimize.google.com https://view.ceros.com https://www.facebook.com; 3
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.mywebstats.com.au https://www.google-analytics.com 3
default-src 'self'              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starific.net;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starific.net; 3
frame-ancestors 'self' https://www.domainedevillers.fr 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline' wss:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; 3
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 3
frame-ancestors 'self' junchae.com 3
block-all-mixed-content; report-uri /v1/csplog 3
frame-ancestors 'self' https://kuleuven.be https://*.kuleuven.be ; 3
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru mc.yandex.ru *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai *.cloudfront.net *.cloudflare.com *.bootstrapcdn.com *.googleapis.com; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' mil.ru *.mil.ru *.googleapis.com *.bootstrapcdn.com; img-src 'self' mil.ru *.mil.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru *.mil.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 3
script-src 'self'; object-src 'self' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://noembed.com https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://code.jquery.com https://cdn.plyr.io https://cdn.selz.com https://s.ytimg.com https://player.vimeo.com https://vimeo.com http://i.ytimg.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com http://comercio.gob.es http://barrerascomerciales.comercio.gob.es https://extranet.serviciosmin.gob.es; img-src 'self' data: https://cdn.syndication.twimg.com https://syndication.twitter.com http://www.google-analytics.com https://www.google-analytics.com https://pbs.twimg.com https://platform.twitter.com https://abs.twimg.com https://ton.twimg.com http://i.ytimg.com https://noembed.com https://www.googletagmanager.com http://comercio.gob.es http://barrerascomerciales.comercio.gob.es https://extranet.serviciosmin.gob.es; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://www.google.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com http://code.jquery.com https://cdn.syndication.twimg.com https://platform.twitter.com https://s.ytimg.com https://noembed.com https://www.googletagmanager.com http://comercio.gob.es http://barrerascomerciales.comercio.gob.es https://extranet.serviciosmin.gob.es; frame-src 'self' https://syndication.twitter.com https://platform.twitter.com http://maps.google.com https://maps.google.com https://www.google.com https://www.youtube.com https://www.googletagmanager.com http://comercio.gob.es http://barrerascomerciales.comercio.gob.es https://extranet.serviciosmin.gob.es; 3
default-src data: blob: http://* https://* wss://* 'self' 'unsafe-inline' 'unsafe-eval'; 3
frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net; frame-ancestors 'self'; 3
frame-ancestors 'self' https://military.gillette.com https://gillette.com https://gillette.mybigcommerce.com 3
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; block-all-mixed-content 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.braintreegateway.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://cdn.ckeditor.com/ https://www.google.com/ https://ajax.googleapis.com/ https://s3-us-west-2.amazonaws.com/; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://ajax.googleapis.com/; font-src 'self'; img-src 'self' data: https://cdn.ckeditor.com/ https://code.jquery.com/; frame-src 'self' https://www.openstreetmap.org/; frame-ancestors 'self'; connect-src 'self'; object-src 'self' 3
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com *.timeblockr.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.timeblockr.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 3
frame-ancestors 'self' 			*.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com 3
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 3
default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 2
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com *.vk.com an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.yandex.net data: mail.ru ok.ru strm.yandex.ru vk.com *.vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?v=02.07.20; 2
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com;  worker-src blob: 'self';  connect-src * wss: blob:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 2
frame-ancestors *.mediafire.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.investopedia.com *.qa.aws.investopedia.com apollo.investopedia.com apollo.local.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 2
frame-ancestors "self" 2
style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com ad.doubleclick.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com 2
default-src https:; frame-src https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss: *.hotjar.com; img-src https: 'self' data:; style-src https: 'unsafe-inline'; font-src https: 'unsafe-inline' data:; 2
default-src * data: blob: about:;script-src 'self' https://*.vk.com https://static.vk.me https://*.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp 2
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com ; 2
default-src 'self'; img-src 'self' https://app.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://lh3.googleusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com/csi https://stats.g.doubleclick.net https://storage.googleapis.com https://sc-kharon.appspot.com blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://www.google.com https://www.googleadservices.com https://sc-static.net https://www.youtube.com https://s.ytimg.com https://*.firebaseio.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://snap.adbrn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://player.vimeo.com https://tremolossl-a.akamaihd.net https://*.firebaseio.com; connect-src 'self' https://snapchat-web.storage.googleapis.com https://gms-carousel-dot-lookinsoclear.appspot.com https://app.snapchat.com https://geofilters-community-api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://zgl-s.tlnk.io https://woj-e.tlnk.io https://launch1.co https://accounts.snapchat.com https://scan.snapchat.com https://www.google-analytics.com wss://*.firebaseio.com https://www.googleapis.com https://securetoken.googleapis.com https://storage.googleapis.com; media-src 'self' data: blob: https://storage.googleapis.com; report-uri https://csp-central.appspot.com/report_csp 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors 'self' *.pathfactory.com *.lookbookhq.com *.newrelic.com 2
frame-ancestors https://ads.idntimes.com https://fyi.idntimes.com 2
object-src  'self'; form-action http://*.americanexpress.com/ https://*.americanexpress.com/; worker-src  'none'; font-src http://*.aexp-static.com/ https://cdnjs.cloudflare.com/ https://use.typekit.net/ 'self' http://fonts.gstatic.com/ https://*.bootstrapcdn.com/ https://*.aexp-static.com/; frame-ancestors https://*.aexp.com/  https://*.americanexpress.com/; script-src https://cdnjs.cloudflare.com/ 'unsafe-inline' 'self' https://*.liveperson.net/ https://*.maxymiser.net/ https://googleads.g.doubleclick.net/ https://*.lpsnmedia.net/ http://*.maxymiser.net/ https://www.googleadservices.com/ https://*.aexp-static.com/ https://aexp.demdex.net/ https://c00.adobe.com/ http://*.ensighten.com/ https://connect.facebook.net/ http://*.aexp-static.com/ https://*.americanexpress.com/ https://cdn.appdynamics.com/ http://*.adobedtm.com/ https://*.adobedtm.com/ https://adservice.google.co.il/ http://*.americanexpress.com/ http://*.liveperson.net/ https://*.ensighten.com/ https://www.google.com/ https://*.akamaihd.net/ 'unsafe-eval'; media-src 'self' https://lpcdn.lpsnmedia.net/ https://lpchat.americanexpress.com/; img-src 'self' data: https: http:; frame-src https://staticxx.facebook.com/ https://*.americanexpress.com/ https://*.demdex.net/ https://*.liveperson.net/ http://*.demdex.net/ https://lpcdn.lpsnmedia.net/ https://googleads.g.doubleclick.net/ http://*.americanexpress.com/ https://www.payback.it/ https://service.maxymiser.net/ https://*.aexp-static.com/ https://www.youtube.com/ https://*.akamaihd.net/; connect-src http://*.aexp-static.com/ https://*.americanexpress.com/ https://assets.adobedtm.com/ wss://iwmap.americanexpress.com/ https://*.demdex.net/ https://nexus.ensighten.com/ wss://www.americanexpress.com/ https://*.liveperson.net/ http://*.demdex.net/ https://www.facebook.com/ http://*.americanexpress.com/ https://ad.doubleclick.net/ https://aeopprodvip.acxiom.com/ https://*.aexp-static.com/ https://*.akamaihd.net/; report-uri https://csp.tsrs.cloud/r/d46fe9eb9bace6cb8df60c3cd0f1479061b61362; base-uri http://*.americanexpress.com/ https://*.americanexpress.com/ https://ds-aksb-a.akamaihd.net/ 'self'; style-src https://*.aexp-static.com/ https://14106077.va.cobrowse.liveperson.net/ 'unsafe-inline' 'self';  2
frame-src 'self' share.intercom.io intercom-sheets.com www.intercom-reporting.com www.youtube.com; connect-src 'self' appcenter.ms install.appcenter.ms https://secure.gravatar.com *.intercom.io *.optimizely.com uploads.intercomcdn.com uploads.intercomusercontent.com *.cloudfront.net wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.visualstudio.com *.documents.azure.com *.hockeyapp.net *.blob.core.windows.net https://notify.bugsnag.com https://*.ingest.sentry.io https://sessions.bugsnag.com https://graph.microsoft.com appcenter.ms install.appcenter.ms *.xamarin.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://api-prod-east-us2.prod.avalanch.es:8088 https://file.appcenter.ms wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://upload.appcenter.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net; default-src 'self' *.msecnd.net data:; font-src 'self' data: js.intercomcdn.com fonts.gstatic.com assets.onestore.ms c.s-microsoft.com; img-src * data:; media-src js.intercomcdn.com xtc-staging-artifacts.s3-eu-west-1.amazonaws.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-staging-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.msecnd.net app.intercom.io widget.intercom.io js.intercomcdn.com monaco-cdn-int.azureedge.net accessibility-bookmarklets.org uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net; style-src 'self' 'unsafe-inline' monaco-cdn-int.azureedge.net accessibility-bookmarklets.org/ uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net; worker-src 'self' blob: 2
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://overpass-api.de/api/interpreter https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tileserver.memomaps.de *.openstreetmap.fr piwik.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 2
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca; 2
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; media-src 'self' https:; img-src 'self' data: https: https://g.foolcdn.com http://px.moatads.com https://optimize.google.com https://www.google-analytics.com; font-src 'self' data: https: https://fonts.gstatic.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https:; upgrade-insecure-requests; frame-src 'self' https: https://optimize.google.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.shopeemobile.com *.shopee.tw *.shopee.cn *.facebook.com;  2
frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 2
frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 2
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com  https://servicenow.highspot.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 2
script-src * 'unsafe-inline'; style-src * 'unsafe-inline' blob:; img-src * data: blob: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/gq 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 2
frame-ancestors https://*.udacity.com 2
frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 2
default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 2
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' wss: data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com *.wolframcloud.com localhost:* *.adroll.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wolfram.com *.wolframalpha.com *.wolframcdn.com connect.facebook.net ajax.googleapis.com *.adroll.com *.wolframalpha.tw *.cloudflare.com; img-src 'self' http://*.wolframcdn.com *.wolframcdn.com data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com *.adroll.com www.facebook.com; font-src * data:; style-src 'unsafe-inline' 'self' data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com fonts.googleapis.com; 2
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' 2
upgrade-insecure-requests ; default-src 'self' https: data: *.comodo.com *.comodo.net wss://*.hotjar.com insights.hotjar.com idsync.rlcdn.com *.adroll.com *.lookbookhq.com *.googletagmanager.com *.hotjar.com *.licdn.com *.optimizely.com *.google-analytics.com *.demandbase.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: js.hs-analytics.net js.hscollectedforms.net geolocation.onetrust.com www.googletagmanager.com cdn.jsdelivr.net geoip.nekudo.com freegeoip.net secure.comodo.net consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net m.addthisedge.com m.addthis.com s7.addthis.com cdn3.optimizely.com cdn2.optimizely.com www.gstatic.com www.youtube.com cdn.ckeditor.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.ckeditor.com *.comodo.com *.comodo.net code.jquery.com googleads.g.doubleclick.net script.hotjar.com plugins.help.com www.google.com www.google.co.uk cdn.optimizely.com www.comodo.com www.google-analytics.com secure.leadforensics.com static.hotjar.com ajax.googleapis.com secure.comodo.com www.googleadservices.com s.ytimg.com js.hs-scripts.com cdn.cookielaw.org beta.phonewagon.com addevent.com js.phonewagon.com cdn.appsflyer.com sjs.bizographics.com js.usemessages.com d.adroll.mgr.consensu.org *.lookbookhq.com *.googletagmanager.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com tagmanager.google.com *.linkedin.com ; object-src 'self' https: *.comodo.com *.comodo.net download.comodo.com www.youtube.com theapplicantmanager.com secure.trust-provider.com ; img-src 'self' https: data: *.comodo.com *.comodo.net ssl.gstatic.com img.youtube.com *.adroll.com www.facebook.com www.google.ro s9.addthis.com cdn.ckeditor.com www.google.co.uk www.google.co.in www.google.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net cdn.cookielaw.org ads.yahoo.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com cm.g.doubleclick.net us-u.openx.net track.hubspot.com forms.hsforms.com segments.company-target.com www.siliconanalytics.com pippio.com crossmetrix.com dpm.demdex.net p.adsymptotic.com *.linkedin.com ; font-src 'self' https: data: secure.comodo.net *.comodo.com *.comodo.net maxcdn.botostrapcdn.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.lookbookhq.com *.googletagmanager.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: cdn.jsdelivr.net cdn.ckeditor.com secure.comodo.net *.comodo.com *.comodo.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.cookielaw.org fonts.googleapis.com www.comodo.com *.lookbookhq.com *.googletagmanager.com tagmanager.google.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com ; base-uri 'self' *.comodo.com *.comodo.net ; form-action 'self' https: *.comodo.com *.comodo.net www.hackerguardian.com www.facebook.com ; frame-src 'self' https: *.comodo.com *.comodo.net app.hubspot.com www.facebook.com staticxx.facebook.com edge.addthis.com www.google.com bid.g.doubleclick.net plugins.help.com vars.hotjar.com www.youtube.com theapplicantmanager.com s7.addthis.com www.youtube-nocookie.com explore.comodo.com cdome.comodo.com ; frame-ancestors 'self' https: comodo.pathfactory.com comodo.lookbookhq.com explore.comodo.com cdome.comodo.com enterprise.comodo.com 2
frame-ancestors 'self' http://*.dji.com https://*.dji.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com https://specials.verywell.com 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com bbox.blackbaudhosting.com olx.britishmuseum.org www.britishmuseum.org maps.googleapis.com cdn.rawgit.com services.postcodeanywhere.co.uk www.youtube.com s.ytimg.com payments.blackbaud.com secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com connect.facebook.net secure.quantserve.com edge.quantserve.com www.google-analytics.com rules.quantcount.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com payments.blackbaud.com bbox.blackbaudhosting.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com; img-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com ssl.gstatic.com www.googletagmanager.com googletagmanager.com www.gstatic.com gstatic.com maps.gstatic.com maps.googleapis.com cdn.rawgit.com olx.britishmuseum.org secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com www.facebook.com pixel.quantserve.com www.google-analytics.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads static.designmynight.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com ttp://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io openseadragon.github.io libimages1.princeton.edu 51.11.16.222 media.britishmuseum.org http://media.britishmuseum.org data:;; frame-src 'self' player.vimeo.com payments.blackbaud.com bbox.blackbaudhosting.com sketchfab.com w.soundcloud.com www.youtube.com bookings.designmynight.com www.facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-ancestors 'self'; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'self'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:;; connect-src 'self' www.google-analytics.com payments.blackbaud.com olx.britishmuseum.org bookings.designmynight.com www.facebook.com facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://51.143.128.218 media.britishmuseum.org 2
frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paytm.com paytmstores.com *.paytmstores.com widget.gleamjs.io gleamjs.io platform.twitter.com *.bintray.com bintray.com cdn.syndication.twimg.com gateway.answerscloud.com *.cloudfront.net *.google.com *.hotjar.com apis.mapmyindia.com cdn.ravenjs.com *.youtube.com *.gstatic.com *.googleadservices.com *.doubleclick.net bid.g.doubleclick.net u.heatmap.it cdn.trackjs.com s.ytimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net cdn.branch.io googleads.g.doubleclick.net app.link bid.g cdn.ampproject.org dev.visualwebsiteoptimizer.com paytmmall.com *.paytmmall.com *.insider.in blob:; frame-src 'self' *.paytm.com *.twitter.com s.ytimg.com cdn.syndication.twimg.com *.insider.in *.youtube.com assets.zendesk.com apis.mapmyindia.com *.facebook.com *.google.com *.hotjar.com cdn.ravenjs.com s-static.ak.facebook.com tautt.zendesk.com paytmmall.com *.paytmmall.com paytmstores.com *.paytmstores.com widget.gleamjs.io gleam.io;  object-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2
default-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * blob:; worker-src 'self' blob:; style-src * blob: 'unsafe-inline' 'unsafe-eval' 2
object-src 'none' ; base-uri 'self' ;img-src https: http: blob: data: ; frame-src https://* https://www.google.com/recaptcha/ ; font-src 'self' https://marketing-cdn.hightail.com https://* http://* data: ; script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://cdn.optimizely.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://js.hs-analytics.net/ http://js.hs-scripts.com/ http://js.hsforms.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/ data https://marketing-cdn.hightail.com/; 2
frame-ancestors 'self' https://*.sproutsocial.com; 2
frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw standchartbank.experiencecloud.adobe.com experience.adobe.com 2
default-src https:; child-src blob: https:; connect-src https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2
default-src 'self'; frame-ancestors 'self' https://*.facebook.com; connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://www.google-analytics.com/j/collect https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/; object-src 'none'; report-uri https://secreport.synology.com/csp/report; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.livechatinc.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://www.facebook.com https://staticxx.facebook.com https://secure.livechatinc.com https://player.youku.com/ https://vars.hotjar.com/ https://synology.jobbase.io https://*.synology.com https://synoform.synology.com; img-src 'self' https://www.synology.com https://global.download.synology.com https://download.synology.com https://cndl.synology.cn https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com https://*.google.com https://www.google.com.tw https://*.gstatic.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://secure.livechatinc.com https://cdn.livechatinc.com https://www.facebook.com https://wcs.naver.com https://www.facebook.com/tr https://dc.ads.linkedin.com https://px.ads.linkedin.com/ https://alb.reddit.com https://t.co/i/adsct https://p.adsymptotic.com/d/px https://bat.bing.com data: blob:; media-src 'self' https://download.synology.com https://cdn.livechatinc.com; script-src 'self' data: blob: https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://www.google.com https://clients1.google.com https://www.gstatic.com https://www.googletagmanager.com https://cse.google.com https://www.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com https://optimize.google.com https://connect.facebook.net https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://analytics.twitter.com https://static.ads-twitter.com https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com/ https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://synology.jobbase.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://fonts.googleapis.com https://optimize.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css 'unsafe-inline' 2
frame-ancestors 'self' *.ally.com; 2
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://b-code.liadm.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.paypal.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://d.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://pixel.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com https://s.amazon-adsystem.com https://sp.analytics.yahoo.com https://rp.liadm.com/ https://beacon.krxd.net; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.paypal.com https://www.sandbox.paypal.com https://www.youtube.com https://x.skimresources.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://www.paypal.com https://*.launchdarkly.com https://*.cybersource.com https://*.aciondemand.com https://*.googleapis.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; 2
frame-ancestors 'self' btprt.dj snip.ly 2
connect-src 'self' https://my.yoast.com https://app.sgwidget.com https://sgwidget.leaderapps.co;default-src 'none';font-src 'self' https://brave.com https://fonts.gstatic.com data:;frame-ancestors 'self' chrome-extension://mnojpmjdmbbfmejpflffifhffcmidifd https://blog.batcommunity.org;frame-src 'self' https://www.brave.com https://player.vimeo.com https://boards.greenhouse.io https://www.surveymonkey.com https://public.tableau.com https://www.slideshare.net https://docs.google.com https://www.youtube-nocookie.com https://js.driftt.com;img-src 'self' data: https://brave.com https://basicattentiontoken.org https://analytics.brave.com https://boards.greenhouse.io https://secure.gravatar.com https://blog.brave.com https://*.ggpht.com https://*.jtvnw.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://brave.com https://djtflbt20bdde.cloudfront.net https://maps.googleapis.com https://analytics.brave.com https://secure.gaug.es https://boards.greenhouse.io https://code.jquery.com https://app.sgwidget.com https://sgwidget.leaderapps.co https://js.driftt.com;style-src 'self' 'unsafe-inline' https://brave.com https://fonts.googleapis.com; object-src 'self'; manifest-src 'self'; upgrade-insecure-requests 2
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru www.cdn-tinkoff.ru www.google.com www.google.ru www.facebook.com 'self' *.tinkoff.ru *.tcsbank.ru wss://*.tinkoff.ru www.tinkoff.ru cfg.tinkoff.ru api.tinkoff.ru acdn.tinkoff.ru business.tinkoff.ru; script-src sync.datamind.ru www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.g.doubleclick.net assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.google-analytics.com googleads.g.doubleclick.net www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com connect.facebook.net *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru 'self' 'unsafe-eval' 'unsafe-inline'; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net stats.g.doubleclick.net dp.adsdata.ru www.google.com www.google.ru top-fwz1.mail.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com ad.doubleclick.net *.g.doubleclick.net www.googleadservices.com *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru googletagmanager.com www.facebook.com/tr/ www.cdn-tinkoff.ru *.tinkoff.ru manalyticshub.com p.formobil.net rupertino.ru 'self' data: *.tcsbank.ru brands-prod.cdn-tinkoff.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru www.cdn-tinkoff.ru 'self' blob: *.tinkoff.ru *.tcsbank.ru; report-uri https://www.tinkoff.ru/api/front/log/csp-error?sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' www.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru 2
frame-ancestors https://*.tu.berlin; 2
base-uri 'self'; block-all-mixed-content; form-action https: 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools; media-src * 'unsafe-inline' 'unsafe-eval' data: blob: 2
default-src https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src 'self' https: wss:; media-src https: data: blob:; worker-src 'self' https:; 2
frame-src https://*.doubleclick.net:* https://*.facebook.com:* https://*.google.com:* https://*.soundcloud.com:* https://*.spotify.com:* https://*.twitter.com:* https://*.vimeo.com:* https://*.youtube.com:*; frame-ancestors 'self'; 2
font-src 'self' 'unsafe-inline' data: *.credit-suisse.com *.credit-suisse.cspta.ch *.credit-suisse-stg.cspta.ch *.inbenta.com fonts.gstatic.com *.anychart.com *.inbenta.io gateway.zscloud.net 2
default-src 'self' https://www.youtube.com https://analytics.gpo.gov https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self'   https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; object-src 'unsafe-inline' 'self' https://www.youtube.com; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com   https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://analytics.gpo.gov data:; font-src 'unsafe-inline' 'self'  https://stackpath.bootstrapcdn.com  https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self'; frame-src 'self' https://www.youtube.com https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; 2
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 2
default-src https://www.nic.ir https://static.nic.ir 'unsafe-inline'; img-src *.nic.ir https://webchat.nic.ir:8080; font-src *.nic.ir 2
frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com/beacon.min.js https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://code.highcharts.com https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/Chart.js/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://*.weirdgloop.org https://*.runescape.wiki https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://unpkg.com; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://soundcloud.com https://*.weirdgloop.org https://*.runescape.wiki https://*.googleapis.com https://www.google-analytics.com; frame-src https://w.soundcloud.com www.google.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; base-uri 'self' 2
frame-ancestors 'self' *.brightspace.com; 2
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com 2
connect-src 'self' https://*.hotjar.com https://*.evidon.com https://*.brightcove.com https://adservice.google.com https://bam.nr-data.net https://brightcove.hs.llnwd.net https://knrpc.olark.com/nrpc/ https://l.betrad.com https://stats.addtoany.com/menu https://stats.g.doubleclick.net https://tagmanager.google.com https://vc.hotjar.io/ https://www.facebook.com https://www.google-analytics.com wss://*.hotjar.com https://pfe-pfizercom-d8-dev.s3.us-east-1.amazonaws.com https://m.addthis.com https://api-v3.conductrics.com https://cdn-v3.conductrics.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.us-east-1.amazonaws.com https://players.brightcove.net/ https://players.brightcove.net/1852113022001/ByY1aeWF_default/config.json https://www.youtube.com/iframe_api https://svc.webspellchecker.net; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://script.hotjar.com https://use.fontawesome.com/releases/ https://use.typekit.net https://vjs.zencdn.net https://www.youtube.com https://maxcdn.bootstrapcdn.com https://s3.us-east-2.amazonaws.com https://svc.webspellchecker.net; frame-src 'self' https://*.fls.doubleclick.net https://*.janrainsso.com https://bid.g.doubleclick.net https://l3.evidon.com https://players.brightcove.net https://static.addtoany.com https://static.olark.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.google.com/maps/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.youtube.com https://s7.addthis.com https://platform.twitter.com https://syndication.twitter.com https://www.hapyak.com https://player.simplecast.com https://p2a.co https://www.pfizer.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://action.pfizer.com https://www.medrespond-pfra.com https://twitter.com https://insight.adsrvr.org; img-src 'self' about: data: https://* https://img.youtube.com https://cdnjs.cloudflare.com https://pbs.twimg.com https://images-cdn.newscred.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://syndication.twitter.com https://abs.twimg.com https://ton.twimg.com https://platform.twitter.com https://developers.google.com https://pixel.newscred.com https://t.co/i/adsct https://tr.outbrain.com/pixel https://amplifypixel.outbrain.com/pixel https://px.ads.linkedin.com/collect https://p.adsymptotic.com/d/px/ https://app.icontact.com https://s3.us-east-2.amazonaws.com https://secure.adnxs.com https://pixel.mediaiqdigital.com; media-src 'self' data: blob: https://brightcove.hs.llnwd.net https://f1.media.brightcove.com https://static.olark.com https://secure.brightcove.com/services/mobile/streaming/ https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://api.olark.com https://assets.adobedtm.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://connect.facebook.net https://c.evidon.com https://d1v9u0bgi1uimx.cloudfront.net https://d29usylhdk1xyu.cloudfront.net https://d7v0k4dt27zlp.cloudfront.net/assets/ https://docs.gcs.digitalpfizer.com https://googleads.g.doubleclick.net https://js.bizographics.com https://js-agent.newrelic.com https://knrpc.olark.com/nrpc/ https://l.betrad.com https://maps.googleapis.com https://optoutapi.evidon.com https://p.adsymptotic.com https://pfizer-grv-eu.janraincapture.com https://players.brightcove.net https://px.ads.linkedin.com https://rpxnow.com/load/ https://s3.amazonaws.com/pfe_grv https://s3.amazonaws.com/pfe_im/ https://script.hotjar.com https://sjs.bizographics.com https://static.hotjar.com https://static.addtoany.com https://static.olark.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vjs.zencdn.net https://www.bizographics.com https://www.google.com/recaptcha/ https://www.google.com/search/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.linkedin.com https://cdn.jsdelivr.net https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://platform.twitter.com https://cdn.syndication.twimg.com https://p2a.co https://www.youtube.com/iframe_api https://action.pfizer.com https://s.ytimg.com https://maxcdn.bootstrapcdn.com https://static.ads-twitter.com/uwt.js https://analytics.twitter.com https://amplify.outbrain.com https://snap.licdn.com https://app.icontact.com https://d2qrdklrsxowl2.cloudfront.net https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://js.adsrvr.org https://svc.webspellchecker.net cdn-v3.conductrics.com cdnjs.cloudflare.com https://pkg-cdn.digitalpfizer.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://cookies.pfizer.com https://d3hmp0045zy3cs.cloudfront.net https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://pfredirect.pfizersite.io https://s3.amazonaws.com/pfe_grv/ https://static.olark.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://translate.googleapis.com https://use.typekit.net https://cdn.jsdelivr.net https://p.typekit.net https://www.youtube.com https://platform.twitter.com https://ton.twimg.com https://app.icontact.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://svc.webspellchecker.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; manifest-src 'self'; worker-src 'self' blob:; report-uri https://pfeprod.report-uri.com/r/t/csp/enforce 2
script-src         'self'         'unsafe-inline'         'unsafe-eval'         blob:         d2e70e9yced57e.cloudfront.net         d2k0escgkdw2ev.cloudfront.net         *.googleapis.com         *.google.com         *.gstatic.com         *.google-analytics.com         www.googletagmanager.com         www.googleadservices.com         googleads.g.doubleclick.net         cdn.ampproject.org         bat.bing.com         s.yimg.com         cdn.taboola.com         trc.taboola.com         sp.analytics.yahoo.com         *.facebook.com         connect.facebook.net         www.linkedin.com         www.reddit.com         *.twitter.com         static.ads-twitter.com         *.linkedin.com         *.pinterest.com         *.reddit.com         www.dianomi.com         loadus.exelator.com         ct.buyright.com         affiliate.icclicktracker.com         amplify.outbrain.com         track.supersonicads.com         ads.trafficjunky.net         cdn.ckeditor.com         *.wistia.com         sentry.io         opensharecount.com         *.mediaalpha.com         smartforms.ekomi.com         *.amazonaws.com         cfstatic.efdevhub.info         cdn.wallethub.com         static.olark.com         api.olark.com     ; 2
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fisglobal.com *.wistia.net *.wistia.com *.addtoany.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.hotjar.com *.facebook.net *.google.com *.marketo.com *.googleadservices.com *.jquery.com *.googleapis.com *.linkedin.com *.cloudflare.com *.ads-twitter.com *.doubleclick.net *.twitter.com *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.fisevents.com *.addevent.com *.ceros.com *.feefo.com *.siteimproveanalytics.com *.optimizely.com *.mediahawk.co.uk *.taboola.com *.force24.co.uk *.bing.com *.baidu.com *.gstatic.com okt.to *.addtoany.com *.oktopost.com *.adnxs.com *.bizographics.com *.cloudfront.net *.licdn.com *.litix.io *.yourvoice2us.com *.strala.com *.adsrvr.org *.crwdcntrl.net *.brainshark.com *.mapbox.com *.adsymptotic.com;     connect-src 'self' *.fisglobal.com *.wistia.com *.hotjar.com *.akamaihd.net *.facebook.com *.marketo.com *.google.com *.twitter.com *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.fisevents.com fisevents.com *.linkedin.com *.feefo.com *.strala.com *.yahooapis.com *.litix.io *.mktoresp.com *.amazonaws.com *.optimizely.com *.taboola.com *.mediahawk.co.uk *.mapbox.com;      img-src 'self' 'unsafe-inline' blob: data: *.fisglobal.com *.wistia.com *.wistia.net *.doubleclick.net *.google-analytics.com fast.wistia.net *.google.com *.marketo.com *.facebook.com  *.akamaihd.net *.googleadservices.com *.googletagmanager.com *.linkedin.com *.google.co.uk *.gstatic.com *.adnxs.com *.google.co.in t.co *.litix.io *.bing.com *.siteimproveanalytics.com *.baidu.com *.mapbox.com *.adsymptotic.com;      style-src 'self' 'unsafe-inline' *.fisglobal.com *.wistia.com *.wistia.net *.bootstrapcdn.com *.googleapis.com *.marketo.com *.googleapis.com  *.google.com *.cloudflare.com *.mapbox.com;     child-src 'self' 'unsafe-inline' blob: *.fisglobal.com *.sitecore.net *.wistia.com *.wistia.net *.nyceinfomanager.com *.nyceinfomanagerdr.com *.hotjar.com *.fls.doubleclick.net *.youtube.com *.marketo.com fast.wistia.net *.ceros.com *.fisevents.com http://fisevents.com *.frontarena.com *.facebook.net *.doubleclick.net *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.linkedin.com *.amazonaws.com *.google.com *.peopleclick.com *.segmint.net *.brainshark.com *.mapbox.com;      font-src 'self' 'unsafe-inline' data: *.fisglobal.com *.wistia.com *.wistia.net fast.wistia.net *.bootstrapcdn.com *.cloudflare.com *.gstatic.com;     media-src 'self' 'unsafe-inline' blob: data: *.fisglobal.com *.wistia.com *.wistia.net fast.wistia.net *.akamaihd.net;  frame-ancestors 'self' *.nyceinfomanager.com 2
default-src *.chowhound.com *.cbsinteractive.com cbsinteractive.com blob: *.chowhound.com https: 'unsafe-inline' 'unsafe-eval'; script-src blob: *.chowhound.com https: data: 'unsafe-inline' 'unsafe-eval'; media-src http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com http://canhls.cbs.com cbs-hls.akamaized.net blob: *.chowhound.com data: video https:; font-src *.chowstatic.com *.cbsistatic.com vidtech.cbsinteractive.com rev.cbsi.com fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: ; connect-src http://canhls.cbs.com http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com cbs-hls.akamaized.net https:; img-src https: data: http://thumbnails.cbsig.net; frame-src https:; frame-ancestors *.chowhound.com *.google.com *.ampproject.org; form-action https: http://*.chow.com http://*.chowhound.com; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.google-analytics.com *.googleapis.com *.gstatic.com data: 2
connect-src 'self' https://*.clicktale.net https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com https://tpc.googlesyndication.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://cdn.securelist.com https://infogram.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://assets.threatpost.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com http://media.threatpost.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://assets.threatpost.com https://blog.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://media.threatpost.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://tagmanager.google.com https://threatpost.com https://tpc.googlesyndication.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://polldaddy.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.cloudflare.com/ https://tajs.qq.com https://www.zblogcn.com https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js; style-src 'self' 'unsafe-inline' https://*.zblogcn.com; img-src 'self' https://* data: 2
default-src 'self' *.beeline.ru *.fls.doubleclick.net suggestions.dadata.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 'unsafe-inline'; frame-src *; media-src *; img-src * data: blob:; font-src *.beeline.ru data:; script-src 'self' *.beeline.ru *.fls.doubleclick.net kasko-osago-online.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io yastatic.net  *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.beeline.ru metrika.yandex.ru mc.yandex.ru http://webvisor.com *.yandex.net *.mtproxy.yandex.net *.yandex.tld yastatic.net; connect-src 'self' *.beeline.ru *.fls.doubleclick.net suggestions.dadata.ru kasko-osago-online.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io wss://*.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 anketa.alfabank.ru 'unsafe-inline' 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.brides.com *.qa.aws.brides.com apollo.brides.com apollo.local.brides.com atlas.brides.com atlas.local.brides.com 2
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src blob: js.driftt.com *.youtube-nocookie.com app-sj17.marketo.com; connect-src 'self' *.6sense.com *.6sc.co *.company-target.com api.lever.co distillery.wistia.com pipedream.wistia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net *.litix.io embed-ssl.wistia.com hackerone.com *.mktoresp.com *.mktoutil.com checkout.stripe.com; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.twitter.com; frame-ancestors 'self'; frame-src fast.wistia.com js.driftt.com *.youtube.com *.youtube-nocookie.com app-sj17.marketo.com *.twitter.com; object-src 'self'; img-src 'self' data: via.placeholder.com t.co stats.g.doubleclick.net *.google.com *.6sc.co *.bidr.io *.techtarget.com *.company-target.com *.adsymptotic.com *.linkedin.com cdn.ttgtmedia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com *.google-analytics.com *.twitter.com *.twimg.com cdn.bizible.com; media-src 'self' blob: data: embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com; script-src 'self' 'sha256-XrP50Mq6s78GLH2Vyt4BfKhn8rx4OdU6FYqQGbxRuZc=' 'sha256-chw1FVji+ddLlO/RrcP3fhKOLsJUUh+FaKbjsOC2BiQ=' 'sha256-D6d37gZGDMRuNu3bDdYkGuOfCaaNGdTrB3eF5d5IU/Y=' *.ads-twitter.com analytics.twitter.com *.cloudflare.com *.techtarget.com *.demandbase.com *.6sc.co *.linkedin.com snap.licdn.com fast.wistia.com js.driftt.com *.google-analytics.com app-sj17.marketo.com munchkin.marketo.net *.twitter.com cdn.syndication.twimg.com cdn.bizible.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.wistia.com app-sj17.marketo.com *.twitter.com; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598 2
frame-ancestors https://eu1-ifwe.3dexperience.3ds.com https://eu1-215dsi0708-ifwe.3dexperience.3ds.com http://sw.local:81 http://sw2.local:81 https://sw2.local:4444 https://solidworks.com https://www-dev.itvpc.solidworks.com https://www-qal.itvpc.solidworks.com https://www-ppd.itvpc.solidworks.com https://www-contrib.itvpc.solidworks.com https://www.solidworks.com 2
frame-ancestors 'self' *.qnap.com *.qnap.com.tw 2
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://*.openplatform.us; font-src 'self' https://gab.com; img-src 'self' https: data: blob: https://gab.com; style-src 'self' 'unsafe-inline' https://gab.com; media-src 'self' https: data: https://gab.com; frame-src 'self' https:; manifest-src 'self' https://gab.com; connect-src 'self' blob: https://gab.com wss://gab.com https://*.gab.com https://api.tenor.com; script-src 'self' https://gab.com https://*.gab.com 2
frame-ancestors https://www.balenciaga.com/ https://www.balenciaga.com/ ; 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self' http://info.barchart.com 2
frame-ancestors 'self' *.svd.se; default-src https: data: blob: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://svd.report-uri.com/r/d/csp/enforce 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob; img-src data: https: android-webview-video-poster: blob:; font-src data: https:; upgrade-insecure-requests; 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
default-src https:; connect-src https: *; script-src 'unsafe-inline' 'unsafe-eval' https: *; style-src 'unsafe-inline' https: *; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; object-src 'self'; frame-src * 2
frame-ancestors 'self' bjs.gov ucrdatatool.gov www.googletagmanager.com www.google.com 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' http://img.youtube.com 2
frame-ancestors 'self' http://cloudera.lookbookhq.com https://cloudera.lookbokhq.com http://pages.cloudera.com https://pages.cloudera.com 2
frame-ancestors https://*.1stdibs.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.clutch.co cdn.jsdelivr.net *.cloudflare.com *.google.com *.google.pl *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.hs-scripts.com *.hsleadflows.net js.hs-banner.com *.hs-analytics.net *.hsforms.net *.hsforms.com js.usemessages.com *.cloud.es.io *.hubspot.com *.doubleclick.net *.shgstatic.com *.hotjar.com *.pingdom.net cdn.tiny.cloud *.addthis.com *.addthisedge.com youtube.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com z.moatads.com *.s3.amazonaws.com consent.azureedge.net *.paystand.com *.kickfire.com; img-src 'self' data: *.shgstatic.com clutch.co *.clutch.co *.tinymce.com *.google.com *.google.pl *.hubspot.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.addthis.com *.ytimg.com *.gstatic.com *.kickfire.com *.googletagmanager.com *.hotjar.com 2
frame-ancestors 'self' https://*.wikiloc.com; 2
object-src 'none';  2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: http://*.travp.net; font-src https: data: 2
frame-ancestors https://docs.google.com https://*.googleusercontent.com; 2
connect-src 'self' https://*.google-analytics.com https://*.index-education.com http://*.index-education.com http://*.datatables.net;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; report-uri https://www.index-education.com/violationReportCSP.php;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com;style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com;img-src 'self' *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr data:; 2
default-src 'self' data: https:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; font-src https: data:; object-src 'none'; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://cp.bhf.org.uk https://live.bhf.org.uk https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://tagmanager.google.com https://www.google.co.uk https://www.google.com https://www.youtube.com https://s.ytimg.com https://m.addthis.com https://s7.addthis.com https://v1.addthisedge.com https://track.adform.net https://c5.adalyser.com https://js.adsrvr.org https://static.ads-twitter.com https://s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://ads.avct.cloud https://ads.avocet.io https://bat.bing.com https://sjs.bizographics.com https://cdnjs.cloudflare.com https://d2oh4tlt9mrke9.cloudfront.net https://d3alqb8vzo7fun.cloudfront.net https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://chat-eu.freshdesk.com https://wchat.eu.freshchat.com https://healthunlocked.com https://assets.hu-production.be https://www.linkedin.com https://px.ads.linkedin.com https://i5uzp6l0.micpn.com https://z.moatads.com https://secure.myshopcouponmac.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://timeline51-clientstats1.pusher.com https://js.pusher.com https://stats.pusher.com https://ws.sessioncam.com https://public.tableau.com https://turbo.qualaroo.com https://a.rfihub.com https://c1.rfihub.net https://sc-static.net https://siteimproveanalytics.com https://assetscdn.stackla.com https://goconnect.stackla.com https://widget.trustpilot.com https://use.typekit.net https://config1.veinteractive.com https://sp.analytics.yahoo.com https://s.yimg.com https://vjs.zencdn.net;style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://dfgmr6l6mkcrn.cloudfront.net https://use.fontawesome.com https://wchat.eu.freshchat.com https://net.ootil.fr https://assetscdn.stackla.com https://cloud.typography.com https://vjs.zencdn.net;img-src 'self' data: https://cp.bhf.org.uk https://live.bhf.org.uk https://ad.doubleclick.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com https://maps.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://optimize.google.com https://www.google.com https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.nz https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.au https://www.google.com.br https://www.google.com.cy https://www.google.com.eg https://www.google.com.et https://www.google.com.mm https://www.google.com.ng https://www.google.com.sg https://www.google.ae https://www.google.be https://www.google.bf https://www.google.ca https://www.google.de https://www.google.es https://www.google.fr https://www.google.gr https://www.google.ie https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.tt https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://img.youtube.com https://i.ytimg.com https://s3.amazonaws.com https://scontent-syd2-1.cdninstagram.com https://cx.atdmt.com https://ads.avct.cloud https://x.bidswitch.net https://bat.bing.com https://scontent-iad3-1.cdninstagram.com https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://www.facebook.com https://assets.hu-production.be https://images.hu-production.be https://twemoji.maxcdn.com https://i5uzp6l0.micpn.com https://ws.sessioncam.com https://assetscdn.stackla.com https://trc.taboola.com https://public.tableau.com https://cookiee1.veinteractive.com https://a.volvelle.tech;media-src 'self' https://dop9av6nvryqq.cloudfront.net;frame-src 'self' ms-appx-web: https://cp.bhf.org.uk https://extras.bhf.org.uk https://bid.g.doubleclick.net https://8233349.fls.doubleclick.net https://8455068.fls.doubleclick.net https://optimize.google.com https://tpc.googlesyndication.com https://www.youtube.com gsa://onpageload https://track.adform.net https://s7.addthis.com https://match.adsrvr.org https://insight.adsrvr.org https://aax-eu.amazon-adsystem.com https://www.boombox.com https://view.ceros.com https://www.facebook.com https://wchat.eu.freshchat.com https://assets.nhs.uk https://net.ootil.fr https://public.tableau.com https://digital19.typeform.com https://dntcl.qualaroo.com https://www.qzzr.com https://20822326p.rfihub.com https://a.rfihub.com https://20782797p.rfihub.com https://20782800p.rfihub.com https://20782816p.rfihub.com https://20798315p.rfihub.com https://20798316p.rfihub.com https://20798319p.rfihub.com https://20782802p.rfihub.com https://tr.snapchat.com https://w.soundcloud.com https://widget.stackla.com https://embed.wirewax.com https://config1.veinteractive.com;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://static3.avast.com https://use.fontawesome.com https://280841640230733.eu.webpush.freshchat.com https://assetscdn.stackla.com;connect-src 'self' https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com https://www.google-analytics.com https://m.addthis.com https://cdn.cookielaw.org https://bam.nr-data.net https://www.facebook.com https://chat-eu.freshdesk.com https://privacyportal-eu.onetrust.com wss://chat-eu.freshdesk.com https://sockjs-eu.pusher.com https://sock57-eu.pusher.com wss://ws-eu.pusher.com https://ws.sessioncam.com https://b.ws.sessioncam.com https://cookiee1.veinteractive.com https://dtrc.veinteractive.com https://sessionapi.veinteractive.com;report-uri /WebResource.axd?cspReport=true 2
frame-ancestors https://*.etracker.com; script-src 'self' https://*.signalize.com https://*.etracker.com https://*.etracker.de 'unsafe-inline' 2
sandbox allow-downloads allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com connect.facebook.net *.bounceexchange.com *.googleadservices.com *.doubleclick.net *.google-analytics.com st1.dialogtech.com bat.bing.com *.googleapis.com nsg.symantec.com analytics.po.st px.ads.linkedin.com po.st *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.liveclicker.net www.netapp.com *.demdex.net *.d41.co *.cxense.com static.ads-twitter.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi pixel.mathtag.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net media.flixfacts.com www.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com *.flixsyndication.net *.adobe.com *.hotjar.io *.eloqua.com *.swogo.net *.swogo.com *.gstatic.com *.ensighten.com p11.techlab-cdn.com app.leadsrx.com *.turnto.com;style-src 'self' 'unsafe-inline' *.cdw.com *.bazaarvoice.com *.needle.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net media.flixcar.com *.easy2.com *.amazonaws.com platform.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.turnto.com;img-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com *.bounceexchange.com *.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com nsg.symantec.com *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com www.netapp.com *.demdex.net *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net media.flixfacts.com media.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com platform.twitter.com *.linkedin.com *.tribalfusion.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com st2.dialogtech.com secure.insightexpressai.com px.gumgum.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com sync.fastclick.net simage2.pubmatic.com us-u.openx.net ads.yahoo.com pixel.rubiconproject.com *.advertising.com magnetic.t.domdex.com *.rfihub.com *.mathtag.com *.mathtag.co *.amgdgt.com *.casalemedia.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com syndication.twitter.com x.bidswitch.net pe.intentiq.com loadm.exelator.com insight.adsrvr.org um.simpli.fi acuityplatform.com data: *.dotomi.com *.flixsyndication.net liveintent.com cbssports.com maxpreps.com wogo ce.lijit.com soma.smaato.net cs.admanmedia.com eb2.3lift.com live.sekindo.com *.adobe.com *.sc.omtrdc.net *.core.windows.net p11.techlab-cdn.com wac.edgecastcdn.net;frame-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.hotjar.com *.liadm.com *.bounceexchange.com *.doubleclick.net nsg.symantec.com selectors.cnetcontentsolutions.com *.google.com *.twitter.com *.liveclicker.net *.cxense.com *.webcollage.net *.ziftsolutions.com pixel.mathtag.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net www.youtube.com media.flixcar.com *.easy2.com www.facebook.com *.rlcdn.com rs.gwallet.com *.liveclicker.com pages.cdwemail.com www.emjcd.com *.dotomi.com *.flixsyndication.net cdw.zuberance.com *.hotjar.io *.eloqua.com *.swcontentsyndication.com www.cisco.com cl.s4.exct.net;font-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.googleapis.com *.cnetcontent.com *.demdex.net *.webcollage.net a.sellpoint.net media.flixfacts.com media.flixcar.com *.easy2.com *.cloudfront.net data: *.flixsyndication.net *.typekit.net *.adobe.com;connect-src 'self' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com *.bounceexchange.com *.googleadservices.com *.doubleclick.net bat.bing.com *.googleapis.com nsg.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com www.netapp.com *.demdex.net *.d41.co *.cxense.com vault.pactsafe.io pactsafe.io *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net platform.twitter.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com *.cloudfront.net *.bluecore.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io *.swogo.net *.swogo.com p11.techlab-cdn.com app.leadsrx.com *.turnto.com;object-src 'self' a.sellpoint.net;worker-src 'self' *.cloudfront.net blob:;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net media.flixfacts.com www.youtube.com blob: *.flixsyndication.net; 2
object-src 'self'; frame-ancestors 'self' 2
frame-ancestors self https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com; 2
default-src https:;script-src https: 'unsafe-inline';script-src-attr 'unsafe-hashes' 'sha256-yidstvCyDn5kIvz2ZTPLozL+yFriA9MRNGaGmkfriaY=';style-src 'self' 'unsafe-inline';object-src https://*.googlesyndication.com;frame-src https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com;base-uri 'self';report-uri https://appn.center/apiv1/csp; 2
default-src 'self'; connect-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; font-src * data:  filesystem:; frame-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; img-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; media-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; object-src * data:  filesystem:  blob:  'unsafe-inline' 'unsafe-eval'; script-src * blob:  'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net 'unsafe-eval';  script-src 'self' 'unsafe-inline' https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk 'unsafe-eval'; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self'; media-src lpcdn.lpsnmedia.net; 2
default-src 'self' *.gradeup.co *.grdp.co; img-src 'self' blob: data: *.gradeup.co business.topbuzz.com gradestack.com i.ytimg.com cost.affcost.com platform-lookaside.fbsbx.com gradeup-question-images.s3.amazonaws.com d9hhrg4mnvzow.cloudfront.net csm.hk.as.criteo.net cm.g.doubleclick.net primedigital.go2cloud.org *.clmbtech.com ad.admitad.com track.in.omgpm.com dis.criteo.com trc.taboola.com gs-users-images.s3.amazonaws.com traqkar.com www.googletagmanager.com www.googleadservices.com myfaqprime.appspot.com heapanalytics.com *.googleusercontent.com *.grdp.co grdp.co *.facebook.com connect.facebook.net q.quora.com ssl.gstatic.com www.google-analytics.com stats.g.doubleclick.net cds.taboola.com *.google.com *.google.co.in googleads.g.doubleclick.net www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.heapanalytics.com *.gradeup.co s.ytimg.com cdn.ampproject.org www.googletagservices.com tagmanager.google.com  ajax.cloudflare.com builder-assets.unbounce.com accounts.google.com myfaqprime.appspot.com portal.referralcandy.com go.referralcandy.com cdn.asbmit.com www.youtube.com maps.googleapis.com adservice.google.com cdnjs.cloudflare.com adservice.google.co.in www.googleadservices.com *.googlesyndication.com smartlock.google.com *.g.doubleclick.net wzrkt.com d2r1yp2w7bby2u.cloudfront.net cdn.taboola.com connect.facebook.net track.in.omgpm.com www.googletagmanager.com *.hansel.io *.grdp.co grdp.co www.google-analytics.com cdn.mouseflow.com static.bytedance.com sslwidget.criteo.com *.clmbtech.com  trc.taboola.com www.gstatic.com *.wzrkt.com *.criteo.net *.ipstatp.com www.google.com apis.google.com static.cloudflareinsights.com widget.as.criteo.com maxcdn.bootstrapcdn.com ajax.googleapis.com; connect-src 'self' *.gradeup.co gradeup.co json.faqprime.com *.facebook.com firebaseinstallations.googleapis.com *.hansel.io *.googlesyndication.com *.grdp.co grdp.co cdnjs.cloudflare.com o2.mouseflow.com heapanalytics.com www.googletagmanager.com fizz.gradestack.co wss://*.gradeup.co *.taboola.com www.google-analytics.com cdn.ampproject.org accounts.google.com www.google.com stats.g.doubleclick.net cdn.ampproject.com; frame-src whatsapp: stats.g.doubleclick.net ts.tradetracker.net tl.tradetracker.net tracking.icubeswire.co www.youtube.com portal.referralcandy.com go.onelink.me accounts.google.com gum.criteo.com tpc.googlesyndication.com secure.payu.in gradeup.referralcandy.com www.facebook.com gradeup.co *.gradeup.co gradestack.com smartlock.google.com bid.g.doubleclick.net static.criteo.net www.googletagmanager.com; style-src 'self' blob: data: *.grdp.co *.gradeup.co 'unsafe-inline' builder-assets.unbounce.com cdnjs.cloudflare.com myfaqprime.appspot.com fonts.googleapis.com tagmanager.google.com translate.googleapis.com maxcdn.bootstrapcdn.com accounts.google.com cdn.ampprojectorg cdn.materialdesignicons.com cloud.typography.com; object-src 'none'; font-src 'self' blob: data: *.grdp.co fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net cloud.typography.com fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com cdn.honey.io; worker-src blob: gradeup.co gradestack.com; report-uri https://sentry.gradeup.co/api/33/security/?sentry_key=3ae5b74ebfec4dda8b38c873ad01b036; 2
frame-ancestors 'self' *.optus.com.au *.ippayments.com *.pegacloud.net; 2
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline' https://fonts.intercomcdn.com/ https://*.intercomassets.com/ https://static.ads-twitter.com https://analytics.twitter.com https://*.albacross.com https://*.quora.com https://*.googleadservices.com https://*.hs-analytics.net https://snap.licdn.com https://*.hscollectedforms.net https://*.ampproject.org  https://*.hs-scripts.com https://*.onthe.io/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.intercom.io/ https://*.intercomcdn.com/; style-src 'self' 'unsafe-inline'  https://fonts.intercomcdn.com/ https://*.intercomassets.com/ https://*.onthe.io/ https://iotechnologies.com/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com/ https://*.intercomassets.com/; connect-src 'self' https://fonts.intercomcdn.com/  https://*.intercomassets.com/ https://*.albacross.com https://*.hubspot.com https://*.doubleclick.net https://*.onthe.io/ https://news.c8.net.ua/ https://ws.onthe.io/ https://api-iam.intercom.io/ https://*.intercom.io/ wss://*.intercom.io/ https://www.google-analytics.com; frame-src 'self' https://*.onthe.io https://www.youtube.com/; media-src 'self' https://*.onthe.io https://*.iotechnologies.com https://*.dropboxusercontent.com/ https://*.dropbox.com/ 2
frame-ancestors 'self' https://*.duke-energy.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *.googletagmanager.com *.crazyegg.com *.typekit.net use.typekit.net *.adroll.com *.adroll.mgr.consensu.org cors-anywhere.herokuapp.com gist.github.com  rum-static.pingdom.net *.ckeditor.com translate.googleapis.com translate.google.com *.jotform.com *.crazyegg.com cdn.jotfor.ms static.issuu.com instagram.com www.instagram.com t.sf14g.com 1.tl813.com http://static.issuu.com analytics.twitter.com srdrvp.com static.ads-twitter.com apis.google.com *.addthis.com *.addthisedge.com secure.comodo.net static.ads-twitter.com platform.twitter.com www.googleadservices.com http://www.googleadservices.com *.akamaihd.net www.google-analytics.com www.google.com cdnjs.cloudflare.com *.typekit.net *.jotform.us cdn.jsdelivr.net ajax.googleapis.com connect.facebook.net www.facebook.com facebook.com use.typekit.net ssl.google-analytics.com *.gstatic.com cse.google.com www.googleapis.com *.mobilecause.com bam.nr-data.net googletagmanager.com formalyzer.com maps.googleapis.com e.issuu.com *.silkroad.com *.createsend.com *.createsend1.com *.polldaddy.com polldaddy.com *.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com secure4.entertimeonline.com; img-src 'self' data: about: 1.tl813.com arbordayblog.org * *.adroll.com *.leadlander.com *.advertising.com *.facebook.com *.google-analytics.com *.outbrain.com *.pubmatic.com *.3lift.com *.taboola.com dsum-sec.casalemedia.com *.rubiconproject.com ads.yahoo.com *.adnxs.com x.bidswitch.net *.youtube.com idsync.rlcdn.com us-u.openx.net *.atdmt.com *.s3.amazonaws.com log.pinterest.com i.ytimg.com *.jotform.com t.co *.gstatic.com *.instagram.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.doubleclick.net *.jotfor.ms csi.gstatic.com maps.gstatic.com p.typekit.net www.google.com www.googleapis.com maps.googleapis.com www.facebook.com *.google.com *.arborday.org www.googleapis.com ssl.google-analytics.com syndication.twitter.com shpg.org; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' assets-cdn.github.com *.githubassets.com use.typekit.net translate.googleapis.com *.gstatic.com cdn.jotfor.ms www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.soundcloud.com *.jotform.com *.berkeley.edu https://coolclimate.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com www.facebook.com *.google.com *.vimeo.com www.instagram.com syndication.twitter.com *.jotform.us https://staticxx.facebook.com *.igive.com cse.google.com pdf.snapandread.com app.mobilecause.com *.arborday.org www.arborday.org hotelfootprints.org www.hotelfootprints.org www.youtube.com http://www.youtube.com e.issuu.com api.braintreegateway.com treesandutilities.com *.silkroad.com ajax.googleapis.com connect.facebook.net platform.twitter.com *.addthis.com *.createsend.com *.createsend1.com *.leadlander.com; frame-ancestors 'self' www.logees.com *.liedlodge.org shop.arborday.org corporategifts.arborday.org  *.domaincontrol.com *.ip.secureserver.net *.upnllc.com *.godaddy.com logees.com *.dutchmantreefarms.com dutchmantreefarms.com http://www.dutchmantreefarms.com www.bluehillwildlifenursery.com bluehillwildlifenursery.com treesandutilities.com www.treesandutilities.com *.secureserver.net *.akam.net *.godaddy.com *.silkroad.com createsend.com; connect-src 'self' arbordayblog.org cors-anywhere.herokuapp.com *.gstatic.com secure4.entertimeonline.com rum-collector-2.pingdom.net *.crazyegg.com wss://www.arborday.org performance.typekit.net ssl.google-analytics.com *.jotform.us createsend.com *.doubleclick.net *.cloudfront.net appstoreconnect.com *.berkeley.edu; 2
frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com *.ariba.com 2
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report 2
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.greenwichcompliance.com; 2
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 2
default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 2
frame-ancestors 'self' https://*.designcrowd.com; 2
frame-ancestors https://oa.sheincorp.cn http://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn 2
require-sri-for script style;default-src 'self' data: blob: *; img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ocbc.com  *.ocbc.com.my *.sc.omtrdc.net *.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.facebook.net *.facebook.com *.pages07.net *.greateasterngeneral.com *.ibmmarketingcloud.com dpm.demdex.net *.everestjs.net *.mookie1.com *;object-src 'self' *;font-src 'self' *;frame-src 'self' https://5376815.fls.doubleclick.net https://9036546.fls.doubleclick.net *.youtube.com https://tags.tiqcdn.com https://ocbc.demdex.net https://bid.g.doubleclick.net *.crwdcntrl.net *.sqreemtech.com; 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ https://carnivalmeetings.prod.carnivalcloud.net; worker-src blob: 2
frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be; 2
frame-ancestors self googletagmanager.com cerebro.alibaba.ir 2
frame-ancestors 'self' https://www.foxplay.gr https://*.cosmote.gr https://*.ote.gr https://webform.studentactivation.gr https://t-mint.s3.amazonaws.com https://*.youtube.com; 2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://www.zyxel.com https://communicasia.zyxel.com/ https://bbwf.zyxel.com https://mwc.zyxel.com https://www.zyxel.ch https://www.zyxel.fr https://www12.zyxel.com 2
frame-ancestors 'self' https://wiki.abbyy.com 2
default-src https:; font-src https: data:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; child-src https: blob:; frame-src https: blob: 'self'; 2
frame-ancestors *.windstream.net 2
default-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.google-analytics.com snap.licdn.com px.ads.linkedin.com www.youtube.com https://syndication.twitter.com assets.piraeusbankgroup.com googlevideo.com apis.google.com data: maps.googleapis.com http://rum-collector-2.pingdom.net ;      style-src 'self' assets.piraeusbankgroup.com  assets.piraeusbank.gr 'unsafe-inline' fonts.googleapis.com platform.twitter.com ton.twimg.com;      script-src 'self' https://developers.google.com https://snap.licdn.com assets.piraeusbankgroup.com assets.piraeusbank.gr https://maps.google.com connect.facebook.net platform.twitter.com apis.google.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com seal.thawte.com syndication.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com http://rum-static.pingdom.net ;      font-src   data: 'self' fonts.gstatic.com;     img-src 'self' data: https://developers.google.com asset.piraeusbank.gr 'unsafe-inline'  assets.piraeusbank.gr   px.ads.linkedin.com https://maps.google.com assets.piraeusbankgroup.com http://www.piraeusbank.gr https://www.piraeusbank.gr https://seal.thawte.com www.piraeusbankgroup.com 'unsafe-inline' www.google.com  syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.gr csi.gstatic.com maps.gstatic.com maps.googleapis.com platform.twitter.com pbs.twimg.com o.twimg.com ton.twimg.com googleads.g.doubleclick.net img.youtube.com http://rum-collector.pingdom.net ;      frame-src staticxx.facebook.com www.facebook.com accounts.google.com apis.google.com platform.twitter.com syndication.twitter.com 'self' www.youtube.com https://cap.attempts.securecode.com aacsw.3ds.verifiedbyvisa.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/www-widgetapi-vflPBjLfx/www-widgetapi.js 2
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com; 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src *; font-src *; media-src *; frame-src *; connect-src *; 2
frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 2
default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 2
frame-ancestors 'self' https://microsites.audi.com *.audi-boerse.de https://mtt-live.apps.emea.vwapps.io https://mtt-live-blue.apps.emea.vwapps.io https://mtt.apps.emea.vwapps.io https://mtt-blue.apps.emea.vwapps.io http://mtt-local.apps.emea.vwapps.io; 2
font-src 'self' offerswidget.visa.com *.gstatic.com data:; img-src 'self' google-analytics.com offerswidget.visa.com chatbot.bankofindia.co.in www.visa.com *.gstatic.com *.googleapis.com *.rupay.co.in data:;default-src 'self' *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.gstatic.com  'unsafe-inline' 'unsafe-eval'  style-src 'self' offerswidget.visa.com chatbot.bankofindia.co.in script-src 'self' offerswidget.visa.com chatbot.bankofindia.co.in 2
default-src 'self' *.ing.pl ping-prod.ext.e-point.pl *.e-point.pl *.adocean.pl https://optimize.google.com *.ingbank.pl; font-src 'self' *.googleapis.com *.ingbank.pl data: themes.googleusercontent.com *.gstatic.com tagmanager.google.com *.ing.pl ping-prod.ext.e-point.pl www.googletagmanager.com https://optimize.google.com *.e-point.pl; style-src 'self' 'unsafe-inline' code.jquery.com *.googleapis.com *.ingbank.pl https://optimize.google.com *.e-point.pl https://www.gstatic.com s.ytimg.com https://www.ytimg.com *.ing.pl www.google.com ping-prod.ext.e-point.pl https://platform.twitter.com www.googletagmanager.com *.gstatic.com tagmanager.google.com https://syndication.twitter.com https://ton.twimg.com; img-src 'self' data: https://d-gr.ppstatic.pl *.ggpht.com *.adocean.pl *.e-point.pl traffic.tgdaudience.com www.google.pl https://optimize.google.com https://syndication.twitter.com d-gr.ppstatic.pl clients1.google.com tagmanager.google.com *.gstatic.com *.domy.pl www.googletagmanager.com *.demdex.net https://platform.twitter.com www.google.com *.glosdlafirm.pl ping-prod.ext.e-point.pl *.ing.pl apollo-ireland.akamaized.net *.googleusercontent.com https://img.youtube.com https://galeria.domiporta.pl ingbankslaski.d3.sc.omtrdc.net *.twimg.com *.ingbank.pl img01-olxpl.akamaized.net *.hit.gemius.pl *.googleapis.com *.google-analytics.com https://www.i1.ytimg.com *.doubleclick.net ingbankslaski.d2.sc.omtrdc.net *.staticdomy.com.pl *.staticmorizon.com.pl *.staticoferty.net.pl https://adocean-pl.hit.gemius.pl https://ireland.apollo.olxcdn.com; frame-src 'self' *.tradedoubler.com https://syndication.twitter.com www.google.com ping-prod.ext.e-point.pl *.ing.pl www.googletagmanager.com *.demdex.net https://platform.twitter.com https://www.youtube.com https://optimize.google.com traffic.tgdaudience.com *.e-point.pl *.hit.gemius.pl ferryt-u.pl.ing-ad *.ingbank.pl *.doubleclick.net https://ing.webnotarius.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hit.gemius.pl *.googleapis.com https://www.fbstatic-a.akamaihd.net *.ingbank.pl *.doubleclick.net code.jquery.com assets.adobedtm.com *.google-analytics.com ingbankslaski.d3.sc.omtrdc.net https://www.oauth.googleusercontent.com cdn.tgdaudience.com https://cdn.syndication.twimg.com *.gstatic.com tagmanager.google.com https://syndication.twitter.com www.google.com ping-prod.ext.e-point.pl https://www.apis.google.com *.ing.pl *.demdex.net www.googletagmanager.com https://platform.twitter.com s.ytimg.com https://www.youtube.com https://optimize.google.com www.googleadservices.com *.e-point.pl https://www.gstatic.com *.adocean.pl ingbankslaski.d2.sc.omtrdc.net https://ton.twimg.com https://ireland.apollo.olxcdn.com; object-src 'self' *.ingbank.pl *.ing.pl ping-prod.ext.e-point.pl www.googletagmanager.com *.e-point.pl; connect-src 'self' traffic.tgdaudience.com *.e-point.pl *.adocean.pl *.demdex.net www.googletagmanager.com *.ing.pl ping-prod.ext.e-point.pl wss://*.twilio.com https://syndication.twitter.com ingbankslaski.d3.sc.omtrdc.net *.google-analytics.com https://*.twilio.com *.doubleclick.net *.ingbank.pl *.hit.gemius.pl ingbankslaski.d2.sc.omtrdc.net; frame-ancestors 'self' *.ingbank.pl ping-prod.ext.e-point.pl *.ing.pl *.demdex.net www.googletagmanager.com *.e-point.pl; 2
frame-ancestors https://*.crashplan.com https://*.crashplan.com:4285 https://*.crashplanpro.com https://*.crashplanpro.com:4285 https://*.code42.com https://*.code42.com:4285; https://*.us2.code42.com; https://*.us2.code42.com:4285; 2
frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 2
frame-ancestors  'self' https://*.bancointer.com.br https://*.uatbi.com.br 2
default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob: 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src data: https://www.blueconic.com https://fonts.blueconic.com  https://cdn2.hubspot.net; img-src https: data:; media-src https: blob:; worker-src blob: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net 2
script-src https: http: 'unsafe-eval' 'unsafe-inline'; worker-src https: http: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: http: 'unsafe-inline'; img-src https: http: data: blob: about:; font-src https: http: data:; connect-src https: http: wss:; object-src https: http: 2
default-src 'self' data: blob:; connect-src * blob:; font-src 'self' * 'unsafe-inline' data:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; media-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: *.stripe.com fullstory.com; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; child-src 'self' data: blob: *.stripe.com *.paddle.com hotjar.com *.hotjar.com *.google.com headway-widget.net trustpilot.com *.trustpilot.com embed.neomam.com fullstory.com resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; frame-ancestors 'self' vwo.com *.vwo.com 2
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.gymboree.com *.childrensplace.com dpm.demdex.net tcp.demdex.net *.xtlo.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adobedtm.com *.google.com *.googleapis.com *.bazaarvoice.com *.getcandid.com *.candid.io *.quantummetric.com *.omniture.com *.vibescm.com search.unbxd.io *.braintreegateway.com *.braintree-api.com *.borderfree.com *.briteverify.com *.raygun.io *.gstatic.com *.theplace.com *.omtrdc.net *.paypal.com *.paypalobjects.com *.iperceptions.com *.melissadata.net *.facebook.net *.facebook.com *.stylitics.com stylitics-ampersand-production.sfo2.cdn.digitaloceanspaces.com comenity.net *.netdna-ssl.com *.comenity.net *.fiftyone.com *.omtrdc.net *.demdex.net *.channeladvisor.com *.impactradius-event.com *.googletagmanager.com *.micpn.com *.bing.com *.filepicker.io *.cloudinary.com *.cloudfront.net *.theplace.com *.netdna-ssl.com *.filepicker.io *.iesnare.com *.googleadservices.com *.steelhousemedia.com *.impactradius-event.com *.channeladvisor.com *.amazonaws.com *.kaptcha.com thechildrensplace.ay6u.net *.unbxdapi.com *.dotomi.com match.prod.bidr.io *.adsrvr.org *.pegacloud.net *.doubleclick.net 2
upgrade-insecure-requests; default-src https://*.zoom.com.cn https://zoom.com.cn blob: 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: about: https://ruanshi2.8686c.com https://*.zoom.us https://*.cloudfront.net https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/ https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://*.ada.support https://*.adroll.com https://*.hotjar.com https://*.zoom.com.cn https://*.zoomcloudpbx.com https://*.zoomus.cn https://*.zopim.com https://adroll.com https://zoom.com.cn 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';frame-ancestors 'self' *.zoomcloud.cn; 2
frame-ancestors http://*.visitsingapore.com/ http://*.visitsingapore.com.cn/ https://*.visitsingapore.com/ https://*.visitsingapore.com.cn/ 'self'; 2
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2
default-src 'self' blob:; connect-src 'self' onesignal.com wss://www.blockonomics.co www.blockonomics.co; font-src cdnjs.cloudflare.com ssl.p.jwpcdn.com; media-src *.jwplayer.com 'self' blob:; object-src *.youtube.com; frame-src *.youtube.com www.google.com; frame-ancestors 'none'; child-src 'self' *.youtube.com blob:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' image.tmdb.org flixtor.st images.weserv.nl cdnjs.cloudflare.com www.blockonomics.co data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net ssl.p.jwpcdn.com ajax.cloudflare.com cdn.onesignal.com *.gstatic.com www.google.com www.googletagmanager.com flixtor.st www.blockonomics.co blob:; 2
default-src 'self' *.ekantipur.com *.kantipurdaily.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'none'; 2
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 2
default-src 'self'; connect-src 'self' https://keepersecurity.com https://keepersecurity.eu https://nrpc.olark.com https://forms.hubspot.com https://www.google-analytics.com https://keepersecurity.ktrjao.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://ws.zoominfo.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://static.olark.com https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://connect.studentbeans.com https://*.hotjar.com https://forms.hsforms.com https://platform.twitter.com https://twitter.com; img-src 'self' https: data:; media-src 'self' https://static.olark.com; script-src 'self' 'unsafe-inline' https://*.olark.com https://*.hotjar.com https://cdn.studentbeans.com https://*.searchcdn.com https://*.impactradius-event.com https://js.hs-scripts.com  https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://ws-assets.zoominfo.com https://js.hs-banner.com; style-src 'self' 'unsafe-inline' https://static.olark.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://app.addsearch.com https://platform.twitter.com; 2
img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net bat.bing.com res.cloudinary.com dxkdvuv3hanyu.cloudfront.net *.clover.com images.contentful.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net www.google-analytics.com lh3.googleusercontent.com www.google.com www.google.com.pr www.google.com.br www.google.com.co www.google.ca www.google.de www.google.ie www.google.co.uk www.google.co.in www.google.co.id www.googletagmanager.com *.gstatic.com heapanalytics.com static.intercomassets.com js.intercomcdn.com *.intercomcdn.com uploads.intercomusercontent.com *.online-metrix.net *.perka.com *.rfihub.com api.swiftype.com pixel.quantserve.com apintego.com app.nav.com t.powerreviews.com *.t.eloqua.com track.hubspot.com play.vidyard.com cdn.vidyard.com px.ads.linkedin.com p.adsymptotic.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io recaptcha.net www.linkedin.com s.amazon-adsystem.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.perka.com player.vimeo.com www.youtube.com *.ytimg.com play.vidyard.com *.lendingfront.com s.amazon-adsystem.com *.walkme.com; connect-src 'self' bat.bing.com *.clover.com wss://*.clover.com *.contentful.com stats.g.doubleclick.net secure.geonames.org www.facebook.com www.google-analytics.com apis.google.com storage.googleapis.com *.greenhouse.io heapanalytics.com in.hotjar.com vc.hotjar.io uploads.intercomcdn.com uploads.intercomusercontent.com *.intercom.io wss://*.intercom.io h.online-metrix.net *.optimizely.com *.perka.com sentry.io api.swiftype.com d8a92f8280d84184bb69a3a4b74b61d1.app-search.us-west-2.aws.found.io *.powerreviews.com collection.bgalytics.com *.tt.omtrdc.net oamportal.fdvs.com *.donorschoose.org collection.sperse.io data.pendo.io recaptcha.net *.walkme.com; default-src 'self'; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com heapanalytics.com js.intercomcdn.com use.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com *.clover.com googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.googleadservices.com www.google-analytics.com apis.google.com maps.googleapis.com tagmanager.google.com optimize.google.com www.google.com www.googletagmanager.com tracker.gaconnector.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com www.youtube.com secure.quantserve.com *.ytimg.com ui.powerreviews.com *.t.eloqua.com play.vidyard.com apps.mypurecloud.com secure.adnxs.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com img.en25.com snap.licdn.com amplify.outbrain.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com recaptcha.net *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com optimize.google.com heapanalytics.com just.be sandbox.just.be *.natwest-tyl.com *.usetyl.com ui.powerreviews.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com; media-src 'self' *.clover.com videos.ctfassets.net js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com h.online-metrix.net vd.vidoplay.com; frame-ancestors *.clover.com just.be sandbox.just.be *.natwest-tyl.com *.usetyl.com *.perka.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; 2
frame-ancestors 'self' mail.google.com chrome-extension://iffdacemhfpnchinokehhnppllonacfj/ chrome-extension://dkfhfaphfkopdgpbfkebjfcblcafcmpi/; 2
default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://w.soundcloud.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.vimeo.com https://vimeo.com/api/oembed.json https://ajax.cloudflare.com https://player.vimeo.com https://static.oktopost.com/oktrk.js https://okt.to https://crmemails.ogilvy.com https://secure.link5view.com https://tag.demandbase.com; style-src 'self' 'unsafe-inline' https://static.addtoany.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://static.addtoany.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://okt.to https://stats.g.doubleclick.net https://www.google.com https://www.google.co.in https://secure.link5view.com https://crmemails.ogilvy.com https://match.prod.bidr.io https://segments.company-target.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://w.soundcloud.com https://static.addtoany.com; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com https://tagmanager.google.com data:; connect-src 'self' https://www.google-analytics.com https://bam.nr-data.net https://api.company-target.com; report-uri /report-csp-violation 2
frame-ancestors 'self' stc.marketing.adobe.com *.decibelinsight.net *.decibelinsight.com 2
default-src 'self' data: blob: shopify.com *.streamshark.io *.myshopify.io *.wistia.com embedwistia-a.akamaihd.net *.litix.io *.wistia.net *.shopify.com *.shopifysvc.com notify.bugsnag.com *.mode.com fonts.gstatic.com www.google-analytics.com *.youtube.com monorail-edge-staging.shopifycloud.com; style-src 'self' 'unsafe-inline' data: blob: cdn.shopify.com cdn.shopifycloud.com; script-src 'self' 'sha256-0bwsvtcuqs/DCoDbJp98nh0tvF4GvOF1S10glV2ln/4=' www.googletagmanager.com www.google-analytics.com cdn.shopify.com cdn.shopifycloud.com fast.wistia.com app.wistia.com blob:; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.tribesocial.com *.intellum.com *.intellumlevel.com *.honeybadger.io *.pusher.com ws://*.pusher.com wss://*.pusher.com *.amazonaws.com *.googleapis.com *.google-analytics.com *.jquery.com *.youtube.com *.embedly.com *.embed.ly *.vimeo.com *.brightcove.net *.facebook.com zoom.us *.zoom.us *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.facebook.com *.gstatic.com *.google.com *.doubleclick.net *.googleusercontent.com *.googletagmanager.com *.googleplex.com *.stripe.com *.aptrinsic.com cdn.facebookblueprint.com *.fbcdn.net *.fbsbx.com *.facebook.com *.logmein.com *.gototraining.com *.jointraining.com *.gotowebinar.com *.joinwebinar.com *.googletagmanager.com *.ampproject.org *.doubleclick.net *.googleservices.com *.googleadservices.com *.g.doubleclick.net *.adsrvr.org *.googleusercontent.com *.githubusercontent.com; img-src * data:; 2
frame-ancestors kink.com 2
default-src 'self' https:; object-src 'self'; frame-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://miloo.nl wss://miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com disqus.com; child-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://miloo.nl wss://miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com *.disqus.com; style-src 'self' 'unsafe-inline' *.kvk.nl s3.amazonaws.com tagmanager.google.com translate.googleapis.com *.mopinion.com https://fonts.googleapis.com *.abtasty.com *.disqus.com *.disquscdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kvk.nl blob: bat.bing.com *.nowinteract.com www.youtube.com s.ytimg.com channel.me cloudstatic.obi4wan.com *.hotjar.com www.google-analytics.com www.googletagmanager.com cdn-assets-prod.s3.amazonaws.com tagmanager.google.com *.mopinion.com https://miloo.nl wss://miloo.nl *.abtasty.com *.disqus.com *.disquscdn.com; img-src 'self' *.kvk.nl blob: data: tr3.onlinesucces.nl www.ondernemersplein.nl bat.bing.com https://www.gstatic.com/images/branding/product/2x/translate_24dp.png www.google-analytics.com www.googletagmanager.com https://miloo.nl wss://miloo.nl *.abtasty.com *.cloudfront.com *.mopinion.com *.disqus.com *.disquscdn.com; font-src 'self' blob: data: *.kvk.nl http://fonts.gstatic.com https://fonts.gstatic.com static.hotjar.com *.mopinion.com *.abtasty.com *.disqus.com; connect-src 'self' *.kvk.nl wss://*.kvk.nl opendata.ondernemersplein.nl *.nowinteract.com translate.googleapis.com bots.obi4wan.com app.obi4wan.ai *.hotjar.com wss://*.hotjar.com www.google-analytics.com script.google.com https://miloo.nl wss://miloo.nl *.mopinion.com col.eum-appdynamics.com *.abtasty.com sentry.io *.disqus.com; frame-ancestors 'self' https://*.kvk.nl; base-uri 'self' *.kvk.nl; 2
frame-ancestors https://*.aok.de https://*.dev.queo-group.com https://*.dev.queo.org localhost https://*.ddev.site; 2
frame-ancestors 'self' *.kanopystreaming.com *.kanopy.com 2
frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 2
frame-ancestors https://*.justlanded.com https://*.justlanded.es https://*.justlanded.co.uk https://*.justlanded.de https://*.justlanded.fr https://*.justlanded.it https://*.justlanded.jp https://*.justlanded.at https://*.justlanded.mx https://*.justlanded.gr https://*.justlanded.ru https://*.justlanded.se https://*.justlanded.cn https://*.justlanded.ch https://*.justlanded.be https://*.justlanded.co.in https://*.justlanded.co.nz https://tpc.googlesyndication.com 2
default-src  'self' ; connect-src    *;  worker-src    * data: blob: *.transparent.com *.transparent.local *.s3.amazonaws.com;  font-src   * data: blob: 'unsafe-inline';  frame-src   'self' *.transparent.com *.transparent.local *.whichisenglish.transparent.com *.testwie.transparent.com *.s3.amazonaws.com *.amazon.com *.google.com *.appcues.com *.apple.com *.byki.com *.rbdigital.com *.rbdigitalstage.com *.vimeo.com *.youtube.com *.fastspring.com *.onfastspring.com *.hubspot.com *.facebook.com *.twitter.com *.taleo.net *.addthis.com *.hsforms.com *.iorad.com *.typeform.com *.wistia.net *.oncehub.com *.wistia.com data: blob: mailto: --bridge-loaded-- bridge-loaded --wvjb-queue-message-- wvjb-queue-message 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.91;  manifest-src   'self' *.transparent.com *.transparent.local *.s3.amazonaws.com 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.91;  img-src    * data: blob:;  media-src    * data: blob:;  object-src    * data: blob:;  script-src    * 'unsafe-inline' 'unsafe-eval';  style-src    * 'unsafe-inline';  2
upgrade-insecure-requests; default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https: 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com 2
default-src 'self' data: *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.googleadservices.com *.vimeo.com xing-se.jobbase.io *.xingassets.com ct.capterra.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.googleadservices.com *.vimeo.com *.vimeocdn.com xing-se.jobbase.io *.xingassets.com ct.capterra.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net; style-src 'self' data: 'unsafe-inline' *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.googleadservices.com xing-se.jobbase.io *.xingassets.com ct.capterra.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net; frame-src *; img-src data: https: 2
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.pioneerelectronics.com embedded.pricespider.com embeddedcloud.pricespider.com youtube.com www.google.com ajax.googleapis.com; 2
default-src 'none'; img-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com  https://images.ctfassets.net https://downloads.ctfassets.net https://www.gstatic.com https://ssl.gstatic.com https://platform.twitter.com https://obs.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://cdn.cookielaw.org https://i.creativecommons.org https://licensebuttons.net; media-src 'self' https://videos.ctfassets.net https://www.youtube.com https://player.vimeo.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://cookies.onetrust.mgr.consensu.org https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com; connect-src 'self' https://cdn.contentful.com https://preview.contentful.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://sentry.io https://cdn.cookielaw.org https://api.twitter.com; script-src 'self' https://www.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://platform.twitter.com https://cdn.syndication.twimg.com data: https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://fonts.gstatic.com https://github.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com/ https://platform.twitter.com https://ton.twimg.com; manifest-src 'self'; worker-src 'self'; child-src 'self'; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' *.bzga.de *.creativecommons.org https://www.youtube-nocookie.com data:; frame-src 'self' https://www.bzga.de/ https://piwik.bzga.de/ https://www.youtube-nocookie.com 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.anaplan.com https://www.google-analytics.com *.getsmartling.com *.bing.com *.cloudflare.com *.doubleclick.net *.strikeiron.com *.demandbase.com https://code.jquery.com https://cdn.b0e8.com *.marketo.com *.ytimg.com *.marketo.net *.facebook.net *.cookielaw.org *.netdna-ssl.com *.engagio.com *.googleapis.com *.cloudfront.net *.licdn.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com *.coveo.com *.hushly.com *.optimizely.com *.hotjar.com; upgrade-insecure-requests 2
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com; object-src 'none'; base-uri https://optimize.google.com 2
frame-ancestors 'none' ; 2
default-src 'none'; connect-src 'self' data: https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: https://nouw.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; form-action 'self' http://nouw.com *.facebook.com *.facebook.net https://secure.payer.se; frame-ancestors 'self' http://frame.bloglovin.com; frame-src 'self' *.youtube.com *.spotify.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' *; img-src * data: blob:; manifest-src 'self'; media-src *; object-src 'none'; report-uri https://nouw.com/api/misc/csp; style-src * blob: 'unsafe-inline'; worker-src 'self'; script-src 'self' https://nouw.com https://cdnjs.cloudflare.com *.facebook.com *.facebook.net https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' * 2
default-src 'none'; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: http://www.pap.pl https://www.google.com https://www.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org https://cdnjs.cloudflare.com https://www.google.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://adservice.google.com https://adservice.google.pl https://securepubads.g.doubleclick.net https://www.gstatic.com https://*.hit.gemius.pl; font-src 'self' data: https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; connect-src 'self' https://securepubads.g.doubleclick.net https://csi.gstatic.com; object-src 'self'; frame-src 'self' https://igrafika.pap.pl https://www.youtube.com https://*.dcs.redcdn.pl https://www.google.com https://infostrefa.tv https://*.hit.gemius.pl https://multimedia.europarl.europa.eu https://maps.google.com https://iframe.dacast.com; prefetch-src 'self' https://tpc.googlesyndication.com; base-uri 'self'; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://cse.google.com http://cse.google.com https://clients1.google.com http://clients1.google.com https://va.ecitizen.gov.sg http://assets.adobedtm.com *.demdex.net http://wogadobeanalytics.sc.omtrdc.net http://va.ecitizen.gov.sg https://www.google.com https://s3-us-west-2.amazonaws.com http://fonts.googleapis.com http://ajax.googleapis.com https://fonts.gstatic.com cm.everesttech.net http://fast.wogaa.demdex.net https://tools.onemap.sg https://www.gstatic.com https://forms.cwp.gov.sg https://www.google-analytics.com wogadobeanalytics.sc.omtrdc.net https://assets.juicer.io https://connect.facebook.net https://www.facebook.com https://www.juicer.io https://graph.facebook.com https://static.juicer.io https://i.imgur.com https://scontent.xx.fbcdn.net https://external.xx.fbcdn.net https://external.xx.fbcdn.net https://twitter.com https://wogaa.demdex.net https://www.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.onemap.sg http://www.moh.gov.sg http://www.youtube.com https://www.youtube.com https://static.pigeonhole.at https://pigeonhole.at form.gov.sg https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.google.com.sg *.hotjar.com:* *.hotjar.io wss://*.hotjar.com https://*.wogaa.sg assets.adobedtm.com https://youtu.be https://*.arcgis.com https://assets.dcube.cloud; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 2
frame-ancestors 'self' http://mrgocom01stg.dmz.maggroup.com http://mrgocomforge.dmz.maggroup.com 2
frame-ancestors 'self' http://*.iframely.com 2
default-src 'self' data: https://internalgogdemo.terracycle.com https://fonts.gstatic.com/ https://use.typekit.net/ https://d3c39yxulteaif.cloudfront.net/; script-src 'self' 'unsafe-inline' data: https://connect.facebook.net/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://log.pinterest.com/ https://use.typekit.net/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://maps.googleapis.com/ https://www.wufoo.com/scripts/embed/form.js https://secure.wufoo.com/scripts/embed/form.js https://www.googleadservices.com/pagead/conversion.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://b-code.liadm.com/a-00v3.min.js https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.leadmanagerfx.com/js/mcfx/2794 https://cdn.leadmanagerfx.com/phone/js/2794 https://internalgogdemo.terracycle.com https://www.googletagmanager.com https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://syndication.twitter.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://assets.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/; img-src 'self' https://www.google-analytics.com/r/ https://www.google.com/pagead/ https://www.google.com/ads/ https://stats.g.doubleclick.net/r/ https://www.facebook.com/tr/ https://c.liadm.com/ https://assets.pinterest.com/images/pidgets/ https://p.typekit.net/ https://syndication.twitter.com/i/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/vt https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com/gog-prod/ https://internalgogdemo.terracycle.com https://tc-global-prod.s3.amazonaws.com/ www.googletagmanager.com https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white*; connect-src 'self' https://internalgogdemo.terracycle.com https://ipapi.co/json https://maps.googleapis.com/maps/api/geocode/json https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/2794 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information; plugin-types application/pdf application/xml 2
frame-ancestors https://*.prolific.co http://*.prolific.co https://prolific.co 2
default-src 'self'  https://*.easyfairsgroup.com ; connect-src 'self'  https://*.easyfairsgroup.com https://*.easyfairs.com https://*.google-analytics.com https://www.wpo365.com https://efsentry.easyfairs.cloud ; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.easyfairsgroup.com https://*.easyfairs.cloud https://*.youtu.be https://s.ytimg.com https://*.youtube.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com ; img-src 'self' data:  https://*.easyfairsgroup.com  https://*.google.com https://*.google.at https://*.google.be https://*.google.bg https://*.google.ca https://*.google.cat https://*.google.ch https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.com.hk https://*.google.it https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.com.tr https://*.google.co.uk https://*.google.com https://*.ggpht.com https://library.elementor.com https://*.gravatar.com https://i.ytimg.com https://*.googleusercontent.com https://*.googleapis.com https://*.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com ; style-src 'self' 'unsafe-inline' data:  https://*.easyfairsgroup.com https://*.typekit.net https://ps.w.org https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.google.com https://p.typekit.net https://use.typekit.net; font-src 'self' data:  https://*.easyfairsgroup.com https://*.typekit.net https://fonts.gstatic.com https://*.sharepointonline.com https://use.typekit.net; child-src 'self'  https://*.easyfairsgroup.com https://*.youtube.com https://*.youtu.be https://www.youtube-nocookie.com https://www.googletagmanager.com https://*.google.com ; media-src 'self'  https://*.easyfairsgroup.com https://*.vimeo.com https://*.youtu.be https://*.youtube.com https://api.dmcdn.net https://*.twitch.tv ; object-src 'self'  https://*.easyfairsgroup.com ; frame-ancestors 'self'  https://*.easyfairsgroup.com https://*.vimeo.com https://api.dmcdn.net https://*.twitch.tv ; base-uri 'none' ; 2
frame-ancestors self *.moneyweb.co.za http://preview.moneyweb-2.instantmagazine.com http://moneyweb-2.instantmagazine.com *.instantmagazine.com 2
frame-ancestors 'self' https://www.messenger.com https://www.facebook.com/; 2
frame-ancestors 'self' admin.truelocal.com.au 2
default-src 'self'; font-src data: https://assets.dm.de https://cdn.kali.services.dmtech.com; child-src 'self' blob:; script-src 'self' 'unsafe-eval' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.mm.dm.de https://ssl.hurra.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; worker-src 'self' blob:; connect-src 'self' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://services.dm.de https://products.dm.de https://*.services.dmtech.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.mm.dm.de https://*.services.dmtech.com https://api.mapbox.com https://events.mapbox.com https://ssl.hurra.com https://*.bazaarvoice.com https://browser-http-intake.logs.datadoghq.eu https://login.dm.de https://mpsnare.iesnare.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.bazaarvoice.com https://api.tiles.mapbox.com; img-src 'self' data: blob: https://assets.dm.de https://cdn.kali.services.dmtech.com https://cdn02.dm-static.com https://ssl.hurra.com  https://*.mm.dm.de https://*.bazaarvoice.com https://i.ytimg.com https://img.youtube.com https://play.google.com https://linkmaker.itunes.apple.com https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com; frame-ancestors 'self' https://*.dm.de https://app.datadoghq.eu; frame-src 'self' https://ssl.hurra.com https://*.dm.de https://*.services.dmtech.com https://sandbox.om.dm.de https://*.bazaarvoice.com https://www.youtube-nocookie.com https://configurator.nuk.de/; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://login.dm.de https://checkout.dm.de https://*.bazaarvoice.com; manifest-src 'self'; report-uri /__csp-reports__ 2
frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp http://bkoffice.sov.gs.corp http://shdwbkoffice.sov.gs.corp; 2
frame-ancestors 'self' *.marketscreener.com *.zonebourse.com *.scoopnest.com; 2
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 2
frame-ancestors 'self' https://*.fdj.fr https://www.laredoute.fr/ http://clients.sismodesign.com; 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
default-src 'self' fl.ru *.fl.ru *.facebook.com client.getinchat.com *.jivosite.com *.mail.ru *.yandex.ru *.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: *.fl.ru client.getinchat.com cityadstrack.com www.cityadstrack.com artfut.com www.artfut.com cdn.userecho.com connect.facebook.net *.adriver.ru counter.rambler.ru *.newrelic.com *.nr-data.net mc.yandex.ru *.doubleclick.net *.criteo.com *.criteo.net *.mail.ru *.gstatic.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com adservice.google.com adservice.google.ru adservice.google.com.ua *.tns-counter.ru x.cnt.my d31j93rd8oukbv.cloudfront.net *.jivosite.com; img-src data: blob: *; media-src *.fl.ru *.jivosite.com; style-src 'unsafe-inline' 'unsafe-eval' blob: https: 'self' *.fl.ru client.getinchat.com fonts.googleapis.com *.jivosite.com; font-src 'self' data: blob: https: fonts.gstatic.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' *.fl.ru fl.userecho.com *.typeform.com client.getinchat.com *.criteo.com *.criteo.net *.facebook.com *.adriver.ru *.doubleclick.net *.google.com *.google.ru *.indeed.com onesignal.com rutube.ru *.rutube.ru *.vimeo.com youtube.com *.youtube.com; child-src fl.ru *.fl.ru; connect-src 'self' *.fl.ru *.doubleclick.net *.facebook.com *.google-analytics.com *.mail.ru client.getinchat.com *.jivosite.com *.yandex.ru wss://*.jivosite.com *.nr-data.net; report-uri flru.report-uri.com/r/d/csp/reportOnly; 2
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: ; 2
default-src 'self' blob:; img-src 'self' *.nextiveo.com platform-api.sharethis.com *.livehelpnow.net *.pcdn.co *.sharethis.com  *.contentsquare.net *.content-square.fr *.contentsquare.com *.googleapis.com *.s3.us-east-1.amazonaws.com *.amazonaws.com *.gstatic.com *.cloudfront.net *.clicktale.net pixy.org *.chargebee.com *.nextsphere.com *.ppipe.net *.nstitan.com mecdb.myecheck.com www1.myecheck.com  *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com www.google-analytics.com stats.g.doubleclick.net www.google.com data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com s3-us-west-2.amazonaws.com x1.xingassets.com maps.gstatic.com maps.googleapis.com optimize.google.com cdn-dev.flptitan.com blob: *.flptitan.com *.foreverliving.com *.s3.us-east-1.amazonaws.com *.googleapis.com *.ppipe.net *.nextsphere.com *.nstitan.com *.oppwa.com *.flptitanqa.com mecdb.myecheck.com www1.myecheck.com oppwa.com *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com *.google-analytics.com stats.g.doubleclick.net www.google.com *.clicktale.net data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com s3-us-west-2.amazonaws.com x1.xingassets.com maps.gstatic.com *.facebook.com *.googletagmanager.com maps.googleapis.com optimize.google.com; script-src 'self' *.nextiveo.com  *.payvision.com *.siteprerender.com siteprerender.com *.google.com platform-api.sharethis.com *.mgr.consensu.org *.livehelpnow.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com walls.io  *.facebook.net *.cdn-javascript.net cdn-javascript.net x-apple-ql-id *.static-resource.com static-resource.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.clicksapp.net clicksapp.net *.s3.us-east-1.amazonaws.com *.clicktale.net *.chargebee.com *.authorize.net *.ppipe.net www.youtube.com *.oppwa.com  *.s3-us-west-2.amazonaws.com mecdb.myecheck.com www1.myecheck.com *.googleapis.com *.flptitanqa.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com  *.s3.amazonaws.com  *.nextsphere.com *.nstitan.com optimize.google.com www.googletagmanager.com *.google-analytics.com blob: fonts.gstatic.com test.acaptureservices.com test.oppwa.com maxcdn.bootstrapcdn.com  *.ppipe.net *.facebook.net *.authorize.net www.youtube.com *.oppwa.com *.s3-us-west-2.amazonaws.com mecdb.myecheck.com www1.myecheck.com oppwa.com acaptureservices.com test.oppwa.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.nextiveo.com *.livehelpnow.net *.clicktale.net *.chargebee.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.google-analytics.com *.nextsphere.com x-apple-ql-id *.s3-us-west-2.amazonaws.com *.ppipe.net *.typekit.net *.nstitan.com *.oppwa.com mecdb.myecheck.com *.flptitanqa.com www1.myecheck.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com optimize.google.com tagmanager.google.com fonts.googleapis.com cdnjs.cloudflare.com oppwa.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com 'unsafe-inline'; font-src 'self' *.nextiveo.com *.livehelpnow.net *.clicktale.net *.chargebee.com *.nextsphere.com *.ppipe.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.typekit.net www1.myecheck.com  flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social mecdb.myecheck.com *.bootstrapcdn.com *.nstitan.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com data: cdnjs.cloudflare.com fonts.gstatic.com *.s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' *.nextiveo.com platform-api.sharethis.com *.livehelpnow.net *.consensu.org *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com *.s3.us-west-2.amazonaws.com *.socialsales.io *.clicktale.net *.nextsphere.com  *.ppipe.net vimeo.com *.authorize.net  mecdb.myecheck.com *.oppwa.com www1.myecheck.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.nstitan.com  s3-us-west-2.amazonaws.com *.s3.amazonaws.com *.s3-us-west-2.amazonaws.com *.chargebee.com *.google.com *.flptitanqa.com oppwa.com *.google-analytics.com; media-src 'self' *.nextiveo.com *.flptitan.com *.youtube.com *.youtu.be; frame-src 'self' *.ngenius-payments.com *.facebook.com *.livehelpnow.net *.sandbox.ngenius-payments.com *.acehubpaymentservices.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.nextiveo.com platform-api.sharethis.com  *.sharethis.com *.mgr.consensu.org  walls.io player.vimeo.com *.chargebee.com x-apple-ql-id *.youtube.com *.ppipe.net *.socialsales.io socialsales.io *.nextsphere.com *.worldpay.com *.nextsphere.com  vimeo.com *.oppwa.com mecdb.myecheck.com www1.myecheck.com *.nstitan.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com optimize.google.com *.vimeo.com oppwa.com optimize.google.com; frame-ancestors 'self' *.nextiveo.com *.socialsales.io socialsales.io foreverliving.com *.foreverliving.com *.flptitan.com flptitan.com flptitanqa.com *.flptitanqa.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.chargebee.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social 2
default-src 'self' data: https://api.blockchair.com http://127.0.0.1:50005 http://127.0.0.1:51505 http://127.0.0.1:53005 http://127.0.0.1:54505 http://127.0.0.1:56005 https://127.0.0.1:50005 https://127.0.0.1:51505 https://127.0.0.1:53005 https://127.0.0.1:54505 https://127.0.0.1:56005 ws://127.0.0.1:50005 ws://127.0.0.1:51505 ws://127.0.0.1:53005 ws://127.0.0.1:54505 ws://127.0.0.1:56005 wss://127.0.0.1:50005 wss://127.0.0.1:51505 wss://127.0.0.1:53005 wss://127.0.0.1:54505 wss://127.0.0.1:56005 wss://*.cqdssl.com https://local.get-scatter.com:50006 https://local.get-scatter.com:51506 https://local.get-scatter.com:53006 https://local.get-scatter.com:54506 https://local.get-scatter.com:56006 https://api.qiniu.com https://upload-z2.qiniup.com https://uplog.qbox.me wss://local.get-scatter.com:50006 wss://local.get-scatter.com:51506 wss://local.get-scatter.com:53006 wss://local.get-scatter.com:54506 wss://local.get-scatter.com:56006 ws://*.bigone.com ws://*.bigonezh.com ws://*.b1.cab ws://*.big.one ws://*.b1.run wss://beta.big.zone wss://alpha.big.zone wss://*.bigone.com wss://*.bigonezh.com wss://*.bigonechina.com wss://*.big.one wss://bigone.com wss://bigonezh.com wss://bigonechina.com wss://b1.cab wss://big.one wss://*.b1.run wss://b1.run wss://*.b1.cab wss://*.b1.land stats.g.doubleclick.net *.googleapis.com www.googletagmanager.com *.zdassets.com https://static.zdassets.com https://ekr.zdassets.com https://bigone.zendesk.com wss://bigone.zendesk.com wss://*.zopim.com https://*.zopim.com *.bigonechina.com *.big.zone *.bigone.com *.b1.cab *.bigonezh.com *.big.one *.b1.run *.pxn.one *.peatio.com *.geetest.com *.cqdssl.com www.google-analytics.com www.gstatic.com www.google.com mixin-images.zeromesh.net *.aliyun.com gm.mmstat.com *.aliapp.org *.tdum.alibaba.com *.tingyun.com *.alicdn.com *.aliyuncs.com *.ucweb.com bam.nr-data.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.zendesk.com api.eossweden.org eos.greymass.com node2.eosphere.io relay.get-scatter.com wss://widget-mediator.zopim.com https://v2assets.zopim.io 'unsafe-inline' 'unsafe-eval' 2
child-src platform.twitter.com www.youtube.com disqus.com www.facebook.com movingupusa.com player.vimeo.com www.googletagmanager.com syndication.twitter.com w.soundcloud.com m.facebook.com; connect-src 'self' bam.nr-data.net data.fordfoundation.org links.services.disqus.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com translate.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' 88815.global.siteimproveanalytics.io a.tiles.mapbox.com ajax.googleapis.com analytics.twitter.com bam.nr-data.net cartocdn-gusc.global.ssl.fastly.net cartodb.s3.amazonaws.com connect.facebook.net data.fordfoundation.org fordfoundation.cartodb.com js-agent.newrelic.com platform.twitter.com s.ytimg.com s3.amazonaws.com static.ads-twitter.com t.co themes.googleusercontent.com us1.siteimprove.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.youtube.com data: c.disquscdn.com cdn.viglink.com disqus.com fordfoundationblog.disqus.com links.services.disqus.com brigstoneapp.com cdn-javascript.net frimeduble.com static-resource.com self stats.g.doubleclick.net www.google.com movingupusa.com www.google.co.id www.google.co.in www.google.com.br www.npr.org; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com; form-action 'self' www.facebook.com 'unsafe-eval' syndication.twitter.com; frame-src disqus.com movingupusa.com platform.twitter.com www.facebook.com www.youtube.com player.vimeo.com w.soundcloud.com m.facebook.com 'self' vimeo.com web.facebook.com www.googletagmanager.com charlierose.com; img-src 'self' 88815.global.siteimproveanalytics.io a.tiles.mapbox.com bam.nr-data.net cartocdn-gusc.global.ssl.fastly.net cartodb.s3.amazonaws.com cdn.viglink.com ce.lijit.com data: links.services.disqus.com stats.g.doubleclick.net t.co www.facebook.com www.google-analytics.com www.google.ba www.google.co.in www.google.co.za www.google.com www.google.com.tr www.googletagmanager.com www.google.co.uk www.google.co.id dashboard.umbraco.org www.google.com.br www.google.com.co www.google.com.mx i.ytimg.com referrer.disqus.com translate.google.com translate.googleapis.com www.google.ca www.google.co.ke www.google.co.kr www.google.com.ar www.google.com.ec www.google.com.ng www.google.com.ni www.google.es www.google.it www.google.ps www.gstatic.com api.mapbox.com c.disquscdn.com pbs.twimg.com platform.twitter.com syndication.twitter.com www.google.co.ma www.google.co.th www.google.com.eg www.google.de www.google.gr www.google.lk www.google.pl www.google.se a.disquscdn.com ei.rlcdn.com idsync.rlcdn.com www.google.be www.google.co.bw www.google.co.il www.google.co.zw www.google.com.gh www.google.com.pe www.google.fr www.youtube.com yt3.ggpht.com farm9.staticflickr.com sync.tidaltv.com us1.siteimprove.com www.google.ae www.google.am www.google.at www.google.az www.google.bg www.google.bs www.google.by www.google.cd www.google.ch www.google.cl www.google.cm www.google.cn www.google.co.cr www.google.co.jp www.google.co.mz www.google.co.nz www.google.co.tz www.google.co.ve www.google.co.zm www.google.com.au www.google.com.bd www.google.com.bo www.google.com.et www.google.com.gt www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.na www.google.com.np www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.sg www.google.com.sv www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.dk www.google.ee www.google.fi www.google.ge www.google.gm www.google.ht www.google.hu www.google.ie www.google.iq www.google.jo www.google.kz www.google.lt www.google.lv www.google.mw www.google.nl www.google.no www.google.pt www.google.ro www.google.rw www.google.sk www.google.sn www.google.tt; prefetch-src disqus.com c.disquscdn.com; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com analytics.twitter.com bam.nr-data.net c.disquscdn.com cartocdn-gusc.global.ssl.fastly.net connect.facebook.net fordfoundation.cartodb.com fordfoundationblog.disqus.com js-agent.newrelic.com platform.twitter.com s.ytimg.com s3.amazonaws.com static.ads-twitter.com us1.siteimprove.com www.google-analytics.com www.googletagmanager.com www.pagespeed-mod.com www.youtube.com player.vimeo.com about data: translate.google.com translate.googleapis.com goal.us10.list-manage.com cdn.syndication.twimg.com links.services.disqus.com twitter.com cartocdn.global.ssl.fastly.net google-analytics.com ssl.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com analytics.twitter.com bam.nr-data.net c.disquscdn.com connect.facebook.net fordfoundationblog.disqus.com js-agent.newrelic.com platform.twitter.com s.ytimg.com s3.amazonaws.com static.ads-twitter.com us1.siteimprove.com www.google-analytics.com www.googletagmanager.com www.youtube.com cartocdn-gusc.global.ssl.fastly.net fordfoundation.cartodb.com player.vimeo.com cdn.syndication.twimg.com www.hoexoxg.site links.services.disqus.com twitter.com a.disquscdn.com api.microsofttranslator.com ssl.google-analytics.com www.google.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' c.disquscdn.com translate.googleapis.com fonts.googleapis.com platform.twitter.com tagmanager.google.com ton.twimg.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' c.disquscdn.com platform.twitter.com translate.googleapis.com cdnjs.cloudflare.com fonts.googleapis.com; media-src 'self'; object-src 'self'; frame-ancestors 'self'; script-src-attr 'unsafe-inline' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dc-mkt-prod.cloud.bosch.tech dc-ncj-portal.qa.dxf.bosch.tech tags.tiqcdn.com www.youtube.com player.vimeo.com s.ytimg.com statse.webtrendslive.com www.google-analytics.com visitor-service-eu-central-1.tealiumiq.com apps.boschrexroth.com *.monetate.net *.livechatinc.com *.qualtrics.com *.hs-scripts.com *.hsadspixel.net *.usemessages.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net js.hsforms.net forms.hsforms.com snap.licdn.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ine.mx https: 2
frame-ancestors 'self'; worker-src 'self' blob:; upgrade-insecure-requests; script-src *.driftt.com *.6sc.co *.d41.co *.licdn.com *.softwareag.com *.doubleclick.net *.googleadservices.com *.google-analytics.com  *.googletagmanager.com *.ytimg.com *.youtube.com *.adobedtm.com *.scene7.com *.trustarc.com *.ads-twitter.com *.omtrdc.net *.2o7.net *.demdex.net *.everesttech.net  'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2
upgrade-insecure-requests; connect-src * https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io; 2
font-src 'self' *.fandangonow.com *.fandango.com data: *.mgo-images.com; object-src *.visa.com data:; script-src 'self' *.fandangonow.com *.fandango.com 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.fandangonow.com *.fandango.com data: 'unsafe-inline' * 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none' 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org connect.facebook.net *.g.doubleclick.net *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.cloudfront.net tagmanager.google.com *.wuv.de 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercom.io https://app.brand24.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://mc.yandex.ru https://sumo.com https://clients6.google.com https://app.userengage.com wss://app.userengage.com http://cdn.heapanalytics.com http://heapanalytics.com https://cdn.heapanalytics.com https://heapanalytics.com https://proxy.synerise.com https://tck.synerise.com wss://messenger.synerise.com https://api.ipgeolocation.io https://cdn.cookielaw.org https://grsm.io; img-src * 2
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw; frame-ancestors 'self' vznrw-piwik.init-ag.de; 2
connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 2
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com www.google-analytics.com www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com www.google-analytics.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com www.google.com; child-src js.stripe.com www.google.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 2
script-src 'self' 'unsafe-inline' https://js.stripe.com; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 2
default-src https: 'unsafe-inline'; frame-ancestors https:; object-src 'none'; script-src https: 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.olark.com js.stripe.com *.visualwebsiteoptimizer.com *.vwo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' jira.reactos.org www.google.com www.gstatic.com; img-src 'self' data:; 2
default-src * blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.veinteractive.com https://*.typekit.net/ https://*.gstatic.com https://*.bt4.druidplatform.com data: 2
default-src 'self' https://trillian.cachefly.net https://static.olark.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 2
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src https: 2
default-src 'self' blob: data: 'unsafe-inline' *.gstatic.com; img-src 'self' blob: data: 'unsafe-inline' *.iscte-iul.pt iscte-iul.pt *.googleapis.com *.gstatic.com *.google-analytics.com www.google.com www.google.pt www.linkedin.com stats.g.doubleclick.net ciencia.iscte-iul.pt px.ads.linkedin.com www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.google-analytics.com www.gstatic.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com www.facebook.com; object-src 'self'; connect-src 'self' *.google-analytics.com; frame-src 'self' *.google.com *.soundcloud.com www.youtube.com youtu.be https://sketchfab.com player.vimeo.com; 2
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com https://cdnjs.com/ https://fast.fonts.net/ https://code.jquery.com/ https://api.usersnap.com https://www.googletagmanager.com https://rum-static.pingdom.net https://s7.addthis.com https://sjs.bizographics.com https://snap.licdn.com https://v1.addthisedge.com https://m.addthis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://kendo.cdn.telerik.com https://cookie-cdn.cookiepro.com/ https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://downloads.mailchimp.com https://mc.us5.list-manage.com https://secure.adnxs.com https://z.moatads.com https://geolocation.onetrust.com https://stackpath.bootstrapcdn.com https://walls.io https://cse.google.com *.pagestrip.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.fonts.net https://cdnjs.cloudflare.com https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com  https://downloads.mailchimp.com https://cdn-images.mailchimp.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net *.pagestrip.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://px.ads.linkedin.com data: blob: *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com http://media.corporate-ir.net https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna-p.magna.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://rum-collector-2.pingdom.net https://m.addthis.com https://cookie-cdn.cookiepro.com https://s7.addthis.com https://emea3.recruitmentplatform.com https://emea3.recruitmentplatform.com https://global3.recruitmentplatform.com https://www.google-analytics.com https://privacyportal.cookiepro.com https://pagestrip.com https://*.pagestrip.com; 2
frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
script-src 'self' https://tongji.baidu.com https://hm.baidu.com http://hm.baidu.com *.google-analytics.com http://mat1.gtimg.com https://mat1.gtimg.com http://*.soso.com https://*.soso.com http://*.qq.com https://*.qq.com http://*.qqmail.com  https://*.qqmail.com http://*.qmail.com https://*.qmail.com https://midas.gtimg.cn http://midas.gtimg.cn http://pub.idqqimg.com blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://mail.qq.com/cgi-bin/report_cgi?r_subtype=csp&nocheck=false 2
frame-ancestors 'self' rtvs.sk *.rtvs.sk *.dev.rtvs.sk rtvs.org *.rtvs.org 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2
frame-ancestors 'self' *.svenskakyrkan.se https://*.risevision.com https://www.risevision.com/ http://*.kyrkanstrygghetsrad.se/ http://www.kyrkanstrygghetsrad.se/; 2
frame-ancestors 'self' https://us-sunset-public.prd.invesco.net; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com *.doubleclick.net yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com bam.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net; frame-src 'self' *.vimeo.com *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me; object-src 'self'; connect-src 'self' *.google-analytics.com *.helpscout.net *.wistia.com d3hb14vkzrxvla.cloudfront.net bam.nr-data.net *.facebook.com yoast.com wss://chat-support.toolset.com https://chat-support.toolset.com 2
default-src 'self' *.adbutler-kaon.com *.adbutler.com *.amazonaws.com *.doubleclick.net *.facebook.com *.formstack.com *.google-analytics.com *.google.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.googlwe.com *.gravatar.com *.issuu.com *.isu.pub *.knack.com *.knackhq.com *.quantserve.com *.quantcount.com *.sharethis.com *.thekennelclub.org.uk *.twitter.com *.vimeocdn.com *.visualstudio.com *.wufoo.com *.youtube.com *.zmags.com adbutler-fermion.com our.umbraco.org packages.umbraco.org player.vimeo.com servedbyadbutler.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.adbutler-kaon.com *.adbutler.com *.amazonaws.com *.cloud-database.co *.doubleclick.net *.facebook.com *.facebook.net *.formstack.com *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.issuu.com *.isu.pub *.knack.com *.knackhq.com *.msecnd.net *.quantserve.com *.quantcount.com *.sharethis.com *.thekennelclub.org.uk *.twitter.com *.wufoo.com *.zmags.com *.gstatic.com adbutler-fermion.com servedbyadbutler.com;style-src 'self' 'unsafe-inline' *.cloud-database.co *.formstack.com *.google.co.uk *.google.com *.googleapis.com *.issuu.com *.isu.pub *.sharethis.com *.thekennelclub.org.uk;img-src 'self' data: *.adbutler-kaon.com *.cloud-database.co *.doubleclick.net *.facebook.com *.formstack.com *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.gravatar.com *.issuu.com *.isu.pub *.quantserve.com *.quantcount.com *.thekennelclub.org.uk *.twitter.com *.zmags.com adbutler-fermion.com dashboard.umbraco.org servedbyadbutler.com umbraco.tv;font-src 'self' data: *.gstatic.com *.cloud-database.co 2
frame-ancestors 'self' uninter.com *.uninter.com  http://siteapi.uninter.com http://univirtus.uninter.com; 2
frame-ancestors 'self' *.nexxt.com/ https://lensa.com/; 2
frame-ancestors 'self' localhost:* *.tason.com 2
default-src 'self' data: *.coop.co.uk s3-eu-west-1.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coop.co.uk https://assets.adobedtm.com cdn.embedly.com *.ensighten.com *.crazyegg.com *.google-analytics.com *.youtube.com *.ytimg.com *.facebook.net *.twitter.com s3-eu-west-1.amazonaws.com s3.amazonaws.com *.cloudfront.net cdn.polyfill.io *.algolia.net assets.digital.coop.co.uk cdn-assets-prod.s3.amazonaws.com *.smartsurvey.co.uk *.googletagmanager.com; style-src * 'unsafe-inline'; img-src 'self' data: https://dpm.demdex.net *.google.co.uk *.google.ie *.ensighten.com images.contentful.com images.ctfassets.net *.crazyegg.com www.google-analytics.com www.facebook.com *.cloudfront.net *.twitter.com *.doubleclick.net assets.digital.coop.co.uk www.google.com cm.everesttech.net; font-src 'self' s3-eu-west-1.amazonaws.com s3.amazonaws.com assets.digital.coop.co.uk; media-src *; object-src youtube.com vimeo.com; frame-src 'self' https://cooperativegroup.demdex.net https://forms.office.com https://youtube.com https://www.youtube.com https://vimeo.com *.doubleclick.net *.facebook.com fusiontables.google.com https://google.com https://www.google.com *.smartsurvey.co.uk ash-coopcreatecase.cs88.force.com preprod-coop-preprod.cs87.force.com *.force.com; connect-src https://*.demdex.net/ https://cooperativegroup.tt.omtrdc.net *.algolia.net *.algolianet.com *.google-analytics.com; 2
frame-src https://riksbanken.solidtango.com https://web103.reachmee.com https://www.riksbank.se https://www.google.com https://www.riksdagen.se https://vars.hotjar.com bankid: 2
default-src 'self' blob:; object-src 'self'; media-src 'self' usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://usuat.cobrowse.pega.com/ https://usuatassets.cobrowse.pega.com https://geolocation.onetrust.com https://www.google.com https://cdn.cookielaw.org https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com https://cdn.quantummetric.com http://dfcumanagedservicesstageenvironment.112.2o7.net https://analytics.twitter.com/ *.ads-twitter.com https://us.cobrowse.pega.com https://usassets.cobrowse.pega.com *.steelhousemedia.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com *.calcxml.com *.cloudflare.com https://googleads.g.doubleclick.net https://chat.usefirefly.com https://usefirefly.com  https://connect.facebook.net www.google-analytics.com assets.adobedtm.com *.timevaluecalculators.com *.bazaarvoice.com *.iesnare.com *.googleapis.com *.dcuinsurance.com tagmanager.google.com www.googletagmanager.com https://www.google-analytics.com https://firefly-chat-production.s3.amazonaws.com  http://www.googleadservices.com https://connect.facebook.net http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net; connect-src 'self' *.ads-twitter.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com wss://usefirefly.com https://usefirefly.com * *.cloudflare.com *.calcxml.com *.dcu.org *.omtrdc.net *.demdex.net *.bazaarvoice.com wss://chat.usefirefly.com https://www.google-analytics.com  https://www.dcuinsurance.com http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net; img-src 'self' *.com *.yahoo.com http://t.co/ dsum.casalemedia.com su.addthis.com s.thebrighttag.com image2.pubmatic.com ads.scorecardresearch.com t.mookie1.com x.bidswitch.net usermatch.krxd.net match.sharethrough.com cm.g.doubleclick.net ads.yahoo.com pixel.advertising.com insight.adsrvr.org www.facebook.com usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com *.bazaarvoice.com https://www.google.co.in https://www.google.com *.timevaluecalculators.com *.everesttech.net *.demdex.net *.omtrdc.net *.googleapis.com *.gstatic.com *.112.2o7.net https://stats.g.doubleclick.net www.google-analytics.com data:; style-src 'self' 'unsafe-inline' *.cloudflare.com https://usuatassets.cobrowse.pega.com https://usassets.cobrowse.pega.com https://usefirefly.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com *.calcxml.com https://tagmanager.google.com usassets.chat.pega.com *.timevaluecalculators.com *.googleapis.com *.bazaarvoice.com https://match.adsrvr.org https://match.prod.bidr.io; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *.doubleclick.net *.culookup.com *.dcu.org *.demdex.net *.locatorsearch.com *.bazaarvoice.com  https://www.fmsi-lts.com/DIG_WS https://fmsi-lts.com/ *.adobecqms.net http://cookies.onetrust.mgr.consensu.org/ stage.dcu.org https://dcu-stage.adobecqms.net http://dcu-stage.adobecqms.net https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.youtube.com 2
frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://optimize.google.com certify-js.alexametrics.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com apis.google.com https://js.stripe.com https://www.paypal.com; connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com; worker-src 'self'; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://optimize.google.com *.firebaseapp.com https://js.stripe.com *.paypal.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.web-stat.com *.web-stat.fr *.parastorage.com *.wix.com *.wts.one wts.one *.wts2.one wts2.one *.jquery.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.cloudflare.com *.cloudflareinsights.com *.google.com *.facebook.net *.facebook.com  unpkg.com  *.arcgisonline.com; 2
font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com http://www.concentrix.com http://concentrix.com data: https://1cfrbv1cz8j13t7nr4n67ss1-wpengine.netdna-ssl.com; frame-ancestors https://cvgdotcomprodprvw.azurewebsites.net/careers https://careers.concentrix.com/ https://careers.concentrix.com/careers? https://cvgdotcomprodprvw.azurewebsites.net https://careers.concentrix.com/careers https://concentrix.my.salesforce.com/ https://careers.concentrix.com/careers/us https://careers.concentrix.com/careers/us/ https://careers.concentrix.com/careers/?country=ca https://careers.concentrix.com/* https://careers.concentrix.com/about/contact-us; 2
frame-ancestors 'self' https://*.sageintacct.com https://*.intacct.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com https://www-w28.intacct.com https://www-p02.intacct.com https://www-p03.intacct.com https://www-p04.intacct.com https://beta.intacct.com https://www.intacct-adv.com https://www-w27.intacct.com https://www-p03-w028.intacct.com https://www-p02-w028.intacct.com https://www-p04-w028.intacct.com https://www-dr.intacct.com https://stg-hk.intacct.com https://dev45.intacct.com https://dev31.intacct.com https://dev24.intacct.com https://dev33.intacct.com; 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com 2
child-src 'self' *.usercentrics.eu *.adform.net *.criteo.com *.criteo.net *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.webmasterplan.com app.parasol-island.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ *.optimizely.com www.toom-baumarkt.de www.youtube.com www.youtube.de *.youtube-nocookie.com; frame-src 'self'  *.usercentrics.eu *.adform.net *.optimizely.com *.criteo.com *.criteo.net *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.webmasterplan.com app.parasol-island.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de *.youtube-nocookie.com *.trbo.com toom18int42.cdn.pslsrv.com; object-src 'self'; 2
frame-ancestors self fasttech.com *.fasttech.com 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.fold3.com/ https://go.fold3.com/ https://*.fold3.com/ *.fold3.com https://www.ancestry.com https://request.eprotect.vantivpostlive.com https://request.eprotect.vantivcnp.com *.googleapis.com https://www.ancestrycdn.com https://*.hotjar.com https://*.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com *.gstatic.com https://myfamilycominc.tt.omtrdc.net https://ancestry.sc.omtrdc.net https://bat.bing.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://www.google.com https://*.g.doubleclick.net https://cdnjs.cloudflare.com https://*.demdex.net https://cm.everesttech.net https://vc.hotjar.io https://www.googletagservices.com www.googletagmanager.com optimize.google.com tagmanager.google.com https://adservice.google.com www.amcharts.com https://www.ancestry.com https://privacy-policy.truste.com; report-uri /report-csp-violation; 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 2
default-src    'self'     'unsafe-inline'     'unsafe-eval'    i.4see.mobi;    script-src    https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    https://prd01.launch.banfield.com/    http://*.g.doubleclick.net/    https://*.g.doubleclick.net/    http://*.google.com    https://*.google.com    http://tags.srv.stackadapt.com    https://tags.srv.stackadapt.com    http://*.stackadapt.com    https://*.stackadapt.com    'self'    'unsafe-inline'    'unsafe-eval'    http://code.jquery.com/    https://code.jquery.com/    http://assets.adobedtm.com    https://assets.adobedtm.com    http://cdn.optimizely.com    https://cdn.optimizely.com    http://use.typekit.net    https://use.typekit.net    http://fast.fonts.net/    https://fast.fonts.net/    http://gateway.answerscloud.com/    https://gateway.answerscloud.com/    http://*.foresee.com    https://*.foresee.com    http://cdnjs.cloudflare.com/   https://cdnjs.cloudflare.com/    http://www.googletagmanager.com    https://www.googletagmanager.com    http://www.googleadservices.com    https://www.googleadservices.com    http://ssl.google-analytics.com    https://ssl.google-analytics.com    http://js.clickequations.net    https://js.clickequations.net    http://connect.facebook.net    https://connect.facebook.net    http://az416426.vo.msecnd.net/    https://az416426.vo.msecnd.net/    http://www.google-analytics.com/    https://www.google-analytics.com/    http://localhost https://localhost    http://localhost:*    https://localhost:*    http://*.googleapis.com    https://*.googleapis.com    http://*.inspectlet.com    https://*.inspectlet.com    http://*.openweathermap.org    https://*.openweathermap.org    http://*.sharethis.com    https://*.sharethis.com    http://*.sharethis.com    https://*.sharethis.com    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://*.xg4ken.com    https://*.xg4ken.com    http://*.cloudflare.com    https://*.cloudflare.com    http://*.youtube.com    https://*.youtube.com    http://*.ytimg.com    https://*.ytimg.com    http://*.bing.com    https://*.bing.com    http://*.iatspayments.com    https://*.iatspayments.com    http://*.instagram.com    https://*.instagram.com     http://banfield-assets.azureedge.net    https://banfield-assets.azureedge.net    http://banfield-images.azureedge.net    https://banfield-images.azureedge.net    http://banfield-scripts.azureedge.net    https://banfield-scripts.azureedge.net    https://remote.vroptimal-3dx-assets.com/    https://gateway.foresee.com/    i.4see.mobi    https://cdn.schemaapp.com/    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    connect-src    https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    blob:    'self'    'unsafe-inline'    'unsafe-eval'    http://logx.optimizely.com/log/event    https://logx.optimizely.com/log/event    http://*.visualstudio.com    https://*.visualstudio.com    http://localhost    https://localhost    http://*.inspectlet.com    https://*.inspectlet.com    http://*.typekit.net    https://*.typekit.net    http://*.googleapis.com    https://*.googleapis.com    http://*.facebook.com    https://*.facebook.com    http://*.sharethis.com    https://*.sharethis.com    http://*.optimizely.com    https://*.optimizely.com    https://analytics.foresee.com    https://brain.foresee.com    https://4seeresults.com    https://foreseeresults.com    https://www.google-analytics.com    https://ssl.google-analytics.com/    i.4see.mobi    https://device.4seeresults.com    https://srv.stackadapt.com/    https://tags.srv.stackadapt.com    https://ssl.google-analytics.com/    https://www.google.com/    https://data.schemaapp.com/    https://c.sharethis.mgr.consensu.org/    http://*.foresee.com    https://*.foresee.com    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    frame-src    https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com     https://use.typekit.net    https://data.schemaapp.com    https://prd01.launch.banfield.com/    https://*.helpshift.com    https://checkout.globalgatewaye4.firstdata.com/payment    'self'    'unsafe-inline'    'unsafe-eval'    http://googleads.g.doubleclick.net    https://googleads.g.doubleclick.net    http://www.google.com/    https://www.google.com/    http://www.youtube.com    https://www.youtube.com    http://gateway.answerscloud.com    https://gateway.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.facebook.com    https://*.facebook.com    http://*.adobedtm.com    https://*.adobedtm.com    http://*.doubleclick.net    https://*.doubleclick.net    http://*.doubleclick.net    https://*.doubleclick.net    http://*.sharethis.com    https://*.sharethis.com    http://*.rallybound.org    https://*.rallybound.org    http://*.cdn.optimizely.com    https://*.cdn.optimizely.com    http://sketchfab.com/    https://sketchfab.com/    http://*.cloudfront.net/    https://*.cloudfront.net/    https://demo.globalgatewaye4.firstdata.com/    https://www.vroptimal-3dx-assets.com/    https://static.vroptimal-3dx-assets.com/    https://connect.facebook.net/    i.4see.mobi    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com;    img-src    https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    https://maps.google.com    'self'    'unsafe-inline'    'unsafe-eval'    http://*.cloudflare.com    https://*.cloudflare.com    blob:    http://*.iatspayments.com    https://*.iatspayments.com    http://*.bidswitch.net    https://*.bidswitch.net    http://*.adnxs.com    https://*.adnxs.com    http://*.stackadapt.com    https://*.stackadapt.com    'self' 'unsafe-inline'    'unsafe-eval' data:    http://googleads.g.doubleclick.net    https://googleads.g.doubleclick.net    http://*.google-analytics.com/    https://*.google-analytics.com/    http://centro.pixel.ad    https://centro.pixel.ad    http://beacon.clickequations.net/    https://beacon.clickequations.net/    http://www.google.com    https://www.google.com    http://*.banfield.com    https://*.banfield.com    http://www.facebook.com    https://www.facebook.com    http://maps.googleapis.com    https://maps.googleapis.com    http://*.gstatic.com    https://*.gstatic.com    http://pixel.sitescout.com/    https://pixel.sitescout.com/    http://images.banfield.com    https://images.banfield.com   http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://media.banfield.com    https://media.banfield.com    http://*.doubleclick.net    https://*.doubleclick.net    http://*.typekit.net    https://*.typekit.net    http://*.4seeresults.com    https://*.4seeresults.com    http://*.foreseeresults.com    https://*.foreseeresults.com    http://*.answerscloud.com    https://*.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.truste.com    https://*.truste.com    http://*.googleadservices.com    https://*.googleadservices.com    http://*.xg4ken.com    https://*.xg4ken.com    http://*.sharethis.com    https://*.sharethis.com    http://*.bing.com    https://*.bing.com    http://*.azureedge.net    https://*.azureedge.net    http://sb.scorecardresearch.com/    https://sb.scorecardresearch.com/    https://foresee.mobi    https://static.foresee.com/    https://gateway.foresee.com/    i.4see.mobi    https://i.liadm.com/    https://pixel.rubiconproject.com/    https://pixel.advertising.com/    https://simage2.pubmatic.com/    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    style-src    https://scontent.cdninstagram.com    https://p.typekit.net   https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    http://*.fonts.net/    https://*.fonts.net/    'self'    http://*.iatspayments.com    https://*.iatspayments.com    'unsafe-inline'    'unsafe-eval'    http://*.fonts.net    https://*.fonts.net    http://fast.fonts.net    https://fast.fonts.net    http://*.banfield.com    https://*.banfield.com    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com   http://*.googleapis.com    https://*.googleapis.com    http://*.jquery.com    https://*.jquery.com    http://*.answerscloud.com    https://*.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.sharethis.com    https://*.sharethis.com    http://cdnjs.cloudflare.com/    https://cdnjs.cloudflare.com/    http://*.fonts.net   https://*.fonts.net    http://*.azureedge.net    https://*.azureedge.net    https://gateway.foresee.com    i.4see.mobi    https://cdn.jsdelivr.net    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    font-src    https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net     https://data.schemaapp.com    'self'    'unsafe-inline'    'unsafe-eval'    http://fast.fonts.net    https://fast.fonts.net    http://*.gstatic.com    https://*.gstatic.com    http://use.typekit.net    https://use.typekit.net    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://*.azureedge.net    https://*.azureedge.net    http://*.optimizely.com    https://*.optimizely.com    i.4see.mobi    https://cdnjs.cloudflare.com    http://*.foresee.com    https://*.foresee.com    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;   2
default-src https: 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ; font-src https: data:; img-src https: data: 2
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src  * data:;connect-src * wss: 2
policy-uri /'self' 2
default-src wss://comet.rabota.ru *.rabota.space rabota.ru *.rabota.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.mail.ru vk.com *.twitter.com *.odnoklassniki.ru *.rambler.ru *.adfox.ru *.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.facebook.net *.instagramm.ru *.ucweb.com *.newrelic.com *.nr-data.net *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com 2gis.github.io polyfill.io *.calltouch.ru *.jivosite.com *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru *.coub.com *.imgsmail.ru *.dadata.ru *.mediator.media;script-src 'unsafe-inline' 'unsafe-eval' *.rabota.space rabota.ru *.rabota.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.googleusercontent.com *.googletagmanager.com *.googleapis.com creativecdn.com *.creativecdn.com www.google-analytics.com stats.g.doubleclick.net *.rambler.ru yastatic.net vk.com *.twitter.com *.odnoklassniki.ru *.mail.ru *.facebook.net *.instagramm.ru unpkg.com *.livetex.ru *.livetex.me *.google.com *.newrelic.com *.nr-data.net *.jivosite.com *.gstatic.com *.ucweb.com *.2gis.ru *.2gis.com polyfill.io *.calltouch.ru *.adfox.ru 2gis.github.io *.vimeocdn.com *.youtube.com *.imgsmail.ru collector.mediator.media *.dadata.ru *.mediator.media *.helpdeskeddy.com *.surveymonkey.com anketolog.ru *.jsdelivr.net *.ytimg.com;style-src 'unsafe-inline' 'unsafe-eval' blob: *.rabota.space rabota.ru *.rabota.ru *.googleapis.com *.gstatic.com *.2gis.ru *.2gis.com *.vimeocdn.com *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net 2gis.github.io *.dadata.ru anketolog.ru;img-src * data: blob:;font-src 'self' data: blob: *.rabota.space rabota.ru *.rabota.ru *.livetex.ru *.livetex.me *.gstatic.com chrome-extension:;worker-src *.rabota.space rabota.ru *.rabota.ru;frame-src *.rabota.space *.rabota.ru rabota.ru *.rabota.ru creativecdn.com *.creativecdn.com *.facebook.com *.facebook.net *.instagramm.ru yastatic.net *.google.com *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net vk.com *.twitter.com *.odnoklassniki.ru *.youtube.com *.ucweb.com *.imgsmail.ru *.googleusercontent.com *.googletagmanager.com *.helpdeskeddy.com *.surveymonkey.com anketolog.ru *.hurma.ai hurma.ai *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru rutube.ru *.coub.com coub.com *.ytimg.com *.fls.doubleclick.net;media-src blob: *.rabota.space rabota.ru *.rabota.ru *.jivosite.com *.vimeocdn.com *.helpdeskeddy.com *.surveymonkey.com;report-uri https://www.rabota.ru/snitch.txt 2
frame-ancestors 'self' *.facebook.com *.heartmath.org *.na3.netsuite.com *.pardot.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src ws: https: 'self'; frame-ancestors 'self'; 2
default-src 'none'; connect-src 'self' http: https: wss:; font-src 'self' http: https:; form-action 'self' http: https:; frame-src 'self' http: https:; frame-ancestors 'self' http: https:; img-src 'self' 'unsafe-inline' http: https: data:; media-src 'self' http: https:; object-src 'self' http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; worker-src 'self' http: https:; child-src 'self' http: https 2
script-src *.frb.org *.googleapis.com *.addthis.com *.youtube.com *.google-analytics.com googlemaps.github.io *.google.com *.gstatic.com *.federalreserve.org *.addthisedge.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com s.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self'; script-src 'self' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com; img-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; report-uri https://scotthelme.report-uri.com/r/default/csp/enforce 2
child-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; connect-src 'self' https://*.demdex.net https://*.getsentry.com https://*.hotjar.com https://*.sigfig.com https://*.wellsfargo.com https://*.zdassets.com https://*.zendesk.com https://api.greenhouse.io https://bam.nr-data.net https://heapanalytics.com https://maps.googleapis.com https://sentry.io https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com wss://*.hotjar.com https://*.cambridgesavings.com; default-src 'self' https://*.sigfig.com https://*.cambridgesavings.com; frame-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.hotjar.com/ https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; font-src 'self' data: https://*.cloudfront.net https://*.sigfig.com https://fonts.gstatic.com https://heapanalytics.com https://*.cambridgesavings.com; img-src 'self' data: http://*.ggpht.com http://*.googleusercontent.com http://*.gstatic.com http://*.wikinvest.com http://feeds.feedburner.com https://*.cloudfront.net https://*.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.quantserve.com https://*.sigfig.com https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://heapanalytics.com https://sigfigcitizensbankdev.112.2o7.net https://tags.w55c.net https://www.facebook.com https://www.snapengage.com https://*.cambridgesavings.com; media-src 'self' https://*.cloudfront.net https://*.sigfig.com https://*.cambridgesavings.com; object-src 'self' https://www.snapengage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com/ https://*.newrelic.com https://*.quantserve.com https://*.sigfig.com https://*.wellsfargoadvisors.com https://*.wikinvest.com https://*.zdassets.com https://*.zendesk.com https://apis.google.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://nexus.ensighten.com https://sigfig.sc.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com https://*.cambridgesavings.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.sigfig.com https://heapanalytics.com https://*.cambridgesavings.com; 2
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *; 2
base-uri 'self';connect-src https://website.informer.com 'self';default-src 'none';font-src 'self';frame-ancestors 'none';img-src data: 'self';manifest-src 'self';media-src 'self';object-src 'none';script-src https://cdn.ampproject.org 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com  *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:; 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https:; media-src 'self' video.tesa.com *.youtube.com; connect-src 'self' https: 2
frame-ancestors 'self' https://*.carfax.eu 2
default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu data: fonts.gstatic.com *.cachefly.net *.platnosci.pl;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl;object-src 'self' cdn-vsh.prague.eu 2
img-src * data: blob: 'unsafe-inline';object-src *;frame-src *; 2
script-src 'self' https://dqnp8bdp95f7m.cloudfront.net https://www.google.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com  https://api.userlike.com https://userlike-cdn-client.s3-eu-west-1.amazonaws.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://dq4irj27fs462.cloudfront.net; base-uri 'self'; 2
frame-ancestors https://*.news.at http://*.news.at; upgrade-insecure-requests; block-all-mixed-content 2
default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.virtualearth.net *.bing.com https://s.ytimg.com/ https://www.youtube.com/ https://sp.analytics.yahoo.com/ https://s.yimg.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://static.ads-twitter.com/uwt.js https://s3.amazonaws.com/trk.cetrk.com/f/t.js https://tagmanager.google.com/ https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com *.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com https://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' *.bing.com https://tagmanager.google.com/debug/css.css https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://sample-api-v2.crazyegg.com/ https://s.yimg.com/ https://bat.bing.com https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com gala.acsevents.org main.acsevents.org relay.acsevents.org; report-uri http://main.acsevents.org/site/XFrameViolation 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud  *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com ; connect-src 'self' *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.geoip-js.com geoip-js.com *.crazyegg.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com  *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com *.geoip-js.com geoip-js.com medialead.de; style-src 'self'  'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
default-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; frame-src 'self' *.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net *.hotjar.com *.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org *.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.addthis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com; font-src 'self' *.typekit.net fonts.gstatic.com data:; media-src 'self' data: blob: embedwistia-a.akamaihd.net *.podbean.com 2
frame-ancestors https://*.greatcall.com 2
frame-src 'self' blob: https://www.google.com/ https://checkout.stripe.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com; connect-src 'self' https://checkout.stripe.com; img-src 'self' https://*.stripe.com https://analytics.freedom.press blob: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://freedom.press; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://analytics.freedom.press https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com; default-src 'self'; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' https://*.teamsupport.com/ 2
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' data: 2
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; 2
frame-ancestors *.ndtv.com *.gadgets360.com pricee.com hotdeals360.com; 2
base-uri 'self'; child-src 'self' bid.g.doubleclick.net www.google.com www.youtube.com *.midtrans.com *.googleapis.com *.freshchat.com; connect-src *; default-src 'self'; font-src 'self' data: cdn.mxpnl.com fonts.googleapis.com fonts.gstatic.com *.freshchat.com; img-src 'self' data: csi.gstatic.com maps.gstatic.com maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net i.imgur.com img.youtube.com www.googleadservices.com www.google.com www.google.co.id www.google-analytics.com www.googletagmanager.com placehold.it placeholdit.imgix.net s3.amazonaws.com *.s3.amazonaws.com *.midtrans.com *.freshchat.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' cdn.polyfill.io cdn.mxpnl.com mixpanel.com maps.googleapis.com s.ytimg.com *.crazyegg.com s3.amazonaws.com *.s3.amazonaws.com tagmanager.google.com www.googleadservices.com www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com www.youtube.com *.midtrans.com *.googleapis.com googleads.g.doubleclick.net *.freshchat.com *.typeform.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com tagmanager.google.com *.freshchat.com; frame-src *.midtrans.com www.youtube.com www.google.com *.freshchat.com *.typeform.com 2
default-src 'self' 'unsafe-inline' *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.acquia.com *.marchex.io *.egain.cloud *.analytics-egain.com *.criteo.net *.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.nr-data.net web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com *.youtube.com *.vimeo.com *.ytimg.com *.opmnstr.com *.cloudfront.net  *.jsdelivr.net https://optimize.google.com *.jsdelivr.net unpkg.com *.kampyle.com polyfill.io *.b-cdn.net cdn.rawgit.com; style-src 'self' 'unsafe-inline' *.acquia.com *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud *.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com *.jsdelivr.net unpkg.com *.kampyle.com; img-src 'self' data: *.unitedrentals.com bat.bing.com *.marchex.io *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net *.egain.cloud https://optimize.google.com *.cloudfront.net *.jsdelivr.net *.kampyle.com *.turn.com images.rouseservices.com; frame-src 'self' *.acquia.com *.marchex.io *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com *.opmnstr.com *.unitedrentals.com *.kampyle.com; child-src 'self' *.acquia.com *.marchex.io *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com *.opmnstr.com *.unitedrentals.com *.kampyle.com blob:; font-src 'self' 'unsafe-inline' *.unitedrentals.com https://fonts.gstatic.com *.jsdelivr.net *.kampyle.com; connect-src 'self' *.acquia.com *.appcues.net wss://*.appcues.net *.web-2-tel.com web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net *.opmnstr.com *.luckyorange.net *.googleapis.com *.visitors.live *.kampyle.com wss://*.visitors.live *.bugsnag.com *.omappapi.com 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dukascopy.com *.dukascopy.jp ; script-src-elem 'self' 'unsafe-inline' https://www-cl.site.dukascopy.com *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com freeserv-static.dukascopy.com freeserv.dukascopy.com; style-src 'self' 'unsafe-inline' *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com freeserv-static.dukascopy.com freeserv.dukascopy.com *.dukascopy.com *.dukascopy.jp; object-src 'none'; frame-ancestors 'self' https://www-cl.site.dukascopy.com *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com freeserv-static.dukascopy.com freeserv.dukascopy.com; form-action 'self' https://www-cl.site.dukascopy.com *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com google.co.jp; frame-src 'self' https://www-cl.site.dukascopy.com *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com freeserv-static.dukascopy.com freeserv.dukascopy.com; img-src 'self' 'unsafe-inline' https://www-cl.site.dukascopy.com *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com freeserv-static.dukascopy.com freeserv.dukascopy.com data: blob:; font-src 'self' 'unsafe-inline' *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com freeserv-static.dukascopy.com freeserv.dukascopy.com data:; media-src *; connect-src 'self' https://www-cl.site.dukascopy.com *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com 2
font-src 'self' code.freent.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 2
frame-ancestors 'self' http://www.knorr.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
default-src 'self'; script-src 'self' static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 2
frame-ancestors https://*.hearstmags.com:* https://*.condenastdigital.com:*  https://staging.readystate.com:*  https://airbnbmag.com:*  https://hgtvcashsweepstakes.com:*  http://hgtvcashsweepstakes.com:*  https://*.believemagmedia.com:*  http://*.believemagmedia.com:*  http://devaws:*  http://devawsconde:* http://*.seventeen.com:* https://*.seventeen.com:* http://*.cosmopolitan.com:* https://*.cosmopolitan.com:* http://*.countryliving.com:* https://*.countryliving.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.goodhousekeeping.com:* https://*.goodhousekeeping.com:* http://*.harpersbazaar.com:* https://*.harpersbazaar.com:* http://*.housebeautiful.com:* https://*.housebeautiful.com:* http://*.marieclaire.com:* https://*.marieclaire.com:* http://*.oprah.com:* https://*.oprah.com:* http://*.popularmechanics.com:* https://*.popularmechanics.com:* http://*.redbookmag.com:* https://*.redbookmag.com:* http://*.townandcountrymag.com:* https://*.townandcountrymag.com:* http://*.veranda.com:* https://*.veranda.com:* http://*.delish.com:* https://*.delish.com:* http://*.foodnetwork.com:* https://*.foodnetwork.com:* http://*.hgtvmagazine.com:* https://*.hgtvmagazine.com:* http://*.elledecor.com:* https://*.elledecor.com:* http://*.caranddriver.com:* https://*.caranddriver.com:* http://*.elle.com:* https://*.elle.com:* http://*.womansday.com:* https://*.womansday.com:* http://*.roadandtrack.com:* https://*.roadandtrack.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.doctorozmag.com:* https://*.doctorozmag.com:* http://*.airbnbmag.com:* https://*.airbnbmag.com:* http://*.thepioneerwomanmagazine.com:* https://*.thepioneerwomanmagazine.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.womenshealthmag.com:* https://*.womenshealthmag.com:* http://*.menshealth.com:* https://*.menshealth.com:* http://*.bicycling.com:* https://*.bicycling.com:* http://*.runnersworld.com:* https://*.runnersworld.com:* http://*.prevention.com:* https://*.prevention.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.rodalebookazines.com:* https://*.rodalebookazines.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* 2
default-src https:; connect-src *; font-src https: data:; frame-src https: ; img-src https: data:;  media-src https:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:;  style-src 'unsafe-inline' https:; report-uri /csp_violation_report_endpoint 2
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com cdn.lr-ingest.io; frame-ancestors 'self' *.gaoding.com god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com www.huodongxing.com www.365editor.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://pnew.365editor.com http://pwww.365editor.com http://new.365editor.com https://new.365editor.com https://ex.365editor.com http://ex.365editor.com http://www.365editor.com https://cdn.lr-ingest.io https://mp.weixin.qq.com http://screen.dev.gaoding.com/ https://testsmb.lenovo.net/ www.wxb.com http://local.wxb.com http://design.dev.gaoding.com https://stage.gaoding.com http://www.dev.gaoding.com http://page.dev.gaoding.com https://www.xmyeditor.com http://xmyplus.jiangniaocloud.top https://xmyplus.jiangniaocloud.top 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors *; upgrade-insecure-requests 2
connect-src 'self' *.saba.com *; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tvawcm.com *.tva.gov *.tva.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com code.highcharts.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org e.issuu.com https://cdn.siteimprove.net *.wufoo.com tva.us2.list-manage.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com my2.siteimprove.com code.jquery.com *.cdn.telerik.com https://az416426.vo.msecnd.net polyfill.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com data:; img-src 'self' https://tvawcm.com *.tva.com *.tva.gov *.gstatic.com *.googleapis.com *.google-analytics.com https://play.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com tva-azr-eastus-cdn-ep-tvawcm-acc.azureedge.net tva-azr-eastus-cdn-ep-tvawcm-prd.azureedge.net www.googletagmanager.com; media-src 'self' data: blob: *.tva.gov *.tva.com tva-azr-eastus-cdn-ep-tvawcm-acc.azureedge.net tva-azr-eastus-cdn-ep-tvawcm-prd.azureedge.net; form-action *.tva.gov *.tva.com tva.us2.list-manage.com tvawcm.com https://export.highcharts.com; frame-src tvawcm.com *.tva.com *.tva.gov platform.twitter.com tvaforms.wufoo.com tva.us2.list-manage.com *.wufoo.com *.youtube.com *.brightcove.net *.brightcove.com *.issuu.com tva.mediaplatform.com www.google.com tva.maps.arcgis.com https://*.siteimprove.com congeo.maps.arcgis.com www.youtube-nocookie.com maps.google.com cdn.knightlab.com; connect-src 'self' https://tvawcm.com *.tva.com *.tva.gov https://dc.services.visualstudio.com *.siteimprove.com *.microsoftonline.com *.msftauth.net https://www.google-analytics.com; 2
default-src 'self'; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.jtl-software.de https://stats.jtl-software.de https://www.youtube.com https://maps.googleapis.com https://s.ytimg.com https://www.google.com https://www.jtl-software.de https://jira.jtl-software.de https://*.paypal.com https://www.paypalobjects.com https://www.gstatic.com https://code.jquery.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com; img-src 'self' https://bilder.jtl-software.de https://stats.jtl-software.de https://img.youtube.com https://*.ytimg.com https://maps.gstatic.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google.ch https://www.google.de https://www.google.at https://www.google.pl https://www.google.com.ua https://www.google.com.pk https://www.google.hu https://www.google.co.uk https://www.google.dk https://www.google.br https://www.google.it https://www.google.ae https://www.google.ca https://www.google.hr https://www.google.com.au https://www.google.sk https://www.google.es https://www.googletagmanager.com https://www.google.com.tr https://www.google.cz https://www.google.be https://www.google.co.in https://www.google.ge https://www.google.nl https://www.google.lu https://www.google-analytics.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com data:; frame-src 'self' https://stats.jtl-software.de https://consent.jtl-software.de https://www.youtube.com https://jira.jtl-software.de https://www.google.com https://stats.jtl-software.de https://www.facebook.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com; form-action 'self' https://jtl-software.us9.list-manage.com https://www.paypal.com https://oauth2.api.jtl-software.com https://www.facebook.com; base-uri 'self'; connect-src https://consent.jtl-software.de https://www.facebook.com https://www.google-analytics.com 'self'; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; report-uri https://report.api.jtl-software.com/csp/; 2
default-src 'self' 'unsafe-inline' blob: *.disquscdn.com disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.freeagent.com *.fre.ag *.googleapis.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.adroll.com *.cloudfront.net *.getdrip.com *.facebook.net *.twitter.com script.crazyegg.com *.reviews.co.uk *.addthis.com *.addthisedge.com *.disqus.com *.twimg.com www.googletagmanager.com *.tfaforms.com s3.amazonaws.com/trk.cetrk.com/ *.disquscdn.com disqus.com *.wistia.com *.wistia.net www.gstatic.com www.google.com *.workable.com px.ads.linkedin.com static.ads-twitter.com snap.licdn.com widget.reviews.co.uk cdn.ampproject.org www.linkedin.com pro.ip-api.com bat.bing.com widget.trustpilot.com tagmanager.google.com tinymce.cachefly.net optimize.google.com js.maxmind.com z.moatads.com widget-prime.rafflecopter.com www.dwin1.com cdnjs.cloudflare.com/ajax/libs/rollbar.js/ optanon.blob.core.windows.net code.jquery.com *.onetrust.com *.cookielaw.org cdnjs.cloudflare.com *.bizographics.com geoip-js.com cdn.rollbar.com *.appointedd.com s3-eu-west-1.amazonaws.com; img-src data: blob: *; frame-src 'self' *.doubleclick.net www.facebook.com *.wistia.com *.wistia.net widget.reviews.co.uk *.twitter.com disqus.com *.addthis.com embedwistia-a.akamaihd.net www.youtube.com www.google.com *.disquscdn.com widget.trustpilot.com *.googletagmanager.com optimize.google.com widget-prime.rafflecopter.com *.appointedd.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' data: blob: fonts.googleapis.com *.disquscdn.com *.twitter.com *.twimg.com tagmanager.google.com hello.myfonts.net optimize.google.com; media-src 'self' blob: data: *.wistia.net embedwistia-a.akamaihd.net *.wistia.com; connect-src 'self' data: *.litix.io *.reviews.co.uk *.wistia.com *.wistia.net *.facebook.com *.addthis.com *.freeagent.com *.fre.ag *.google-analytics.com api.rollbar.com *.doubleclick.net embedwistia-a.akamaihd.net www.google.com *.adroll.com www.google.co.uk widget.trustpilot.com geoip-js.com geoip-js.maxmind.com geoip.maxmind.com *.crazyegg.com adservice.google.com *.cookielaw.org *.onetrust.com; object-src 'self' embedwistia-a.akamaihd.net; report-uri https://freeagent.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self'; upgrade-insecure-requests; referrer 'origin-when-cross-origin'; plugin-types 'none'; reflected-xss 'block' 2
default-src 'none'; child-src 'self' https://navigate.portofrotterdam.com blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://bam.nr-data.net https://hbr-hm-portmaps-service-prod.eu-gb.mybluemix.net https://api.mapbox.com https://theemswegtraceheadless.s3.amazonaws.com https://*.siteimprove.com https://api.eu.apiconnect.ibmcloud.com https://*.hotjar.com wss://*.hotjar.com https://gis.portofrotterdam.com https://*.arcgis.com https://services.arcgisonline.nl https://*.arcgisonline.com; media-src 'self' data:; object-src 'self' http://www.youku.com https://players.youku.com; img-src 'self' * data: blob:; style-src * 'unsafe-inline'; frame-src 'self' https://360vr-video.nl https://*.hotjar.com https://www.youtube.com https://www.google.com https://player.vimeo.com https://*.akamaihd.net https://shipinfo.dirkzwager.com http://vaarsnelheden.mx-systems.nl https://clients.skycap.com https://inlandlinks.cofano.nl https://portofrotterdam.maps.arcgis.com https://my2.siteimprove.com/overlay/cms/cmssite* https://fotopaulmartens.netcam.nl; font-src * data:; plugin-types application/pdf application/x-shockwave-flash; report-uri https://portofrotterdam.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' http://www.clarksusa.com/; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; style-src 'self' 'unsafe-inline' https: ; frame-ancestors 'self' https://masterhost.ru https://*.masterhost.ru http://webvisor.com http://*.mtproxy.yandex.net https://mc.yandex.ru; frame-src 'self' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; font-src 'self' https: ; img-src data: 'self' https: ; connect-src 'self' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; 2
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; frame-ancestors 'self' 2
frame-ancestors 'self' *.investec.com https://ng.secure.investec.com:8080; 2
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2
frame-ancestors 'self' *.samash.com *.ecofabric.com 2
default-src 'self' * 'unsafe-eval' 'unsafe-inline' data: filesystem: blob:; object-src *.cloudfront.net; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src * 2
frame-ancestors 'self'; report-uri /report-csp-violation 2
frame-ancestors 'self' helioshi.medixmob.com medix-portal.com 2
default-src 'none'; img-src 'self' data: https://matomo.localethereum.com https://matomo.localcryptos.com https://blog.localcryptos.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.localethereum.com https://matomo.localcryptos.com; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' data: https://api.localethereum.com https://api.localethereumapi.com https://localcryptosapi.com https://api.localcryptosapi.com https://proxy.api.localethereumapi.com https://api.localethereum.dev.michael.pub https://localethereum-user-blobs.s3.amazonaws.com https://mainnet.infura.io wss://bridge.walletconnect.org; font-src 'self' https://fonts.gstatic.com; media-src 'self'; frame-src https://localethereum.com https://localcryptos.com https://cn.localcryptos.com https://www.youtube.com https://widget.portis.io https://x2.fortmatic.com; frame-ancestors https://myethvault.com https://localcryptos.com https://cn.localcryptos.com; manifest-src 'self'; base-uri 'self'; form-action 'self' 2
frame-ancestors https://pay.amazon.com 2
frame-ancestors 'self' https://requests.routesonline.com 2
frame-ancestors 'self' *.image4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com 888casino.com 888poker.com 888casino.dk 888poker.dk 888casino.ro 888poker.ro 888casino.se 888poker.se 888casino.es 888poker.es 888casino.it 888poker.it 888casino.us 888poker.us *.triple8holdem.com cmsp; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' chat.searchengines.guru; script-src 'self' content.searchengines.guru search.searchengines.guru mc.yandex.ru 'unsafe-inline'; style-src searchengines.guru 'unsafe-inline'; img-src 'self' content.searchengines.guru chat.searchengines.guru blob: data:; media-src 'self' chat.searchengines.guru; font-src 'self'; connect-src 'self' content.searchengines.guru https://chat.searchengines.guru wss://chat.searchengines.guru; frame-src 'self' content.searchengines.guru www.youtube.com; frame-ancestors 'self'; object-src 'self' blob:; 2
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 2
frame-ancestors 'self'  http://*.impress.ly  http://*.dragndropbuilder.com  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com 2
default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; img-src *; media-src *; frame-src 'self' https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src blob:; child-src https: blob:; report-uri https://wunderio.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' *.promoplace.com; 2
frame-ancestors 'self' https://online.superoffice.com https://online2.superoffice.com https://royalqueenseedssp.inone.useinsider.com 2
frame-ancestors 'self'; object-src 'self'; report-to csp-endpoint; report-uri /csp; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.go-mpulse.net *.siftscience.com *.nxjimg.com *.corporateperks.com *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.perksatwork.com *.cloudflare.com *.zopim.com unpkg.com *.zdassets.com data: blob: *.tinymce.com *.partnerbookingkit.com *.forter.com *.rezserver.com *.fullstory.com *.jsdelivr.net *.datatables.net ; upgrade-insecure-requests; 2
frame-ancestors 'self' *.royalpanda.com *.rpaffiliates.com; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 2
object-src 'unsafe-inline' 2
frame-ancestors 'self' https://shop.santacruzbicycles.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ads-twitter.com *.adsrvr.org *.srv.stackadapt.com *.stackadapt.com *.fontawesome.com *.cookielaw.org *.jquery.com *.marketo.com *.marketo.net *.twimg.com *.onetrust.com *.driftt.com *.bing.com *.bootstrapcdn.com *.myfonts.net *.cloudflare.com *.callrail.com *.aspnetcdn.com *.vidyard.com *.ceridian.ca *.en25.com *.eloqua.com *.googletagmanager.com *.swiftypecdn.com *.google-analytics.com *.google.com *.google.ca *.licdn.com *.facebook.net *.terminus.services *.windows.net *.g2crowd.com *.adsrvr.org *.ads-twitter.com *.ads.linkedin.com *.twitter.com go.ceridian.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.marketo.com *.twitter.com *.bootstrapcdn.com fastcdn.org *.cloudflare.com optanon.blob.core.windows.net *.swiftypecdn.com go.ceridian.com; img-src * data:; font-src 'self' *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com; connect-src 'self' *.srv.stackadapt.com *.fontawesome.com *.cookielaw.org *.facebook.com *.marketo.com *.mktoresp.com *.eloqua.com *.swiftype.com *.ceridian.ca *.swiftypecdn.com *.callrail.com go.ceridian.com *.onetrust.com;  media-src * 'unsafe-inline'; frame-src 'self' *.facebook.com *.marketo.com *.twitter.com *.youtube.com *.driftt.com *.vidyard.com *.adsrvr.org  go.ceridian.com 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https:; object-src 'none';frame-ancestors 'self';form-action 'self' https://www.paypal.com; 2
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 2
script-src  * data:   'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: ; object-src 'self'; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://connect.facebook.net https://d2oh4tlt9mrke9.cloudfront.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://p.typekit.net https://service.maxymiser.net https://ssl.google-analytics.com https://tagmanager.google.com https://ws.sessioncam.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com;object-src https://*.avalonbay.com https://*.avaloncommunities.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://tagmanager.google.com https://use.typekit.net;img-src 'self' data: *.avaloncommunities.com *.avalonbay.com *.azureedge.net https://www.facebook.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://via.placeholder.com https://ws.sessioncam.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com;media-src 'none';frame-src 'self' *.avaloncommunities.com *.avalonbay.com https://*.doubleclick.net https://*.merchante-solutions.com https://service.maxymiser.net https://www.youtube.com;font-src data: *.avaloncommunities.com https://fonts.gstatic.com https://use.typekit.net;connect-src https://*.avalonbay.com https://*.avaloncommunities.com https://*.merchante-solutions.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.google-analytics.com;base-uri 'self';child-src 'self' https://*.avalonbay.com;form-action 'self';frame-ancestors 'none';plugin-types application/pdf;report-uri https://api.avalonbay.com/report/csp 2
frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 2
default-src *.whatuseek.com 'unsafe-inline'; frame-ancestors 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com/iframe_api https://s.ytimg.com/ https://sa.mygov.scot/; img-src 'self' https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com/ https://sa.mygov.scot/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com; object-src 'self'; report-uri /service/csp 2
default-src 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de 'unsafe-inline' 'unsafe-eval' 2
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 2
default-src https://www.zerobounce.net 'unsafe-inline' https://* www.zbapis.net; script-src https://www.zerobounce.net 'self' 'unsafe-eval' 'unsafe-inline' https://*; connect-src https://www.zerobounce.net https://* wss://* www.zbapis.net; style-src https://www.zerobounce.net 'unsafe-inline' https://* ; frame-src https://www.zerobounce.net 'self' https://* ; child-src https://www.zerobounce.net 'self' https://* ; worker-src https://www.zerobounce.net 'self' https://* ; font-src https://www.zerobounce.net data: https://* ; img-src https://www.zerobounce.net data: https://* ; object-src 'none' ; report-uri https://zerob.report-uri.com/r/d/csp/enforce 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://s.ytimg.com https://script.crazyegg.com https://dnn506yrbagrg.cloudfront.net https://planner-widget.goabout.com https://stats.g.doubleclick.net https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com https://www.gstatic.com https://track.adform.net https://blokks.co https://view.genial.ly https://*.cloudfront.net;style-src 'self' 'unsafe-inline' https://fast.fonts.net https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com https://*.cloudfront.net https://fonts.googleapis.com;img-src 'self' https://www.radboudumc.nl/getmedia https://www.test.radboudumc.nl/getmedia https://www.acc.radboudumc.nl/getmedia https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com https://static.genial.ly https://*.amazonaws.com;media-src 'self' https://static.genial.ly;frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://radboudumc-web.ungerboeck.com https://planner-widget.goabout.com https://www.google.com https://docs.google.com;font-src 'self' data: https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com https://*.cloudfront.net https://fonts.gstatic.com;connect-src 'self' https://parkinsonnetcrm--acc2018.lightning.force.com https://parkinsonnetcrm.lightning.force.com https://view.genial.ly;frame-ancestors 'self' https://bewerk.radboudumc.nl https://bewerk.parkinsonopmaat.nl https://bewerk.healthybrainstudy.nl https://bewerk.youngstroketoolbox.nl https://bewerk.netwerkic.nl https://bewerk.hematologie-wijzer.nl https://bewerk.test.radboudumc.nl https://bewerk.test.parkinsonopmaat.nl https://bewerk.test.healthybrainstudy.nl https://bewerk.test.youngstroketoolbox.nl https://bewerk.test.netwerkic.nl https://bewerk.test.hematologie-wijzer.nl https://bewerk.acc.radboudumc.nl https://bewerk.acc.parkinsonopmaat.nl https://bewerk.acc.healthybrainstudy.nl https://bewerk.acc.youngstroketoolbox.nl https://bewerk.acc.netwerkic.nl https://bewerk.acc.hematologie-wijzer.nl https://content.radboud.kentico.local https://bewerk.parkinsonopmaat.kentico.local https://bewerk.healthybrainstudy.kentico.local https://bewerk.youngstroketoolbox.kentico.local https://bewerk.hematologie-wijzer.kentico.local 2
child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.marketo.com *.omniture.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.googleapis.com *.gstatic.com *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.ampproject.org *.bing.com *.doubleclick.net *.dynad.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.marketo.com *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://bam.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com *.marketo.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 2
form-action 'self' https://go.pardot.com https://submit-irm.trustarc.com; 2
frame-ancestors 'self' https://www.endesaclientes.com 2
default-src 'none'; connect-src 'self' https://*.salemove.com wss://pubsub.salemove.com wss://kluster.salemove.com https://sdk.twilio.com wss://chunderw-vpc-gll.twilio.com https://eventgw.twilio.com https://www.bellco.org https://js.callrail.com https://n2.mouseflow.com https://s.yimg.com wss://mpsnare.iesnare.com wss://ci-mpsnare.iovation.com https://analytics.google.com https://stats.g.doubleclick.net https://files.bethpagefcu.com https://api.datatrac.net https://*/api/fraudforce/FraudForce/Post https://siteintercept.qualtrics.com https://*.nanorep.co https://performance.typekit.net https://bat.bing.com https://*.jotform.com https://*.jotfor.ms https://*.jotform.io https://*.jotform.us https://*.formstack.com https://*.hirevue.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://insight.adsrvr.org https://*.fontawesome.com https://apps.pcdgroup.com https://*.cloudflare.com https://*.jotform.com https://*.jotfor.ms https://*.jotform.io https://*.jotform.us https://*.formstack.com https://*.hirevue.com; frame-src 'self' https://*.doubleclick.net https://pixel-a.basis.net https://www.youtube.com https://pixel.sitescout.com https://*.locatorsearch.com https://pixel.mathtag.com https://insight.adsrvr.org https://*.cloudfront.net https://www.google.com https://www2.iraservicecenter.com https://calculators.bethpagefcu.com https://www.agentinsure.com https://fliphtml5.com https://vizi.vizirecruiter.com https://*.bellco.org https://*.jotform.com https://*.jotfor.ms https://*.jotform.io https://*.jotform.us https://*.formstack.com https://*.hirevue.com; frame-ancestors 'self'; img-src 'self' data: https://www.google.com https://bat.bing.com https://bs.serving-sys.com https://pixel-a.basis.net https://p.typekit.net https://*.siteimproveanalytics.io https://detectca.easysol.net https://www.facebook.com https://pixel.sitescout.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://ssiteid.t.eloqua.com https://uploads.salemove.com https://images.locatorsearch.com https://www.pages03.net https://pixel.mathtag.com https://track.hubspot.com https://*.jotform.com https://*.jotfor.ms https://*.jotform.io https://*.jotform.us https://*.formstack.com https://insight.adsrvr.org https://cs.choozle.com https://*.hirevue.com https://idsync.rlcdn.com; media-src data: https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com https://libs.salemove.com https://*.jotform.com https://*.jotfor.ms https://*.jotform.io https://*.jotform.us https://*.formstack.com https://*.hirevue.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.callrail.com https://*.salemove.com https://bat.bing.com https://cdn.mouseflow.com https://connect.facebook.net https://detectca.easysol.net https://googleads.g.doubleclick.net https://s.btstatic.com/tag.js https://s.yimg.com/wi/ytc.js https://siteimproveanalytics.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com/iframe_api https://files.bethpagefcu.com https://mpsnare.iesnare.com https://use.typekit.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://script.crazyegg.com https://sp.analytics.yahoo.com https://code.getmdl.io/1.3.0/material.min.js https://www.googleadservices.com https://img.en25.com/i/elqCfg.min.js https://s.thebrighttag.com https://s.ytimg.com https://ci-mpsnare.iovation.com https://js.callrail.com https://js.locatorsearch.com https://*.cloudflare.com https://*.cloudfront.net https://www.sc.pages03.net https://*.siteintercept.qualtrics.com https://pixel.mathtag.com https://browser.sentry-cdn.com https://*.nanorep.co https://www.gstatic.com https://s3.amazonaws.com/data.vizirecruiter.com/ https://*.fontawesome.com https://*.cudlautosmart.com https://nexus.ensighten.com https://*.jotform.com https://*.jotfor.ms https://*.jotform.io https://*.jotform.us https://*.formstack.com https://*.hirevue.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://libs.salemove.com https://code.getmdl.io/1.3.0/ https://cloud.typography.com https://*.fontawesome.com https://*.cloudflare.com https://*.jotform.com https://*.jotfor.ms https://*.jotform.io https://*.jotform.us https://*.formstack.com https://*.hirevue.com; 2
default-src 'none'; connect-src 'self' https://lookup.binlist.net https://o73885.ingest.sentry.io/api/5305032/store/ https://*.fastmailusercontent.com; img-src * data: blob: https://*.fastmailusercontent.com; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://api.pin.net.au https://api.stripe.com 'sha256-O4zpRyC3TuIOZvJWZ+T83EA3/31I3MHSu/H7dvAsM5s='; frame-src https://*.fastmailusercontent.com; child-src 'self' https://*.fastmailusercontent.com; worker-src 'self'; object-src 'self'; frame-ancestors 'none'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2
img-src * data: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net/ https://*.webvisor.com/ https://*.yandex.ru/  https://*.yandex.com/ https://*.tile.openstreetmap.org/ https://*.adroll.com/  https://*.gartner.com/ https://*.consensu.org/  https://*.google.com/ https://google.com/  https://www.youtube.com/ https://www.gstatic.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.googleapis.com/  https://www.htbridge.com/ https://portal.htbridge.com/ https://portal.immuniweb.com/ https://www.google-analytics.com/ https://certify-js.alexametrics.com/ https://certify.alexametrics.com/ https://stats.g.doubleclick.net/ https://snap.licdn.com/ https://*.facebook.com/ https://*.linkedin.com/ https://secure.adnxs.com/ https://*.sharethis.com/ https://*.addthis.com/ https://*.addthisedge.com/; block-all-mixed-content; report-uri https://www.immuniweb.com/csp/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com  services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com verify.sheerid.com services.sheerid.com platform.twitter.com;frame-ancestors;frame-src download.lumion.com verify.sheerid.com services.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com;object-src none; 2
default-src 'self' https://admin.df.eu/ https://analytics.aklamio.com https://*.ampproject.org https://*.lpsnmedia.net https://*.tealiumiq.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.omnitagjs.com https://*.adnxs.com https://*.aklamio.com https://*.doubleclick.net https://java.com https://optimizely.s3.amazonaws.com https://tags.tiqcdn.com https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://*.zemanta.com https://*.trustpilot.com https://*.aklamio.com https://img1.wsimg.com https://*.lpsnmedia.net https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://*.aklamio.com https://lo.tokenizer.liveperson.net https://pixel.bsmartdata.com https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net https://server.lon.liveperson.net/; 2
default-src 'self';               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://f1-eu.readspeaker.com  http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com;              style-src 'self' 'unsafe-inline' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com;              img-src 'self' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae maps.gstatic.com maps.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://cdn.simplecast.com data: blob: *.eloqua.com *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae;              font-src 'self' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com *.mktoresp.com https://api.simplecast.com https://cdn.simplecast.com;              media-src 'self' data: blob: *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae https://cdn.simplecast.com;               child-src 'self' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae https://platform.twitter.com/ https://syndication.twitter.com/ https://rashid.ae/ https://happinessmeter.dubai.gov.ae/ https://happinessmeterqa.dubai.gov.ae/ https://www.youtube.com/ https://player.vimeo.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com https://player.simplecast.com https://cdn.simplecast.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://os.mwscdn.io https://cdn-os.lyoness.tv https://fonts.googleapis.com https://id.cashbackworld.com; img-src 'self' https: data:; font-src 'self' data: https://os.mwscdn.io https://cdn-os.lyoness.tv https://fonts.gstatic.com https://maps.googleapis.com 2
object-src 'self'; 2
default-src 'self' https: *.fibi.co.il; connect-src 'self' https: *.fibi.co.il *.staging.fibi.co.il; style-src https: 'unsafe-inline'; child-src 'self' data: https: *.fibi.co.il *.staging.fibi.co.il https://usa-api.idomoo.com https://idoplayer.idomoo.com; img-src 'self' data: https: 'unsafe-inline' *.fibi.co.il *.staging.fibi.co.il; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.fibi.co.il *.bankotsar.co.il *.bankmassad.co.il *.pagi.co.il *.u-bank.net *.staging.fibi.co.il https://facebook.co.il https://google.co.il https://google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://googleadservices.com https://youtube.com https://facebook.com https://usa-api.idomoo.com https://idoplayer.idomoo.com 2
frame-ancestors 'self' https://pagesense.zoho.eu 2
connect-src 'self' https://api.github.com https://api.mypurecloud.ie https://googleads4.g.doubleclick.net wss://carrier-pigeon.mypurecloud.ie https://privacyportal.cookiepro.com https://app.altocloud.com https://*.pingdom.net https://*.twitter.com https://stats.g.doubleclick.net https://*.cludo.com https://*.bankofireland.com https://*.bsw-dev.net https://siteintercept.qualtrics.com https://www.google-analytics.com https://gmspri.boi.com 2
upgrade-insecure-requests; default-src 'self'; child-src * 2
frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 2
frame-ancestors 'self' my.bethelcollege.edu my.betheluniversity.edu; 2
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' data: *; font-src 'self' 'unsafe-inline' data: * 2
default-src 'self'; connect-src 'self'; font-src 'self' data:; img-src 'self' csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'unsafe-inline' 'self'; 2
default-src 'self'http://sdnats.com https://sdnats.com wss://sparnove.com wss://www.reasedoper.pw wss://www.nathetsof.com http://nathetsof.com https://nathetsof.com http://reasedoper.pw http://sparnove.com https://reasedoper.pw https://sparnove.com wss://gridiogrid.com http://gridiogrid.com https://gridiogrid.com https://ff-input.mxpnl.net http://reasedoper.pw https://reasedoper.pw https://ff-input.mxpnl.net https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src * data:;script-src http://sdnats.com https://sdnats.com http://nathetsof.com https://nathetsof.com http://gridiogrid.com https://gridiogrid.com http://rigaletto.info/ http://listat.org https://listat.org https://retukalone.pw/ https://static.reasedoper.pw http://static.reasedoper.pw http://html5shiv.googlecode.com http://prscripts.com/ http://*.smi2.net/ http://smi2.ru/ http://mediametrics.ru/ http://chat.krible.ru/ http://xml.zorkabiz.ru/ http://xml.zorkabiz.ru/ http://t.insigit.com/ http://kitbit.net/ http://front.facetz.net/ http://share.pluso.ru/ https://dl.metabar.ru/ http://azbns.com/  http://cdn.mobidea.com/ https://cdn.mobidea.com/ 'self' http://mytomatosoup.com/ http://utarget.ru/ https://*.metabar.ru/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://www.gridiogrid.com/ https://cdn.api.twitter.com/ https://vk.com/ https://retukalone.pw/ http://nathetsof.com https://nathetsof.com http://www.nathetsof.com https://www.nathetsof.com https://ff-input.mxpnl.net/ http://gridiogrid.com https://gridiogrid.com wss://gridiogrid.com https://static.reasedoper.pw/ wss://www.nathetsof.com wss://www.nathetsof.com wss://www.reasedoper.pw/ wss://sparnove.com https://sparnove.com https://sparnove.com http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com http://jsc.marketgid.com 2
frame-ancestors 'self' *.quattropod.com quattropod.com *.quattropod.com.cn quattropod.com.cn ezcast-pro.com 2
default-src https: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests; img-src https: data: 2
frame-ancestors https://*.zsxq.com 2
frame-ancestors 'self' https://portalzp.praha.eu http://portalzp.praha.eu; 2
frame-ancestors 'self' http://www.lipton.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
frame-ancestors 'self'; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com https://captcha.gecirtnotification.com  https://evidon.mgr.consensu.org  ; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data: https://evidon.mgr.consensu.org; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com  https://www.bhchannelconnect.com/ https://staging60.bhchannelconnect.com/  https://login.windows.net/'; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri /report-csp-violation 2
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.ensighten.com gateway.zscalertwo.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.rawgit.com *.tools.investis.com *.nexus.ensighten.com nexus.ensighten.com tagmanager.google.com gateway.zscalertwo.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.hs.llnwd.net; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com gateway.zscalertwo.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.antillephone.com vk.com onesignal.com *.onesignal.com *.cloudflare.com/ajax/libs/webcomponentsjs/ *.hybrid.ai *.ravenjs.com mc.yandex.ru yastatic.net *.gstatic.com glem.io *.google.com *.adroll.com *.adroll.mgr.consensu.org *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net js.gleam.io *.gleamjs.io *.youtube.com mc.yandex.ua mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.ru;img-src 'self' data: blob: static.wax.io *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.mx *.google.com.ua *.google.com.bd *.google.com.ph *.google.com.ua *.google.com.au *.google.com.ph *.google.com.tw *.google.com.ar *.google.com.pk *.google.com.tr *.google.com.eg *.google.com.co *.google.com.sg *.google.com.vn *.google.com.kh *.google.com.ec *.google.com.hk *.google.com.uy *.google.com.br *.google.co.kr *.google.co.in *.google.co.il *.google.co.ma *.google.co.ve *.google.co.th *.google.co.jp *.google.co.uk *.google.co.id *.google.co.za *.google.com *.google.ru *.google.dz *.google.ae *.google.rs *.google.cl *.google.ee *.google.be *.google.at *.google.gr *.google.sk *.google.fr *.google.am *.google.dk *.google.cz *.google.nl *.google.it *.google.ps *.google.fi *.google.cm *.google.mn *.google.az *.google.is *.google.iq *.google.de *.google.ch *.google.hr *.google.by *.google.ro *.google.kz *.google.pt *.google.no *.google.ge *.google.bg *.google.es *.google.lv *.google.hu *.google.se *.google.pl *.google.lt *.google.ca *.yandex.ru *.yandex.by crossmetrix.com *.linksynergy.com *.digitru.st *.targetix.net *.ytimg.com *.gleam.io *.gleamjs.io *.adform.net *.rubiconproject.com *.advertising.com *.3lift.com *.surfe.be surfe.pro *.pubmatic.com *.casalemedia.com *.outbrain.com *.yahoo.com *.rlcdn.com makesource.cool *.adroll.mgr.consensu.org *.adroll.com *.angsrvr.com pippio.com *.onesignal.com *.antillephone.com *.taboola.com mc.admetrica.ru *.teads.tv countmake.cool *.userapi.com *.opskins.media *.openx.net *.adnxs.com *.adriver.ru *.smartadserver.com *.siliconanalytics.com *.hybrid.ai *.weborama.fr *.1dmp.io *.aidata.io ad.mail.ru *.gravatar.com cardinaldata.net *.betweendigital.com *.bestssp.com *.admixer.net *.doubleclick.net *.facebook.com x.bidswitch.net i.btcoon.com a.23b4.ru *.yadro.ru promclickapp.biz *.capitaller.ru *.vk.com vk.com *.akamaihd.net *.steamstatic.com *.adorable.io d2lomvz2jrw9ac.cloudfront.net de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net tjh8gngtzf.execute-api.us-east-1.amazonaws.com;font-src 'self' data: *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' onesignal.com *.google.com *.googleapis.com;media-src 'self' de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net d2lomvz2jrw9ac.cloudfront.net;connect-src 'self' s3.amazonaws.com onesignal.com *.yandex.ru *.devfast.io *.webvisor.com *.webvisor.org *.mxpnl.net sentry.io google-analytics.com vk.com *.api4load.com *.adroll.com *.adroll.mgr.consensu.org *.googleapis.com *.doubleclick.net *.google-analytics.com *.demofast.ru *.csgofastbackend.com *.ajdfbkjab.ru wss://m.ajdfbkjab.ru wss://*.demofast.ru wss://*.csgofastbackend.com wss://*.devfast.io *.csgofast.com wss://*.csgofast.com *.csgofast123.com wss://*.csgofast123.com *.csgofast.tl wss://*.csgofast.tl *.csgocasino.ru wss://*.csgocasino.ru *.csgofast.ru wss://*.csgofast.ru *.dapubg.net wss://*.dapubg.net *.gojackpod.com wss://*.gojackpod.com *.rusgofast.ru wss://*.rusgofast.ru *.dapubg.com wss://*.dapubg.com *.csgofast4.com wss://*.csgofast4.com *.rucsgofast.ru wss://*.rucsgofast.ru *.pubgfast.com wss://*.pubgfast.com *.csgofastbackend.com wss://*.csgofastbackend.com *.cs2gofast.com wss://*.cs2gofast.com *.opdota2.com wss://*.opdota2.com *.demofast.ru wss://*.demofast.ru *.demogofast.com wss://*.demogofast.com *.csgetfast.com wss://*.csgetfast.com *.gainskins.com wss://*.gainskins.com *.casecsgo.com wss://*.casecsgo.com;frame-ancestors 'self' webvisor.com http://webvisor.com;frame-src blob: *.poggiplay.com *.yandex.ru *.webvisor.com *.webvisor.org skytraf.xyz *.facebook.com gleam.io *.gleamjs.io *.1dmp.io onesignal.com *.google.com *.youtube.com *.csgofastbackend.com *.gainskins.com slots-prod.csgofastbackend.com d1phhoo4f618zo.cloudfront.net *.csgofast.com *.csgofast123.com *.csgofast.tl *.csgocasino.ru *.csgofast.ru *.dapubg.net *.gojackpod.com *.rusgofast.ru *.dapubg.com *.csgofast4.com *.rucsgofast.ru *.pubgfast.com *.csgofastbackend.com *.cs2gofast.com *.opdota2.com *.demofast.ru *.demogofast.com *.csgetfast.com *.gainskins.com *.casecsgo.com;object-src 'none';report-uri //in.csgofast.com/csp; 2
default-src * 'unsafe-inline' data: 'unsafe-eval'; 2
frame-src 'self' http://onlinetestrunner.etadbir.com; frame-ancestors 'self' http://onlinetestrunner.etadbir.com; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com schools.education.gov.au; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' blob: https://*.map.qq.com ; connect-src 'self' https://*.mapbox.com https://*.tiles.mapbox.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.googlesyndication.com https://translate.googleapis.com https://*.parkopedia-ppds.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://*.fuelcdn.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.fontawesome.com https://*.tiles.mapbox.com https://*.gstatic.com https://unpkg.com;font-src 'self' 'unsafe-inline' chrome-extension data: https: https://*.fontawesome.com http://fonts.gstatic.com;img-src 'self' blob: data: https: http://p.parkopedia.com http://p.parkopedia.cn http://*.openstreetmap.org;frame-src 'self' https://*.g.doubleclick.net https://*.qq.com https://*.google.com https://*.stripe.com https://*.googlesyndication.com https://*.parkopedia.com https://*.parkopedia.com https://*.dcos.parkopedia.com https://*.localhost.com https://*.localhost.co.uk;object-src blob: data: https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.localhost.com https://*.parkopedia.com;report-uri https://csp.parkopedia.com/api/csppolicyreport/?apiver=23&cid=avalon_iu4ryufghgjrf 2
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 2
default-src 'self' https://f1.media.brightcove.com https://brightcove.hs.llnwd.net; script-src 'unsafe-inline' 'unsafe-eval' *.iff.com https://maps.google.com https://cdn.jsdelivr.net https://maps.googleapis.com https://www.youtube.com https://fs22.formsite.com https://s.ytimg.com/ https://bam.nr-data.net https://js-agent.newrelic.com http://ajax.googleapis.com https://ajax.googleapis.com *.investis.com http://www.google-analytics.com https://www.google-analytics.com viz.tools.investis.com; style-src 'unsafe-inline' *.iff.com https://s3.amazonaws.com *.investis.com viz.tools.investis.com https://fonts.googleapis.com; font-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://s3.amazonaws.com/ *.investis.com https://fonts.gstatic.com viz.tools.investis.com; img-src 'self' 'unsafe-inline' * data: www.w3.org; connect-src * 'unsafe-inline'; frame-src *; 2
frame-ancestors 'self' https://*.sweb.ru https://webvisor.com ; 2
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data:;font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:* https://maxcdn.bootstrapcdn.com:*;upgrade-insecure-requests;block-all-mixed-content;manifest-src 'self';object-src 'none'; 2
frame-ancestors awards.ratingruneta.ru uplab.uplab.digital 2
frame-ancestors https://*.trend.at http://*.trend.at; upgrade-insecure-requests; block-all-mixed-content 2
<policy> 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; frame-src https:; worker-src https: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data: blob:; manifest-src https:; form-action https:; block-all-mixed-content; upgrade-insecure-requests; report-uri https://classaction.report-uri.io/r/default/csp/enforce; 2
default-src * 'unsafe-inline' 'unsafe-eval' data:; media-src * blob:; child-src * blob:; report-uri /report-csp-violation 2
frame-ancestors 'self' api.sheetmusicdirect.com 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 2
frame-ancestors 'self' http://www.axe.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
worker-src 'self'; img-src * data:; connect-src *; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com  https://platform.twitter.com https://assets.mofoprod.net/static/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://assets.mofoprod.net/static/; media-src 'self' https://s3.amazonaws.com/mofo-assets/foundation/video/; frame-ancestors 'none'; frame-src 'self' https://www.youtube.com  https://s3.amazonaws.com/ask-mozilla/ https://auremoser.carto.com https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://devopstypeform.typeform.com; default-src 'none'; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://assets.mofoprod.net/static/ https://embed.typeform.com 2
default-src 'self' *.studio  *.hotjar.io  *.arena.im/  *.gstatic.com  in.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: edit.co.uk *.cookiebot.com *.allinleeds.com *.googleadservices.com giphy.com www.google-analytics.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com stats.g.doubleclick.net googleadservices.com px.ads.linkedin.com static.ads-twiter.com facebook.com googleads.g.doubleclick.net t.co google.com googletagmanager.com hotjar.com *.hotjar.com snap.licdn.com *.twitter.com platform.twitter.com analytics.twitter.com connect.facebook.net apis.google.com; img-src * data:; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.allinleeds.com *.vimeo.com giphy.com latex.codecogs.com platform.twitter.com; font-src 'self' *.gstatic.com  data:; frame-src 'self' *.studio  https://public.flourish.studio  www.youtube.com *.vimeo.com *.cookiebot.com www.facebook.com *.facebook.com *.hotjar.com *.allinleeds.com giphy.com platform.twitter.com syndication.twitter.com; 2
script-src * 'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; connect-src 'self'; font-src *; frame-src 'self' apps.afca.org.au hcm613.peoplestreme.net www.google.com www.youtube.com docs.google.com service02.afca.org.au; img-src * data:; media-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; frame-ancestors 'self' stagingsecure.afca.org.au secure.afca.org.au 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
default-src 'self'; font-src data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com; frame-src https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://snap.licdn.com; 2
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.nyra.com https://nyra.com https://*.nyrabets.com 'self' https://nyrabets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.test02-nyrabets.com https://test02-nyrabets.com https://*.gbe.global https://gbe.global; 2
frame-ancestors *.mama.webvole.com 2
frame-ancestors 'self' *.cinradio.org:* *.wvxu.org:* *.wguc.org:*; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  media-src * blob: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors  oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca  *.virginmobile.ca  *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca 2
frame-src 'self' https://*.vidyard.com https://*.infogr.am https://*.youtu.be https://*.youtube.com https://*.akamaihd.net https://*.unibuddy.co https://*.google.com https://*.hubspot.com https://*.googlevideo.com https://*.facebook.com https://*.linkedin.com https://*.twitter.com https://*.inspectlet.com https://*.hotjar.com https://vidyard.com https://infogr.am https://youtu.be https://youtube.com https://akamaihd.net https://unibuddy.co https://google.com https://hubspot.com https://googlevideo.com https://facebook.com https://linkedin.com https://twitter.com https://inspectlet.com https://hotjar.com https://googletagmanager.com http://zendesk.com https://*.googletagmanager.com https://*.ehl.edu https://*.adskom.com https://*.doubleclick.net https://*.hs-analytics.net https://*.infogram.com https://infogram.com https://wwwwebapi.ehl.edu 2
frame-ancestors   https://portal.punchout2go.com https://qa-portal.punchout2go.com https://dev-portal.punchout2go.com 2
frame-ancestors 'self' *.promod.fr *.promod.com *.promod.de *.promod.pl *.promod.it *.promod.ch *.promod.cz *.promod.es *.promod.co.uk *.promod.eu *.promod.hu *.wonderpush.com 2
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ 2
frame-ancestors 'self' http://www.growingio.com https://www.growingio.com 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' http://www.iffas.org; 2
frame-ancestors https://accounts.cft.ru 2
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.co https://manganime.id https://manganime.in 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /en-us/report-csp-violation 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https: wss: 2
frame-ancestors https://*.zscloud.net 'self' macom.com *.macom.com smrtsrc.com *.smrtsrc.com jahia-macpd-03.smartsource.local jahia-macpd-04.smartsource.local jahia-mactd-01.smartsource.local jahia-macdd-01.smartsource.local 2
frame-ancestors *.ia.ca *.inalco.com *.ia.iafg.net 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 2
default-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au; script-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au media.twiliocdn.com; style-src 'self' 'unsafe-inline' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.googleapis.com tagmanager.google.com ui.chatbot.digital.vic.gov.au fast.fonts.net; img-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.g.doubleclick.net www.google.com *.google.com *.google.com.au *.hotjar.com *.hotjar.io wss://*.hotjar.com api.mapbox.com *.gstatic.com vic-bot.netlify.app secure.adnxs.com www.facebook.com i.ytimg.com www.google.com.eg www.google.com.co www.google.ie www.google.com.br www.google.co.jpwww.google.gr www.google.co.za www.google.co.uk www.google.com.mx www.google.com.na www.google.it www.google.rs www.google.com.sg www.google.co.id www.googletagmanager.com www.google.com.tr www.google.com.pk www.google.nl www.google.lk www.google.hr www.google.fr www.google.com.bo www.google.com.co www.google.com.om www.google.com.ua; font-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com; frame-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com www.vic.gov.au *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com *.vic.gov.au macuport.com dhhs.carto.com; connect-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.elastic.sdp.vic.gov.au *.hotjar.io *.google-analytics.com *.g.doubleclick.net api.ipify.org *.myvictoria.vic.gov.au *.api.mapbox.com discover.data.vic.gov.au drwgdblqzrfiz.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au iam.twilio.com tsock.us1.twilio.com flex-api.twilio.com tsock.us1.twilio.com wss://tsock.us1.twilio.com www.facebook.com www.google.com; frame-ancestors 'self' *.lagoon.vicsdp.amazee.io *.vic.gov.au;report-uri https://sdpops.report-uri.com/r/d/csp/enforce; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ https://*.twitter.com/ http://*.twitter.com/ http://*.amazon.com/ https://maps.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://sadmin.brightcove.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.twimg.com;object-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com http://brightcove.vo.llnwd.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css http://*.amazon.com/ https://fonts.googleapis.com/css https://*.twitter.com/ http://*.twitter.com/ https://*.twimg.com;img-src 'self' https://*.twitter.com/ https://*.twimg.com http://*.amazon.com/ http://*.twitter.com/ http://*.google-analytics.com data: https://maps.googleapis.com https://*.gstatic.com/ http://*.gravatar.com/ http://umbraco.tv/media;media-src 'none';frame-src 'self' https://secure.brightcove.com https://www.youtube.com/embed/ http://www.youtube.com/embed/ https://syndication.twitter.com https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://players.brightcove.net;font-src 'self' fonts.gstatic.com/s/;connect-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com;report-uri /WebResource.axd?cspReport=true 2
default-src 'self'; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://www.googletagmanager.com https://*.licdn.com; object-src 'self'; style-src 'self' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io 'unsafe-inline'; img-src *; media-src *; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com; frame-ancestors 'none'; font-src * data:; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg; 2
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 2
script-src 'unsafe-eval' 'self' wss://*.zopim.com *.youku.com v.qq.com  *.hays.com *.vimeo.com *.akamaized.net *.googleadservices.com  consent-pref.trustarc.com consent-st.trustarc.com consent.trustarc.com prefmgr-cookie.truste-svc.ne *.google-analytics.com *.googleapis.com *.google.com *.optimizely.com *.googletagmanager.com *.typography.com *.hays.co.uk *.youtube.com *.nccgroup-webperf.com *.slideshare.net *.linkedin.com *.gstatic.com *.crazyegg.com *.hotjar.com *.zopim.com *.soundcloud.com *.igodigital.com *.twitter.com *.facebook.net *.facebook.com *.bit.ly *.zopim.io 'unsafe-inline'; font-src *.zopim.com 'self' data: 2
frame-ancestors https://*.isracard.co.il https://*.americanexpress.co.il https://*.netapoz.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.inbenta.chat:* wss://*.inbenta.io:* wss://*.inbenta.com:* http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.google.com.mx http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://youtu.be http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.inbenta.chat:* http://*.inbenta.io:* http://*.inbenta.com:* http://*.go-mpulse.net http://*.akstat.io http://*.akamaihd.net http://cdn-akamai.mookie1.com http://*.userway.org http://claro.speedtestcustom.com http://*.clarovideo.net http://*.claromusica.com https://*.hotjar.com:* https://*.hotjar.io https://tags.tiqcdn.com/* https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.com.mx https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.inbenta.chat:* https://*.inbenta.io:* https://*.inbenta.com:* https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://cdn-akamai.mookie1.com https://*.userway.org https://claro.speedtestcustom.com https://*.clarovideo.net https://*.claromusica.com; media-src mediastream:; 2
default-src 'self' www.aptiv.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.aptiv.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cookie-cdn.cookiepro.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net snap.licdn.com  px.ads.linkedin.com *.vimeo.com cdnjs.cloudflare.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' www.aptiv.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cookie-cdn.cookiepro.com  cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; font-src 'self'  www.aptiv.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com data:; img-src 'self' www.aptiv.com aptiv.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com www.google.com googletagmanager.com  px.ads.linkedin.com p.adsymptotic.com connect.facebook.com connect.facebook.net i.vimeocdn.com aptivtest.azurewebsites.net; media-src 'self' data: blob: www.aptiv.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com  8239591.fls.doubleclick.net storage.net-fs.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com www.facebook.com; 2
connect-src 'self' *.company-target.com *.doubleclick.net *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io *.mrpfd.com; default-src 'none'; font-src 'self' data: *.healthcatalyst.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.slidesharecdn.com; frame-src 'self' *.healthcatalyst.com *.addtoany.com *.bootstrapcdn.com hcdatascienceservices.com *.hotjar.com *.myworkdayjobs.com *.pardot.com *.youtube.com *.slideshare.net; img-src 'self'  data: *.healthcatalyst.com *.6sc.co *.bidr.io *.bizible.com *.company-target.com *.doubleclick.net *.facebook.com *.google.com *.google.pt *.google-analytics.com *.googletagmanager.com *.glassdoor.com *.gravatar.com *.linkedin.com *.publishthis.com t.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.healthcatalyst.com *.6sc.co *.addtoany.com *.ads-twitter.com *.bizible.com *.bizographics.com *.demandbase.com *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.jsdelivr.net *.licdn.com *.mrpfd.com *.youtube.com *.ytimg.com *.pardot.com polyfill.io *.twitter.com; style-src 'self' 'unsafe-inline' *.healthcatalyst.com *.bootstrapcdn.com *.googleapis.com; base-uri ; frame-ancestors 'self'; block-all-mixed-content; require-sri-for script style; upgrade-insecure-requests; 2
default-src 'self' data: 'unsafe-inline' *; 2
frame-ancestors 'self' http://tags2.adshell.net http://clk.sportstream.live 2
frame-ancestors 'self' *.veepee.be  *.veepee.nl *.veepee.lu 2
default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * ; object-src * ; child-src * ; frame-src * ; worker-src * ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 2
frame-ancestors 'self' https://www.bharatpetroleum.com https://*.bpcl.in 2
default-src 'self' data: blob: *.calibra.com *.novi.com *.fbcdn.net *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';block-all-mixed-content;upgrade-insecure-requests; 2
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' https://*.boditrax.com/; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdn.nanigans.com https://api.nanigans.com https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://acdn.adnxs.com/dmp/up/pixie.js https://s.pinimg.com/ct/core.js https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com/lib/1295-v1.js https://admin.relay42.com/external/tags-1295/ https://tdn.r42tag.com/tags-1295/ https://t.svtrd.com/t-1295/ https://admin.relay42.com/external/tagmanagement/debugWindow https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://optimize.google.com https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://optimize.google.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.50.0/mapbox-gl.css;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com;media-src 'self' data: https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://optimize.google.com https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com https://cdn.bluebillywig.com/fonts/;connect-src 'self' *.eneco.nl https://www.google-analytics.com *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com/events/v2 https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 2
frame-ancestors *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.insipio.com *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.t-d.se; 2
frame-ancestors http://ignite-author-qa.bhhs.com https://ignite-author-qa.bhhs.com http://ignite-author-staging.bhhs.com https://ignite-author-staging.bhhs.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://bodrumarchlib.blob.core.windows.net https://cdn.plyr.io/ https://www.youtube.com https://s.ytimg.com/ https://www.googletagmanager.com https://istatistik.kultur.gov.tr https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://apis.google.com/ http://www.geoplugin.net 2
default-src 'self' data: ;         script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com *.salesloft.com  *.adroll.com *.cloudfront.net maps.googleapis.com d.adroll.mgr.consensu.org https://optimize.google.com *.licdn.com *.fullstory.com fullstory.com js.hs-banner.com;         img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com;         connect-src * 'self' data: *.hubspot.com https://optimize.google.com;         frame-src 'self' data: player.vimeo.com js.driftt.com learn.qualia.com www.youtube.com qualia.daily.co https://optimize.google.com https://cdn2.hubspot.net;        style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com https://optimize.google.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com;         media-src 'self' data: www.qualia.com;         object-src 'none';         upgrade-insecure-requests 2
object-src 'self' *; 2
default-src 'unsafe-inline' https:; img-src data: https: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/charts/ 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data: 2
default-src * https:; script-src 'unsafe-eval' 'unsafe-inline' blob: https:; style-src 'unsafe-inline' https:; img-src data: https:; font-src data: https:; connect-src https: wss://ws5.hotjar.com/; media-src * blob:; 2
frame-ancestors 'self';upgrade-insecure-requests 2
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 2
frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 2
default-src * 'unsafe-inline' data: blob: 'unsafe-inline' 'unsafe-eval' 2
-Report-Only '/some-report-uri'; 2
default-src 'self' https://bam.nr-data.net https://www.google-analytics.com https://*.hotjar.io https://*.hotjar.com https://www.youtube.com https://viz.tools.investis.com https://edge.api.brightcove.com; img-src 'self' https://www.google.co.in https://www.google.com https://stats.g.doubleclick.net https://viz.tools.investis.com https://*.gstatic.com https://tagmanager.google.com https://www.googletagmanager.com https://i.ytimg.com https://www.google-analytics.com; frame-src 'self' https://www.google.com https://player.vimeo.com https://otp.tools.investis.com https://irs.tools.investis.com https://www.youtube.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://fonts.googleapis.com https://viz.tools.investis.com; font-src 'self' https://tagmanager.google.com https://viz.tools.investis.com https://fonts.gstatic.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://bam.nr-data.net https://js-agent.newrelic.com https://tagmanager.google.com https://*.googleapis.com https://cdn.jsdelivr.net https://www.google-analytics.com https://viz.tools.investis.com https://*.hotjar.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com; 2
default-src *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com code.jquery.com ajax.googleapis.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com storage.googleapis.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com translate.googleapis.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com www.gstatic.com *.interactions.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com www.gstatic.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; font-src 'self' data: *.typekit.net fonts.gstatic.com fonts.googleapis.com storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io www.google-analytics.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se *.googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com translate.google.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com tagmanager.google.com ssl.gstatic.com translate.googleapis.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com commondatastorage.googleapis.com i.ytimg.com dl.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com gateway.zscloud.net optimize.google.com *.lfeeder.com *.leadfeeder.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com www.google-analytics.com stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com tagmanager.google.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com api.giosg.com *.typekit.net *.interactions.giosgusercontent.com wss://www.upm.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com dl.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com optimize.google.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com tools.eurolandir.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 2
frame-ancestors whitelabel.camspower.com wlbackoffice3.xcams.com 2
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com *.hotjar.com; img-src * data: blob:, connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.algolianet.com *.algolia.net  , object-src 'self', frame-ancestors 'self', base-uri https://www.upp.photo/, form-action 'self' https://netanswer.rpxnow.com https://www.paristech-alumni.org https://www.wats4u.com http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org  2
default-src 'self'; img-src * 'unsafe-inline' data:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; script-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; connect-src * 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' https: data: *.able-group.de *.ferchau.com                                         *.mapbox.com *.pubmatic.com *.criteo.net *.criteo.com *.doubleclick.net                                         www.google-analytics.com www.googletagmanager.com *.youtube.com *.facebook.com                                         *.fbcdn.net *.googleusercontent.com *.twitter.com *.twimg.com                                         wss://www.ferchau.com wss://ferchau-test.able-plattform.de;                                         frame-ancestors *.facebook.com hnitbjoerg.able-group.de                                         hnitbjoerg-live.able-plattform.de hnitbjoerg-test.able-plattform.de; 2
frame-ancestors 'self' http://webvisor.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: com-vonq-main.collector.snplow.net *.cloudfront.net *.bootstrapcdn.com *.nuffic.nl *.clickdimensions.com *.maphub.net *.force.com *.thehagueuniversity.com *.dehaagsehogeschool.nl *.dehaagsehogeschool.nl.local *.dehaagsehogeschool.nl.dev *.hhs.local *.thuas.local *.youtube.com *.ytimg.com *.fbcdn.net *.cdninstagram.com *.instagram.com *.facebook.net *.facebook.com *.twitter.com *.linkedin.com *.hotjar.io *.hotjar.com *.doubleclick.net *.googleadservices.com *.google.com *.google.nl *.cookiebot.com *.jsdelivr.net *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.youtube-nocookie.com *.twimg.com *.azureedge.net *.svc.dynamics.com; object-src 'self'; 2
default-src 'self' * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com data:;connect-src 'self' blob: *.bg.co.uk *.wgp-bgs.co.uk *.birdguides.com *.birdguides-cdn.com https://vimeo.com https://api.raygun.io https://apikeys.civiccomputing.com https://clapi.civiccomputing.com ws://am.freshrelevance.com http://am.freshrelevance.com *.traveldesk.io *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com *.g.doubleclick.net;base-uri 'self' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self'; 2
form-action 'self' https://coworkingresources.org https://*.coworkingresources.org https://getkisi.com https://*.getkisi.com https://*.netlify.com https://*.netlify.app https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://a.optmnstr.com https://a.quora.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://d.adroll.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com https://s.adroll.com https://ssl.google-analytics.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com 2
frame-ancestors https://www.milanomalpensa-airport.com https://www.milanolinate-airport.com https://external.airport.ai 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https: twitter:; frame-ancestors http: https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval'  https:; worker-src 'self' blob:; child-src 'self' blob:;  style-src 'unsafe-inline' https:; 2
default-src 'self' *.projects-abroad.net ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com www.google-analytics.com www.gstatic.com fonts.gstatic.com connect.facebook.net www.googletagmanager.com cdn.cookielaw.org www.googleadservices.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com js.hs-scripts.com js.hscta.net js.hsforms.net forms.hsforms.com js.hs-analytics.net cta-service-cms2.hubspot.com d10lpsik1i8c69.cloudfront.net code.jquery.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdnjs.cloudflare.com native.testing.equest.com www.google.com *.docusign.net www.youtube.com youtu.be player.vimeo.com docs.google.com 'unsafe-inline' 'unsafe-eval' data: font;frame-src 'self' www.google.com www.youtube.com www.facebook.com staticxx.facebook.com orangehrm.orangehrm.com vars.hotjar.com bid.g.doubleclick.net forms.hsforms.com native.testing.equest.com *.amazonaws.com;connect-src 'self' *.orangehrm.com www.google-analytics.com settings.luckyorange.net vc.hotjar.com vc.hotjar.io in.hotjar.com;worker-src blob: 'self';img-src * 'self' www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: blob: 2
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://cdn.useproof.com https://airswap.io https://*.airswap.io https://api.mixpanel.com https://*.googletagmanager.com https://ethgasstation.info https://*.google-analytics.com https://storage.googleapis https://widget.intercom.io https://*.sendwyre.com https://js.intercomcdn.com https://*.hotjar.com https://*.walletlink.org https://dexindex.io; style-src 'self' 'unsafe-inline' data: https://airswap.io https://*.airswap.io https://fonts.googleapis.com blob: https://widget.intercom.io https://*.typekit.net; img-src * data:; font-src * data:; connect-src *; object-src *; frame-src https://cdn.useproof.com https://verify.testwyre.com https://verify.sendwyre.com https://vars.hotjar.com https://widget.portis.io https://*.datadoghq.com https://dexindex.io https://*.walletlink.org https://*.fortmatic.com; manifest-src 'self' https://airswap.io https://*.airswap.io; report-uri https://ciso.report-uri.com/r/d/csp/enforce; report-to csp-enforce; 2
frame-ancestors 'self' https://*.bigbrotherawards.nl 2
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 2
default-src https: 'unsafe-inline' 'self' data: 'unsafe-eval' 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; default-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https: *.addthis.com; connect-src 'self' https: ws: *.addthis.com 2
frame-ancestors 'self' https://www.we-online.de https://www.we-online.com https://www.we-online.fr 2
connect-src * 2
default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com; connect-src 'self' *.ewe.de global.sitesearch360.com; img-src 'self' *.ewe.de *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de; font-src 'self' fonts.gstatic.com *.ewe.de; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com *.ewe.de; media-src data.ewe.de; 2
default-src 'self' mailto: https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.addthis.com/ https://optimize.google.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com http://localhost:50029 https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://maps.googleapis.com https://ajax.googleapis.com http://ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com stats.g.doubleclick.net https://angular-ui.github.io https://sjs.bizographics.com https://snap.licdn.com https://px.ads.linkedin.com https://siteimproveanalytics.com/ https://policy.cookiereports.com/ https://connect.facebook.net https://*.twitter.com https://www.googleadservices.com/pagead/conversion_async.js https://v1.addthisedge.com https://v1.addthis.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com https://*.youtube.com https://s.ytimg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://cdnjs.cloudflare.com https://*.twitter.com; img-src 'self' https://www.googletagmanager.com https://gowlingwlg.com *.google.com https://www.google.co.uk http://*.twimg.com https://*.twimg.com https://www.google.ca/ https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://us2.siteimprove.com stats.g.doubleclick.net data: https://*.twitter.com https://www.facebook.com https://px.ads.linkedin.com https://61281065.global.siteimproveanalytics.io https://p.adsymptotic.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; connect-src 'self' http://localhost:50029; report-uri /WebResource.axd?cspReport=true https://m.addthis.com; frame-src 'self' https://mozbar.moz.com/ https://edge.addthis.com/ https://optimize.google.com s7.addthis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.media-server.com https://*.slideshare.net https://*.vuturevx.com https://*.gowlingwlg.com https://cdn.yoshki.com/ https://w.soundcloud.com/ https://html5-player.libsyn.com https://player.vimeo.com https://*.twitter.com https://twitter.com https://www.google.com; media-src 'self' https://*.gowlingwlg.com http://*.libsyn.com 2
frame-ancestors 'self' *.pickupflowers.com; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 2
frame-ancestors 'self' https://s.salecycle.com https://vodafoneromania.demdex.net https://vars.hotjar.com https://c1.adform.net 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; 2
default-src 'self' polska.pl;frame-src 'self' www.youtube.com www.flickr.com; style-src  'unsafe-inline' 'self' ;object-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; script-src  www.google-analytics.com  maps-api-ssl.google.com maps.googleapis.com 'self' 'sha256-hSKFpkCaj1fog8/oqTGSt73LiPQHQ6PlNdS1BvIisYI=' 'sha256-3EZfXh3VS4fiZSZk7hoFtQsV0SUGRnA2D8qYVKOVbDk=' 'sha256-8290JQd/ST+MhN5OI6dR/+ppjuu/6B7WqyH60ZoTQvc=' 'unsafe-eval' ;img-src  http://polska.pl/ *.google-analytics.com maps.gstatic.com  'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com *.cookiebot.com *.googletagmanager.com https://api.swiftype.com *.tagmanager.google.com https://www.googleadservices.com/ https://tag.simpli.fi/ googleads.g.doubleclick.net *.qualtrics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' *.qualtrics.com maps.gstatic.com maps.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.g.doubleclick.net *.google.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.qualtrics.com; media-src 'self' data: blob:; child-src 'self' https://www.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com consentcdn.cookiebot.com bid.g.doubleclick.net; 2
script-src 'unsafe-inline' 'unsafe-eval' * data: 2
default-src 'self' data: https: 'unsafe-eval' 'unsafe-inline'; 2
frame-ancestors 'self' http://localhost http://dev-elementaldiets.pantheonsite.io http://elementaldiets.com https://elementaldiets.com 2
frame-ancestors 'self' http://*.vseigru.net http://vseigru.net 2
frame-ancestors 'self' http://www.degreedeodorant.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
img-src: 'self'; style-src: 'self'; script-src: 'self' www.google-analytics.com translate.google.com ajax.googleapis.com; font-src: 'self' fonts.googleapis.com; 2
frame-ancestors 'self' apply.v12finance.com 2
default-src 'self'; media-src 'self' 203.122.51.205 newsonair.nic.in airworldservice.org *.akamaihd.net *.akamaihd-staging.net blob: ; connect-src 'self' *.akamaihd.net *.akamaihd-staging.net ; script-src 'self' 'unsafe-inline' ssl.p.jwpcdn.com www.google-analytics.com ajax.googleapis.com googletagmanager.com content.jwplatform.com platform.twitter.com cdn.syndication.twimg.com maxcdn.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googleapis.com minisrclink.cool public.tableau.com connect.facebook.net ssl.p.jwpcdn.com; img-src * data: *; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com *.w3.org cdnjs.cloudflare.com *.googleapis.com use.fontawesome.com; frame-src 'self' *.twitter.com g.jwpsrv.com public.tableau.com *.google.com *.youtube.com *.facebook.com; font-src 'self' use.fontawesome.com ssl.p.jwpcdn.com cdnjs.cloudflare.com fonts.gstatic.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' about: https://goodwin.photoshelter.com https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net http://cdnjs.cloudflare.com http://us1.siteimprove.com https://p.typekit.net https://fonts.gstatic.com https://siteimproveanalytics.com https://view.ceros.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com photoshelter.com https://player.vimeo.com/; 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 2
frame-src https://secure.livechatinc.com/ https://metroonlinepk.firebaseapp.com/ https://metro-online-web.firebaseapp.com/ https://app.adfilius.com/ https://bid.g.doubleclick.net/ 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
default-src=self 2
connect-src 'self'       https://www.google-analytics.com       https://open.http.mp.streamamg.com     *.schema.org   *.streamamg.com  https://cf.vod.mp.streamamg.com        http://www.aragontelevision.es       *.twitch.tv    *.cloudfront.net       *.yourcommunify.com       yourcommunify.com        *.google-analytics.com;              default-src *.realsociedad.com       *.realsociedad.eus       blob:       'self';              style-src 'self' 'unsafe-inline'     *.schema.org *.streamamg.com  *.cloudfront.net       *.googleapis.com;              img-src 'self'     *.schema.org     *.streamamg.com     http://placehold.it        https://twitter.github.io        https://stats.g.doubleclick.net/        https://www.google.com        https://www.facebook.com/        https://www.google.es        http://realsociedadcdnpre.barrabes.biz                       https://cdn.realsociedad.eus        https://cdntienda.realsociedad.eus                       https://cdntienda.realsociedad.com                        http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com        *.cloudfront.net         *.vimeo.com              https://img.youtube.com    *.genial.ly    *.azureedge.net        *.google-analytics.com        https://cdn.realsociedad.com        data:    *.schema.org *.streamamg.com    https://maps.googleapis.com        https://open.http.mp.streamamg.com        https://cdn.bleacherreport.net/        *.w55c.net         *.gstatic.com;              media-src 'self'               *.schema.org *.streamamg.com         https://cdn.realsociedad.eus                        https://cdntienda.realsociedad.com        https://cdntienda.realsociedad.eus                              http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com         *.vimeo.com     *.genial.ly         https://img.youtube.com        http://www.aragontelevision.es        *.twimg.com;              font-src 'self'    *.schema.org *.streamamg.com   https://open.http.mp.streamamg.com       *.gstatic.com;               script-src 'self'                          'unsafe-inline'        https://stats.mp.streamamg.com       http://open.http.mp.streamamg.com                         https://www.realsociedad.com       https://www.realsociedad.eus                         https://www.googletagmanager.com                          http://www.google-analytics.com       https://ssl.google-analytics.com       'unsafe-eval'  *.vimeo.com   *.genial.ly  https://www.youtube.com     *.twitch.tv     https://connect.facebook.net       *.ytimg.com       *.cloudfront.net       *.w55c.net        *.hspvst.com       *.yourcommunify.com       yourcommunify.com       https://maps.googleapis.com;    object-src https://www.realsociedad.eus                          https://fundazioa.realsociedad.eus;    frame-src *.realsociedad.com        *.realsociedad.eus        *.cloudfront.net       *.yourcommunify.com       yourcommunify.com   *.vimeo.com  *.genial.ly   http://www.youtube.com       https://www.youtube.com       https://connect.facebook.net       https://www.facebook.com       https://open.http.mp.streamamg.com/       https://www.eitb.eus       https://www.aragontelevision.es       http://www.aragontelevision.es      *.twitch.tv    *.powerbi.com *.flipsnack.com; 2
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 2
default-src 'self' *.persistent.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://match.prod.bidr.io/  https://d26x5ounzdjojj.cloudfront.net/ https://plugins.eventable.com/ https://www.recaptcha.net/  https://add.eventable.com  https://twitter.com/ https://script.hotjar.com https://static.hotjar.com/ https://maxcdn.bootstrapcdn.com/ https://dn1f1hmdujj40.cloudfront.net  https://tagmanager.google.com https://googleads.g.doubleclick.net  https://www.google-analytics.com  https://www.googleadservices.com/ https://geolocation.onetrust.com https://cookiepro.blob.core.windows.net https://code.jquery.com https://pi.pardot.com/ https://go.persistent.com  http://www.persistent.com https://www.google.com/ https://www.gstatic.com  https://analytics.twitter.com https://t.co  https://px.ads.linkedin.com  https://snap.licdn.com https://static.ads-twitter.com/ https://optanon.blob.core.windows.net  https://web-analytics.engagio.com/  https://platform.twitter.com/ https://cdn.syndication.twimg.com  https://s.ytimg.com  https://www.youtube.com/ https://connect.facebook.net/ https://www.linkedin.com https://www.googletagmanager.com https://d3afnetdjufmcb.cloudfront.net/ https://cdn.syndication.twimg.co https://ajax.googleapis.com; style-src 'self' https://tagmanager.google.com https://googleads.g.doubleclick.net https://fonts.googleapis.com  https://cookiepro.blob.core.windows.net https://use.fontawesome.com http://www.persistent.com  https://optanon.blob.core.windows.net  https://fonts.googleapis.com/css 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://d3afnetdjufmcb.cloudfront.net/ https://*.twitter.com https://*.twimg.com;font-src 'self' https://script.hotjar.com  https://www.google-analytics.com https://use.fontawesome.com https://d3afnetdjufmcb.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;frame-src 'self' https://accounts.google.com/ http://cal.events https://outlook.live.com/ https://login.yahoo.com/ https://calendar.yahoo.com/  https://calendar.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://add.eventable.com/ https://vars.hotjar.com/ http://go.persistent.com/  https://bid.g.doubleclick.net/ http://get.adobe.com/  https://web.facebook.com/ https://www.google.com/  https://player.vimeo.com/ https://*.twitter.com/ https://player.zype.com/ https://connect.facebook.net/ https://www.facebook.com/ https://staticxx.facebook.com https://ebooks.persistent.com/ *.persistent.com https://www.youtube.com/ https://www.linkedin.com/ ; img-src 'self' https://plugins.eventable.com/ https://add.eventable.com/  https://p.adsymptotic.com https://content.persistent.com https://px.ads.linkedin.com https://www.google.com https://www.google.co.in  https://ssl.gstatic.com https://www.gstatic.com https://cookiepro.blob.core.windows.net  http://www.persistent.com https://t.co/  https://optanon.blob.core.windows.net  https://*.twitter.com  https://syndication.twitter.com  https://*.twimg.com/  https://d3afnetdjufmcb.cloudfront.net/ https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com/ https://stats.g.doubleclick.net https://i.vimeocdn.com/ https://img.youtube.com/  data:;connect-src 'self' https://com-thebigwillow-prod1.collector.snplow.net/ https://www.googleapis.com/  https://my.yoast.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io wss://ws4.hotjar.com https://ws6.hotjar.com/  https://in.hotjar.com/ wss://ws6.hotjar.com  https://www.facebook.com/  https://www.linkedin.com/ https://www.quandl.com/; frame-ancestors 'self' https://accounts.google.com/  https://www.youtube.com;plugin-types application/pdf  application/x-shockwave-flash;form-action 'self' https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://www.facebook.com 2
default-src 'self';script-src 'self' 'unsafe-inline' https://young.scot https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com http://www.googleadservices.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google.co.uk https://googleads.g.doubleclick.net https://www.google.com https://*.vo.msecnd.net https://www.instagram.com http://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.tiktok.com https://s16.tiktokcdn.com;style-src 'self' 'unsafe-inline' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.fonts.net https://platform.twitter.com https://s16.tiktokcdn.com;img-src 'self' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://*.cdninstagram.com http://*.cdninstagram.com https://*.twitter.com https://*.twimg.com https://sf-tb-sg.ibytedtos.com data:;media-src 'self' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com;font-src 'self' https://young.scot https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://s16.tiktokcdn.com;connect-src 'self' https://dc.services.visualstudio.com https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://sf-hs-sg.ibytedtos.com;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://*.playbuzz.com http://*.playbuzz.com https://www.surveygizmo.eu http://cdn.thinglink.me https://www.thinglink.com https://www.google.com https://www.instagram.com http://www.instagram.com https://*.twitter.com https://prezi.com https://soundcloud.com https://w.soundcloud.com https://open.spotify.com https://www.tiktok.com https://www.facebook.com;report-uri https://stormid.report-uri.com/r/d/csp/enforce 2
child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; 2
frame-ancestors 'self'; default-src 'self'; base-uri 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src 'self' *.gstatic.com *.embedly.com data:;connect-src 'self' *.reddit.com *.akamaihd.net unite.spoe.at; media-src * blob: data: 'self'; object-src 'self'; frame-src * ; manifest-src 'self'; worker-src 'self' blob: data: ; form-action *; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 2
script-src https: 'unsafe-inline' 'unsafe-eval' 2
script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://s.ytimg.com/ https://www.googletagmanager.com/ https://assets.adobedtm.com/ https://www.googleadservices.com https://www.google-analytics.com https://cdn.schemaapp.com/javascript/highlight.js https://googleads.g.doubleclick.net/ https://cdn.schemaapp.com/javascript/schemaFunctions.min.js https://www.bing.com/ https://dev.virtualearth.net/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://commercial.firestone.com https://connect.facebook.net/ https://static.ads-twitter.com/uwt.js https://connect.facebook.net/en_US/fbevents.js https://secure.quantserve.com/ https://rules.quantcount.com/ https://analytics.twitter.com/ https://cdn.mouseflow.com https://www-bandag-com.vmldev.com https://maps.googleapis.com https://cdn.livechatinc.com/ https://rw.marchex.io/ https://fe.sitedataprocessing.com/ https://secure.livechatinc.com/ https://accounts.livechatinc.com/ https://cdnjs.cloudflare.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://www.linkedin.com https://dev.visualwebsiteoptimizer.com https://*.gctires https://use.typekit.net/lko7jzb.js https://www.thetread.com/ https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 2
default-src 'self'  http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com; img-src data: *; connect-src 'self' http://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com ; frame-ancestors 'self' https://trustseal.enamad.ir 2
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' wss: *.mouseflow.com *.hotjar.com *.cinema.com.hk *.googleadservices.com placehold.it remote.captcha.com *.tekcent.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.themiddlehousehotel.com cdnjs.cloudflare.com api.userinfo.io *.google.com *.sinaimg.cn *.doubleclick.net *.typekit.net data: *.cdninstagram.com *.typography.com browser-update.org *.swireproperties.com *.linkedin.com www.irasia.com *.addthis.com *.addthisedge.com aspen.refineryclub.com *.msecnd.net *.corporateshowcase.com *.windows.net maps.gstatic.cn jsonip.com *.google.cn freegeoip.net *.gstatic.com stackpath.bootstrapcdn.com code.jquery.com placehold.it code.createjs.com *.tekcent.com *.azure.net *.addthisedge.com *.msecnd.net *.baidu.com *.windows.net http://*.sinaimg.cn https://j02.optimix.asia https://s3-ap-southeast-1.amazonaws.com http://swireproperties.blob.core.windows.net https://e02.optimix.asia https://www.tripadvisor.com https://www.jscache.com https://www.tripadvisor.com https://en.tripadvisor.com.hk https://www.jscache.com *.tekcent.com https://static.tacdn.com https://p.travelsmarter.net https://tag.yieldoptimizer.com https://pixel.sojern.com https://ib.adnxs.com http://spl.blob.core.windows.net *.map.bdimg.com j02.optimix.asia e02.optimix.asia tag.adaraanalytics.com dsum-sec.casalemedia.com us-u.openx.net sd.turn.com pixel.advertising.com ad.yieldlab.net i.liadm.com idsync.rlcdn.com tag.yieldoptimizer.com tapestry.tapad.com ib.adnxs.com pixel.rubiconproject.com dsum.casalemedia.com rtb.gumgum.com www.google.com.vn dpm.demdex.net beacon.krxd.net *.triptease.io addtocalendar.com *.tripadvisor.co.uk *.tripadvisor.com *.tripadvisor.com.hk theta360.com http://api.map.baidu.com api.stathat.com  blob: z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.io api.ipstack.com s3.amazonaws.com www.pacificplace.com.hk https://sitecore-xp-cms-cd.azurewebsites.net *.cloudfront.net *.adsrvr.org *.google.com.hk *.moatads.com *.bidswitch.net *.pubmatic.com *.yahoo.com; 2
font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com; frame-src www.google.com googleads.g.doubleclick.net; img-src 'self' data: soft-portal.cdn.prismic.io images.prismic.io stdater.ru dl.bestofprogs.ru dl.epicapps.ru dl.softobazar.ru dl.softwareplace.ru www.google-analytics.com mc.yandex.ru storage.googleapis.com pagead2.googlesyndication.com; script-src 'self' 'unsafe-inline' mc.yandex.ru www.google-analytics.com recaptcha.net www.gstatic.com pagead2.googlesyndication.com adservice.google.ru adservice.google.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com partner.googleadservices.com storage.googleapis.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com 2
default-src 'self' 'report-sample' *.google-analytics.com; script-src *; connect-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; frame-src 'self' *.youtube.com www.google.com bid.g.doubleclick.net mangomap.com; font-src 'self' fonts.gstatic.com data:; form-action 'self' https://checkout.globalgatewaye4.firstdata.com; upgrade-insecure-requests; report-uri /errors/cspreport.php; 2
upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 2
default-src 'self' 'unsafe-eval' https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.tamm.abudhabi https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://js.arcgis.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com; font-src 'self' https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi blob:; connect-src 'self' https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https:; 2
default-src 'unsafe-eval' 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; connect-src *; font-src * data: 2
default-src *;script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: ; style-src * 'self' 'unsafe-inline'; font-src * 'self' data: 2
frame-ancestors 'self' https://www.hvfcuonline.org 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *.dentoncounty.gov *.dentoncounty.com *.sitecore.net requirejs.org *.willyweather.com cdnres.willyweather.com *.siteimprove.com *.googlecode.com *.cloudflare.com *.fontawesome.com *.sharethis.com www.google-analytics.com *.google.com *.mailchimp.com; 2
report-uri https://top100golf.report-uri.com/r/d/csp/wizard;frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: consent.cmp.oath.com www.googletagmanager.com *.google.co.uk *.google.com *.google-analytics.com *.doubleclick.net platform.twitter.com;style-src 'self' 'unsafe-inline' platform.twitter.com https: 2
frame-ancestors 'self' http://epicor.lookbookhq.com https://epicor.lookbookhq.com; 2
default-src 'self' https://www.engie.ro;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://gateway.zscloud.net https://s.ytimg.com  https://tagmanager.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflj3RSGk/www-widgetapi.js https://www.youtube.com/player_api https://*.facebook.net https://*.facebook.com https://*.hotjar.com   https://www.google.com/ https://www.gstatic.com/ https://ajax.googleapis.com/ https://ssl.google-analytics.com https://maps.google.com https://maps.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com/ https://googleads.g.doubleclick.net;  style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/www-widgetapi.js https://tagmanager.google.com https://fonts.googleapis.com/ https://ajax.googleapis.com;  img-src 'self' data: blob: https://px.ads.linkedin.com https://cookie-cdn.cookiepro.com https://www.engie.ro https://gateway.zscloud.net https://www.google.ro https://www.google.com https://agentia.gdfsuez.ro/proc/img/get/85f1002bf139bebdb7f0d07b31fa14155aea9dfc_200_200_0.PNG https://ssl.gstatic.com https://www.gstatic.com  https://www.google-analytics.com  https://*.facebook.net https://*.facebook.com https://*.ytimg.com https://secure.gravatar.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://ssl.google-analytics.com https://*.hotjar.com https://*.doubleclick.net;  font-src 'self' data:  https://fonts.gstatic.com;  frame-src 'self' data: https://www.facebook.com https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com https://engie-romania.force.com; child-src 'self' data: https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com; connect-src 'self' data: https://cookie-cdn.cookiepro.com  https://gwss.engie.ro https://*.hotjar.com https://*.hotjar.com:* wss://*.hotjar.com https://vc.hotjar.io/;  2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.actility.io *.cedexis.com cdnjs.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.youtube.com *.twitter.com *.ytimg.com *.mgr.consensu.org; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-src *; img-src * data: blob:; font-src 'self' *.gstatic.com data:; media-src *; connect-src * 2
default-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com/; child-src 'self'; worker-src 'self'; frame-src 'self'; img-src 'self' data: https://www.gravatar.com/ https://ps.w.org/; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/;frame-ancestors 'self'; 2
frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 2
frame-ancestors 'self' http://www.valladolid.es https://www.valladolid.es http://www.valladolid.gob.es https://www.valladolid.gob.es 2
default-src https://d27urz3c38hyx4.cloudfront.net; img-src https://d27urz3c38hyx4.cloudfront.net data:; style-src https://d27urz3c38hyx4.cloudfront.net 'unsafe-inline'; script-src https://d27urz3c38hyx4.cloudfront.net; connect-src 'self'; frame-src 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'none' 2
default-src 'none'; img-src *; script-src 'self' *.dentaldepartures.com *.medicaldepartures.com *.thenextdepartures.com 4433.tctm.co use.fontawesome.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net *.livechat.com *.livechatinc.com *.bing.com *.facebook.net *.wisepops.com trackcmp.net onesignal.com *.onesignal.com https://medicaldepartures.activehosted.com 'sha256-uQfrtF3jYkvg2VyrFiAIYgBezw70+xtHrOQ03C9AXus=' 'sha256-KL2ffZ8sCfVS0Ov7CJ1BC6hGsmWLBeDy3GV89XtcyAU=' 'sha256-i2SzhxLvmbSRaQAuwEPaaDQ3YQWHNeXGEtIpAUx7tKE=' 'sha256-rovNNQjjCb/sRH3E+fYfZ2479f1/8YflTby4VcYPxfg=' 'sha256-0137eNdn8OFAgLxpwuAEmZlNOAeG3AsdxsFGbqUb+qw=' 'sha256-Prhg9X2PPT2A410AX93/GCsdvFN4v5rjCmM32hUIN1I=' 'sha256-MzkEogywfX2YeulB/zORGkplLR86LI4padcO9FbMwXA=' 'sha256-tV33JChuR4EU1SyNu1r9gspz6zyhF1Abl9WlG4/SY0k=' 'sha256-FXinGA5W5j4/XrSympml/0xEyzovjOuA7VYHJH7MRU4=' 'sha256-NgTLhGnA89xfuQ0CJOspSTEUFIO7mBdr9VyPsdNKCFU=' 'sha256-LlAPjNn+c0oZ6VpwWPDJ/9KD4+Ff6CnHW8Qh3gIrRDI=' 'sha256-HahMs71VTwp1iIgPOo8DafQqm9yBKt6D5XQr2I0eseo=' 'sha256-dTEnrUxJLwb1ErUw56AnH7CUoElog8Q/15DYIyLuRlc=' 'sha256-AhC7NNwQAZfH7vFrfeKw34Y+3JUW7OF6HkTifAmB7D8=' 'sha256-5KvpAzewAo6Z1L+OP6Kx5z+CdXK8IeyZ5a0jNZ7fXzs=' 'sha256-/exEHRPE+Oo1/OGBo69LjU2+Q7lumnqQBPcbn+aUhzQ=' 'sha256-ZYPZJLx9zk4u/cxEkxL6kKD/XDj7ISEGgeM3rgMPnik=' 'sha256-sp4wRqh3v4qLzzy/t2tfLLD0qxeJ5MIzARs/Nim4IGs=' 'sha256-rKld6gntIxSa5vdWxenw9oqwxXVm+18UOyYz4cbfAYM=' 'sha256-cQnfVWKpc7Lye4pKr2jIINRKrqAn1U9bTJLywWMi2aQ=' 'sha256-gHR58vYVDmY1l2amFD8jbFf6UCvSUEtf0Mw0ojO4Vm0='; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com onesignal.com *.onesignal.com; font-src use.fontawesome.com fonts.googleapis.com fonts.gstatic.com; frame-src *.dentaldepartures.com *.medicaldepartures.com *.thenextdepartures.com *.google.com *.livechat.com *.livechatinc.com *.booking.com *.facebook.com *.doubleclick.net onesignal.com *.onesignal.com; connect-src https:; media-src *.livechat.com *.livechatinc.com; object-src 'none'; 2
default-src 'unsafe-inline'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 2
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com securityscorecard.qa securityscorecard.com *.cookiebot.com; default-src 'none'; object-src 'none'; img-src 'self' blob: data: https:; media-src 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' securityscorecard.com instant.securityscorecard.com data: https:; frame-src 'self' https:; connect-src 'self' https:; base-uri 'self'; form-action 'self' https: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://quip-amazon-cdn.com https://quip-cdn.com; report-uri /csp-report 2
frame-ancestors https://*.acufinder.com; script-src * https://ssl.google-analytics.com https://pxlssl.ibpxl.com  https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; object-src * 2
default-src https: data:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtm.js https://tagmanager.google.com/debug https://ajax.googleapis.com/ajax/libs/jquery/ https://fonts.googleapis.com/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://fd10.formdesk.com/scripts/fd_general.js https://cdn.feedbackify.com/f.js https://cdn.feedbackify.com/dialog.js https://www.feedbackify.com/touch https://s3.amazonaws.com/fby-form/13644/d.js https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: http://www.royalfloraholland.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://i.ytimg.com/ https://cdn.feedbackify.com/img/classic/ https://dev.visualwebsiteoptimizer.com/v.gif https://s3.amazonaws.com/fby-form/13644/logo.jpg; font-src 'self' https://fonts.googleapis.com/ data:; frame-src 'self' *.royalfloraholland.com *.floraholland.nl https://www.google.com/ https://www.youtube.com/ https://forms.office.com/ https://www.formdesk.com/ https://fd10.formdesk.com/; connect-src 'self' https://fhctest.rimote.nl/myfloraholland/ https://fhc-acc.rimote.nl/myfloraholland/ https://community.royalfloraholland.com/myfloraholland/ 2
img-src https://*; 2
frame-ancestors https://www.maison-alaia.com/ https://www.maison-alaia.com/ ; 2
base-uri 'none'; object-src 'none'; default-src 'self' 'unsafe-inline' data: https: wss: blob:; report-uri https://ulcm.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self'; object-src 'none'; base-uri 'none' 2
“script-src 'none';” 2
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com  *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' pbx01.intranet.dictum.com:5001 *.payengine.de mc.yandex.ru googleadservices.com rum-static.pingdom.net paypalobjects.com *.trustami.com *.trustlogo.com trustlogo.com *.ehi-siegel.de *.googletagmanager.com *.google-analytics.com googleadservices.com *.sovido.de *.comodo.com *.bing.com *.uptrendsdata.com cdn.dictum.com tagmanager.google.com; style-src 'unsafe-inline' 'self' vjs.zencdn.net cdn.dictum.com tagmanager.google.com fonts.googleapis.com; connect-src 'self' hit.uptrendsdata.com wss://pbx01.intranet.dictum.com:5001 pbx01.intranet.dictum.com:5001 mc.yandex.ru paypal.com rum-collector-2.pingdom.net *.sovido.de *.google-analytics.com *.tagmanager.google.com www.alphavantage.co; img-src * data:; font-src 'self' fonts.gstatic.com tagmanager.google.com vjs.zencdn.net cdn.dictum.com data:; object-src 'self'; media-src *.dictum.com *.rackcdn.com data: audio/mpeg; frame-src 'self' *.payengine.de mc.yandex.md paypal.com *.youtube.com *.google.com *.youtube-nocookie.com *.vimeo.com *.dailymotion.com *.googletagmanager.com; frame-ancestors 'self' *.youtube.com *.sovido.de; 2
frame-ancestors 'self' https://www.kabeldeutschland.de https://www.vodafone.de https://kabel.vodafone.de https://gigakombi.vodafone.de 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: image/svg+xml 2
frame-ancestors 'self' https://*.westhost.com 2
default-src 'self' 'unsafe-inline' *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com s.ytimg.com *.googletagmanager.com *.google-analytics.com *.serving-sys.com *.ads-twitter.com *.twitter.com *.facebook.net *.readspeaker.com sadmin.brightcove.com syndication.twitter.com cdn.syndication.twimg.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com *.youtube.com *.google-analytics.com *.ads-twitter.com *.facebook.net *.facebook.com t.co fonts.googleapis.com stats.g.doubleclick.net caixaforum.emexs.es cosmocaixa.emexs.es ucarecdn.com *.readspeaker.com syndication.twitter.com *.twimg.com platform.twitter.com *.fbcdn.net *.ytimg.com *.cdninstagram.com; frame-src 'self' fls.doubleclick.net open.spotify.com caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com www.google.com *.readspeaker.com platform.twitter.com players.brightcove.net syndication.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com caixaforum.emexs.es cosmocaixa.emexs.es *.readspeaker.com platform.twitter.com *.twimg.com tagmanager.google.com; font-src 'self' data: *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com https://analytics.twitter.com https://www.google-analytics.com https://connect.facebook.net static.ads-twitter.com app.icontact.com www.google.com www.gstatic.com maps.google.com widget.surveymonkey.com *.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com app.icontact.com tagmanager.google.com; img-src 'self' data: https://pbs.twimg.com https://www.google-analytics.com https://www.facebook.com/tr/ maps.gstatic.com *.googleapis.com t.co https://i.ytimg.com *.fbcdn.net stats.g.doubleclick.net www.google.com app.icontact.com maps.google.com *.gstatic.com secure.surveymonkey.com; font-src 'self' fonts.gstatic.com; media-src 'self' *.fbcdn.net https://video.twimg.com; frame-src 'self' www.youtube.com www.google.com https://connect.facebook.net https://www5.recruitingcenter.net https://www.facebook.com *.surveymonkey.com castbox.fm; form-action 'self' https://app.icontact.com https://connect.facebook.net https://www.facebook.com/tr/; connect-src 'self' https://www.google-analytics.com; 2
default-src https: wss: blob:; script-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; 2
frame-src checkout.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com 'self'; frame-ancestors 'self'; 2
frame-ancestors 'self' *.optimizely.com 2
default-src *; style-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/Swiper/ 'unsafe-inline'; script-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://pininfarina.altamiraweb.com/ https://www.youtube.com/ https://s.ytimg.com/ 'unsafe-inline' 'unsafe-eval' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: track.yello.de *.usabilla.com *.cloudfront.net *.mouseflow.com *.ekomi.com *.wt-safetag.com *.doubleclick.net *.googleadservices.com *.google.com *.google.de *.googletagmanager.com *.google-analytics.com *.tagmanager.google.com *.adform.net *.adjust.com *.dwin1.com *.awin1.com *.zenaps.com ad4m.at ad4m.de ad4mat.de *.yieldlab.net *.ad4m.at *.ad4mat.net *.ad4mat.de r.adserver01.de r.adc-serv.net r.df-srv.de *.adfarm1.adition.com *.adscale.de *.twiago.com ads.creative-serving.com imagesrv.adition.com secure.adnxs.com *.intelliad.de *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com t.nativendo.de *.youtube.com *.ytimg.com *.instagram.com *.twitter.com *.twimg.com *.ytimg.com *.twitch.tv *.mapbox.com *.mapbox localhost r.df-srv.de;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.thunderhead.com *.twitter.com *.twimg.com *.mapbox.com *.mapbox localhost;img-src 'self' data: blob: track.yello.de *.contentful.com *.ctfassets.net *.usabilla.com *.cloudfront.net *.mouseflow.com *.wcfbc.net *.google-analytics.com *.doubleclick.net *.google.com *.google.de *.gstatic.com *.googletagmanager.com *.tagmanager.google.com *.googleusercontent.com *.ytimg.com *.youtube-nocookie.com *.awin1.com *.intelliad.de *.tradedoubler.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.communicationads.net *.twitter.com *.twimg.com track.adform.net *.twimg.com ad4m.at *.yieldlab.net *.ad4m.at *.ad4mat.net r.adserver01.de r.adc-serv.net r.df-srv.de *.adfarm1.adition.com *.adscale.de *.twiago.com ads.creative-serving.com imagesrv.adition.com secure.adnxs.com *.adform.net d.adup-tech.com insight.adsrvr.org trc.taboola.com;frame-src *.usabilla.com *.cloudfront.net *.ekomi.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.adform.net *.awin1.com ad4m.at *.intelliad.de *.rfihub.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com yello.mitgedacht.nrw *.twitch.tv *.instagram.com *.twitter.com;connect-src 'self' track.yello.de dc.services.visualstudio.com localhost:* *.mouseflow.com *.ekomi.com *.zenaps.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.nexcheck.de wss://*.nexcheck.de *.mapbox.com *.google-analytics.com;frame-ancestors 'self' *.yello.de localhost:* 2
frame-ancestors 'self' app.vwo.com subs09.app.clicktale.com dev.renovateamerica.com qa.renovateamerica.com stage.renovateamerica.com authoring.renovateamerica.com www.renovateamerica.com training.renovateamerica.com go.renovateamerica.com go.pardot.com apply.renovateamerica.com 2
frame-ancestors 'self' *.authorize.net 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *;        script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'        'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'         'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'         'unsafe-inline' 'unsafe-eval'; font-src 'self'                                                          'unsafe-inline' 'unsafe-eval' 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://api.steampowered.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv https://steamcommunity.com/; 2
frame-ancestors 'self' https://www.rafi.com/ 2
frame-ancestors 'self' cse.google.com; 2
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src 'self' https://submit.jotform.com/ https://form.jotform.com/ https://www.youtube.com/ https://lpcdn.lpsnmedia.net/ https://sy.msg.liveperson.net/ https://sy.idp.liveperson.net/ https://www.facebook.com/ https://m.facebook.com/ https://omny.fm/ https://cdn.flipsnack.com/ https://player.vimeo.com/ https://roller.app/ ; connect-src 'self' https://weather-ydn-yql.media.yahoo.com wss://sy.msg.liveperson.net/ws_api/account/1987918/messaging/consumer; media-src 'self' https://lpcdn.lpsnmedia.net/; 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors https://fryslan.maps.arcgis.com 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 2
frame-ancestors 'self' 'unsafe-inline' 2
default-src 'self' https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://*.google.com https://www.google-analytics.com https://*.hotjar.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://mc.yandex.ru https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://*.draghmar.pl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.google.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; img-src 'self' https://purefarminggame.com https://*.purefarminggame.com https://tormentgame.com https://*.tormentgame.com https://techland.net https://*.techland.net https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://t.co/i/adsct; frame-src 'self' https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/; connect-src 'self' https://mc.yandex.ru https://in.hotjar.com 2
default-src 'self' https:; font-src 'self' https: data: data://* use.typekit.net; img-src 'self' https: data: my.raspberrypi.org profiles-production.s3.eu-west-1.amazonaws.com p.typekit.net images.ctfassets.net; object-src 'none'; script-src 'self' https: data: 'unsafe-inline' www.google-analytics.com www.googletagmanager.com use.typekit.net tagmanager.google.com; style-src 'self' https: 'unsafe-inline' use.typekit.net; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://api.postcodes.io https://www.google-analytics.com https://*.typekit.net https://api-cdn.embed.ly https://*.stripe.com; frame-ancestors 'self' https://trinket.io https://*.trinket.io; report-uri https://raspberrypi.report-uri.com/r/d/csp/enforce 2
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src *.myheritage.pl https://www.myheritage.pl  'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.mk-sense.com https://optanon.blob.core.windows.net https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://bam.nr-data.net https://sentry.io https://capture.trackjs.com https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com 2
style-src 'self' 'unsafe-inline' hello.myfonts.net showcase-mde.bowst.com https://kit.fontawesome.com https://www.moviedecisionengine.com/ https://fonts.googleapis.com https://theappreciationengine.com https://tagmanager.google.com https://cdn.jotfor.ms https://kit-pro.fontawesome.com; img-src 'self' data: 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com http://www.movienewsletters.net https://as.showcasecinemas.com https://www.facebook.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://files.jotform.com http://events.jotform.com https://cdn.jotfor.ms https://www.jotform.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://us4.siteimprove.com https://www.google.com https://www.google.co.uk https://images-na.ssl-images-amazon.com https://m.media-amazon.com https://*.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://theappreciationengine.com/framework/js/1890 https://apis.google.com https://maps.googleapis.com https://www.googletagmanager.com https://as.showcasecinemas.com https://am.showcasecinemas.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://www.google-analytics.com https://connect.facebook.net https://tagmanager.google.com https://www.googleadservices.com https://form.jotform.com https://cdn.ravenjs.com https://cdn.jotfor.ms https://js.jotform.com https://www.jotform.com https://siteimproveanalytics.com https://cdn-cinema-ui-assets-prod.movio.co https://api-us.movio.co https://api.tripleseat.com https://static-na.payments-amazon.com https://www.moviedecisionengine.com https://kit.fontawesome.com; 2
frame-ancestors 'self' https://*.blueconic.net 2
frame-ancestors 'self' https://*.moody.edu 2
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com  https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com  https://app.accelus.com 2
script-src * 'unsafe-inline' 'unsafe-eval'; style-src *; img-src * 'self' data:; font-src 'self' https://fonts.googleapis.com:* https://fonts.gstatic.com:*; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors 'self' https://energieloketflevoland.nl:* https://www.drentsenergieloket.nl:* https://watlaatjeliggen.nl:*; upgrade-insecure-requests 2
default-src *   ;report-uri /xp/CSPReport.ashx   ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:   ;style-src * 'unsafe-inline'   ;connect-src * blob:   ;font-src * data:   ;object-src *   ;img-src * data: blob:   ;media-src * blob:   ;frame-src * data: gsa: ajaxhandler:   ;child-src * blob:   ;worker-src * blob:   ;form-action * javascript:   ;frame-ancestors * 2
frame-ancestors 'self' https://mossrehab.healthpost.com;  2
default-src 'self'  https://*.cms.vwfs.tools https://server.adform.net https://*.iadvize.com https://fonts.gstatic.com https://*.vwfsindia.co.in;  img-src 'self'  data: https://*.cms.vwfs.tools https://*.volkswagenbank.de https://*.omtrdc.net https://*.demdex.net https://img.youtube.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.iadvize.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://cm.everesttech.net  https://*.scene7.com https://*.userzoom.com https://smetrics.www.vwfs.de https://*.adform.net https://www.facebook.com https://*.linkedin.com https://t23.intelliad.de https://c.imedia.cz https://dev.day.com https://t.co https://www.google.com https://www.google.de;    script-src 'self'  'unsafe-inline' https://*.volkswagenbank.de https://*.iadvize.com https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.googleapis.com https://storagewebcalcweud.blob.core.windows.net https://www.volkswagenbank-cloud.de https://t23.intelliad.de https://t13.intelliad.de https://assets.adobedtm.com https://*.omtrdc.net https://*.omniture.com https://*.adobe.com https://*.demdex.net https://cm.everesttech.net https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://www.googletagmanager.com https://c.imedia.cz https://www.seznam.cz https://*.thunderhead.com https://*.twitter.com https://6283324.fls.doubleclick.net https://static.ads-twitter.com https://www.googleadservices.com https://*.vwfsindia.co.in;  style-src 'self' 'unsafe-inline' https://*.iadvize.com https://fonts.googleapis.com https://*.userzoom.com https://*.vwfsindia.co.in;  connect-src 'self' https://calculator.volkswagenbank.de https://*.iadvize.com wss://*.iadvize.com https://*.youtube.com https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.demdex.net https://cm.everesttech.net https://*.tt.omtrdc.net https://*.omtrdc.net *.2o7.net;  frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com;  frame-src https://*.adobe.com https://*.omniture.com https://*.demdex.net https://6283324.fls.doubleclick.net * 2
default-src 'self' data: ads-twitter.com *.ads-twitter.com app.link *.app.link atgcdn.ae *.atgcdn.ae branch.io *.branch.io creativecdn.com *.creativecdn.com criteo.com *.criteo.com criteo.net *.criteo.net ctfassets.net *.ctfassets.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net force.com *.force.com google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com mainadv.com *.mainadv.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae newrelic.com *.newrelic.com nr-data.net *.nr-data.net onesignal.com *.onesignal.com os.tc *.os.tc quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com sc-static.net *.sc-static.net semasio.net *.semasio.net snapchat.com *.snapchat.com t.co *.t.co twitter.com *.twitter.com unpkg.com *.unpkg.com yahoo.com *.yahoo.com yimg.com *.yimg.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc apple.com *.apple.com cdn-apple.com *.cdn-apple.com; frame-src 'self' ads-twitter.com *.ads-twitter.com app.link *.app.link atgcdn.ae *.atgcdn.ae branch.io *.branch.io creativecdn.com *.creativecdn.com criteo.com *.criteo.com criteo.net *.criteo.net ctfassets.net *.ctfassets.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net force.com *.force.com google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com mainadv.com *.mainadv.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae newrelic.com *.newrelic.com nr-data.net *.nr-data.net onesignal.com *.onesignal.com os.tc *.os.tc quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com sc-static.net *.sc-static.net semasio.net *.semasio.net snapchat.com *.snapchat.com t.co *.t.co twitter.com *.twitter.com unpkg.com *.unpkg.com yahoo.com *.yahoo.com yimg.com *.yimg.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc apple.com *.apple.com cdn-apple.com *.cdn-apple.com; font-src 'self' data: ads-twitter.com *.ads-twitter.com app.link *.app.link atgcdn.ae *.atgcdn.ae branch.io *.branch.io creativecdn.com *.creativecdn.com criteo.com *.criteo.com criteo.net *.criteo.net ctfassets.net *.ctfassets.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net force.com *.force.com google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com mainadv.com *.mainadv.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae newrelic.com *.newrelic.com nr-data.net *.nr-data.net onesignal.com *.onesignal.com os.tc *.os.tc quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com sc-static.net *.sc-static.net semasio.net *.semasio.net snapchat.com *.snapchat.com t.co *.t.co twitter.com *.twitter.com unpkg.com *.unpkg.com yahoo.com *.yahoo.com yimg.com *.yimg.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc apple.com *.apple.com cdn-apple.com *.cdn-apple.com; img-src * 'self' data: ads-twitter.com *.ads-twitter.com app.link *.app.link atgcdn.ae *.atgcdn.ae branch.io *.branch.io creativecdn.com *.creativecdn.com criteo.com *.criteo.com criteo.net *.criteo.net ctfassets.net *.ctfassets.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net force.com *.force.com google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com mainadv.com *.mainadv.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae newrelic.com *.newrelic.com nr-data.net *.nr-data.net onesignal.com *.onesignal.com os.tc *.os.tc quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com sc-static.net *.sc-static.net semasio.net *.semasio.net snapchat.com *.snapchat.com t.co *.t.co twitter.com *.twitter.com unpkg.com *.unpkg.com yahoo.com *.yahoo.com yimg.com *.yimg.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc apple.com *.apple.com cdn-apple.com *.cdn-apple.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ads-twitter.com *.ads-twitter.com app.link *.app.link atgcdn.ae *.atgcdn.ae branch.io *.branch.io creativecdn.com *.creativecdn.com criteo.com *.criteo.com criteo.net *.criteo.net ctfassets.net *.ctfassets.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net force.com *.force.com google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com mainadv.com *.mainadv.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae newrelic.com *.newrelic.com nr-data.net *.nr-data.net onesignal.com *.onesignal.com os.tc *.os.tc quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com sc-static.net *.sc-static.net semasio.net *.semasio.net snapchat.com *.snapchat.com t.co *.t.co twitter.com *.twitter.com unpkg.com *.unpkg.com yahoo.com *.yahoo.com yimg.com *.yimg.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc apple.com *.apple.com cdn-apple.com *.cdn-apple.com; style-src 'self' 'unsafe-inline' ads-twitter.com *.ads-twitter.com app.link *.app.link atgcdn.ae *.atgcdn.ae branch.io *.branch.io creativecdn.com *.creativecdn.com criteo.com *.criteo.com criteo.net *.criteo.net ctfassets.net *.ctfassets.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net force.com *.force.com google-analytics.com *.google-analytics.com google.com *.google.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com gstatic.com *.gstatic.com mainadv.com *.mainadv.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae newrelic.com *.newrelic.com nr-data.net *.nr-data.net onesignal.com *.onesignal.com os.tc *.os.tc quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com sc-static.net *.sc-static.net semasio.net *.semasio.net snapchat.com *.snapchat.com t.co *.t.co twitter.com *.twitter.com unpkg.com *.unpkg.com yahoo.com *.yahoo.com yimg.com *.yimg.com force.com *.force.com ctfassets.net *.ctfassets.net os.tc *.os.tc apple.com *.apple.com cdn-apple.com *.cdn-apple.com 2
frame-ancestors 'self' https://duerrtablets.tema-hosting.de/ 2
frame-ancestors http://*.iow.gov.uk 2
block-all-mixed-content; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 2
default-src 'self' static.mycity.travel static.www.region-du-leman.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 2
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 2
default-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com liberapay.com data: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 2
frame-ancestors 'self' https://dc.winmate-service.com/ https://www.winmate.com/ https://na.winmate.com/  https://na.winmate-rugged.com/ http://na.winmate-rugged.com/ https://localhost:8081/ https://winmate-rugged.com/ http://www3.winmate/ https://partner.winmate.com/;  2
script-src 'self' usa.experian.com smetrics1.experian.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com tagmanager.google.com *.doubleclick.net *.youtube.com *.analytics.yahoo.com *.appdynamics.com cdn.appdynamics.com *.facebook.net *.discover.com *.btstatic.com *.thebrighttag.com *.visualwebsiteoptimizer.com *.cloudflare.com *.clicktale.net *.siteimproveanalytics.com siteimproveanalytics.com *.pendo.io *.heapanalytics.com *.websecurity.norton.com nexus.ensighten.com *.aexp-static.com service.maxymiser.net omns.americanexpress.com lptag.liveperson.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net *.humanapi.co 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 2
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 2
script-src * https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';worker-src https: blob: 2
frame-ancestors https://order.aitcom.net/ https://digiverge.net/ https://dev.ait.com https://dev3.ait.com https://www.ait.com http://parkdomainwithait.com/ 2
frame-ancestors http://myota.tradingacademy.com https://myota.tradingacademy.com; child-src https://www.google.com/ https://www.youtube.com/; 2
script-src 'self' data: da.beethoven.de ajax.googleapis.com www.google.com www.gstatic.com 'unsafe-eval' 'unsafe-inline' www.google-analytics.com *.google.com www.googleadservices.com www.googletagmanager.com code.jquery.com *.twitter.com cdn.syndication.twimg.com; img-src 'self' *.ggpht.com *.googleusercontent.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.googleapis.com *.google.com data: 'unsafe-inline' *.twitter.com *.twimg.com; default-src 'self'; frame-src 'self' www.google.com drive.google.com accounts.google.com maps.google.de www.youtube.com da.beethoven.de *.appspot.com katalog.beethoven.de *.twitter.com panorama.beethoven.de data: *.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twitter.com *.twimg.com *.google.com; media-src 'self' internet.beethoven.de; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 2
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.mqcdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.mqcdn.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net https://sdks.shopifycdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; connect-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.mapquestapi.com *.mapquest.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://springs-preserve.myshopify.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; font-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.jwpcdn.com *.gstatic.com data:; img-src * data: * blob:; frame-src 'self' *.onefiserv.com *.streamtext.net *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com blob: data:; 2
frame-ancestors https://api.beeksebergen.nl 2
frame-src 'self' *.2wglobal.com *.vimeo.com *.vimeocdn.com *.youtube.com *.hotjar.com *.doubleclick.net *.googletagmanager.com *.facebook.com companycast.live *.solvr.no www.mirrat.com.au 2
frame-src 'self' *.jiathis.com *.baidu.com 2
default-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.googletagmanager.com https://use.typekit.net/ https://www.google.com/recaptcha/api.js; script-src 'self' https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/; style-src 'self' 'unsafe-inline'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 2
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2
default-src data: 'self' https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2
default-src http: https: data: blob: mediastream: wss:; script-src http: https: data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: blob: mediastream: 'unsafe-inline'; 2
style-src 'self' 'unsafe-inline' *.wales.ac.uk 2
frame-ancestors 'self' psa.digitalinsight.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com *.google.com *.bing.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net  *.g.doubleclick.net  *.kissmetrics.com *.googlesyndication.com *.app-us1.com scpmedia.activehosted.com *.braintreegateway.com *.renewedvision.com *.livechatinc.com *.livechat.com livechat.com *.stackadapt.com *.srv.stackadapt.com; 
	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.googlesyndication.com *; 
	img-src 'unsafe-inline' 'unsafe-eval' data: *; 
	frame-src 'unsafe-inline' 'unsafe-eval' data:  *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net  *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com *;
	style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 2
default-src * 'unsafe-inline' 'unsafe-eval' data:; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.mydomaine.com *.qa.aws.mydomaine.com apollo.mydomaine.com apollo.local.mydomaine.com atlas.mydomaine.com atlas.local.mydomaine.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' 2
form-action https:; upgrade-insecure-requests 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
object-src 'none'; form-action 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.youtube.com *.googleapis.com *.googletagmanager.com *.sharethis.com *.eyereturn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.facebook.net *.licdn.com *.ads.linkedin.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googletagmanager.com *.fontawesome.com *.myfonts.net; font-src 'self' *.gstatic.com *.fontawesome.com *.myfonts.net data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.ca *.eyereturn.com *.g.doubleclick.net *.adsrvr.org *.facebook.com *.pubmatic.com *.casalemedia.com *.search.spotxchange.com *.eyedemand.com *.sharethis.com; frame-src 'self' localhost:* *.google.com *.doubleclick.net *.youtube.com go.loyalty.com *.sharethis.com c.sharethis.mgr.consensu.org *.facebook.com; connect-src 'self' *.sharethis.com; 2
frame-ancestors *.bellmts.ca http://*.mts.ca https://*.mts.ca http://mts.yellowpages.ca http://mts.canada411.ca https://icmanitoba.com https://login.stingray.com https://webplayer.stingray.com; 2
default-src 'self' 'unsafe-inline'  https://www.google-analytics.com  https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; script-src  'self' 'unsafe-inline' https://www.google-analytics.com https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; img-src 'self' 'unsafe-inline' data: http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com  https://www.google.com.ar https://stats.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' http://www.google-analytics.com https://www.google-analytics.com https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar; connect-src 'self' 'unsafe-inline' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com  https://www.google.com.ar https://stats.g.doubleclick.net;  frame-src https://www.indec.gob.ar/ http://www.youtube.com https://www.youtube.com https://app.powerbi.com/ https://www.google-analytics.com  https://www.gstatic.com http://www.google.com https://www.google.com https://www.google.com.ar https://indecbeta.shinyapps.io/; 2
default-src * data: 'unsafe-inline' 'unsafe-eval' blob: 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.emmezeta.hr emmezeta.hr *.emmezeta.rs emmezeta.rs; 2
connect-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://www.facebook.com https://www.google.com/; font-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net data:; script-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net 'unsafe-inline' https://comvivasocial.com/ https://platform.twitter.com; style-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net 'unsafe-inline'; img-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net 'unsafe-inline' https://px.ads.linkedin.com https://t.co https://www.google.co.in https://stats.g.doubleclick.net https://p.adsymptotic.com https://www.facebook.com https://www.google.com/; report-uri https://www.comviva.com; default-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net 'unsafe-inline' https://www.youtube-nocookie.com https://www.un.org https://www.facebook.com/; 2
default-src 'self' multibanner.net *.multibanner.net redclick.ru *.redclick.ru my.pusk.ua adlabs-mobile.ru *.adlabs-mobile.ru clickio.com *.clickio.com adlabs.ru *.adlabs.ru adlabsnetworks.com *.adlabsnetworks.com adlabsnetworks.ru googleapis.com googletagmanager.com gstatic.com *.google-analytics.com clickio.mgr.consensu.org luxup.ru luxadv.com luxupcdna.com luxupcdnb.com luxupcdnc.com luxupadva.com luxupadvb.com luxupadvc.com luxup2.ru hubspot.com js.hs-scripts.com js.hscollectedforms.net luxcdn.com fonts.gstatic.com *.online.tableau.com *.luxup.ru *.tipalti.com *.googleapis.com www.google.com www.gstatic.com datastudio.google.com *.dev.luxup.ru *.adlabs-retail.ru adlabs-retail.ru  www.googleadservices.com 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://*.parallels.com https://*.parallels.cn https://*.prls.net; 2
default-src 'self'; frame-src 'self' data: fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.postcodeanywhere.co.uk https://*.visa.com	https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com	https://www.paypalobjects.com; 2
default-src 'none';script-src 'self' https://www.googletagmanager.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://s.adroll.com https://www.gstatic.com https://www.gstatic.com https://connect.facebook.net https://snap.licdn.com https://static.getclicky.com https://analytics.formstack.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://in.getclicky.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://d.adroll.com https://js.hsforms.net https://forms.hsforms.com https://digitalpacificgroup.formstack.com https://static.formstack.com https://ajax.googleapis.com https://hostopia.bamboohr.com data: blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' https://static.formstack.com https://fonts.googleapis.com https://hostopia.bamboohr.com 'unsafe-inline';img-src 'self' https://www.anchor.com.au https://px.ads.linkedin.com https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.facebook.com https://p.adsymptotic.com https://stats.g.doubleclick.net https://www.google.com.au https://www.google.com https://d.adroll.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://trc.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://rc.rlcdn.com data: https://segments.company-target.com https://js.hsforms.net https://www.googletagmanager.com https://resources.bamboohr.com blob: 'unsafe-inline';font-src 'self' https://static.formstack.com https://fonts.gstatic.com https://themes.googleusercontent.com data: blob: 'unsafe-inline';frame-src 'self' https://www.google.com https://www.facebook.com https://www.youtube.com https://player.vimeo.com;media-src https://bid.g.doubleclick.net https://bid.g.doubleclick.net;object-src 'self';connect-src 'self' https://www.googleadservices.com https://in.getclicky.com https://www.googleadservices.com https://www.google.com.au https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://www.google-analytics.com https://hostopia.bamboohr.com; 2
font-src 'self' *.tenkites.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self'  *.tenkites.com *.airship.co.uk  *.mapbox.com *.bookatable.com *.adactus.co.uk *.altaineapps.com *.tenkites.com *.byronhamburgers.com *.byron.co byronweb.azurewebsites.net 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.airship.co.uk *.mapbox.com *.bookatable.com *.adactus.co.uk *.altaineapps.com *.byronhamburgers.com *.byron.co byronweb.azurewebsites.net 2
policy-uri /'none' 2
default-src 'self' https: data:;style-src 'unsafe-inline' https: ;script-src 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.ellaskitchen.co.uk *.livechatinc.com *.google-analytics.com s.ytimg.com *.googleadservices.com *.fls.doubleclick.net googleads.g.doubleclick.net *.youtube.com *.googletagmanager.com *.zendesk.com *.facebook.net data:; img-src 'self' *.google-analytics.com www.google.com www.google.co.uk stats.g.doubleclick.net *.facebook.com s-static.ak.facebook.com *.zendesk.com *.livechatinc.com *.livechat-static.com *.prismic.io cdn.shopify.com data:; style-src 'self' 'unsafe-inline' *.googleapis.com *.zendesk.com; font-src 'self' *.ellaskitchen.co.uk *.livechatinc.com *.livechat-static.com themes.googleusercontent.com; frame-src *.ellaskitchen.co.uk *.livechatinc.com *.youtube.com *.zendesk.com *.facebook.com s-static.ak.facebook.com www.google.com *.fls.doubleclick.net; object-src 'none' 2
upgrade-insecure-requests; default-src  'unsafe-inline' 'unsafe-eval' 'self' *.ria.ee www.google-analytics.com *.plumbr.io themes.googleusercontent.com; media-src 'self' *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.vimeo.com docs.google.com; img-src data: 'self' *.ria.ee www.google-analytics.com; 2
default-src *;   img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' *; font-src https://fonts.gstatic.com   https://cdnjs.cloudflare.com https://script.hotjar.com 'self'  data:;  2
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com  https://www.googletagmanager.com https://www.google-analytics.com https://americannational.com https://*.assistant.watson.appdomain.cloud https://www.gstatic.com https://www.google.com https://unpkg.com https://*.vtimg.com https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.eon-hungaria.com 2
default-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org; script-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.livehelpnow.net lptag.liveperson.net public.tableau.com *.tableau.com *.tableausoftware.com googleads.g.doubleclick.net *.googleadservices.com www.googleadservices.com connect.facebook.net *.google.com *.juicer.io chooserestaurants.org *.chooserestaurants.org maxcdn.bootstrapcdn.com cdnjs.cloudflare.com use.fontawesome.com maps.googleapis.com munchkin.marketo.net impactapi.causeview.com ; style-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org 'unsafe-inline' *.googleapis.com *.juicer.io chooserestaurants.org *.chooserestaurants.org maxcdn.bootstrapcdn.com use.fontawesome.com impactapi.causeview.com; font-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org fonts.gstatic.com *.juicer.io maxcdn.bootstrapcdn.com use.fontawesome.com impactapi.causeview.com; img-src 'self' data: *.servsafe.com chooserestaurants.org *.chooserestaurants.org *.juicer.io *.google.com www.livehelpnow.net cdn.livehelpnow.net www.google-analytics.com *.doubleclick.net *.google.com www.textbooks.restaurant.org flex.msn.com www.googleadservices.com i.imgur.com *.xx.fbcdn.net scontent.cdninstagram.com placehold.it live.staticflickr.com; connect-src 'self' *.servsafe.com www.juicer.io graph.facebook.com *.mktoresp.com impactapi.causeview.com; frame-ancestors 'self' *.servsafe.com *.discoverlink.com; object-src 'self' *.servsafe.com; frame-src 'self' *.servsafe.com bid.g.doubleclick.net *.discoverlink.com *.google.com www.youtube.com *.instagram.com cdn.flipsnack.com; child-src 'self' *.servsafe.com bid.g.doubleclick.net 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' livestream.com *.sumo.com www.google.com cdn.jsdelivr.net cdn.plyr.io widget.happyfoxchat.com cdn.datatables.net static.leadpages.net *.issuu.com issuu.com *.vimeo.com code.jquery.com www.googletagmanager.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.stripe.com js.stripe.com fast.wistia.com; frame-src 'self' http://www.buddhismuskunde.uni-hamburg.de/ livestream.com wisdomexperience.org fast.wistia.com *.issuu.com issuu.com wisdompubs.lpages.co widget.happyfoxchat.com js.stripe.com *.vimeo.com vimeo.com hooks.stripe.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self'; 2
frame-src 'self' https://intranet.m800.com https://www.youtube.com https://bid.g.doubleclick.net 2
font-src * ; media-src * ; 2
base-uri 'none'; object-src 'none'; script-src https://boti.ru/logs/ https://boti.ru/sidekiq/ https://boti.ru/mini-profiler-resources/ https://boti.ru/assets/ https://boti.ru/brotli_asset/ https://boti.ru/extra-locales/ https://boti.ru/highlight-js/ https://boti.ru/javascripts/ https://boti.ru/plugins/ https://boti.ru/theme-javascripts/ https://boti.ru/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; worker-src 'self' blob: 2
default-src 'none'; script-src 'self' 'unsafe-eval' cdn.ampproject.org ajax.cloudflare.com static.cloudflareinsights.com *.algolia.net *.algolianet.com mc.yandex.ru; style-src 'self' 'unsafe-inline'; img-src 'self' blog-images.clickhouse.tech data: mc.yandex.ru; connect-src 'self' mc.yandex.ru cdn.ampproject.org *.algolia.net *.algolianet.com *.ingest.sentry.io hn.algolia.com www.reddit.com; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru www.youtube.com datalens.yandex; font-src 'self' data:; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; prefetch-src 'self' 2
frame-ancestors 'self' http://webvisor.com/ 2
font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com/ 2
default-src 'self' https://connect.facebook.net/en_US/fbevents.js https://www.google.com/recaptcha/api.js https://fonts.gstatic.com/  https://fonts.googleapis.com https://www.googletagmanager.com ;script-src 'self' 'sha256-eHvlfSp4WdmxVEF62vHFKGeY5BrXBPmZer3n9XNFfyU=' 'sha256-7Ia7ivoj7HI/U+5g2XG9hbQ69AbUohgkE2T1pl/AAjE=' https://www.gstatic.com/ https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/recaptcha/releases/66WEle60vY1w2WveBS-1ZMFs/recaptcha__es.js https://www.gstatic.com/recaptcha/api2/v1566858990656/recaptcha__es.js https://connect.facebook.net/signals/config/1610730305895192  https://www.googletagmanager.com https://rec.smartlook.com/ https://track.oniad.com/ https://track.adform.net/  https://scontent.cdninstagram.com/  https://platform.oniad.com  https://track.adform.net/serving/scripts/trackpoint/async/  https://www.google-analytics.com/  https://www.googletagmanager.com https://api.instagram.com https://ajax.googleapis.com/* https://www.google.com/recaptcha/api.js ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hello.myfonts.net/count/36c8c0  ;img-src * data: 'unsafe-inline';connect-src * 'unsafe-inline';frame-src *;base-uri 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://awards.ratingruneta.ru cdn3.caltat.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://push4site.com/static/sw/legalbet.js https://legalbet.push4site.com/sdk https://*.push4site.com https://push4site.com/Subscriber/Add; frame-src 'self' https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.push4site.com https://push4site.com/Subscriber/Add; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.push4site.com https://push4site.com/Subscriber/Add; child-src blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; worker-src 'self' https://*.push4site.com; report-uri /csp-report/; 2
frame-ancestors cms.gkfxcambodia.com cms.gkfxprime-china.com cms.gkfxprime.com.cn cms.gkfxprime.com cms.gkfxprimecn.com www.investo.vn https://partnersportal.gkfxprime.com/ http://cn.gkfxprime.vip/ http://cn.gkfxprime.top/ http://fx.cngkprime.com/ http://mt4.cngkprime.cn/ http://www.cngkprime.com/ http://www.facebook.com/ https://www.facebook.com/ 2
font-src 'self' data: *.googleapis.com *.bing.com *.designmynight.com *.gstatic.com *.cloudfront.net; style-src 'self' data: *.googleapis.com *.bing.com *.designmynight.com *.cloudfront.net 'unsafe-inline'; frame-ancestors 'self' 2
frame-ancestors 'self' https:; default-src 'self' https://static.badgr.io; media-src *; object-src 'none'; style-src www.gstatic.com translate.googleapis.com 'unsafe-inline' 'self'; script-src www.gstatic.com translate.google.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com 'self'; img-src * data:; connect-src * data:; frame-src 'self' * 2
default-src 'self'; media-src 'self' embedwistia-a.akamaihd.net blob: data:; frame-src 'self' *.facebook.com *.wistia.com *.wistia.net *.marketo.com googleads.g.doubleclick.net bid.g.doubleclick.net *.google.com; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.marketo.com optimize.google.com tagmanager.google.com fonts.googleapis.com; img-src 'self' data: *.adsymptotic.com *.facebook.com *.googletagmanager.com *.marketo.com *.cloudfront.net *.litix.io *.linkedin.com embedwistia-a.akamaihd.net *.wistia.com *.google-analytics.com *.google.com cdn.clearwater-analytics.com stats.g.doubleclick.net cdn.clearwateranalytics.com ssl.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.bizographics.com *.googletagmanager.com *.google.com *.gstatic.com googleads.g.doubleclick.net *.facebook.net *.wistia.com *.wistia.net *.litix.io *.marketo.com *.marketo.net *.google-analytics.com *.googleadservices.com cdn.clearwateranalytics.com *.licdn.com *.linkedin.com *.clearwater-analytics.com https://clearwater-analytics.com; connect-src 'self' *.wistia.com *.litix.io *.mktoresp.com embedwistia-a.akamaihd.net *.marketo.com stats.g.doubleclick.net www.google-analytics.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' * data: ; 2
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' https://distributor.51degrees.com/;font-src 'self';img-src 'self' http://images.51degrees.mobi;frame-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.jquery.com *.addtoany.com use.fontawesome.com *.cloudflare.com *.youtube.com *.ytimg.com *.googleapis.com *.googletagmanager.com connect.facebook.net cdnjs.cloudflare.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.addtoany.com cloud.typography.com www.groningerforum.nl; font-src 'self' *.gstatic.com data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com www.facebook.com www.googletagmanager.com *.doubleclick.net *.google.nl *.googleusercontent.com; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com youtu.be *.activetickets.com activetickets.groningerforum.nl www.facebook.com *.ticketworks.nl *.afasonline.com groningerforum.podiumnederland.nl forum.podiumnederland.nl open.spotify.com;media-src 'self' *.youtube.com *.vimeo.com *.vimeocdn.com *.akamaized.net;connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl www.google-analytics.com; 2
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 2
report-uri /csp-hotline.php; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net  https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com http://tomsk.effad.ru *.effad.ru effad.ru *.me-talk.ru disgusting.ru https://api-maps.yandex.ru *.yandex.net yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com https://d3js.org; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000 https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://www.google.com https://fonts.googleapis.com; 2
frame-ancestors 'self' *.career-inspiration.com *.pathmotion.com *.talent-soft.com; 2
frame-ancestors 'self' dev.dieselserviceandsupply.com www.dieselserviceandsupply.com ; 2
object-src 'self' www.google.com transac.telebec.com google-analytics.com api.google-analytics.com; frame-ancestors 'self'; 2
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
base-uri 'self' 123456789; connect-src 'self' www.sd.be http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io https://sdworx.breezy.hr https://*.events.ubembed.com https://*.botframework.com https://*.cleverpush.com https://server.smartsupp.com wss://server.smartsupp.com wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://ldynamicspublicapi.leadforensics.com; default-src 'self'; font-src https: data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org; frame-src https: https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src https: data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org cdn.cookielaw.org; media-src 'self' https://smartsupp-widget-161959.c.cdn77.org/ https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org; script-src 'unsafe-eval' 'unsafe-inline' https: data: requirejs.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.smartsuppchat.com https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org cdn.cookielaw.org; style-src https: 'unsafe-inline' https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org; worker-src 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; 2
frame-ancestors 'self' homedna.com *.homedna.com 2
default-src 'self' blob:; script-src 'self' blob: https://d1g3mdmxf8zbo9.cloudfront.net/js/; object-src 'self' https://d1g3mdmxf8zbo9.cloudfront.net/images/; img-src 'self' data: https://d1g3mdmxf8zbo9.cloudfront.net/images/; frame-src https://d1g3mdmxf8zbo9.cloudfront.net/images/; style-src 'self' 'unsafe-inline' https://d1g3mdmxf8zbo9.cloudfront.net/css/; font-src 'self' data: https://d1g3mdmxf8zbo9.cloudfront.net/fonts/; worker-src blob:; media-src 'self' blob: about: https://media.luffy.cx/videos/ https://d1g3mdmxf8zbo9.cloudfront.net/images/; connect-src 'self' https://media.luffy.cx/videos/ https://comments.luffy.cx; base-uri 'none'; form-action https://duckduckgo.com; frame-ancestors 'none'; block-all-mixed-content; 2
script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.snowleader.com *.snowleader.be *.snowleader.ch *.snowleader.de *.snowleader.at *.snowleader.co.uk *.snowleader.es *.snowleader.it *.google.com *.googleapis.com googleapis.com www.googlecommerce.com www.google-analytics.com www.googleadservices.com *.gstatic.com www.googletagmanager.com *.zopim.com *.criteo.com static.criteo.net tracker.twenga.fr t.c4tw.net api2.reversoform.com *.bazaarvoice.com use.typekit.net mpsnare.iesnare.com connect.facebook.net *.twitter.com cdn.syndication.twimg.com d31qbv1cthcecs.cloudfront.net https://display.ugc.bazaarvoice.com https://apis.google.com https://d31qbv1cthcecs.cloudfront.net https://stg.api.bazaarvoice.com https://mpsnare.iesnare.com https://network-stg.bazaarvoice.com https://network.bazaarvoice.com https://api.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com https://maps.googleapis.com https://secure.skypeassets.com www.skypeassets.com https://98t4f62uw1.kameleoon.eu https://ewnxky8h6u.kameleoon.eu https://hht0f37q6v.kameleoon.eu https://mm14aijsxz.kameleoon.eu https://74m0rlm9ta.kameleoon.eu *.kameleoon.eu *.kameleoon.com https://mc.yandex.ru https://yastatic.net https://widgets.trustedshops.com https://js-agent.newrelic.com https://bam.nr-data.net http://widgets.trustedshops.com https://www.eoft.eu/ https://player.vimeo.com https://widget.trustpilot.com https://outdoor-ticket.net https://www.outdoor-ticket.net https://js.datadome.co https://googleads.g.doubleclick.net https://homologation-payment.payline.com https://payment.payline.com https://c.la1-c1-par.salesforceliveagent.com https://c.la1-c1cs-frf.salesforceliveagent.com *.salesforceliveagent.com salesforceliveagent.com https://invitejs.trustpilot.com/tp.min.js https://s.kk-resources.com/ks.js 2
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 2
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 2
connect-src *.cloudfront.net *.headspace.com api-js.mixpanel.com api.amplitude.com api.branch.io api.chilipiper.com api.hubapi.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com forms.hsforms.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com 9990894.fls.doubleclick.net a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net cdn-akamai.mookie1.com forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com tpc.googlesyndication.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production 2
default-src 'self' * 'unsafe-inline' 'unsafe-eval'; font-src 'self' * data:; img-src 'self' * data:; 2
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com 2
default-src 'self' ; script-src 'self' 'sha256-iWsvAf4EmEZEHwwJK/TWHx6oxr+9mEXRaiEgdeWhRmw='; object-src 'none'; style-src 'self' 'unsafe-inline' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com maps.googleapis.com use.typekit.net cdnjs.cloudflare.com www.google-analytics.com bam.nr-data.net connect.facebook.net platform.twitter.com gmc.lingotek.com pixel.mathtag.com platform.linkedin.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com flockler.com embed-cdn.flockler.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fast.fonts.net gmc.lingotek.com static.flockler.com; frame-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com spark.adobe.com; child-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com spark.adobe.com; report-uri /report-csp-violation 2
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 2
frame-ancestors https://*.protoshare.com http://*.protoshare.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' erm-chat.bod.de:8080 *.bod.de images.bod.com *.bod.com  *.trustpilot.com *.googletagmanager.com ssl.google-analytics.com *.google-analytics.com *.facebook.net *.facebook.com *.facebook.de *.bing.com *.twitter.com static.ads-twitter.com t.co *.google.com googleads.g.doubleclick.net *.adfarm1.adition.com connect.facebook.net fast.fonts.net *.fonts.net *.google.de stats.g.doubleclick.net *.googleadservices.com ajax.googleapis.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn; object-src 'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com/recaptcha/  maps.googleapis.com *.facebook.com *.facebook.net licensebuttons.net *.doubleclick.net *.youtube.com cdn.maksnet.tv *.adobe.com licensebuttons.net *.rnids.rs xn--d1aholi.xn--90a3ac  forms.office.com *.tipometar.org; report-uri /report-csp-violation 2
default-src 'none';connect-src 'self';font-src 'self' fonts.gstatic.com;frame-src *.actiris.brussels www.facebook.com player.vimeo.com youtu.be www.youtube.com www.gstatic.com www.google.com static.ak.facebook.com s-static.ak.facebook.com connect.facebook.net;frame-ancestors 'self';img-src 'self' data: www.google-analytics.com *.actiris.brussels *.selectactiris.brussels *.basemaps.cartocdn.com i.ytimg.com www.facebook.com https://yestest.actiris.brussels:4443 *.actiris.brussels:4443;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com s.ytimg.com connect.facebook.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cai.tools.sap/ https://maps.googleapis.com https://maps.gstatic.com https://tagmanager.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://chatbot.elmuemasz.hu/; style-src 'self' 'unsafe-inline' https://elmurg11chatbot.blob.core.windows.net/ https://maps.googleapis.com https://maps.gstatic.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://chatbot.elmuemasz.hu/; img-src 'self' 'unsafe-inline' data: https://i.ibb.co/61frh4q/elmuelek.png https://i.imgur.com/ https://cdn.cai.tools.sap/ https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://ssl.gstatic.com/ https://chatbot.elmuemasz.hu/ https://elmurg11chatbot.blob.core.windows.net/; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com;connect-src 'self' https://elmu.proebiz.com/ https://api.cai.tools.sap/ https://www.google-analytics.com https://chatbot.elmuemasz.hu/ wss://chatbot.elmuemasz.hu/; frame-src https://www.google.com/recaptcha/ https://www.facebook.com https://staticxx.facebook.com https://docs.google.com/forms/ https://my.matterport.com/show/ https://www.youtube.com/embed/;frame-ancestors 'self'; form-action 'self'; 2
default-src 'self'; base-uri 'self'; connect-src 'self' free.sharedcount.com xfive.s3.amazonaws.com rum-collector-2.pingdom.net get.geojs.io nrpc.olark.com; img-src 'self' data: https: *.gravatar.com placehold.it log.olark.com static.olark.com; style-src 'self' static.olark.com 'unsafe-inline'; font-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com codepen.io player.vimeo.com https://www.google.com/recaptcha/ widget.clutch.co static.olark.com; frame-ancestors 'none'; object-src 'none'; form-action 'self' xfive.us12.list-manage.com; manifest-src 'self'; media-src 'self' www.xfivecdn.com static.olark.com; script-src 'self' rum-static.pingdom.net production-assets.codepen.io www.googletagmanager.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ widget.clutch.co *.olark.com 'sha256-KpHv3zgivMSB4dPnfYfqMt2lBibsYvM36EdoBBAsfbM=' 'sha256-usaNaDjYaJk13pKJ3+ZScs4bxEEsUZ+JOE61TTGapMY=' 'sha256-8caDTiD0WrC0oWvdVtAbTLxzJRqpayFg5S5n5bvQaas=' 'sha256-MQjfs0R4CxwhatLwo9KHcxfmgKeFuJY43yVB+NGsKAw=' 'sha256-5uhdr7etoZMI7xATFFE80NliRDfTa+WgiPlbe/yD040=' 'sha256-1m9w2v94adFN3KZ9pVlHHbSe2mK5w5fa4zARq5+ChUM=' 'sha256-pwBk7f4VSoHMXGHfaWQCIoGmdeGRHSYSrksPvrZ0wZg=' 'sha256-QgCd1tnwG0imJEuc3Hx9e1ybwm2iDsNJCUMgxinHRtE=' 'sha256-WCk7uTuPWChH7LL0WI6jXyi5EOlvm9FHS6I1pO7ZjSU=' 'sha256-0TTvULSbN+Zzz3roIaiqso0WC7v461IQd48gaxLlNow=' ; 2
frame-ancestors 'self' *.medialift.nl *.drugsinfo.nl *.helderopvoeden.nl *.rokeninfo.nl *.gokkeninfo.nl *.gameninfo.nl; 2
default-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.ytimg.com; img-src 'self' data: *.google-analytics.com *.gstatic.com yt3.ggpht.com *.googletagmanager.com *.mm-df1.net *.analytik-jena.com *.aj.local aj.local; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.google.com *.google-analytics.com *.googletagmanager.com *.mm-df1.net *.analytik-jena.com *.aj.local aj.local; font-src 'self' *.gstatic.com; frame-src *; 2
frame-ancestors 'self' https://www.veinteractive.com/ 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 2
object-src 'none'; base-uri 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' kaldewei-ass.secure.footprint.net kaldewei-tt.secure.footprint.net https://www.kaldewei.de *.kaldewei.de https://www.kaldewei.com http://test-lieferzeitenauskunft.kaldewei.de test-lieferzeitenauskunft.kaldewei.de lieferzeitenauskunft.kaldewei.de *.hotjar.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com jwpsrv.com www.polantis.com maps.googleapis.com maps.gstatic.com bat.bing.com https://interaktiv.contilla.de/15012d2d2e303369c8628723/0/webapp.js https://www.recaptcha.net/recaptcha/api.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/206776544034462 https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/ privacy-proxy-server.usercentrics.eu privacy-proxy.usercentrics.eu app.usercentrics.eu https://ct.pinterest.com/user/; 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; 2
frame-ancestors *.mailtarget.co *.mtarget.co *.mtarget.id 2
block-all-mixed-content; base-uri 'none'; default-src 'self' * data:; frame-ancestors 'self'; frame-src 'self' *; form-action 'self' webto.salesforce.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * data:; 2
base-uri 'self'; default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.google.com https://adservice.google.com https://adservice.google.es https://adservice.google.fr https://www.googletagservices.com https://cse.google.com https://*.disqus.com https://*.facebook.net https://*.googlesyndication.com; img-src 'self' data: https://media.ustility.com https://www.google.com https://*.gstatic.com https://www.google-analytics.com https://*.googlesyndication.com https://img.youtube.com https://i.ytimg.com https://cdn.jsdelivr.net https://referrer.disqus.com https://c.disquscdn.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://c.disquscdn.com/; font-src 'self' data: https://cdn.jsdelivr.net; object-src 'none'; frame-src https: data:; script-src-elem 'unsafe-inline' https:; connect-src https://api.usitility.com https://*.googlesyndication.com https://*.gstatic.com 2
object-src 'self'; img-src 'self'; frame-src 'self' 2
default-src 'self'; script-src 'self'; 2
img-src 'self' assets.healcode.com www.google-analytics.com www.facebook.com track.hubspot.com www.google.com stats.g.doubleclick.net *.jotform.com; 2
default-src 'self'; script-src 'self' cdnjs.cloudflare.com *.cloudfront.net; style-src 'self' fonts.googleapis.com *.cloudfront.net; img-src 'self' *.cloudfront.net; font-src 'self' fonts.gstatic.com 2
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://apis.google.com https://*.googleapis.com https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://static.userback.io; connect-src 'self' https://*.oebb.at https://obc.rola.at https://directline.botframework.com wss://directline.botframework.com https://api.userback.io; img-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://static.userback.io data: blob:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com  https://at.cloud.fabasoft.com https://roundme.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at; frame-ancestors https://*.oebb.at http://fahrplan.oebb.at; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 2
default-src 'self' http: https: ; img-src http: https: data: ; font-src http: https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; style-src 'unsafe-inline' http: https: ; frame-ancestors 'self' http://*.stage.peri.info https://*.stage.peri.info http://*.live.peri.info https://*.live.peri.info ; child-src 'self' * ;frame-src 'self' * 2
font-src https://www.callisonrtkl.com https://cdn.crtkl.com data: 2
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 2
frame-ancestors staging.firebrand.training firebrand.training cms.firebrandtraining.com 2
object-src self; 2
worker-src 'self' blob:; script-src 'unsafe-inline' 'self'  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  https://*.cloudfront.net  https://tags.iag.com.au  https://tags.tiqcdn.com  https://www.youtube.com  https://s.ytimg.com  https://pym.nprapps.org  https://js-agent.newrelic.com  https://static.whatshelp.io  https://*.whatshelp.io  https://bothelp.io  https://engine.api.myjrny.ai  https://bundle.static.myjrny.ai  'unsafe-eval' cdnjs.cloudflare.com cdn.ampproject.org dev.visualwebsiteoptimizer.com www.googletagmanager.com i.kissmetrics.com cdn.inspectlet.com maps.gstatic.com s3.amazonaws.com code.jquery.com doug1izaerwt3.cloudfront.net maps.googleapis.com fonts.googleapis.com mt1.googleapis.com mt0.googleapis.com www.googleapis.com ad.doubleclick.net www.google-analytics.com clients1.google.com mts0.googleapis.com mts1.googleapis.com cbks0.googleapis.com; img-src * data:; style-src 'self' stackpath.bootstrapcdn.com cdnjs.cloudflare.com  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  https://*.cloudfront.net  https://tags.iag.com.au  https://tags.tiqcdn.com  https://www.youtube.com  https://s.ytimg.com  https://pym.nprapps.org  https://js-agent.newrelic.com  https://static.whatshelp.io  https://*.whatshelp.io  https://bothelp.io  https://engine.api.myjrny.ai  https://bundle.static.myjrny.ai  'unsafe-inline' fonts.googleapis.com www.google.com 2
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com 2
upgrade-insecure-request 2
default-src 'self'; script-src 'self' https://*.consensu.org https://*.onetrust.com https://*.cookielaw.org https://*.googletagmanager.com https://*.yahoo.com https://*.msn.com https://*.googleadservices.com https://*.addthisedge.com https://*.mixpanel.com https://*.mxpnl.com https://*.facebook.net https://*.addthis.com https://*.google-analytics.com https://*.lassocrm.com https://*.googleapis.com https://*.moatads.com https://*.adroll.com https://*.snapengage.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*; connect-src 'self' https://*.consensu.org https://*.onetrust.com https://*.cookielaw.org https://*.cavco.com https://*.addthis.com https://*.mixpanel.com https://*.facebook.com 2
frame-ancestors 'self' https://salesfra.me/ https://*.upseller.cloud ; 2
default-src 'self' www.se.com www.voltimum.de www.ausschreiben.de seminare.merten.de www.merten.de www.schneider-electric.de www.ritto.de schneider-electric.dimmer-test.com stats.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com youtube-nocookie.com googleapis.com www.google.com www.google.de logs1279.xiti.com s.ytimg.com player.ooyala.com ritto.hjunker.org download.schneider-electric.com mcreativ.hjunker.org dimmertool.schneider-electric.com www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 2
default-src https: wss:; script-src about: 'unsafe-inline' 'unsafe-eval' https: wss:; img-src data: blob: https: wss:; style-src 'unsafe-inline' https: wss:; font-src https: data: wss:; report-uri https://idcqaenforce.report-uri.com/r/d/csp/enforce; 2
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' *.ecrs.com ecrs.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net *.googleadservices.com *.amazonaws.com googleads.g.doubleclick.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' *.ecrs.com ecrs.com *.googleapis.com; img-src 'self' data: *.ecrs.com ecrs.com s3.amazonaws.com 2.gravatar.com secure.gravatar.com px.ads.linkedin.com 10.93.3.139 track.hubspot.com www.google.com p.adsymptotic.com *.amazonaws.com; media-src 'self' *.ecrs.com ecrs.com; frame-src 'unsafe-eval' 'self' www.google.com player.vimeo.com www.youtube.com bid.g.doubleclick.net; font-src 'self' data: *.ecrs.com ecrs.com *.googleapis.com *.gstatic.com *.amazonaws.com; connect-src 'unsafe-eval' 'self' *.amazonaws.com builder.ecrs.com; 2
frame-ancestors 'self'; report-uri https://www.weps.org/report-uri/enforce 2
default-src 'none'; img-src * data:; media-src *; font-src * data:; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.site https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://www.google-analytics.com https://connect.facebook.net https://maps.google.com https://maps.googleapis.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.site https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://fonts.googleapis.com; connect-src 'self' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.site https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://vimeo.com 2
connect-src 'self' wss: *.maxict.nl                                                                       *.maxshop.test                                                                       *.doubleclick.net                                                                       *.google-analytics.com                                                                       *.hotjar.com                                                                       *.hotjar.io                                                                       *.pro6pp.nl                                                                       *.tawk.to                                                                       *.dwin1.com                                                                       *.zenaps.com;                                               default-src 'none';                                               font-src 'self' data: *.maxict.nl                                                                     *.maxshop.test                                                                     *.gstatic.com                                                                     *.tawk.to                                                                     *.dwin1.com                                                                     *.zenaps.com;                                               frame-src 'self' 'unsafe-inline' about: *.maxict.nl                                                                                       *.maxshop.test                                                                                       *.criteo.com                                                                                       *.google.com                                                                                       *.dpd.de                                                                                       *.eetgroup.com                                                                                       *.facebook.com                                                                                       *.hotjar.com                                                                                       *.hotjar.io                                                                                       *.kingston.com                                                                                       *.newstar.eu                                                                                       *.newstar.nl                                                                                       *.startech.com                                                                                       *.tawk.to                                                                                       *.twindis.com                                                                                       *.youtube.com                                                                                       *.psaparts.co.uk                                                                                       *.gls-info.nl                                                                                       *.gls-netherlands.com                                                                                       *.dwin1.com                                                                                       *.zenaps.com;                                               img-src 'self' data: https: *.maxict.nl                                                                           *.maxshop.test;                                                                           *.google.com;                                               manifest-src 'self' *.maxict.nl;                                               object-src 'self' *.maxict.nl;                                               script-src 'self' 'unsafe-inline' 'unsafe-eval' about: *.maxict.nl                                                                                                      *.maxshop.test                                                                                                      *.bing.com                                                                                                      *.bizographics.com                                                                                                      *.cloudfront.net                                                                                                      *.criteo.com                                                                                                      *.criteo.net                                                                                                      *.doubleclick.net                                                                                                      *.facebook.net                                                                                                      *.flix360.com                                                                                                      *.flixcar.com                                                                                                      *.flixfacts.com                                                                                                      *.google-analytics.com                                                                                                      *.googleadservices.com                                                                                                      *.googletagmanager.com                                                                                                      *.google.com                                                                                                      *.hotjar.com                                                                                                      *.hotjar.io                                                                                                      *.iceleads.com                                                                                                      *.jsdelivr.net                                                                                                      *.licdn.com                                                                                                      *.linkedin.com                                                                                                      *.list-manage.com                                                                                                      *.mailchimp.com                                                                                                      *.tawk.to                                                                                                      *.vane3alga.com                                                                                                      *.dwin1.com                                                                                                      *.zenaps.com;                                               style-src 'self' 'unsafe-inline' *.maxict.nl                                                                                *.maxshop.test                                                                                *.cloudfront.net                                                                                *.googleapis.com                                                                                *.google.com                                                                                *.jsdelivr.net                                                                                *.mailchimp.com                                                                                *.dwin1.com                                                                                *.zenaps.com;                                               upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.natfuel.com *.nationalfuelgas.com nationalfuel.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com player.vimeo.com www.google.com *.serving-sys.com stats.g.doubleclick.net s.yimg.com sp.analytics.yahoo.com 9959514.fls.doubleclick.net secure.adnxs.com ad.doubleclick.net data: 2
frame-ancestors 'self' https://control.studentpad.com https://control.pad-group.com https://control.localpad.co.uk https://control.lettingspad.co.uk https://sandbox.studentpad.co.uk; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.easygis.eu *.cloudflare.com *.ogone.com https://connect.facebook.net *.google.com https://www.gstatic.com https://cdn.rawgit.com *.instagram.com/embed.js http://www.googleadservices.com *.hotjar.com https://googleads.g.doubleclick.net; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com *.googleapis.com https://api.easygis.eu *.cloudflare.com *.ogone.com *.google.com; img-src 'self' http://*.visitlimburg.be *.gstatic.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://*.easygis.eu/ https://*.mailchimp.com *.ogone.com *.facebook.com *.google.com *.google.be; media-src 'self'; frame-src 'self' https://*.hotjar.com https://*.youtube.com http://plugin.routeyou.com *.joomag.com *.resengo.com *.google.com *.ogone.com *.wlp-acs.com *.wandeleninlimburg.be *.limburg.be https://vlaanderenfietsland.azurewebsites.net *.vlaanderen-fietsland.be https://apps.nodemapp.com *.instagram.com https://player.kinomap.com; font-src 'self' https://fonts.gstatic.com *.googleapis.com data: https://api.easygis.eu; connect-src 'self' https://public.easygis.eu *.hotjar.com *.hotjar.io; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' maps.gstatic.com maps.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 2
frame-ancestors 'self' springchicken.co.uk 2
frame-ancestors 'self' http://acpmonitor/*; 2
default-src 'none'; img-src 'self' data: https://track.hubspot.com https://forms.hsforms.com https://analytics.helio.app https://js.intercomcdn.com https://static.intercomassets.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-scripts.com https://analytics.helio.app https://static.cloudflareinsights.com https://ajax.cloudflare.com https://js.intercomcdn.com https://widget.intercom.io https://www.googletagmanager.com https://d20luy73ujukeu.cloudfront.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://analytics.helio.app; object-src 'none'; media-src 'self' https://js.intercomcdn.com https://d20luy73ujukeu.cloudfront.net; font-src 'self' data: https://js.intercomcdn.com; connect-src 'self' https://forms.hubspot.com https://analytics.helio.app https://www.google-analytics.com https://api-m.helio.app *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io 2
default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://connect.facebook.net https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://bam.nr-data.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://www.facebook.com https://*.kampyle.com https://static.zdassets.com https://www.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com; connect-src *; 2
script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.pardot.com *.googletagmanager.com *.googleadservices.com *.bizographics.com *.hotjar.com *.albacross.com *.ipinfo.io *.bazo.io 2
default-src 'self' *.itrsgroup.com; script-src 'unsafe-inline' 'unsafe-eval' *.itrsgroup.com *.vimeo.com *.youtube.com *.ytimg.com *.google-analytics.com *.zendesk.com *.zdassets.com *.pardot.com *.googletagmanager.com *.zopim.com *.google.com *.wistia.com *.wistia.net *.cloudflare.com *.jsdelivr.net *.gstatic.com *.rawgit.com; style-src 'unsafe-inline' *.itrsgroup.com *.cloudflare.com *.jsdelivr.net *.gstatic.com *.google.com *.googleapis.com *.rawgit.com *.myfonts.net; img-src *.itrsgroup.com *.zopim.com *.jsdelivr.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.ytimg.com *.vimeocdn.com *.linkedin.com data:; frame-src *.itrsgroup.com *.google.com *.youtube.com *.vimeo.com vimeo.com; font-src data: *.itrsgroup.com *.jsdelivr.net *.gstatic.com *.zopim.com; connect-src *.itrsgroup.com *.zendesk.com noembed.com *.zdassets.com wss://*.zopim.com *.google.com *.youtube.com *.vimeo.com vimeo.com *.google-analytics.com data:; base-uri 'self'; 2
default-src 'self' s3.amazonaws.com www.youtube.com csi.gstatic.com *;frame-src 'self' optimize.google.com *;worker-src 'self';connect-src 'self' *;font-src 'self' fonts.gstatic.com fonts.googleapis.com www.tinymce.com use.fontawesome.com;img-src 'self' 'unsafe-inline' data: blob: *;manifest-src 'self';media-src 'self' s3.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagservices.com www.google-analytics.com securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com 7233492.collect.igodigital.com optimize.google.com * blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com *;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;block-all-mixed-content;upgrade-insecure-requests; 2
frame-ancestors 'none'; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.youtube.com *.youtube-nocookie.com dailymotion.com; img-src http: https: data: blob:; worker-src blob:; child-src blob:; connect-src 'self' https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://translate.yandex.net; base-uri 'self'; frame-src * data: blob:; 2
default-src 'self' http: https: data: blob: 'unsafe-inline' blob: 'unsafe-eval' 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net 2
connect-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com  https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;default-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;frame-ancestors 'self'  ;frame-src https://www.google.com https://staticxx.facebook.com https://www.facebook.com/ https://www.youtube.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com ;img-src 'self' data: blob: https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;media-src 'none';object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;font-src data: 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io; 2
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://87.98.171.25 http://176.9.86.142 http://176.9.142.103 http://144.76.24.149 http://136.243.73.233 http://148.251.0.18 http://144.76.218.27 http://148.251.136.187; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2
frame-ancestors https://*.dsw.nl https://*.d1.dsw.lan 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://policy.app.cookieinformation.com https://policy.app.cookieinformation.com/uc.js https://www.google-analytics.com/analytics.js https://cdn.segment.com/analytics.js/v1/iRtbOAyGSwQKqJWe9ULwAIil2CEUjZf0/analytics.min.js https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.min.js https://unpkg.com/@segment/consent-manager@4.2.2/standalone/consent-manager.js https://www.google.com/jsapi https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://cookieinformation.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://i.ytimg.com https://secure.gravatar.com https://tags.w55c.net; font-src 'self' data: https://ecostruxureit.com/wp-content/plugins/tablepress/css/tablepress.svg https://fonts.googleapis.com https://fonts.gstatic.com https://ecostruxureit.com/wp-content/plugins/tablepress/css/tablepress.ttf; connect-src 'self' https://consent.app.cookieinformation.com https://api.segment.io https://my.wpengine.com https://cdn.segment.com/v1/projects/iRtbOAyGSwQKqJWe9ULwAIil2CEUjZf0/integrations; media-src 'self' https://www.youtube.com; object-src 'self'; frame-src 'self' http://localhost:9100/ https://www.youtube.com https://policy.app.cookieinformation.com; frame-ancestors 'self' http://localhost:9100/ https://app.ecostruxureit.com/ https://dev-app.ecostruxureit.xyz/; report-uri https://ecostruxureit.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors https://caramel.la https://caramel.la/* 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com inpublic.globenewswire.com https://sdk.companywebcast.com/sdk/player/ player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.exposebox.com *.windows.net *.googletagmanager.com *.google-analytics.com *.jquery.com *.us4.list-manage.com yoast.com unpkg.com *.cookiepro.com *.facebook.net;style-src 'self' 'unsafe-inline' *.windows.net *.googleapis.com unpkg.com *.fontawesome.com *.cookiepro.com yoast.com;img-src 'self' 'unsafe-inline' data: blob: *;child-src 'self' facebook.com instagram.com twitter.com *.exposebox.com yoast.com *.vimeo.com;connect-src 'self' yoast.com *.joomunited.com *.arcgis.com *.mapbox.com;font-src 'self' 'unsafe-inline' data: fonts.gstatic.com fonts.googleapis.com use.fontawesome.com yoast.com;frame-src 'self' *.exposebox.com *.vimeo.com *.facebook.com *.cdnx.co.uk;worker-src 'self' blob:;upgrade-insecure-requests;report-to default; 2
frame-ancestors 'self' https://*.facebook.com/; 2
default-src 'self' shop.bestservice.de dwl.dawconnect.com maps.google.de www.google.com connect.facebook.net www.facebook.com *.youtube.com ;  img-src  'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.bsdwl.de *.google-analytics.com connect.ekomi.de *.facebook.com *.doubleclick.net *.google.com *.google.de *.youtube.com;  media-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.youtube.com;  script-src 'self' data: *.bestservice.de *.bestservice.com *.bestservice.fr *.google-analytics.com connect.ekomi.de www.googleadservices.com *.jwpcdn.com dwl.dawconnect.com *.facebook.net www.googletagmanager.com *.facebook.com *.google.com *.google.de *.doubleclick.net 'unsafe-inline' 'unsafe-eval';  worker-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr *.doubleclick.net www.google.com www.google.de *.youtube.com;  font-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.gstatic.com;  style-src 'self' *.bestservice.de *.bestservice.com *.bestservice.fr fonts.googleapis.com 'unsafe-inline';  object-src 'self' 2
frame-ancestors https://*.hussle.com https://apps.facebook.com/ 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.samson.de 2
default-src 'self'; object-src 'none'; connect-src 'self' api.formbucket.com; script-src 'self' 'unsafe-inline' *.doubleclick.net connect.facebook.net px.ads.linkedin.com sjs.bizographics.com tagmanager.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; img-src 'self' data: *.doubleclick.net *.gstatic.com images.ctfassets.net www.facebook.com www.google.com www.google-analytics.com; media-src 'self' images.ctfassets.net videos.ctfassets.net; frame-src 'self' bid.g.doubleclick.com player.vimeo.com; upgrade-insecure-requests; 2
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2
default-src 'self' http://* https://*; script-src 'self' http://* https://* 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' http://* https://* *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' https://cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' http://* https://* accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob:; child-src 'self' https://tpc.googlesyndication.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.connexity.net *.googleadservices.com *.ubembed.com *.msn.com *.pricegrabber.com https://client.perimeterx.net https://collector-pxd62eqwow.perimeterx.net *.bizrate.com t.pepperjamnetwork.com http://www.pricegrabber.com/14C *.bing.com *.dsply.com *.webcollage.net https://gateway.answerscloud.com/eastcoasthardware/production/gateway.min.js *.cloudflare.com http://www.eastcoasthardware.com *.eastcoasthardware.com *.pupdaddy.com http://www.pupdaddy.com *.gracesgreens.com http://www.gracesgreens.com *.yumza.com http://www.yumza.com *.marinescreens.com http://www.marinescreens.com *.iovation.com seal-newjersey.bbb.org *.cloudfront.net *.doubleclick.net *.newrelic.com bam.nr-data.net *.google-analytics.com gsa://onpageload *.linkedin.com *.pinterest.com *.certona.net *.googleapis.com *.google.com *.gstatic.com *.yotpo.com *.googlecommerce.com *.iesnare.com pixeleze.com *.pixeleze.com shop.pe *.shop.pe *.klaviyo.com *.segment.io *.res-x.com https://www.googletagmanager.com https://settings.luckyorange.net wss://in.visitors.live wss://visitors.live https://sentry.io https://cdn.segment.com https://api.luckyorange.com https://use.fontawesome.com; 2
frame-src 'self' 7host.at; 2
policy 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.postimg.cc cdnjs.cloudflare.com www.google-analytics.com ajax.googleapis.com code.jquery.com hkbchat.com www.googletagmanager.com meyerweb.com fonts.googleapis.com *.datafilesfwxxmt26a8.com *.multi78hkbgamingprovider.com *.tinypic.com fonts.gstatic.com stats.g.doubleclick.net maxcdn.bootstrapcdn.com *.googleusercontent.com lapaktogelcc.com s7.addthis.com; 2
connect-src 'self' availapi.rps.inz.net.nz forms.hsforms.net forms.hsforms.com availapi.prod.inz.net.nz hubspot-forms-static-embed.s3.amazonaws.com;default-src 'self' b484efe137a1ad68f22e15f4898b80e9.cloudflareworkers.com forms.hsforms.com *.youtube.com;font-src 'self' fonts.gstatic.com;frame-src 'self' www.google.com app.hubspot.com forms.hsforms.com www.youtube.com tagmanager.google.com fonts.googleapis.com;img-src 'self' www.google-analytics.com ssl.gstatic.com www.gstatic.com www.googletagmanager.com track.hubspot.com i.ytimg.com i.creativecommons.org stats.g.doubleclick.net www.google.com www.google.co.nz licensebuttons.net;script-src 'self' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsforms.com polyfill.io *.google.com *.youtube.com tagmanager.google.com *.ytimg.com 'sha256-hrt1pv8351AKSP+1HTlNANPseDOkHY4o2cpq/s2us4c=' 'sha256-+9MmOQ+cR2apzrAzz14zl2kHV1CbK9h4OEOeMDlNTC4='  'sha256-J7r7Vt3y1mf9puui6w7Dz6kLRy2hAAPh+d7DEyRBXoA=' 'sha256-A6YEW3xpV8eDAYURcGsCSrolIMpYSXHNWVmTcwuVSxo=' 'sha256-B10bAKf7WEXyaZnQr80DGzSLDayChB4C3QkFv9iTrPI=';style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com;report-uri https://internetnz.nz/csp/v1/report; 2
default-src 'self' https://log.dsx.uk/fp/clear.png  https://*.intercom.io wss://*.intercom.io wss://dsxglobal.com https://js.intercomcdn.com https://api.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://app.getsentry.com https://api-iam.intercom.io https://www.tradingview.com https://sentry.dsx.cool https://log.dsx.uk; form-action 'self' https://api.sandbox.epayments.com/ https://ms.epayments.com https://intercom.help https://accounts.google.com https://www.facebook.com https://api.twitter.com https://api.epayments.com https://auth.epayments.com https://*.intercom.io wss://*.intercom.io wss://dsxglobal.com https://js.intercomcdn.com https://js.intercomcdn.com https://api-iam.intercom.io https://appleid.apple.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'    https://h.online-metrix.net https://log.dsx.uk https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://syndication.twitter.com https://ssl.google-analytics.com https://csi.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.com https://platform.twitter.com https://telemetry.tradingview.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dsxglobal.com/piwik.js; img-src data: 'self' https://dsx.uk blob: https://matomo.dsx.cool https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://www.google.com https://csi.gstatic.com https://static.intercomassets.com https://fonts.googleapis.com https://js.intercomcdn.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://charts.googleapis.com https://chart.googleapis.com https://www.google-analytics.com https://pbs.twimg.com https://syndication.twitter.com https://ajax.googleapis.com https://cdn.syndication.twimg.com https://log.dsx.uk/ https://*.online-metrix.net https://maps.gstatic.com https://maps.googleapis.com https://assets.survicate.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ajax.googleapis.com https://platform.twitter.com; font-src data: 'self' 'unsafe-inline' https://js.intercomcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com; object-src 'self' https://log.dsx.uk; media-src 'self' https://js.intercomcdn.com; frame-src 'self'  https://platform.twitter.com https://syndication.twitter.com https://h.online-metrix.net/ https://log.dsx.uk https://www.google.com/ https://intercom-sheets.com/ https://magic.veriff.me; child-src 'self' blob: https://share.intercom.io https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-ancestors 'self'; report-uri /api/cspReport 2
upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 2
default-src 'self'  'unsafe-inline'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://www.loginpostnl.net https://*.cldsvc.net https://*.salesforce.com https://*.googleapis.com https://*.google.com https://*.abtasty.com https://*.apsis1.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://*.postnl.sogeticloudservices.com https://*.usabilla.com https://www.googletagmanager.com https://www.googleadservices.com https://*.cloudfront.net https://*.innomdc.com https://connect.facebook.net https://platform.twitter.com https://*.linkedin.com https://*.pushcall.com https://*.pusher.com https://www.gstatic.com https://s3.amazonaws.com https://*.ads-twitter.com https://*.doubleclick.net https://*.twitter.com https://cdn.segment.com https://cdn.mxpnl.com https://pi.pardot.com https://*.salesforceliveagent.com https://postnl-frontend-locker.herokuapp.com https://*.hotjar.com https://postnlwebintelligence.s3-eu-west-1.amazonaws.com/analytics_global_new; connect-src 'self'  https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://services.geodan.nl https://api.adreskenmerken.eu https://*.cldsvc.net https://*.abtasty.com https://dc.services.visualstudio.com https://*.cloudfront.net https://*.abtasty.com https://*.pushcall.com wss://*.pusherapp.com https://*.pusher.com https://postnl.cubonacci.com https://twmmxtqwx0.execute-api.eu-central-1.amazonaws.com https://api.segment.io https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.usabilla.com; img-src 'self' data: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://services.geodan.nl https://api.innomdc.com https://*.cloudfront.net https://*.usabilla.com https://*.facebook.com https://*.atdmt.com https://*.doubleclick.net https://*.google.com https://*.google.nl https://*.twitter.com https://*.pinterest.com https://t.co https://*.abtasty.com https://apccdn.apsis1.com https://conv.indeed.com https://*.tradetracker.net; frame-src 'self' https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://quadia.webtvframework.com https://*.cloudfront.net https://*.salesforce.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.twitter.com https://*.googletagmanager.com https://*.doubleclick.net https://ir.q4europe.com https://w.soundcloud.com https://projects.ivorystudio.net https://*.salesforceliveagent.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://*.salesforce.com https://*.apsis1.com https://*.abtasty.com https://*.googleapis.com https://*.cloudfront.net; font-src 'self' data: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://api.mixpanel.com https://fonts.gstatic.com https://teddytor.abtasty.com https://*.cloudfront.net 2
script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sharethis.com https://*.vistag.com https://*.privy.com https://*.zopim.com https://*.zdassets.com *.mailchimp.com *.hotjar.com http://localhost:* https://*.powr.io https://*.tawk.to https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com *.fonts.net/ http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com *.googleapis.com/ https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net *.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ *.segment.com/ https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com *.driftt.com;style-src 'self' 'unsafe-inline' https://*.privy.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.fonts.net https://fonts.googleapis.com http://cdn.datatables.net https://cdn-images.mailchimp.com https://use.fontawesome.com https://translate.googleapis.com;img-src 'self' https://google-analytics.com https://*.sharethis.com https://*.privy.com https://privymktg.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com https://salesrepimages.s3.amazonaws.com *.fonts.net/ https://p.typekit.net;media-src 'self' https://*.privy.com https://*.zdassets.com https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com;frame-src https://*.hotjar.com https://c.sharethis.mgr.consensu.org https://*.sharethis.com https://*.privy.com *.list-manage.com/ *.driftt.com https://*.tawk.to https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com;font-src 'self' https://*.vistag.com https://*.privy.com https://*.zdassets.com https://*.tawk.to https://cdn.lightwidget.com https://cdn.joinhoney.com data: *.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com;connect-src 'self' *.hotjar.com https://*.sharethis.com https://*.vistag.com https://*.privy.com ws://*.zopim.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com ws://*.tawk.to https://*.tawk.to https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net https://repzio.azure-api.net https://performance.typekit.net https://tearsheetsgeneration.blob.core.windows.net;report-uri /WebResource.axd?cspReport=true 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: 2
default-src 'self' www.google-analytics.com www.youtube.com;                                                     connect-src 'self' filmimpact.onfastspring.com vimeo.com;                                                     child-src 'self' filmimpact.onfastspring.com www.youtube.com player.vimeo.com www.google.com;                                                     script-src 'self' 'unsafe-inline' 'unsafe-eval' d1f8f9xcsvx3ha.cloudfront.net s.ytimg.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com  www.perplex.nl ajax.aspnetcdn.com vimeo.com www.vimeo.com;                                                     style-src 'self' 'unsafe-inline';                                                     img-src 'self' data: d1f8f9xcsvx3ha.cloudfront.net services.perplex.eu www.google-analytics.com  www.perplex.nl i.vimeocdn.com;                                                     font-src 'self' data:;                                                     form-action 'self' secure.ogone.com;                                                     report-uri https://perplex.report-uri.com/r/default/csp/enforce; 2
frame-ancestors 'self' https://*.myshopify.com https://*.teemill.com teemill.com 2
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 2
default-src 'self';base-uri 'self';block-all-mixed-content;child-src 'self';connect-src 'self';font-src 'self';frame-ancestors 'self';frame-src 'self';img-src 'self' data:;manifest-src 'self';media-src 'none';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com www.googletagmanager.com *.youtube.com *.ytimg.com seal.godaddy.com disqus.com *.disqus.com c.disquscdn.com *.hotjar.com *.tawk.to cdn.jsdelivr.net *.addtoany.com *.aviary.com *.cloudfront.net ssl.p.jwpcdn.com vimeo.com player.vimeo.com *.instagram.com *.twitter.com *.facebook.com connect.facebook.net jobs.jobvite.com *.calls.net *.tctm.co analytics.staticiv.com s.ytimg.com pixel.mathtag.com mathid.mathtag.com *.mathtag.com adserve.atedra.com sync.adaptv.advertising.com ad.360yield.com cs.adingo.jp ad.sxp.smartclip.net eb2.3lift.com *.facebook.net *.bing.com bat.bing.com dx.bigsea.weborama.com webprod.qliqsoft.com 2
default-src 'self' https://www.bam.eu01.nr-data.net edge.api.brightcove.com viz.tools.investis.com *.brightcove.com *.jsdelivr.net www.facebook.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net cdn.rawgit.com cdnjs.cloudflare.com https://www.bam.eu01.nr-data.net ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com boards.greenhouse.io https://js-agent.newrelic.com https://bam.eu01.nr-data.net  https://www.youtube.com https://s.ytimg.com tagmanager.google.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net greenhouse-integration-demo.herokuapp.com tagmanager.google.com; img-src 'self' 'unsafe-inline' *; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com boards.greenhouse.io www.ocado.com www.youtube.com jobsfeed.ocado.com https://players.brightcove.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' https://www.bam.eu01.nr-data.net https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://edge.api.brightcove.com https://viz.tools.investis.com https://stats.g.doubleclick.net; report-uri /report-csp-violation 2
object-src 'none'; base-uri 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://donorbox.org https://optimize.google.com https://tagmanager.google.com https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://tagmanager.google.com api.tiles.mapbox.com sp13loader.ciapps.org  fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src https://d1iczxrky3cnb2.cloudfront.net https://ssl.gstatic.com https://www.gstatic.com http://cloud.conservation.org.s3.amazonaws.com/ https://cloud.conservation.org.s3.amazonaws.com/ https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' https://carbonfootprint.short.car-calc.cc sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com; media-src civideos.ciapps.org 'self' data: blob:; child-src 'self' https://open.spotify.com https://donorbox.org/ https://optimize.google.com https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 2
frame-ancestors 'self' http://webvisor.com; default-src 'self' https://yandex.ru; font-src 'self'; script-src 'self' https://api-maps.yandex.ru https://maps.google.com https://code.jivosite.com https://www.googletagmanager.com https://stats.hts.ru https://mc.yandex.ru https://yastatic.net https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://mc.yandex.ru https://code.jivosite.com https://*.jivosite.com; img-src 'self' https://ext.host-tracker.com https://api-maps.yandex.ru https://counter.yadro.ru http://cp.hts.ru https://mc.yandex.ru https://*.maps.yandex.net http://www.hts.ru http://hubble.ht-systems.ru https://stats.hts.ru https://www.google-analytics.com data:; media-src 'self' https://code.jivosite.com; style-src 'self' 'unsafe-inline'; object-src 'self' 2
base-uri 'none'; object-src 'none'; script-src https://litecointalk.io/logs/ https://litecointalk.io/sidekiq/ https://litecointalk.io/mini-profiler-resources/ https://litecointalk.io/assets/ https://litecointalk.io/brotli_asset/ https://litecointalk.io/extra-locales/ https://litecointalk.io/highlight-js/ https://litecointalk.io/javascripts/ https://litecointalk.io/plugins/ https://litecointalk.io/theme-javascripts/ https://litecointalk.io/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' blob: 2
default-src *; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://www.facebook.com/ 2
default-src 'self'; script-src 'self' https://*.rietumu.lv  https://*.rietumu.com https://*.rietumu.ru https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net data:; frame-src https://*.rietumu.lv https://*.rietumu.com https://*.rietumu.ru https://www.google.com https://www.youtube.com; object-src 'none'; 2
script-src  'self' 'unsafe-inline' 'unsafe-eval' noticias.uniquindio.edu.co  *.tableau.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.com *.googletagmanager.com *.jquery.com https://cdnjs.cloudflare.com; img-src 'self' blob: noticias.uniquindio.edu.co  https://platform.bluemessaging.net *.tableau.com s3.amazonaws.com http://smartlink.cool *.cool http://sellodeexcelencia.gov.co http://especiales.presidencia.gov.co http://synersis.co:8442 *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com http://img.youtube.com https://s-static.ak.facebook.com https://assets.zendesk.com data: *.hotjar.com *.twitter.com *.twimg.com http://vozme.com sedeelectronica.com.co; style-src 'self' 'unsafe-inline' noticias.uniquindio.edu.co  *.tableau.com https://www.nexura.com *.gstatic.com *.google.com *.googleapis.com https://assets.zendesk.com *.hotjar.com *.twitter.com sedeelectronica.com.co pruebas-se-macondo.nexura.com http://www.cali.gov.co https://*.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com ; font-src 'self' noticias.uniquindio.edu.co  *.tableau.com https://*.bootstrapcdn.com https://www.nexura.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hotjar.com sedeelectronica.com.co http://www.cali.gov.co; object-src 'self'; frame-ancestors 'self' noticias.uniquindio.edu.co  *.tableau.com ; media-src 'self' blob: noticias.uniquindio.edu.co  *.tableau.com http://vozme.com  http://smartlink.cool *.smartlink.cool; 2
frame-ancestors 'self' *.twse.com.tw *.tdcc.com.tw digitalprocesssys-epassbook.cdn.hinet.net http://digitalprocesssyst-epassbook.cdn.hinet.net; 2
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
frame-ancestors 'self'; default-src 'self' https://www.stanbicibtcfundsmanagement.com https://dpm.demdex.net https://maps.googleapis.com https://fast.standardbank.demdex.net https://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel https://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self';img-src 'self' data: https://ad.doubleclick.net https://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za https://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net https://*.map2.ssl.hwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://cdn.krxd.net https://assets.adobedtm.com https://secure-ds.serving-sys.com https://cdn.krxd.net https://www.googleadservices.com https://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://*.map2.ssl.hwcdn.net; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mediawijzer.net cdn.mediaukkies.nl cdn.weekvandemediawijsheid.nl cdn.mediawijsheid.nl cdnjs.cloudflare.com *.pinterest.com *.wp.com *.googletagmanager.com www.google-analytics.com *.googleapis.com platform.twitter.com static.addtoany.com cdn.rawgit.com *.google.com cdn.syndication.twimg.com connect.facebook.net widget.surveymonkey.com *.sogosurvey.com cdn.hoezomediawijs.nl cdn.weekvandemediawijsheid.nl cdn.mediaukkies.nl cdn.mediaukkiedagen.nl www.gstatic.com js-agent.newrelic.com www.instagram.com bam.nr-data.net www.aanmelder.nl cdn.aanmelder.nl 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net *.servmetric.com 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
default-src 'none'; style-src 'self' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-ajz1GSNU9xYVrFEDSz6Xwg7amWQ/yvW75tQa1ZvRIWc='; img-src 'self'; script-src 'self' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-PXdqDbrbLNehJtNpiPW2TQydYZCFqMfccotljXsn1JE=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=';frame-ancestors 'self'; form-action 'none'; base-uri 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com www.google.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net; frame-src 'self' www.gstatic.com www.google.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sompojapan.com.tr *.somposigorta.com.tr *.google.com *.google-analytics.com *.googleapis.com *.facebook.com *.gstatic.com *.facebook.net *.googletagmanager.com *.bootstrapcdn.com *.hotjar.com *.onesignal.com onesignal.com mc.yandex.ru track.adform.net *.googleadservices.com googleads.g.doubleclick.net *.cloudflare.com *.polyfill.io polyfill.io transloadit.edgly.net pisano.com.tr *.pisano.com.tr cdn.jsdelivr.net ajax.aspnetcdn.com *.typeform.com 2
connect-src *; default-src 'self'; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
img-src https: data:; frame-src https:; form-action https:; 2
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 2
default-src 'self'; frame-src 'self'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.egoid.me https://*.zopim.com https://*.geetest.com https://*.qbox.me https://*.wx.qq.com https://*.bhex.com https://*.bhfastime.com https://*.bit-e.com https://www.googletagmanager.com https://hm.baidu.com https://www.google-analytics.com https://static.zdassets.com; connect-src 'self' https://*.bhfastime.com https://api.geetest.com wss://*.zopim.com https://ekr.zdassets.com https://*.zendesk.com  https://www.google-analytics.com https://*.bhex.com wss://*.bhex.com https://*.hbtc.com wss://*.hbtc.com https://*.hbtc.co wss://*.hbtc.co https://*.bit-e.com wss://ws.bit-e.com https://*.bhex.us wss://*.bhex.us https://*.bhex.cn wss://*.bhex.cn https://*.gobhex.com wss://*.gobhex.com https://*.bhexb.com wss://*.bhexb.com; img-src * data: blob:; object-src 'none'; base-uri 'self'; style-src 'self' https://static.geetest.com 'unsafe-inline' blob: https://*.bhex.com https://*.bhfastime.com https://*.bit-e.com; font-src * data: blob:; manifest-src 'self' https://*.bhfastime.com; media-src 'self' https://static.zdassets.com 2
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com exacttarget.com *.exacttarget.com marketingcloudapps.com *.marketingcloudapps.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 2
default-src 'self' *.legocdn.com *.lego.com; script-src 'self' https: *.legocdn.com *.lego.com lego.com *.akamai.net googletagmanager.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' http: *.lego.com https: *.lego.com https: dpm.demdex.net; style-src 'self'  https: *.legocdn.com 'unsafe-inline'; img-src 'self' https: *.legocdn.com http://c.analytics.lego.com data:; font-src 'self' https: fonts.gstatic.com data:; frame-src 'self' https: http://legoeducation.23video.com; object-src 'self' 2
default-src 'self' static.mycity.travel static.aigle-leysin-lesmosses.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.netsuite.com http://consent.truste.com *.trustarc.com *.adroll.com *.bing.com https://*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://vlog.leadformix.com *.googleapis.com *.ensighten.com *.demandbase.com http://chat.leadformix.com static.atgsvcs.com rules.atgsvcs.com netsuite-salechat.custhelp.com http://netsuite-salechat.widget.custhelp.com www.rnengage.com *.rightnowtech.com https://assets.adobedtm.com http://img.en25.com http://netsuite-www.baynote.net *.facebook.com *.facebook.net *.google.com *.twitter.com *.yahoo.com *.akamaihd.net *.demdex.net *.omtrdc.net https://*.adobetag.com https://*.linkedin.com *.licdn.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.casalemedia.com https://*.media6degrees.com *.company-target.com *.rlcdn.com https://*.pubmatic.com https://*.w55c.net https://*.bidswitch.net https://*.narrative.io *.bidr.io *.2o7.net https://tags.bkrtx.com flex.atdmt.com https://s.yimg.com; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com; font-src 'self' data: https://fonts.gstatic.com; img-src * data: ; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.omtrdc.net *.trustarc.com http://chat.leadformix.com https://netsuite-salechat.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com *.demdex.net *.bluekai.com; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com *.omtrdc.net *.demdex.net http://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://s.yimg.com https://www.oracle.com; media-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 2
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; connect-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'none'; frame-src 'self'; base-uri 'none'; form-action 'self' https://unitpay.ru; frame-ancestors 'self'; upgrade-insecure-requests 2
frame-ancestors 'self'; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; default-src * 2
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 2
frame-ancestors 'self' *.hexia.io *.zigtools.nl 2
frame-ancestors 'self' https://*.cemex.com https://*.podlaha.cz https://*.beton.cz https://*.valcovany-beton.cz; 2
default-src *.googlesyndication.com; prefetch-src https:; img-src 'self' axn-asia.com *.axn-asia.com axn-taiwan.com *.axn-taiwan.com animax-asia.com *.animax-asia.com animax-taiwan.com *.animax-taiwan.com animaxtv.co.kr *.animaxtv.co.kr onetvasia.com *.onetvasia.com gemtvasia.com *.gemtvasia.com *.google-analytics.com *.google.com *.googlesyndication.com *.g.doubleclick.net sb.scorecardresearch.com *.gigya.com data:; media-src 'self' mp4: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' axn-asia.com *.axn-asia.com axn-taiwan.com *.axn-taiwan.com animax-asia.com *.animax-asia.com animax-taiwan.com *.animax-taiwan.com animaxtv.co.kr *.animaxtv.co.kr onetvasia.com *.onetvasia.com gemtvasia.com *.gemtvasia.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.google.com *.googlesyndication.com *.google.com.sg *.gstatic.com *.g.doubleclick.net cdn.ampproject.org cdns.gigya.com sb.scorecardresearch.com; style-src 'self' 'unsafe-inline' axn-asia.com *.axn-asia.com axn-taiwan.com *.axn-taiwan.com animax-asia.com *.animax-asia.com animax-taiwan.com *.animax-taiwan.com animaxtv.co.kr *.animaxtv.co.kr onetvasia.com *.onetvasia.com gemtvasia.com *.gemtvasia.com *.googleapis.com *.myfonts.net; object-src 'self'; frame-src 'self' *.google.com *.googlesyndication.com *.youtube.com cdns.us1.gigya.com; connect-src 'self' *.google-analytics.com *.googlesyndication.com *.gstatic.com *.g.doubleclick.net *.youtube.com *.gigya.com; font-src 'self' *.googleapis.com *.gstatic.com *.typekit.net *.myfonts.net data: 'self' 2
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data 2
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 2
default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com data:; script-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com 'sha256-Zc2oA+UYJ+DvoL6dBPANTH0scVupEzz5Lf3etbzNLtI=' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.gstatic.com *.googleapis.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.pardot.com cdnjs.cloudflare.com cdn.rawgit.com static-ssl.responsetap.com metrics.responsetap.com tagmanager.google.com connect.facebook.net static.ads-twitter.com *.google-analytics.com *.cloudfront.net *.facebook.com *.twitter.com *.doubleclick.net *.hotjar.com bam.nr-data.net go.theofficegroup.com optimize.google.com cookie-cdn.cookiepro.com geolocation.onetrust.com sjs.bizographics.com *.licdn.com *.twitter.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.gstatic.com *.googleapis.com *.googletagmanager.com  *.pardot.com cdnjs.cloudflare.com cdn.rawgit.com tagmanager.google.com *.doubleclick.net https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: cdn.jsdelivr.net *.google.com *.google.co.uk *.gstatic.com *.googleapis.com *.googletagmanager.com  *.pardot.com *.webdamdb.com cdnjs.cloudflare.com tagmanager.google.com *.facebook.com *.twitter.com *.google-analytics.com *.doubleclick.net t.co script.hotjar.com cookie-cdn.cookiepro.com *.adnxs.com *.linkedin.com *.adsymptotic.com *.google.co.in; media-src 'self' *.webdamdb.com; frame-src 'self' *.webdamdb.com *.youtube.com *.hotjar.com https://optimize.google.com *.facebook.com *.vimeo.com *.matterport.com; frame-ancestors 'self'; child-src 'self' *.webdamdb.com *.youtube.com vars.hotjar.com *.matterport.com; font-src 'self' data: *.gstatic.com script.hotjar.com ; connect-src 'self' *.luckyorange.net *.hotjar.com bam.nr-data.net wss://*.hotjar.com vc.hotjar.io cookie-cdn.cookiepro.com google-analytics.com *.facebook.com ; report-uri /report-csp-violation 2
frame-ancestors 'self'; default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' www.baindepot.com www.bathdepot.com www.bathdepot.ca; style-src 'self' 'unsafe-inline' www.baindepot.com www.bathdepot.com www.bathdepot.ca maxcdn.bootstrapcdn.com *.google.com fonts.googleapis.com *.heatmap.it *.dnky.co *.dnky.com; script-src 'self' 'unsafe-inline' www.baindepot.com www.bathdepot.com www.bathdepot.ca 'unsafe-eval' www.googleadservices.com www.googletagmanager.com *.gstatic.com www.googleapis.com *.google.com connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com t.trackedlink.net cdn.noibu.com www.google-analytics.com maps.googleapis.com *.addthisedge.com *.addthis.com z.moatads.com *.online-metrix.net widgets.pinterest.com assets.pinterest.com graph.facebook.com *.signifyd.com *.trackedlink.net *.heatmap.it *.trackedweb.net www.youtube.com *.ytimg.com *.hotjar.com *.noibu.com *.bing.com *.adobedtm.com *.dotdigital.com *.dnky.co *.comapi.com *.dnky.com *.tawk.to *.tawk.link cdn.jsdelivr.net ajax.cloudflare.com *.dotdigital-pages.com; font-src 'self' data: www.baindepot.com www.bathdepot.com www.bathdepot.ca maxcdn.bootstrapcdn.com fonts.gstatic.com *.heatmap.it *.dnky.co *.dnky.com *.tawk.to *.tawk.link cdn.jsdelivr.net; img-src 'self' data: blob: www.baindepot.com www.bathdepot.com www.bathdepot.ca www.google.com www.google.ca *.gstatic.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.ggpht.com *.googleapis.com optimize.google.com www.googletagmanager.com googleads.g.doubleclick.net imgs.signifyd.com *.addthis.com *.pinterest.com *.online-metrix.net *.abmr.net m.addthis.com *.paypalobjects.com www.paypalobjects.com r1-t.trackedlink.net online.swagger.io *.heatmap.it *.trackedlink.net *.ytimg.com *.online-metrix.net *.bing.com *.sc.omtrdc.net *.dnky.co *.dnky.com *.tawk.to *.tawk.link cdn.jsdelivr.net ajax.cloudflare.com; frame-src 'self' www.baindepot.com www.bathdepot.com www.bathdepot.ca bid.g.doubleclick.net h.online-metrix.net s7.addthis.com edge.addthis.com www.houzz.com www.facebook.com connect.facebook.net imgs.signifyd.com *.moneris.com assets.pinterest.com optimize.google.com www.youtube.com tpc.googlesyndication.com www.google.ca googleads.g.doubleclick.net www.google.com www3.moneris.com *.hotjar.com *.youtube.com *.heatmap.it heatmap.it *.trackedlink.net *.dotdigital.com *.dnky.co *.demdex.net *.comapi.com *.dnky.com *.tawk.to *.tawk.link cdn.jsdelivr.net ajax.cloudflare.com *.dotdigital-pages.com; connect-src 'self' www.baindepot.com www.bathdepot.com www.bathdepot.ca www.google-analytics.com www.googleadservices.com www.google.com www.google.ca stats.g.doubleclick.net wss://ws1.hotjar.com wss://ws10.hotjar.com wss://vf.noibu.com wss://*.hotjar.com wss://ws2.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com *.facebook.com *.noibu.com imgs.signifyd.com *.trackedweb.net *.demdex.net *.dnky.co *.comapi.com *.dnky.com *.tawk.to *.tawk.link wss://*.tawk.to cdn.jsdelivr.net ajax.cloudflare.com bat.bing.com; 2
default-src 'self'; connect-src https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://api.addressy.com https://*.lot.to https://*.sportcaller.com https://*.mixpanel.com https://cdn.contentful.com https://preview.contentful.com https://sentry.io https://*.pusher.com wss://*.pusher.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://www.facebook.com https://*.crazyegg.com https://*.maxmind.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.launchdarkly.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://adservice.google.com https://*.secure.footprint.net https://*.atgvision.com https://geoip-js.com https://*.upscope.io wss://*.upscope.io https://bat.bing.com; form-action 'self' https://bridge.aircall.io https://intercom.help https://api-iam.intercom.io https://verify.monzo.com https://www.facebook.com; frame-ancestors 'none'; frame-src https://account.tote.digital https://account.test.tote.digital https://account.dev.tote.digital https://account.migration.tote.digital https://www.google.com https://account.staging.tote.live https://account.performance.tote.live https://account.live.tote.live https://account.tote.live https://account.staging.tote.co.uk https://account.performance.tote.co.uk https://account.live.tote.co.uk https://account.tote.co.uk https://thetote.atlassian.net https://tentofollow.tote.digital https://tentofollow-internal.tote.digital https://tentofollow.tote.live https://tentofollow.tote.co.uk https://flattentofollow.tote.co.uk https://intercom-sheets.com https://*.pariplaygames.com https://d21j22mhfwmuah.cloudfront.net https://player.vimeo.com https://www.youtube.com https://*.fls.doubleclick.net https://cdn.sportcaller.com https://*.adsrvr.org https://*.blueprintgaming.com https://*.rubyplay.com https://*.inspiredvirgo.com https://*.upscope.io https://servedby.flashtalking.com/ https://wab-visualisation.performgroup.com/ https://www.facebook.com; img-src 'self' data: https://icard.gbiracing.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://images.ctfassets.net https://images.racingpost.com https://www.googletagmanager.com https://static.intercomassets.com https://*.intercomcdn.com https://*.gstatic.com https://*.aircall.io https://*.micpn.com https://*.intercom.io https://*.intercom-attachments.com https://uploads.intercomusercontent.com https://lotto.nyc3.cdn.digitaloceanspaces.com https://www.facebook.com https://t.myvisualiq.net https://bat.bing.com https://tapestry.tapad.com https://t.co https://*.doubleclick.net https://tags.bluekai.com https://dpm.demdex.net https://loadus.exelator.com https://idsync.rlcdn.com https://www.google.com https://www.google.co.uk https://www.google.com.ua https://insight.adsrvr.org https://*.crazyegg.com https://*.google-analytics.com https://cx.atdmt.com https://*.upscope.io https://servedby.flashtalking.com https://cdn.sportcaller.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://*.pusher.com https://*.gstatic.com https://www.googletagmanager.com https://*.intercom.io https://js.intercomcdn.com https://*.google.com https://*.mxpnl.com https://thetote.atlassian.net https://*.micpn.com https://connect.facebook.net https://static.ads-twitter.com https://bat.bing.com https://*.myvisualiq.net https://www.googleadservices.com https://analytics.twitter.com https://*.crazyegg.com https://js.adsrvr.org https://*.google-analytics.com https://s3.amazonaws.com/trk.cetrk.com/7/t.js https://*.maxmind.com https://*.upscope.io https://cdn4.userzoom.com; font-src 'self' data: https://js.intercomcdn.com https://*.gstatic.com https://fonts.intercomcdn.com https://*.upscope.io; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.upscope.io; media-src 'self' https://js.intercomcdn.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://*.secure.footprint.net https://*.atgvision.com https://*.upscope.io https://wab-visualisation.performgroup.com/ blob:; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://wab-visualisation.performgroup.com/ https://*.upscope.io blob:; worker-src blob:; upgrade-insecure-requests; report-uri https://thetote.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self' https://*.facebook.com 2
default-src * 'self' data: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' blob: *.allaboutcoins.co.uk *.wgp-cdn.co.uk *.cloudflare.com https://api.raygun.io wss://am.freshrelevance.com https://apikeys.civiccomputing.com https://clapi.civiccomputing.com *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net; base-uri 'self'; 2
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
upgrade-insecure-requests; frame-ancestors 'self' https://tryramp.com https://*.tryramp.com https://ramp.com https://*.ramp.com 2
default-src 'self' * ; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src data: *; object-src 'self' 2
“block-all-mixed-content” 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org tagmanager.google.com use.typekit.net kit.fontawesome.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.typekit.net p.typekit.net kit-free.fontawesome.com *.google.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net kit-free.fontawesome.com script.hotjar.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net i1.ytimg.com; media-src 'self' data: blob: https://www.youtube.com/; frame-src 'self' *.hotjar.com *.youtube.com *.google.com *.gstatic.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ *.hotjar.com *.gstatic.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chimpstatic.com https://www.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://dashboard.conradconnect.de/ https://www.dwin1.com/ https://conradcon.nanorep.co/ https://connect.facebook.net/ https://www.ad4mat.de/ https://r.adserver01.de/ https://googleads.g.doubleclick.net/ https://ad13.adfarm1.adition.com/ https://pixel.mathtag.com/ https://track.adform.net/ https://cdn.rawgit.com https://cdn.jsdelivr.net https://maps.googleapis.com https://www.google-analytics.com/ https://tagmanager.google.com/ http://optimize.google.com http://www.google-analytics.com https://static.zdassets.com https://bat.bing.com https://cdn.matomo.cloud/ https://conradconnect.matomo.cloud https://static.hotjar.com/ https://script.hotjar.com https://static.addtoany.com/menu/ https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://chimpstatic.com https://www.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://dashboard.conradconnect.de/ https://www.dwin1.com/ https://conradcon.nanorep.co/ https://connect.facebook.net/ https://www.ad4mat.de/ https://r.adserver01.de/ https://googleads.g.doubleclick.net/ https://ad13.adfarm1.adition.com/ https://pixel.mathtag.com/ https://track.adform.net/ https://cdn.rawgit.com https://cdn.jsdelivr.net https://maps.googleapis.com https://tagmanager.google.com/ http://optimize.google.com http://www.google-analytics.com https://static.zdassets.com https://bat.bing.com https://cdn.matomo.cloud/ https://conradconnect.matomo.cloud https://static.hotjar.com/ https://script.hotjar.com https://static.addtoany.com/menu/; base-uri 'self' https://chimpstatic.com https://www.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://dashboard.conradconnect.de/ https://www.dwin1.com/ https://conradcon.nanorep.co/ https://connect.facebook.net/ https://www.ad4mat.de/ https://r.adserver01.de/ https://googleads.g.doubleclick.net/ https://ad13.adfarm1.adition.com/ https://pixel.mathtag.com/ https://track.adform.net/ https://cdn.rawgit.com https://cdn.jsdelivr.net https://maps.googleapis.com https://tagmanager.google.com/ http://optimize.google.com http://www.google-analytics.com https://static.zdassets.com https://bat.bing.com https://cdn.matomo.cloud/ https://conradconnect.matomo.cloud https://static.hotjar.com/ https://static.addtoany.com/; report-uri http://conradconnect.com/en/report-uri/enforce 2
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 2
object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://channelconnect.nl/; default-src blob: https://*.ictergezocht.nl https://*.werkzoeken.nl https://*.technicus.nl https://vars.hotjar.com https://accounts.google.com https://*.your-jobresponse.com https://vonq.io https://*.heeft-vacatures.nl https://www.youtube.com https://www.facebook.com https://docs.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://*.werkzoeken.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.mapbox.com; script-src 'self' 'unsafe-inline' blob: https://ajax.cloudflare.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.licdn.com https://*.werkzoeken.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://*.doubleclick.net https://*.twitter.com https://*.ads-twitter.com https://*.linkedin.com https://www.gstatic.com https://js.live.net https://*.mapbox.com https://www.google-analytics.com https://sjs.bizographics.com https://connect.facebook.net https://www.dropbox.com https://apis.google.com; connect-src 'self' https://*.microsoft.com https://*.hotjar.io https://*.hotjar.com https://www.facebook.com https://*.doubleclick.net https://*.zdassets.com https://www.google-analytics.com https://*.tiles.mapbox.com https://*.mapbox.com wss://*.hotjar.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io; frame-src 'self' https://*.google.com/ https://www.youtube.com https://vars.hotjar.com; font-src 'self' https://*.werkzoeken.nl https://*.technicus.nl https://*.ictergezocht.nl https://fonts.gstatic.com https://*.zopim.com; img-src 'self' blob: data: https://script.hotjar.com https://*.linkedin.com https://*.werkzoeken.nl https://*.technicus.nl https://v2assets.zopim.io https://*.ictergezocht.nl https://maps.gstatic.com https://*.zopim.com https://maps.googleapis.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://*.doubleclick.net; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net *.google-analytics.com *.googleapis.com cdnjs.cloudflare.com connect.facebook.net www.youtube-nocookie.com www.youtube.com *.issuu.com s.ytimg.com *.ytimg.com *.twinesocial.com; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net *.twinesocial.com; font-src 'self' use.typekit.net fonts.typekit.net; img-src 'self' data: *.ndr.de www.google-analytics.com p.typekit.net; media-src *.ndr.de *.vimeo.com *.youtube-nocookie.com *.youtube.com; frame-src 'self' *.ndr.de *.vimeo.com *.flickr.com *.facebook.com www.youtube.com www.youtube-nocookie.com *.issuu.com *.twinesocial.com 2
default-src https: 2
script-src 'self' https://*.thedonald.win https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 2
default-src 'self';  report-uri /csp_report; 2
default-src'self'; 2
default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ;  report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 2
default-src 'self' https:;     	script-src 'self' 'unsafe-inline' https: 'unsafe-eval';     	connect-src 'self' https: wss:;     	style-src 'self' 'unsafe-inline' https:;     	img-src 'self' https: data:;     	font-src 'self' https: data:;     	media-src 'self' https: blob:;     	object-src 'self' https: 2
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https:; connect-src https: wss: 'self'; 2
frame-ancestors dashboard.pixieset.com; report-uri https://dashboard.pixieset.com/website/report-uri/report; report-to csp-report-uri 2
frame-ancestors 'self' app.optimizely.com unileverde.inone.useinsider.com *.adobe.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.herokuapp.com *.ravepay.co *.flutterwave.com *.stripe.com *.google.com *.facebook.net  wss://*.tawk.to:* *.tawk.to *.facebook.com *.facebook.net *.dhru.com ; img-src * data:; font-src * data: 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com syndication.twitter.com/ s.ytimg.com publish.twitter.com *.twimg.com platform.linkedin.com platform.stumbleupon.com/1/widgets.js dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org maxcdn.bootstrapcdn.com stats.g.doubleclick.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net platform.stumbleupon.com static.hotjar.com script.hotjar.com in.hotjar.com syndication.twitter.com d2s9v0v2t0z9gk.cloudfront.net/web.js cdnjs.cloudflare.com cdn.callrail.com www.thecontinuingarchitect.com cdn.leadmanagerfx.com www.google.bg bat.bing.com app-sj32.marketo.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com dec.azureedge.net platform.twitter.com/css/ *.twimg.com maxcdn.bootstrapcdn.com www.thecontinuingarchitect.com app-sj32.marketo.com/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com syndication.twitter.com static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png dec.azureedge.net *.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com www.google.com googleads.g.doubleclick.net www.google.bg bat.bing.com stats.g.doubleclick.net app-sj32.marketo.com/; media-src 'self' data: blob:; child-src 'self' platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ player.vimeo.com/ w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com vars.hotjar.com bid.g.doubleclick.net www.google.com www.thecontinuingarchitect.com app-sj32.marketo.com/; connect-src 'self' accounts.google.com *.dec.sitefinity.com *.mktoresp.com www.google-analytics.com stats.g.doubleclick.net c.inbox.guru in.hotjar.com vc.hotjar.io www.google-analytics.com t.leadmanagerfx.com recorder.marketingcloudfx.com us-east1-idyllic-vehicle-159522.cloudfunctions.net www.googleadservices.com www.google.com; 2
frame-ancestors http://app.storyblok.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' base-uri 'self'  data: https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.fr https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.admo.tv https://*.bing.com https://*.doubleclick.net https://*.hermesmc.fr https://hermesmc.fr https://*.metaffiliation.com https://*.ytimg.com https://*.weborama.fr https://*.gwallet.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.vocalcom.com https://mc35.fr 2
default-src 'self' profiauto.pl profiauto.de profiauto.co.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at ssl.silnet.pl www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.onesignal.com onesignal.com *.googleapis.com cdnjs.cloudflare.com cdn.ampproject.org cdn.datatables.net; style-src 'self' 'unsafe-inline' profiauto.pl profiauto.de profiauto.co.at fonts.googleapis.com ssl.silnet.pl onesignal.com cdnjs.cloudflare.com *.tagmanager.google.com tagmanager.google.com motoflota.pl cdn.datatables.net *.bootstrapcdn.com; img-src 'self' data: *.ggpht.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at silnet.pl ssl.silnet.pl cdn.datatables.net *.doubleclick.net www.google-analytics.com *.google.com *.google.pl *.facebook.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.openstreetmap.org *.gravatar.com motoflota.pl; media-src 'self' profiauto.pl profiauto.de profiauto.co.at; font-src 'self' profiauto.pl profiauto.de profiauto.co.at fonts.gstatic.com *.bootstrapcdn.com; frame-src 'self' profiauto.pl profiauto.de profiauto.co.at *.google.com google.com *.facebook.com onesignal.com *.youtube.com linkedin.com *.linkedin.com; connect-src 'self' profiauto.pl profiauto.de profiauto.co.at onesignal.com *.google-analytics.com *.doubleclick.net *.google.com *.google.pl *.facebook.com 2
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self' 2
script-src 'self' 'unsafe-eval' open.scdn.co open-review.scdn.co www.google-analytics.com www.googletagmanager.com www.google.com cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com 'sha256-ULD8swJHlBFLCIbAFovM3Xinb443OobwJ73kvN9NZLY=' https://www.fastly-insights.com s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com; frame-ancestors 'self'; 2
default-src 'self'; child-src 'self'; connect-src https://*.akamaihd.net https://adservice.google.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://a1.api.bbc.co.uk/hit.xiti https://config.api.bbci.co.uk https://cookie-oven.api.bbc.com https://cookie-oven.api.bbc.co.uk https://www.bbc.co.uk https://news.files.bbci.co.uk 'self'; font-src https://gel.files.bbci.co.uk https://ws-downloads.files.bbci.co.uk https://static.bbci.co.uk; frame-src https://polling.bbc.co.uk https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://emp.bbc.com https://emp.bbc.co.uk https://chartbeat.com https://*.chartbeat.com https://www.youtube.com https://platform.twitter.com https://www.instagram.com https://syndication.twitter.com https://news.files.bbci.co.uk https://www.bbc.co.uk https://bbc-maps.carto.com 'self'; img-src https://ichef.bbci.co.uk https://ping.chartbeat.net https://a1.api.bbc.co.uk/hit.xiti https://news.files.bbci.co.uk https://r.bbci.co.uk https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://syndication.twitter.com https://platform.twitter.com https://pbs.twimg.com https://i.ytimg.com https://ton.twimg.com https://news.bbcimg.co.uk https://static.bbc.co.uk data: 'self'; script-src https://news.files.bbci.co.uk https://*.chartbeat.com https://mybbc-analytics.files.bbci.co.uk https://emp.bbci.co.uk https://static.bbci.co.uk https://platform.twitter.com https://www.instagram.com http://www.instagram.com https://cdn.syndication.twimg.com https://static.bbc.co.uk https://www.bbc.co.uk https://passport-control.int.tools.bbc.co.uk/bookmarkletScript.js https://passport-control.test.tools.bbc.co.uk/bookmarkletScript.js https://passport-control.tools.bbc.co.uk/bookmarkletScript.js 'self' 'unsafe-inline'; style-src https://news.files.bbci.co.uk https://platform.twitter.com https://ton.twimg.com https://news.files.bbci.co.uk https://static.bbc.co.uk 'unsafe-inline'; worker-src 'self'; report-to default; upgrade-insecure-requests 2
frame-ancestors 'self' www.deubner-recht.de www.deubner-steuern.de www.deubner-verlag.de www.deubner-akademie.de; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 2
frame-ancestors 'self' *.facebook.com *.twitter.com *.google.com *.mentalhealth.org.uk 2
frame-ancestors 'self' http://ausbildungsplatzsuche.fv-eit-bw.de/ https://www.elektro-plus.com/ https://www.elektromobilitaet.nrw/ https://www.e-go-mobile.com/ https://www.deutschland-tankt-strom.de/ 2
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 2
form-action 'self' https://*.paypal.com https://*.moneybookers.com; frame-ancestors 'self' 2
default-src 'self'; script-src 'self' https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://vk.com https://*.facebook.net https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://fonts.googleapis.com https://*.mailchimp.com 'unsafe-inline'; img-src 'self' data: https://*.google.com https://*.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://vk.com https://*.vk.com https://www.facebook.com; child-src 'self' https://*.google.com https://www.youtube.com https://www.facebook.com; connect-src 'self' https://www.google-analytics.com https://*.amazonaws.com; media-src 'self' https://www.youtube.com/ https://*.amazonaws.com; font-src 'self' https://fonts.gstatic.com; 2
frame-ancestors 'self' http://webvisor.com https://webvisor.com 2
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://places-dsn.algolia.net https://places-3.algolianet.com; frame-src 'self'; img-src 'self' https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.fr https://www.google.com https://cdnjs.cloudflare.com; font-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
default-src https: data: blob: 'Unsafe-Inline' 'unsafe-eval'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com *.livechatinc.com; 2
object-src 'none'; frame-ancestors 'none' 2
default-src 'none'; frame-ancestors 'none'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; 2
default-src https: data: blob: 'unsafe-inline'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https:; base-uri 'self';  upgrade-insecure-requests; report-uri /csp.cgi 2
frame-ancestors 'self' facebook.com *.facebook.com 2
default-src 'none' ;report-to csp; report-uri https://report-uri.simplyadmire.com/ ; frame-ancestors 'self';script-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://*.readspeaker.com https://www.vrk.nl/GemeentebannersV2 https://*.readspeaker.com https://siteimproveanalytics.com https://gemeente-bloemendaal.email-provider.nl/a/ https://ilost.co ;object-src 'self'; style-src 'self' data: 'unsafe-inline' https://f1-eu.readspeaker.com ;img-src 'self' data: https://6006146.global.siteimproveanalytics.io https://eu2.siteimprove.com/ https://ilost.co ;media-src 'self' https://*.readspeaker.com ;frame-src 'self' https://bloemendaal.maps.arcgis.com https://heemstede.maps.arcgis.com https://*.readspeaker.com https://gemeente-bloemendaal.email-provider.nl/ https://ilost.co ;font-src 'self' data:;connect-src 'self' https://6006146.global.siteimproveanalytics.io/ https://rstts-eu.readspeaker.com/ https://www.google-analytics.com/ ; 2
frame-ancestors *.adobe.com  http://adobe.lookbookhq.com https://adobe.lookbookhq.com http://adobeenterprise.lookbookhq.com https://adobeenterprise.lookbookhq.com 2
font-src 'self' https:; base-uri 'self'; 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://goflo.nl; img-src * data: blob: 2
frame-ancestors 'self' https://*.lucky311.com https://*.playcx.com https://*.playdublinbet.com https://*.play31.com https://*.premierlivecasino.com https://*.sterlingcdn.com https://*.lucky31fr.com https://*.casinoextra2.com https://sterlingcdn.com https://*.sterlingcdn.com https://*.streatapp.com https://*.casinoextra100.com https://*.dublinsbet.com https://*.lucky-31.com https://*.casinoextra3.com https://*.dublinbet1.com https://*.prontocasino.com https://*.casino-estrellas.com https://*.dublinbet.org https://*.casinoextra.net https://*.fatboss.com https://*.casinoextraclub.com https://*.lucky31club.com https://*.dublinbetenvivo.com https://*.casinoestrellavip.com https://*.fatboss1.com https://*.fatboss1.net https://*.fatbossclub.com https://*.fatbossvip.com https://*.thefatboss.com https://*.thefatboss.net https://*.casinoextra2019.com https://*.casinoestrella2019.com https://*.dublinbet2019.com https://*.prontolive.se https://*.casinoextrawin.com https://*.dublinbetwin.com https://*.lucky31win.com https://*.onlinebingowin.com https://*.casinoestrellawin.com https://*.fatbosswin.com https://*.casinoextra2020.com https://*.dublinbet2020.com https://*.lucky312020.com https://*.onlinebingo2020.com https://*.casinoestrella2020.com https://*.fatboss2020.com https://*.casinoextraofficial.com https://*.dublinbetofficial.com https://*.lucky31official.com  https://*.onlinebingoofficial.com https://*.casinoestrellaofficial.com https://*.fatbossofficial.com https://*.futocasi.com  https://livecasino.betamogames.com https://livecasino.casinoestrella.com https://livecasino.casinoestrella1.com https://livecasino.casinoextra.com https://livecasino.casinoextrafr.com https://livecasino.oddsextra.com https://livecasino.onlinebingo.eu https://livecasino.playdublinbet.com https://livecasino.premierlivecasino.com https://livecasino.prontocasino.com https://mtm-static.casinomodule.com https://*.yggdrasilgaming.com https://nolimitjs.nolimitcdn.com  https://d1k6j4zyghhevb.cloudfront.net  https://quickfire3.gameassists.co.uk https://mobile3.gameassists.co.uk https://livegames.gameassists.co.uk https://lobby-estrella.betsoftgaming.com https://starfishcasino.tain.com https://www.alteagaming.com https://starfish-godwebclient-cur.geniigaming.net https://game3.betgames.tv https://*.betamogames.com https://game.itsreal.live https://starfishmedia-prod-dgm.ps-gamespace.com https://alvcw.playngonetwork.com https://apiprod.fundist.org https://gserver-starfishmedia.redtiger.cash https://aggr.softswiss.net https://*.zendesk.com https://guezcash.com https://fastwin.pro https://specialwin.biz https://kopsoft.net https://pages.tain.com https://*.tain.com 2
connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://smdhdsnappytv-vh.akamaihd.net https://smpdhdsnappytv-vh.akamaihd.net https://smmdhdsnappytv-vh.akamaihd.net https://rmdhdsnappytv-vh.akamaihd.net https://rmpdhdsnappytv-vh.akamaihd.net https://rmmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://smdhdsnappytv-vh.akamaihd.net https://smpdhdsnappytv-vh.akamaihd.net https://smmdhdsnappytv-vh.akamaihd.net https://rmdhdsnappytv-vh.akamaihd.net https://rmpdhdsnappytv-vh.akamaihd.net https://rmmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com   https://www.google-analytics.com https://twitter.com https://app.link  'nonce-NzQ5M2I5MTgtZjA1MC00OTg2LWJmMWEtOTYxNDgwMjk2Yzdh'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
frame-ancestors 'self' https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7vf527dfgkou2&partner=; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com customer-stories-feed.github.com spotlights-feed.github.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-fxnXIzThQRh9Ud5N5vGGNXxn8' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
style-src 'unsafe-inline' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://boards.greenhouse.io https://adserver.adtech.advertising.com https://cdn.jsdelivr.net; default-src https://*.flickr.com https://*.staticflickr.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org; img-src data: blob: https://*.flickr.com https://*.staticflickr.com https://ec.yimg.com https://image.maps.api.here.com https://*.paypal.com https://*.pinterest.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google.com https://*.google.de https://*.google.fr https://*.google.it https://*.google.co.uk https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://assets.adobedtm.com https://*.2o7.net https://hexagon-analytics.com https://*.flickrpro.com https://*.everesttech.net https://ad.turn.com https://aka-cdn.adtechus.com https://aol-match.dotomi.com https://cm.g.doubleclick.net https://ib.adnxs.com https://match.adsrvr.org https://pixel.advertising.com https://pixel.quantserve.com https://sync.mathtag.com https://x.bidswitch.net https://api.mapbox.com https://ssum.casalemedia.com https://sync.adtelligent.com https://prebid-match.dotomi.com https://rtb.openx.net https://eb2.3lift.com https://pixel.rubiconproject.com https://rtb.gamoshi.io https://ads.yieldmo.com https://sync.1rx.io https://ap.lijit.com https://prebid.adnxs.com https://dis.criteo.com https://bsw.digitru.st https://us-west-sync.bidswitch.net https://ups.analytics.yahoo.com; media-src https://*.flickr.com https://*.staticflickr.com https://*.http.atlas.cdn.yimg.com https://*.flickrpro.com; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-96efebc96566968510a6d807faa4421c' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://boards.greenhouse.io https://adserver.adtech.advertising.com https://cdn.jsdelivr.net; connect-src https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com http://api.flickr.com https://*.pinterest.com https://*.braintreegateway.com https://*.braintree-api.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://cdn.siftscience.com https://store.digitalriver.com https://*.flickrpro.com https://*.demdex.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://api.greenhouse.io https://*.flickrprints.net https://*.flickrprints.com https://csi.gstatic.com https://prebid.adnxs.com https://tlx.3lift.com https://*.adtech.advertising.com https://grid.bidswitch.net https://fastlane.rubiconproject.com https://hbopenbid.pubmatic.com https://as-sec.casalemedia.com https://ib.adnxs.com/ut/v3/prebid https://gum.criteo.com https://prg.smartadserver.com https://ice.360yield.com https://mug.criteo.com; frame-src https://*.flickr.com https://combo.staticflickr.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net https://tpc.googlesyndication.com https://*.doubleclick.net/ https://adservice.google.com https://cdn.ampproject.org https://boards.greenhouse.io https://ads.pubmatic.com https://ssum-sec.casalemedia.com https://www.googletagservices.com/pubconsole/ https://eb2.3lift.com https://eus.rubiconproject.com/ https://*.safeframe.googlesyndication.com/safeframe/ https://*.tynt.com/ https://*.adnxs.com/ https://*.indexww.com/ https://csync.smartadserver.com/; child-src https://*.flickr.com https://combo.staticflickr.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net https://tpc.googlesyndication.com https://*.doubleclick.net/ https://adservice.google.com https://cdn.ampproject.org https://boards.greenhouse.io https://ads.pubmatic.com https://ssum-sec.casalemedia.com https://www.googletagservices.com/pubconsole/ https://eb2.3lift.com https://eus.rubiconproject.com/ https://*.safeframe.googlesyndication.com/safeframe/ https://*.tynt.com/ https://*.adnxs.com/ https://*.indexww.com/ https://csync.smartadserver.com/; font-src https://*.staticflickr.com https://*.flickr.com data:; worker-src blob:; form-action https://*.flickr.com https://*.flickrpro.com; 1
default-src 'self' data: blob:;script-src *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src *.whatsapp.com *.whatsapp.net wss://*.facebook.com:*;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;frame-src *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8436118e-347f-4f0a-a29a-fd3da3a4934a 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com; script-src 'nonce-+wyn9+5UxOx591KXRBYsuilIXEPj4D83MKD/PO2RuUB7an90' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.dialogtech.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src an.yandex.ru yastat.net data: zen.yandex.ru yastatic.net 'self';media-src *.cdn.ngenix.net *.strm.yandex.net yandex.ru yastat.net banners.adfox.ru yastatic.net *.yandex.net data: *.strm.yandex.ru blob: strm.yandex.ru video-preview.s3.yandex.net content.adfox.ru;script-src ads.adfox.ru an.yandex.ru yastatic.net 'nonce-XsawqNLCg0RMEbxVwMFm1Q==' 'self' banners.adfox.ru yastat.net mc.yandex.ru yandex.ru zen.yandex.ru ads6.adfox.ru;img-src avatars-fast.yandex.net www.maximonline.ru yastat.net mc.yandex.ru mc.admetrica.ru avatars.mds.yandex.net strm.yandex.ru bs.serving-sys.com awaps.yandex.net banners.adfox.ru yastatic.net zen.yandex.ru zen.s3.yandex.net yandex.ru resize.yandex.net *.verify.yandex.ru thequestion.ru ad.doubleclick.net an.yandex.ru amc.yandex.ru px.moatads.com content.adfox.ru verify.yandex.ru yabs.yandex.ru favicon.yandex.net gdeby.hit.gemius.pl ads6.adfox.ru s3.mds.yandex.net auto.ru data: ads.adfox.ru ad.adriver.ru 'self' wcm-ru.frontend.weborama.fr www.kinopoisk.ru *.strm.yandex.net *.tns-counter.ru wcm.solution.weborama.fr;child-src mc.yandex.md awaps.yandex.net blob: yastatic.net yandexadexchange.net 'self' banners.adfox.ru mc.yandex.ru yandex.ru yastat.net *.yandex.ru zen.yandex.ru *.yandexadexchange.net;connect-src zen.yandex.ru yandex.ru matchid.adfox.yandex.ru *.strm.yandex.net thequestion.ru wss://portal-xiva.yandex.net awaps.yandex.net strm.yandex.ru auto.ru frontend.vh.yandex.ru ads.adfox.ru 'self' www.kinopoisk.ru yastatic.net portal-xiva.yandex.net www.maximonline.ru yabs.yandex.ru mc.admetrica.ru mc.yandex.ru yastat.net jstracer.yandex.ru games.yandex.ru *.cdn.ngenix.net adfox.yandex.ru wss://webasr.voicetech.yandex.net ads6.adfox.ru an.yandex.ru mobile.yandex.net;style-src banners.adfox.ru yastatic.net 'unsafe-inline' zen.yandex.ru yastat.net content.adfox.ru;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1594520673.22559.85436.517248&h=stable-morda-man-yp-449&csp=new&date=20200712&yandexuid=3471708611594520673;object-src avatars.mds.yandex.net;default-src yastat.net awaps.yandex.net zen.yandex.ru yastatic.net 1
default-src 'none'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com *.cdn-apple.com *.apple-mapkit.com *.apple-cloudkit.com *.apple-livephotoskit.com; style-src 'self' data: 'unsafe-inline' *.icloud.com *.apple.com *.cdn-apple.com; img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.apple-mapkit.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com; font-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.apple-mapkit.com; frame-src 'self' blob: mailto: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 1
frame-ancestors 'self' https://*.nasa.gov 1
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net *.pingdom.net adservice.google.com ajax.aspnetcdn.com ajax.googleapis.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com imasdk.googleapis.com js.rbxcdn.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com/iframe_api h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com authsite.roblox.com *.googletagmanager.com *.googleadservices.com https://googleads.g.doubleclick.net 1
script-src 'report-sample' 'nonce-RrPYRSONFOZxcHVm3LVZhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'nonce-RrPYRSONFOZxcHVm3LVZhA' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport 1
script-src 'self' 'unsafe-eval' https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://dpm.demdex.net https://sslwidget.criteo.com https://widget.as.criteo.com https://tnc.phonepe.com 'nonce-3034255125265111015'; style-src 'self' 'unsafe-inline' https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; img-src 'self' data: blob: https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://www.facebook.com https://*.fkapi.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://www.googleadservices.com https://sp.analytics.yahoo.com https://bat.bing.com https://bat.r.msn.com https://pay.payzippy.com https://1.pay.payzippy.com https://tnc.phonepe.com; font-src 'self' data: https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; frame-src 'self' https://*.flipkart.com http://*.flipkart.com https://*.youtube.com https://youtube.com https://*.vimeo.com https://dis.as.criteo.com https://gum.criteo.com https://pay.payzippy.com https://1.pay.payzippy.com https://tnc.phonepe.com https://cdemux.appspot.com 'nonce-3034255125265111015'; worker-src 'self' https://*.flipkart.com blob:; child-src 'self' https://*.flipkart.com 'nonce-3034255125265111015'; connect-src 'self' *; object-src 'none'; base-uri 'self'; report-uri https://sentry.flipkart.com/api/2/security/?sentry_key=b2fe488e344a47eda53b8d306edec9b7&sentry_release=3.62.0 1
frame-ancestors *.berkeley.edu berkeley.edu ; 1
frame-ancestors 'none'; upgrade-insecure-requests 1
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.ads-twitter.com https://*.dwin1.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 1
default-src * blob:; img-src * data: blob: resource:; connect-src * wss: blob: resource:; frame-src 'self' *.zhihu.com mailto: tel: weixin: *.vzuu.com mo.m.taobao.com getpocket.com note.youdao.com safari-extension://com.evernote.safari.clipper-Q79WDW8YH9 zhihujs: captcha.guard.qcloud.com pos.baidu.com dup.baidustatic.com openapi.baidu.com wappass.baidu.com passport.baidu.com; script-src 'self' blob: *.zhihu.com g.alicdn.com qzonestyle.gtimg.cn res.wx.qq.com open.mobile.qq.com 'unsafe-eval' unpkg.zhimg.com unicom.zhimg.com captcha.gtimg.com captcha.guard.qcloud.com pagead2.googlesyndication.com cpro.baidustatic.com pos.baidu.com dup.baidustatic.com i.hao61.net 'nonce-ac00f25c-feb1-4daf-b211-b466cb5777c8' hm.baidu.com zz.bdstatic.com www.googletagmanager.com resource:; style-src 'self' 'unsafe-inline' *.zhihu.com unicom.zhimg.com resource: captcha.gtimg.com 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ 'unsafe-inline' 'nonce-MTQxLDE4OCwxNDAsMTk2LDIwMiwxMzgsMjQwLDQ1'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://cdn.discordapp.com https://profile-photos.hackerone-user-content.com https://hackerone.com/assets/avatars/ https://safety.discord.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com/collect https://hackerone-api.discord.workers.dev ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src 'self' discordapp.com https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://www.youtube.com/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/; 1
default-src 'self' data: blob:;script-src 'unsafe-eval' 'unsafe-inline' *.facebook.com *.fbcdn.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *;connect-src 'self' https://*.whatsapp.com;font-src data:;img-src *;frame-src whatsapp:;block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self' http://*.moatads.com:*; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' * data:; media-src 'self' *; font-src 'self' *; connect-src 'self' *; 1
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-src * https://*.cardinalcommerce.com; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com blob:; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://songbird.cardinalcommerce.com/ https://www.recaptcha.net https://www.gstatic.cn 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-+DMqUACVS8B0N29g0M3MeqqvH2pF88VHSCl59PH+Z0Q=' 'sha256-M41/6bOohmtEGXhX0sg4sL8H1k9MPfj6D3icVbp1bmA=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://vdata.amap.com https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://includes.ccdc02.com https://includestest.ccdc02.com https://js.stripe.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=65f82403-3806-4d18-b957-43ac9d8034a3&version=sha%3D2e8e545d731&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=65f82403-3806-4d18-b957-43ac9d8034a3&version=sha%3D2e8e545d731&report_only=false 1
script-src 'nonce-32238a8e905bd41b294b6737542671ae' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.appcues.com *.appcues.net wss://*.appcues.net *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=5849937110981813; frame-ancestors 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/the-new-yorker 1
frame-ancestors 'self' https://banaozel.sahibinden.com 1
frame-ancestors 'self' https://cms.qz.com; upgrade-insecure-requests 1
frame-ancestors https://www.icicibank.com https://rmwb.icicibank.com https://ipfms.icicibank.com https://imbuat.icicibank.com https://cibnext.icicibank.com https://help.icicibank.com https://infiniteindia.icicibank.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://maps.googleapis.com https://s.go-mpulse.net; object-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.joomla.org https://*.pingdom.net https://*.googleapis.com https://*.doubleclick.net https://*.amazon-adsystem.com https://completion.amazon.com; style-src 'self' 'unsafe-inline' https://*.joomla.org https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com; connect-src 'self' https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://www.slideshare.net; font-src 'self' https://fonts.gstatic.com https://*.joomla.org; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.googleapis.com https://img.youtube.com  https://i1.ytimg.com https://i.ytimg.com https://i9.ytimg.com https://s.ytimg.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://*.assoc-amazon.com https://m.media-amazon.com https://opensourcematters.org https://*.opensourcematters.org; media-src 'self' https://*.googlevideo.com; report-uri https://joomla.report-uri.com/r/t/csp/enforce 1
object-src 'none'; base-uri 'none'; script-src https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://ngastatic.com https://www.googletagmanager.com https://assets.allegrostatic.com https://adservice.google.pl https://adservice.google.com https://securepubads.g.doubleclick.net https://ad.doubleclick.net https://allegro.hit.gemius.pl https://connect.facebook.net https://nebula-cdn.kampyle.com https://www.googletagservices.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://www.googleadservices.com https://s.ytimg.com https://www.google-analytics.com https://secure.payu.com https://maps.googleapis.com 'nonce-AM8RikY2vhsTPXwYB/3uhw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample'; block-all-mixed-content; report-uri https://edge.allegro.pl/seclog/csp 1
connect-src 'self' plus.google.com www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com; default-src 'self' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com *.googleapis.com *.google.com 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' *.googleapis.com *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com plus.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com; object-src 'none'; base-uri 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com; img-src * data: blob: 1
frame-ancestors *.leboncoin.fr; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
frame-ancestors census.gov http://*.census.gov https://*.census.gov 2020census.gov http://*.2020census.gov https://*.2020census.gov; 1
frame-ancestors 'self' *.wildberries.ru 1
default-src 'self' data: https://*.pcdn.co http://*.pcdn.co https://www.google-analytics.com https://www.googletagmanager.com http://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat http://t.co https://*.facebook.com https://*.facebook.net https://*.quora.com http://trk.in25app.com https://*.ads-twitter.com https://quantcast.mgr.consensu.org https://*.media.net http://*.media.net https://*.cookiepro.com https://*.onetrust.com https://*.twitter.com https://*.youtube.com https://*.ytimg.com https://noembed.com https://cdn.plyr.io https://*.akamaihd.net https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com 'unsafe-inline'; 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.skype.com 1
default-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/; style-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ 'unsafe-inline'; script-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ https://ssl.google-analytics.com/ga.js 'unsafe-inline' resource: data: blob:; img-src 'self' https://www.freebsd.org/ https://docs.freebsd.org https://ssl.google-analytics.com/ https://chart.googleapis.com/ data: blob:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ 'unsafe-inline' 'nonce-MTAwLDE2NSwzMCwxNDUsMjgsMTA2LDMsMTU5'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://cdn.discordapp.com https://profile-photos.hackerone-user-content.com https://hackerone.com/assets/avatars/ https://safety.discord.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com/collect https://hackerone-api.discord.workers.dev ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src 'self' discordapp.com https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://www.youtube.com/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/; 1
block-all-mixed-content; report-uri /csp-report?p=; base-uri 'none'; default-src 'none'; style-src 'unsafe-inline' 'self' https://*.stripecdn.com; connect-src 'self' https://errors.stripe.com https://*.stripecdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ga.clearbit.com; font-src 'self' https://*.stripecdn.com; frame-src 'self' https://*.stripecdn.com https://www.googletagmanager.com; img-src 'self' https://*.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com data:; media-src 'self' https://*.stripecdn.com https://videos.ctfassets.net; script-src 'self' 'sha256-7wG5aS4LzFTnivd3ZzXUKAJ/FQ9Fd4qaJY90gKwXK2w=' 'sha256-+xOQiLMtZ+5orfy7A6//EpB1uq9kmO5bW7LwOCXRpAA=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://*.stripecdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net 'sha256-ELZBkO1eLwWs6QKigj+FQzktzusJRQek0e2CLudl4N8=' https://www.googletagmanager.com https://ga.clearbit.com 'report-sample' 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob: 1
default-src 'self'; img-src https: data: 1
default-src 'self' *.ecosia.org data: *.sentry.io; script-src 'sha256-c0XSBlI3NkA0UeOvjInlym9oXODLVAMsyqh0S71+Duw=' 'self' 'self' *.ecosia.org *.sentry.io; img-src 'self' *.ecosia.org s3.amazonaws.com data: ecosia-notifications.ghost.io; style-src 'self' *.ecosia.org 'unsafe-inline'; connect-src 'self' *.ecosia.org *.sentry.io; frame-ancestors 'none'; form-action 'self' *.ecosia.org 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' s.ytimg.com  idealanalyticsapi.dbs.com vc.hotjar.io https://qmslivechat.dbs.com www.orangeteeproperties.com storage.googleapis.com v1.addthisedge.com v1.addthis.com ampcid.google.com adservice.google.com ad.doubleclick.net ampcid.google.com.sg amp-error-reporting.appspot.com cdn.ampproject.org ssl.gstatic.com i.travelapi.com http://www.tripadvisor.com marketplace.dbs.com.sg marketplace-pilot.dbs.com.sg avp.blob.core.windows.net marketplace-pilot.dbs.com in.hotjar.com prod2-content-care-community-cdn.sprinklr.com script.hotjar.com vars.hotjar.com http://www.outbrain.com static.hotjar.com pixel.tapad.com res.cloudinary.com sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com directline.com blob: data:; style-src 'self' 'unsafe-inline' tagmanager.google.com prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com chatbanking.dbs.com; 1
default-src 'self' ; connect-src 'self' https://s1259914507.t.eloqua.com https://www.google-analytics.com https://syndication.twitter.com https://api.company-target.com; font-src 'self' https://fonts.mopub.com http://cdn.cms-mpdigitalassets.com data:; frame-src 'self' https://www.youtube.com https://*.mopub.com; img-src 'self' https://www.google-analytics.com https://s1259914507.t.eloqua.com https://*.ads.linkedin.com https://*.g.doubleclick.net http://cdn.cms-mpdigitalassets.com data:; media-src 'self' https://*.mopub.com http://cdn.cms-mpdigitalassets.com; object-src 'self' https://*.mopub.com http://cdn.cms-mpdigitalassets.com; script-src 'self' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' https://*.mopub.com 'nonce-a18b3202877bc072733538ff439a509' http://cdn.cms-mpdigitalassets.com; style-src 'self' 'unsafe-inline' http://cdn.cms-mpdigitalassets.com; report-uri ; frame-ancestors 'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thoughtco.com *.qa.aws.thoughtco.com apollo.thoughtco.com apollo.local.thoughtco.com atlas.thoughtco.com atlas.local.thoughtco.com 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.vn *.shopee.cn *.facebook.com;  1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://seekingalpha.com/report/csp 1
script-src 'nonce-4300b1526d09326bbfa8e2031c1c1334' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.appcues.com *.appcues.net wss://*.appcues.net *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1268950741115716; frame-ancestors 'self' 1
style-src 'unsafe-inline' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://boards.greenhouse.io https://adserver.adtech.advertising.com https://cdn.jsdelivr.net; default-src https://*.flickr.com https://*.staticflickr.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org; img-src data: blob: https://*.flickr.com https://*.staticflickr.com https://ec.yimg.com https://image.maps.api.here.com https://*.paypal.com https://*.pinterest.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google.com https://*.google.de https://*.google.fr https://*.google.it https://*.google.co.uk https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://assets.adobedtm.com https://*.2o7.net https://hexagon-analytics.com https://*.flickrpro.com https://*.everesttech.net https://ad.turn.com https://aka-cdn.adtechus.com https://aol-match.dotomi.com https://cm.g.doubleclick.net https://ib.adnxs.com https://match.adsrvr.org https://pixel.advertising.com https://pixel.quantserve.com https://sync.mathtag.com https://x.bidswitch.net https://api.mapbox.com https://ssum.casalemedia.com https://sync.adtelligent.com https://prebid-match.dotomi.com https://rtb.openx.net https://eb2.3lift.com https://pixel.rubiconproject.com https://rtb.gamoshi.io https://ads.yieldmo.com https://sync.1rx.io https://ap.lijit.com https://prebid.adnxs.com https://dis.criteo.com https://bsw.digitru.st https://us-west-sync.bidswitch.net https://ups.analytics.yahoo.com; media-src https://*.flickr.com https://*.staticflickr.com https://*.http.atlas.cdn.yimg.com https://*.flickrpro.com; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-88268b38c5bc4d4be855b20d8f7ae206' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://boards.greenhouse.io https://adserver.adtech.advertising.com https://cdn.jsdelivr.net; connect-src https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com http://api.flickr.com https://*.pinterest.com https://*.braintreegateway.com https://*.braintree-api.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://cdn.siftscience.com https://store.digitalriver.com https://*.flickrpro.com https://*.demdex.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://api.greenhouse.io https://*.flickrprints.net https://*.flickrprints.com https://csi.gstatic.com https://prebid.adnxs.com https://tlx.3lift.com https://*.adtech.advertising.com https://grid.bidswitch.net https://fastlane.rubiconproject.com https://hbopenbid.pubmatic.com https://as-sec.casalemedia.com https://ib.adnxs.com/ut/v3/prebid https://gum.criteo.com https://prg.smartadserver.com https://ice.360yield.com https://mug.criteo.com; frame-src https://*.flickr.com https://combo.staticflickr.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net https://tpc.googlesyndication.com https://*.doubleclick.net/ https://adservice.google.com https://cdn.ampproject.org https://boards.greenhouse.io https://ads.pubmatic.com https://ssum-sec.casalemedia.com https://www.googletagservices.com/pubconsole/ https://eb2.3lift.com https://eus.rubiconproject.com/ https://*.safeframe.googlesyndication.com/safeframe/ https://*.tynt.com/ https://*.adnxs.com/ https://*.indexww.com/ https://csync.smartadserver.com/; child-src https://*.flickr.com https://combo.staticflickr.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net https://tpc.googlesyndication.com https://*.doubleclick.net/ https://adservice.google.com https://cdn.ampproject.org https://boards.greenhouse.io https://ads.pubmatic.com https://ssum-sec.casalemedia.com https://www.googletagservices.com/pubconsole/ https://eb2.3lift.com https://eus.rubiconproject.com/ https://*.safeframe.googlesyndication.com/safeframe/ https://*.tynt.com/ https://*.adnxs.com/ https://*.indexww.com/ https://csync.smartadserver.com/; font-src https://*.staticflickr.com https://*.flickr.com data:; worker-src blob:; form-action https://*.flickr.com https://*.flickrpro.com; 1
default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com ad.doubleclick.net; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-eChL3Ai7iG0CW/GmY6gLm8uOFgFARb9deJ2fkdcTlDRAbh5X' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com https://*.go-mpulse.net https://*.akstat.io; img-src 'self' https: data:; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://nexus.ensighten.com https://*.go-mpulse.net https://*.akstat.io; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors http://*.house.gov https://*.house.gov http://*.senate.gov https://*.senate.gov http://*.loc.gov https://*.loc.gov http://*.congress.gov https://*.congress.gov 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.lifewire.com *.qa.aws.lifewire.com apollo.lifewire.com apollo.local.lifewire.com atlas.lifewire.com atlas.local.lifewire.com 1
default-src 'self'; img-src https://optimize.google.com * data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://js.stripe.com; frame-src www.youtube-nocookie.com https://optimize.google.com;  connect-src https://www.google-analytics.com https://api.stripe.com https://new-integration.adblockplus.org; font-src 'self' https://fonts.gstatic.com; 1
img-src 'self' data: web-prod-storage.s3.amazonaws.com s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/ i.ytimg.com www.youtube.com player.vimeo.com ustvstaticcdn1-a.akamaihd.net www.slideshare.net cdn.slidesharecdn.com www.gravatar.com stats.g.doubleclick.net cdnjs.cloudflare.com *.staticflickr.com *.cdninstagram.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com www.facebook.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.google.com; font-src 'self' public.slidesharecdn.com fonts.gstatic.com; frame-src 'self' www.youtube.com player.vimeo.com www.ustream.tv www.slideshare.net *.wufoo.com calendar.google.com docs.google.com www.google.com maps.google.com accounts.google.com cse.google.com s3-us-west-2.amazonaws.com form.jotform.com static.addtoany.com *.facebook.com *.facebook.net api-a3b78b57.duosecurity.com cdn.knightlab.com www.buzzsprout.com; default-src 'self'; connect-src 'self' www.google-analytics.com stats.addtoany.com sentry.io; media-src 'self' www.youtube.com player.vimeo.com; form-action 'self' *.wufoo.com docs.google.com www.its.caltech.edu caltech.us5.list-manage.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.mathjax.org stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.google.com *.googleapis.com api.duosecurity.com browser.sentry-cdn.com www.feedrapp.info sentry.io static.addtoany.com *.facebook.net; child-src 'self' www.youtube.com player.vimeo.com www.slideshare.net *.wufoo.com calendar.google.com docs.google.com accounts.google.com; base-uri *.caltech.edu; frame-ancestors *.caltech.edu; object-src 'self'; report-uri /_csp 1
media-src *.strm.yandex.ru data: yastatic.net *.cdn.ngenix.net yandex.ru strm.yandex.ru *.strm.yandex.net video-preview.s3.yandex.net banners.adfox.ru content.adfox.ru blob: *.yandex.net yastat.net;script-src yastat.net an.yandex.ru ads6.adfox.ru 'nonce-l+qkOmN7cEjOwVCbwi/NPQ==' ads.adfox.ru zen.yandex.ru banners.adfox.ru mc.yandex.ru 'self' yandex.ru yastatic.net;font-src zen.yandex.ru data: yastatic.net an.yandex.ru yastat.net 'self';style-src zen.yandex.ru banners.adfox.ru yastatic.net yastat.net 'unsafe-inline' content.adfox.ru;object-src avatars.mds.yandex.net;img-src avatars.mds.yandex.net strm.yandex.ru ad.adriver.ru ad.doubleclick.net bs.serving-sys.com *.verify.yandex.ru favicon.yandex.net auto.ru mc.admetrica.ru ads6.adfox.ru an.yandex.ru avatars-fast.yandex.net wcm-ru.frontend.weborama.fr thequestion.ru yabs.yandex.ru www.kinopoisk.ru *.tns-counter.ru data: www.maximonline.ru content.adfox.ru zen.yandex.ru awaps.yandex.net ads.adfox.ru amc.yandex.ru wcm.solution.weborama.fr verify.yandex.ru banners.adfox.ru mc.yandex.ru *.strm.yandex.net 'self' yandex.ru zen.s3.yandex.net yastatic.net gdeby.hit.gemius.pl px.moatads.com yastat.net s3.mds.yandex.net resize.yandex.net;child-src zen.yandex.ru banners.adfox.ru awaps.yandex.net mc.yandex.ru yastat.net *.yandexadexchange.net blob: mc.yandex.md yastatic.net 'self' *.yandex.ru yandexadexchange.net yandex.ru;default-src yastatic.net awaps.yandex.net zen.yandex.ru yastat.net;connect-src yastat.net www.maximonline.ru awaps.yandex.net frontend.vh.yandex.ru adfox.yandex.ru zen.yandex.ru ads.adfox.ru jstracer.yandex.ru www.kinopoisk.ru yabs.yandex.ru yandex.ru 'self' matchid.adfox.yandex.ru yastatic.net ads6.adfox.ru an.yandex.ru mc.admetrica.ru auto.ru wss://webasr.voicetech.yandex.net games.yandex.ru mc.yandex.ru portal-xiva.yandex.net thequestion.ru *.strm.yandex.net mobile.yandex.net strm.yandex.ru *.cdn.ngenix.net wss://portal-xiva.yandex.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1594528315.79944.97938.521799&h=prestable-morda-vla-yp-173&csp=new&date=20200712&yandexuid=3747906071594528315 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.com.my *.shopee.cn *.facebook.com;  1
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: sync.adap.tv sync.adaptv.advertising.com *.adroll.com ssp.adskom.com sync.ad-stir.com *.akamaihd.net *.appier.net *.adnxs.com x.bidswitch.net bat.bing.com *.bizographics.com sjs.bizographics.com bookeo.com www-2903b.bookeo.com britishcouncil-email.createsend.com tags.clickintext.net apps-cdn.britishcouncil.org *.disquscdn.com *.disqus.com disqus.com *.doubleclick.net loadus.exelator.com ps.eyeota.net *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net cs.gssprt.jp www.google.de www.google.es *.google.com *.google.co.uk *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com *.ytimg.com britishcouncil.github.io *.linkedin.com snap.licdn.com idsync.rlcdn.com sync.crwdcntrl.net ml314.com *.mathtag.com aa.agkn.com bam.nr-data.net js-agent.newrelic.com olc.live.solas.britishcouncil.digital *.openx.net *.optimizely.com stags.bluekai.com cdn.polyfill.io *.qualaroo.com s3.amazonaws.com pixel.rubiconproject.com *.salesforceliveagent.com embed.scribblelive.com *.scupio.com *.semasio.net *.sharethis.com *.socdm.com sui.britishcouncil.org *.streamamg.com public.tableau.com tapestry.tapad.com match.adsrvr.org *.ads-twitter.com *.twimg.com *.twitter.com d17m68fovwmgxj.cloudfront.net ucarecdn.com *.vimeocdn.com player.vimeo.com vimeo.com vk.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com *.webtrends.com statse.webtrendslive.com dev.visualwebsiteoptimizer.com britishcouncil.wufoo.com *.yahoo.com b92.yahoo.co.jp s.yimg.com www.youtube.com *.instagram.com *.hotjar.com cookies.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.shorthand.com *.shorthandstories.com*.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none';              img-src 'self';              style-src 'self';              script-src 'self' https://www.openhub.net;              font-src 'self';              child-src 'self' https://www.openhub.net https://www.youtube.com https://www.youtube-nocookie.com;              object-src 'none';              media-src 'self' https://download.gimp.org https://www.mirrorservice.org;              base-uri 'self';              form-action 'self' https://www.paypal.com https://gitlab.gnome.org;              frame-ancestors 'self'; 1
frame-ancestors https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalance.com *.qa.aws.thebalance.com apollo.thebalance.com apollo.local.thebalance.com atlas.thebalance.com atlas.local.thebalance.com 1
sandbox allow-forms allow-modals allow-orientation-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts 1
frame-ancestors 'self' *.coe.int 1
block-all-mixed-content; frame-ancestors 'self'; 1
script-src 'nonce-58h9rTw9kV5Y-bYFrioBng' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/about_google; base-uri 'none' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/vogue 1
default-src 'self';connect-src 'self' ws: https://*.google-analytics.com https://s3-eu-west-1.amazonaws.com;img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com/ data: https://*.google-analytics.com https://*.doubleclick.net https://s3.amazonaws.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://js-agent.newrelic.com/nr-1044.min.js https://www.google.com https://www.gstatic.com https://*.google-analytics.com http://*.getclicky.com;style-src 'self' 'unsafe-inline' http://maxcdn.bootstrapcdn.com https://*.googleapis.com https://www.gstatic.com;font-src 'self' https://www.gstatic.com https://*.gstatic.com http://maxcdn.bootstrapcdn.com;frame-src 'self' https://www.google.com https://*.s3.amazonaws.com;report-uri /csp; 1
frame-ancestors https://www.useetv.com https://www.rctiplus.com https://technology.uzone.id https://entertainment.uzone.id https://automotive.uzone.id https://travel.uzone.id https://movie.uzone.id https://hangout.uzone.id http://internetpositif.uzone.id http://mercusuar.uzone.id https://sport.uzone.id https://health.uzone.id https://games.uzone.id https://startup.uzone.id https://telco.uzone.id https://gadget.uzone.id https://digilife.uzone.id https://www.alexa.com https://certify-js.alexametrics.com https://uzone.id 1
object-src 'none'; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com plus.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com *.googleapis.com *.google.com 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' *.googleapis.com *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com; default-src 'self' *.gstatic.com; img-src * data: blob:; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com; base-uri 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com 1
default-src 'self' https://arduino.cc; script-src 'self' 'unsafe-inline' data: https://tagmanager.google.com/debug https://js.intercomcdn.com https://widget.intercom.io https://*.googletagservices.com https://*.googlesyndication.com https://consent.trustarc.com https://forum.arduino.cc https://store.arduino.cc https://store-cdn.arduino.cc https://arduino.cc https://checkout.stripe.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://ads.supplyframe.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://js.stripe.com https://auth.arduino.cc https://hydra.arduino.cc https://cdn.arduino.cc https://content.arduino.cc https://cdnjs.cloudflare.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://code.jquery.com https://arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://content.arduino.cc; font-src 'self' https://content.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://js.intercomcdn.com/fonts/; img-src 'self' data: https:; connect-src 'self' https://login.arduino.cc https://auth.arduino.cc https://blog.arduino.cc https://api.arduino.cc https://api2.arduino.cc https://my.arduino.cc https://forum.arduino.cc https://store.arduino.cc https://checkout.stripe.com https://api.stripe.com https://cdn.arduino.cc https://www.google-analytics.com https://cdn-stag.arduino.cc https://trackerapi.trustarc.com https://api-iam.intercom.io/messenger/web/ wss://nexus-websocket-a.intercom.io/pubsub/ https://api-iam.intercom.io/messenger/web/ping; child-src 'self' https://create.arduino.cc https://downloads.arduino.cc https://checkout.stripe.com https://www.youtube.com https://js.stripe.com https://www.hackster.io; frame-src 'self' https://login.arduino.cc https://consent-pref.trustarc.com https://hydra.arduino.cc https://auth.arduino.cc https://create.arduino.cc https://downloads.arduino.cc https://docs.google.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://www.hackster.io https://staticxx.facebook.com https://iframe.dacast.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
default-src https: data: vine:;img-src 'self' data: https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com https://t.co https://analytics.twitter.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://twemoji.maxcdn.com https://twitter.github.io/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vine.co https://*.twitter.com https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co https://platform.vine.co https://stats.g.doubleclick.net https://ssl.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co;media-src 'self' blob: https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://*.vncdn.co https://media.vineapp.com;object-src 'self' blob: https://vine.co https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com;connect-src 'self' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com https://graph.facebook.com;font-src 'self' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co;report-uri https://twitter.com/i/csp_report?a=OZUW4ZI=&ro=false 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.co.th *.shopee.cn *.facebook.com;  1
default-src 'self' https://*; connect-src 'self' https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' https://* blob: data:; img-src 'self' https://* blob: data:; media-src 'self' https://* blob: data:; object-src 'self' https://* blob: data:; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* 'unsafe-inline'; 1
frame-ancestors 'self' *.app.clicktale.com app.optimizely.com analytics.google.com; 1
frame-ancestors 'self' https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0vpilghfglrkb&partner=; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancecareers.com *.qa.aws.thebalancecareers.com apollo.thebalancecareers.com apollo.local.thebalancecareers.com atlas.thebalancecareers.com atlas.local.thebalancecareers.com 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://*.youtube.com/iframe_api https://*.ytimg.com https://apis.google.com https://accounts.google.com/gsi/client 'sha256-X/2y0k5CqBhwyz7GjCuTbjDh8SEG3n0yZQXUof0iutg=' 'sha256-NcpdQlNlNRkHugLjvly0tTsNmv1u+XFNMVyZJt9OME8=' 'sha256-X0JWsAG/k2sIeTfXAL+VH5SdA6bef2aT/CoRG/FEQFc=' 'sha256-uV3MJak3jcDQZeDpjoi5NuUOKAQe8qE+Z+MpOCWxhpE=' 'sha256-Bv1iXGLhTynxdNruU+taauqCn9hasRiuUf78c9KuhE8=' 'sha256-uiC+UX/TsEbDu+MRNmLKMUaKe4GLDDlvH+iEtlIDsog=' 'sha256-0Cqwq2yr0A7o9kZpqY/cNveUUoUADOFM99v4/8FS4i4=' 'sha256-iesGR3JHRGeyvATAtjwQmvlAioN6sazp6KuT/uKGobQ=' 'sha256-QANjaoIfOQm9O/Caf6DcNtAQEU052VPjPZkZCkqFlbc='; object-src 'none'; frame-src 'self' *.googletagmanager.com *.doubleclick.net https://*.google.com https://*.youtube.com https://accounts.google.com/; default-src 'self'; img-src 'self' data: *.googleapis.com https://*.googleadservices.com *.google-analytics.com *.googletagmanager.com https://*.doubleclick.net https://*.google.com *.youtube.com https://*.ytimg.com https://*.googleusercontent.com; font-src 'self' fonts.gstatic.com; base-uri 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com/gsi/style; connect-src 'self' https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://getsubscriptions.withgoogle.com https://newsletter-wg.appspot.com https://login.thinkwithgoogle.com 1
default-src 'none'; script-src 'self' cdn.robinhood.com 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com; frame-src www.google.com/recaptcha/ www.youtube.com/embed/ www.googletagmanager.com tr.snapchat.com; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com; font-src 'self' cdn.robinhood.com data:; media-src 'self' cdn.robinhood.com; img-src 'self' cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net images.ctfassets.net/fomw95h5b4ty/ www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com tr.snapchat.com; connect-src 'self' robinhood.com *.robinhood.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com sentry.io www.googletagmanager.com tagmanager.google.com; block-all-mixed-content; upgrade-insecure-requests; report-uri https://report-uri.robinhood.com/_csp?type=static-sites; base-uri 'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruce.com *.qa.aws.thespruce.com apollo.thespruce.com apollo.local.thespruce.com atlas.thespruce.com atlas.local.thespruce.com 1
frame-ancestors 'self'; upgrade-insecure-requests; 1
script-src 'report-sample' 'nonce-al2D+zJThOGmZX4Q6Psiow' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
connect-src 'self' https: blob: data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/; img-src 'self' https://www.google-analytics.com/ https://www.paypalobjects.com/ https://stats.g.doubleclick.net/; style-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none' 1
frame-ancestors *.skysports.com *.livefyre.com *.google.com *.google.co.uk *.ampproject.org; 1
frame-ancestors 'self' https://*.eluniverso.com http://*.eluniverso.com https://*.ampproject.net http://*.2mdn.net https://*.2mdn.net 1
script-src 'report-sample' 'nonce-03/mjqcKMGBe71/JdYrdGQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /webstore/cspreport 1
default-src https:; style-src https: 'unsafe-inline'; img-src       * data:; worker-src    * blob:; font-src      *; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src   *; 1
frame-ancestors 'self' *.everydayhealth.com *.infermedica.com *.ceros.com *.opinionstage.com *.doctor.com *.googleapis.com *.zdbb.net *.specless.tech *.specless.io 1
child-src 'self'; connect-src 'self' data: http://*.api.useinsider.com http://*.crazyegg.com http://useinsider.com https://*.api.useinsider.com https://*.crazyegg.com https://*.facebook.com https://*.g.doubleclick.net https://*.gaconnector.com https://*.google-analytics.com https://*.google.com https://*.hubapi.com https://*.hubspot.com https://*.jquery.com https://*.lever.co https://useinsider.com wss://useinsider.com; default-src 'self' http://*.crazyegg.com http://*.googleapis.com https://*.ads.linkedin.com https://*.crazyegg.com https://*.google-analytics.com https://*.google.com https://*.google.ie https://*.googleapis.com; font-src 'self' data: http://*.bootstrapcdn.com http://*.gstatic.com http://useinsider.com https://*.bootstrapcdn.com https://*.gstatic.com https://useinsider.com wss://useinsider.com; frame-src 'self' http://*.api.useinsider.com http://*.googletagmanager.com http://useinsider.com https://*.api.useinsider.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.hsadspixel.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.youtube.com https://useinsider.com wss://useinsider.com; img-src 'self' data: http://*.googletagmanager.com http://*.gravatar.com http://*.gstatic.com http://*.useinsider.com http://useinsider.com https://*.ads.linkedin.com https://*.cdninstagram.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.at https://*.google.az https://*.google.be https://*.google.bs https://*.google.by https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.ma https://*.google.co.th https://*.google.co.uk https://*.google.co.za https://*.google.com https://*.google.com.au https://*.google.com.bn https://*.google.com.br https://*.google.com.ec https://*.google.com.eg https://*.google.com.gt https://*.google.com.hk https://*.google.com.kh https://*.google.com.lb https://*.google.com.mt https://*.google.com.my https://*.google.com.ng https://*.google.com.np https://*.google.com.ph https://*.google.com.pk https://*.google.com.sa https://*.google.com.sg https://*.google.com.sv https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gg https://*.google.hr https://*.google.hu https://*.google.ie https://*.google.iq https://*.google.it https://*.google.jo https://*.google.kg https://*.google.kz https://*.google.mg https://*.google.mn https://*.google.mu https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.se https://*.google.si https://*.google.sn https://*.google.tn https://*.google.tt https://*.googletagmanager.com https://*.gravatar.com https://*.gstatic.com https://*.hsforms.com https://*.hubspot.com https://*.useinsider.com https://*.ytimg.com https://google.com.pr https://google.com.tr https://linkedin.com https://s.w.org https://useinsider.com wss://useinsider.com; manifest-src 'self'; media-src 'self' http://*.gstatic.com https://*.cdninstagram.com https://*.gstatic.com; object-src 'self' http://useinsider.com https://useinsider.com wss://useinsider.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.api.useinsider.com http://*.bootstrapcdn.com http://*.crazyegg.com http://*.googleadservices.com http://*.googleapis.com http://*.googletagmanager.com http://*.gstatic.com http://*.hs-analytics.net http://*.hs-scripts.com http://*.useinsider.com http://useinsider.com https://*.ads.linkedin.com https://*.api.useinsider.com https://*.bizographics.com https://*.bootstrapcdn.com https://*.crazyegg.com https://*.facebook.net https://*.g.doubleclick.net https://*.gaconnector.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hs-analytics.net https://*.hs-scripts.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.jquery.com https://*.licdn.com https://*.soundcloud.com https://*.useinsider.com https://*.usemessages.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://useinsider.com wss://useinsider.com; style-src 'self' 'unsafe-inline' http://*.api.useinsider.com http://*.bootstrapcdn.com http://*.googleapis.com http://*.googletagmanager.com http://useinsider.com https://*.api.useinsider.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://useinsider.com wss://useinsider.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_6909c94ca33c4f3bb39594950c0c0991 1
default-src 'self' *.filezilla-project.org; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.adobedtm.com *.demdex.net *.decibelinsight.net *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.google-analytics.com *.google.com *.youtube.com *.ytimg.com *.doubleclick.net *.twinesocial.com *.pusher.com *.cloudflare.com *.zmags.com *.raisenow.com *.newrelic.com *.nr-data.net *.adobe.com; upgrade-insecure-requests; object-src *.ubs.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/pitchfork 1
frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.com http://*.58corp.com 1
default-src https:; img-src https: data:; frame-ancestors 'none' 1
frame-ancestors *.dowjones.net *.onservo.com 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-2a6d00cc8c5e46eb8f6c5e641d3cb1ad'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
default-src 'self' 'unsafe-inline'; img-src * data:; frame-ancestors 'self' 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.ph *.shopee.cn *.facebook.com;  1
default-src * 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
frame-ancestors https://www.ato.gov.au https://virtualassistant.ato.gov.au https://group2.tdv.atogov.acc.ato.gov.au 1
script-src 'nonce-6610304552600121584225f7589fdca3' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.appcues.com *.appcues.net wss://*.appcues.net *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=7459517270506908; frame-ancestors 'self' 1
frame-ancestors 'self' www.sprint.com shop.sprint.com mysprint.sprint.com m.sprint.com es.sprint.com sprint.inq.com static.inq.com api-sprint.touchcommerce.com auth-sprint.touchcommerce.com portal-sprint.touchcommerce.com chatrouter-sprint.inq.com cobrowse-sprint.inq.com forms-sprint.inq.com media-sprint.inq.com api.touchcommerce.com auth.touchcommerce.com portal.touchcommerce.com chatrouterv3.inq.com cobrowse.inq.com formsv3.inq.com mediav3.inq.com business.sprint.com smallbusiness.sprint.com stage-er-www.sprint.com opmt.sprint.com tc.sprint.com storelocator.sprint.com storelocator-staging.sprint.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/self 1
default-src https: 'unsafe-inline' 'unsafe-eval'; media-src * blob:;  img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation allow-modals; 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://cps-static.rovicorp.com https: data: 1
default-src 'self' *.mo.gov; connect-src 'self' *.usgs.gov *.googleapis.com *.bam.nr-data.net *.nr-data.net *.mixpanel.com https://data.mo.gov/ *.mo.gov *.mxpnl.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.cloudfront.net *.d1l6p2sc9645hc.cloudfront.net *.ytimg.com *.youtube.com *.govdelivery.com *.google-analytics.com *.jquery.com *.wufoo.com https://wufoo.com *.googleapis.com *.google.com *.mo.gov *.gosquared.com *.newrelic.com *.twimg.com *.twitter.com *.nr-data.net *.kxcdn.com *.datatables.net *.thinglink.me *.thinglink.com *.addthisedge.com *.addthis.com *.d3js.org *.js-agent.newrelic.com *.bam.nr-data.net *.www.google-analytics.com *.html5shiv.googlecode.com *.translate.google.com ; style-src 'unsafe-inline' *.mo.gov *.gstatic.com *.googleapis.com *.twimg.com *.twitter.com *.datatables.net *.thinglink.me ; frame-src *.mo.gov *.facebook.com *.adobe.com *.soundcloud.com *.w.soundcloud.com *.thinglink.me *.youtube-nocookie.com *.youtube.com *.wufoo.com *.twitter.com *.google.com *.addthis.com *.cdc.gov *.arcgis.com ; object-src 'self' *.mo.gov *.flickr.com *.brightcove.com ; font-src * 'unsafe-inline'  data: ; img-src * 'unsafe-inline' *.twimg.com data:  1
default-src 'self' blob: ; style-src https: 'self' 'unsafe-inline' blob: *.onetrust.com fast.wistia.com *.wistia.com *.wistia.net *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.onetrust.local *.youtube-nocookie.com *.googleleadservices.com ;script-src 'self' 'unsafe-inline' blob: 'unsafe-eval'  fast.wistia.com *.wistia.com *.wistia.net *.onetrust.com *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.amazonaws.com *.gstatic.com *.google.com *.greenhouse.io *.onetrust.local onetrust.local *.google-analytics.com *.youtube-nocookie.com *.bizographics.com *.bing.com *.en25.com *.googleleadservices.com *.eloqua.com *.licdn.com;font-src https: 'self' data: *.googletagmanager.com fonts.google.com;img-src * data: fast.wistia.com *.wistia.com *.wistia.net *.akamaihd.net *.greenhouse.io *.onetrust.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net *.akamaihd.net *.youtube-nocookie.com;object-src 'none'; frame-ancestors 'self'; frame-src 'self' fast.wistia.com *.wistia.com *.wistia.net *.onetrust.com *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.youtube-nocookie.com *.google.com *.gstatic.com;connect-src 'self' data: * pipedream.wistia.com distillery.wistia.com embed-e.wistia.com *.wistia.com *.wistia.net ; 1
frame-ancestors 'self' *.miami.edu; 1
default-src 'self' badoo.com eu1.badoo.com us1.badoo.com *.badoo.com *.eu1.badoo.com *.us1.badoo.com badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com   *.api.here.com *.paypal.com *.googlesyndication.com api.giphy.com api.tenor.com *.doubleclick.net *.agora.io:* wss://*.agora.io:* wss://badoocdn.com:* wss://*.badoocdn.com:* https://www.google.com https://www.google-analytics.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.googletagmanager.com *.api.here.com *.instagram.com *.digicert.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; frame-src * bds: bdp:; prefetch-src 'self' *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; frame-ancestors 'self' apps.facebook.com; report-uri /jss/csp_report.phtml 1
frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval'; 1
script-src 'nonce-8Y40HRCb8lSD3l+nFO3djw' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.googleadservices.com https://googleads.g.doubleclick.net http://www.gstatic.com/wcm/;report-uri /_/GeoMerchantPrestoSiteUi/cspreport 1
frame-ancestors https://edmodo.com https://*.edmodo.com; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-TERwwUPlJZx9LaPtJcjQNIjIcU' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://towardsdatascience.com https://*.towardsdatascience.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' blob: ; style-src https: 'self' 'unsafe-inline' *.onetrust.com *.wistia.com *.wistia.net *.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.cookielaw.org ;script-src 'self' 'unsafe-inline' blob: 'unsafe-eval'  *.wistia.com *.wistia.net *.cookielaw.org *.googletagmanager.com *.chargebee.com *.chargebeestatic.com *.cloudfront.net *.amazonaws.com *.greenhouse.io *.google-analytics.com *.cookiepro.com *.en25.com *.bing.com *.ads-twitter.com *.twitter.com *.1trust.app *.onetrust.com *.eloqua.com *.google.com *.gstatic.com;font-src https: 'self' data: *.googletagmanager.com fonts.google.com;img-src * data: *.wistia.com *.wistia.net *.akamaihd.net *.greenhouse.io *.onetrustpro.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net *.akamaihd.net;object-src 'none'; frame-ancestors 'self'; frame-src 'self' *.wistia.com *.wistia.net *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.cookielaw.org *.google.com;connect-src 'self' data: * ; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancesmb.com *.qa.aws.thebalancesmb.com apollo.thebalancesmb.com apollo.local.thebalancesmb.com atlas.thebalancesmb.com atlas.local.thebalancesmb.com 1
img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src https:; worker-src blob:; report-uri https://dailykos.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests; 1
report-uri https://frontendservice.report-uri.com/r/t/csp/enforce; child-src 'self'; connect-src *; default-src 'self'; img-src 'self' data: *.facebook.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://alb.reddit.com https://assistly-production.s3.amazonaws.com https://b97.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://help.transferwise.com/ https://lienzo.s3.amazonaws.com https://platform-lookaside.fbsbx.com https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://transferwise.desk.com https://widgets.transferwise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com; font-src 'self' data: https://fonts.gstatic.com https://widgets.transferwise.com/ https://script.hotjar.com; object-src 'self'; media-src 'self'; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' polyfill.io https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com s.yimg.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://b97.yahoo.co.jp www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ www.facebook.com staticxx.facebook.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com connect.facebook.net www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://d2dgj1jjqgsb96.cloudfront.net https://sc-static.net https://www.redditstatic.com/ads/pixel.js transferwise.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/; frame-ancestors https://transferwiseturkiye.com.tr; frame-src https://staticxx.facebook.com/ https://www.facebook.com youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://tr.snapchat.com 1
frame-ancestors 'self' http://hwifi.hinet.net https://times.hinet.net https://www.hinet.net; 1
frame-ancestors 'self' app.optimizely.com cdn.optimizely.com *.fourseasons.com; report-uri https://vmkkmcabbh.execute-api.ca-central-1.amazonaws.com/CspReportsApi 1
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' *.startpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' data: *.startpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; report-uri https://www.startpage.com/do/cspvr 1
script-src  'unsafe-inline' *.dwstatic.com *.huya.com *.msstatic.com  *.huya.com:*  'unsafe-eval'  *.qq.com static2.fengkongcloud.com   http://127.0.0.1:20192 hm.baidu.com http://*.huya.com *.huyainfo.com;style-src  'unsafe-inline' *.dwstatic.com *.huya.com *.msstatic.com *.huyainfo.com;connect-src 'self' *.huya.com *.huya.com:* http://*.huya.com wss://*.huya.com wss://*.mobgslb.tbcache.com wss://*.huya.com:* ws://*.huya.com ws://*.huya.com:* *.msstatic.com *.dwstatic.com hm.baidu.com *.qq.com *.smtcdns.net *.ourdvsss.com *.mobgslb.tbcache.com *.ksyungslb.com  *.w5cc.com wss://*.ourdvsss.com http://*.msstatic.com *.yystatic.com http://*.yystatic.com vr.duowan.com http://vr.duowan.com wss://*.ksyungslb.com *.jomodns.com wss://*.jomodns.com *.huya.info http://*.huya.info ws://*.huya.info wss://*.huya.info *.qvb.qcloud.com wss://*.qvb.qcloud.com;img-src *.dwstatic.com *.huya.com *.msstatic.com *.dwstatic.com http://*.dwstatic.com  *.huya.com:* hm.baidu.com *.hiido.com http://*.msstatic.com http://*.huya.com *.yy.com http://*.yy.com data: *.image.myqcloud.com http://*.image.myqcloud.com ad.doubleclick.net *.qq.com about: hyweb-test.oss-cn-shenzhen.aliyuncs.com vhuya-img.oss-cn-hangzhou.aliyuncs.com *.huanjuyun.com *.yst.aisee.tv http://*.yst.aisee.tv wegame.gtimg.com web-diymaterial.oss-cn-shenzhen.aliyuncs.com web-diymaterial.oss-cn-shenzhen.aliyuncs.com *.picgz.myqcloud.com *.myhuaweicloud.com;report-uri https://csp.huya.com/csp?sentry_id=101&sentry_key=8f7b23a903b842e5b61b8f8decd45478; 1
default-src 'self' staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com;script-src 'self' 'nonce-khlPCpybPP' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' checkout.stripe.com staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com use.typekit.net www.google-analytics.com www.google.com www.gstatic.com cdn.carbonads.com srv.carbonads.net;font-src 'self' staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com *.typekit.net netdna.bootstrapcdn.com;style-src 'self' netdna.bootstrapcdn.com staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com 'unsafe-inline';connect-src 'self' checkout.stripe.com www.google-analytics.com;frame-src 'self' checkout.stripe.com *.youtube.com youtube.com *.vimeo.com vimeo.com www.google.com;img-src * data:; 1
script-src 'nonce-56532f867850200adbc30db485397355' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.appcues.com *.appcues.net wss://*.appcues.net *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=0458914093075051; frame-ancestors 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/bonappetit 1
frame-ancestors *.jeuxvideo.com 1
connect-src 'self' wss://*.nrk.no http://*.nrk.no https://*.nrk.no https://nrk-recommendations.appspot.com https://*.akstat.io https://*.go-mpulse.net https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net https://*.linkpulse.com https://*.lp4.io https://www.google-analytics.com https://*.scorecardresearch.com https://ssl-nrkstream.tns-cs.net https://cws.conviva.com https://stats.g.doubleclick.net *.analytics.edgesuite.net *.analytics.edgekey.net dc.services.visualstudio.com dc.applicationinsights.microsoft.com https://*.ip-only.net https://o124059.ingest.sentry.io/api; default-src 'self' blob: https://*.nrk.no; frame-src 'self' https://*.nrk.no https://chartbeat.com https://*.chartbeat.com https://cdn-gl.imrworldwide.com; img-src 'self' data: https://*.lp4.io https://*.linkpulse.com https://*.tns-cs.net https://*.chartbeat.net https://www.google-analytics.com https://*.nrk.no https://*.akamaized.net https://*.akamaihd.net https://*.scorecardresearch.com https://*.googleusercontent.com https://ssl-nrkstream.tns-cs.net https://stats.g.doubleclick.net https://secure-nor.imrworldwide.com https://secure-sdk.imrworldwide.com https://cookie.norstatsurveys.com http://nrkstream.tns-cs.net *.scorecardresearch.com *.analytics.edgesuite.net *.analytics.edgekey.net; media-src 'self' blob: data: https://*.nrk.no https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net https://*.ip-only.net; script-src 'self' blob: 'unsafe-inline' https://*.nrk.no https://www.google-analytics.com https://*.chartbeat.com https://*.chartbeat.net https://*.linkpulse.com https://*.lp4.io https://*.scorecardresearch.com https://www.gstatic.com https://cws.conviva.com https://ssl-nrkstream.tns-cs.net https://*.go-mpulse.net https://cdn-gl.imrworldwide.com *.analytics.edgesuite.net *.analytics.edgekey.net az416426.vo.msecnd.net; style-src 'self' https: 'unsafe-inline' 1
default-src 'self' blob: https://*.futurelearn.com; object-src https://*.vzaar.com https://vzaar-video.ccindex.cn https://vjs.zencdn.net; base-uri 'self' https://*.futurelearn.com; frame-ancestors 'self' https://*.futurelearn.com; frame-src 'self' *; connect-src 'self' *; form-action 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: about: *; style-src 'self' 'unsafe-inline' blob: *; img-src 'self' data: *; media-src 'self' * blob:; font-src 'self' about: data: *; report-uri /csp-violation 1
default-src 'self' api2.firefoxchina.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tiny.lishitu.com/open/changeXinzuo  http://a.alimama.cn g.click.taobao.com platform.sina.com.cn suggestion.baidu.com www.baidu.com hm.baidu.com nssug.baidu.com tui.cnzz.net www.google-analytics.com *.googlesyndication.com static.huohu123.com https://www.duba.com/main3_json.html http://www.duba.com/main3_json.html https://tiny.51hl.me/; img-src * data:; child-src 'self' *.firefoxchina.cn  *.17huohu.com; frame-src 'self' *.firefoxchina.cn  *.17huohu.com www.taobao.com entry.baidu.com; frame-ancestors 'self' *.firefoxchina.cn tongji.baidu.com about:; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; report-uri /_/csp-reports 1
frame-ancestors 'self' https://app.localizejs.com https://localize.live 1
frame-ancestors 'self' *.parentlink.com *.parentlink.net *.parlant.com *.cloudspeaker.com *.memberspark.com 1
object-src 'none'; script-src 'nonce-H6YrL6G6Z++A7X8lAQW10A==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://js.stripe.com https://www.google.com/recaptcha/ https://form.jotform.com https://submit.jotform.us https://submit.jotformpro.com https://submit.jotform.com https://www.docdroid.com https://www.docdroid.net https://kaggle-static.storage.googleapis.com https://kaggle-static-staging.storage.googleapis.com https://kkb-dev.jupyter-proxy.kaggle.net https://kkb-staging.jupyter-proxy.kaggle.net https://kkb-production.jupyter-proxy.kaggle.net https://kkb-production.firebaseapp.com https://apis.google.com https://content-sheets.googleapis.com/ https://accounts.google.com/ https://storage.googleapis.com; base-uri 'none'; report-uri /csp/report 1
frame-ancestors http://www.vistaprint.com https://www.vistaprint.com http://vistaprint.com https://vistaprint.com https://www.optimizelyedit.com https://app.optimizely.com http://app.optimizely.com http://script.crazyegg.com https://script.crazyegg.com script.crazyegg.com http://www.radins.com http://fr.igraal.com http://cmsauth.vistaprint.prod https://secure.vistaprint.com https://*.hatchery.vistaprint.com https://*.mobile.vpsvc.com; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.interco.io wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://*.twilio.com wss://*.firebaseio.com  https://cdn.firebase.com https://*.firebaseio.com; report-uri https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV1YajQYljNDyq_HZcQMFwMFIEBS9eHG3wV3FNhihD_eeXQkr_HnJMjSGly5t4VQFrfZujfZFoFY5wHaTC8TvTlxRcur_pISTvX0Dw96EIlb4Q== 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.sg *.shopee.cn *.facebook.com;  1
script-src *.walmart.ca *.walmartimages.ca *.wal.co assets.adobedtm.com *.googleadservices.com *.google.ca *.google.com *.gstatic.com *.google-analytics.com *.bing.com *.googletagservices.com *.paypal.com *.paypalobjects.com *.foresee.com *.walmartimages.com *.doubleclick.net *.googlesyndication.com *.criteo.com *.criteo.net *.scorecardresearch.com *.answerscloud.com *.newrelic.com *.ordergroove.com *.facebook.net bam.nr-data.net *.webcollage.net *.iesnare.com *.demdex.net *.googleapis.com *.2mdn.net *.walmart.com *.omtrdc.net *.circularhub.com *.youtube.com *.postescanada-canadapost.ca *.bazaarvoice.com *.ytimg.com *.device.4seeresults.com *.custhelp.com *.rnengage.com *.moatads.com *.casalemedia.com *.hlserve.com dnisjsqid2b9p.cloudfront.net *.myregistry.com *.rmtag.com *.pinimg.com *.storetail.io *.storetail.net *.agkn.com *.facebook.com *.googletagmanager.com *.perimeterx.net *.recaptcha.net *.gstatic.cn 'unsafe-inline' 'unsafe-eval'; base-uri * 'self'; 1
default-src 'self'; child-src 'self' share.intercom.io connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net *.hotjar.com bid.g.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com *.soundcloud.com ti.to *.tito.io *.cdn.optimizely.com tpc.googlesyndication.com www.google.com ethn.io *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net; connect-src 'self'  www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com sentry.io www.facebook.com *.akamaihd.net *.optimizely.com *.wistia.com *.wistia.net *.quora.com *.soundcloud.com *.sndcdn.com *.clearbit.com 258-clw-344.mktoresp.com bat.bing.com cdn.bizible.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net rum-http-intake.logs.datadoghq.com public-trace-http-intake.logs.datadoghq.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.optimizely.com cdn3.optimizely.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com ethn.io fast.wistia.com fast.wistia.net ga.clearbit.com googleads.g.doubleclick.net sjs.bizographics.com js.stripe.com munchkin.marketo.net platform.twitter.com reveal.clearbit.com rtp-static.marketo.com script.hotjar.com secure.adnxs.com snap.licdn.com static.ads-twitter.com static.hotjar.com stats.g.doubleclick.net store.intercom.io ti.to tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.jquery.com *.tito.io *.linkedin.com *.quora.com *.soundcloud.com *.sndcdn.com *.widerfunnel.com 'strict-dynamic' 'nonce-78a2053d-5488-4f73-acb6-414abf484700'; style-src 'self' 'unsafe-inline' *.tito.io app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com tagmanager.google.com; worker-src data: blob: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruceeats.com *.qa.aws.thespruceeats.com apollo.thespruceeats.com apollo.local.thespruceeats.com atlas.thespruceeats.com atlas.local.thespruceeats.com 1
frame-ancestors  'self' zhof.matse.rwth-aachen.de 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/architectural-digest 1
frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com; report-uri https://csp.live.scalesec.cloud.otto.de/csp_report/; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.tripsavvy.com *.qa.aws.tripsavvy.com apollo.tripsavvy.com apollo.local.tripsavvy.com atlas.tripsavvy.com atlas.local.tripsavvy.com 1
default-src 'self' data: https://*.tum.de https://www.google.com/ https://ajax.googleapis.com https://cse.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.br.de https://maps.google.de https://geoportal.bayern.de https://e.issuu.com https://www.googleapis.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn3.gstatic.com https://ngp.zdf.de https://www.arte.tv http://holaspark.com https://zdfvodnone-vh.akamaihd.net 'unsafe-inline' 'unsafe-eval' 1
report-uri https://cspreport.bol.com/report/b/13200  ; default-src https://tpc.googlesyndication.com https://www.bol.com ; connect-src https://*.akstat.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.mpstat.us https://*.s-bol.com https://aai.bol.com https://c.go-mpulse.net https://chat1.bol.com https://chatr.bol.com https://fbstatic-a.akamaihd.net https://firefly.bol.com https://query.autheos.com https://www.bol.com ; font-src data: https://*.s-bol.com https://fonts.gstatic.com https://secure.ogone.com https://www.bol.com ; frame-src https://*.2mdn.net https://*.adyen.com https://*.akstat.io https://*.doubleclick.net https://*.mpstat.us https://*.youtube-nocookie.com https://bolfelicitatie.b05-apps.nl https://chat1.bol.com https://chatr.bol.com https://info.bol.com https://platform.twitter.com https://player.autheos.com https://s-static.ak.facebook.com https://secure.ogone.com https://tpc.googlesyndication.com https://view.publitas.com https://www.bol.com https://www.facebook.com https://www.google.com ; img-src blob: data: https://*.2mdn.net https://*.adyen.com https://*.akstat.io https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.krxd.net https://*.mpstat.us https://*.s-bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://bol.com https://bol.ugc.bazaarvoice.com https://cbks0.googleapis.com https://cbks1.googleapis.com https://csi.gstatic.com https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://img.youtube.com https://jwpltx.com https://kbimages1-a.akamaihd.net https://khms0.googleapis.com https://khms1.googleapis.com https://m.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://photos-eu.bazaarvoice.com https://platform.twitter.com https://secure.ogone.com https://ssl.gstatic.com https://static.bol.com https://swa.bol.com https://syndication.twitter.com https://tpc.googlesyndication.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.ups.com ; media-src https://*.cloudfront.net https://*.kobo.com https://*.phononet.de https://*.s-bol.com https://bolfelicitatie.b05-apps.nl https://rovimusic.rovicorp.com https://static.bol.com https://www.bol.com ; object-src https://bolfelicitatie.b05-apps.nl https://st1.streamzilla.jet-stream.nl https://view.publitas.com https://www.bol.com ; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.2mdn.net https://*.adyen.com https://*.doubleclick.net https://*.google-analytics.com https://*.krxd.net https://*.s-bol.com https://*.youtube-nocookie.com https://aai.bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://ajax.googleapis.com https://apis.google.com https://bol.com https://bolcom.tu-vms.com https://c.go-mpulse.net https://cbks0.googleapis.com https://cdn.ampproject.org https://cdn.syndication.twimg.com https://cdn.syndication.twitter.com https://chat1.bol.com https://connect.facebook.net https://d31qbv1cthcecs.cloudfront.net https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://firefly.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://partner.googleadservices.com https://platform.twitter.com https://s.ytimg.com https://secure.ogone.com https://ssl.p.jwpcdn.com https://static.bol.com https://tpc.googlesyndication.com https://translate.googleapis.com https://tu.tu-vms.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com ; style-src 'unsafe-inline' https://*.s-bol.com https://bol.com https://fonts.googleapis.com https://partner.bol.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://view.publitas.com https://www.bol.com ; frame-ancestors 'self' 1
policy-uri /parivahan/'self' 1
default-src 'self' ; img-src data: 'self' http://etransaction.rajasthan.gov.in https://etransaction.rajasthan.gov.in http://bioscope.rajasthan.gov.in https://bioscope.rajasthan.gov.in http://gis.rajasthan.gov.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bioscope.rajasthan.gov.in https://bioscope.rajasthan.gov.in https://www.google.com/recaptcha/api.js https://www.gstatic.com/ http://gis.rajasthan.gov.in;  style-src 'self' 'unsafe-inline'; child-src 'self' http://etransaction.rajasthan.gov.in https://etransaction.rajasthan.gov.in http://bioscope.rajasthan.gov.in https://bioscope.rajasthan.gov.in https://www.google.com/ https://www.gstatic.com http://gis.rajasthan.gov.in; font-src 'self' ;connect-src 'self' http://etransaction.rajasthan.gov.in https://etransaction.rajasthan.gov.in http://bioscope.rajasthan.gov.in https://bioscope.rajasthan.gov.in http://gis.rajasthan.gov.in 1
default-src 'self' https://api.mixpanel.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com/ https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net/ https://cdn.mxpnl.com/ https://badges.altmetric.com/ https://d1uo4w7k31k5mn.cloudfront.net/ data:; connect-src 'self' https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com/ https://pro.fontawesome.com/ https://d1bxh8uas1mnw7.cloudfront.net/ https://trendmd.s3.amazonaws.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com; frame-src https://www.googletagmanager.com; object-src 'self' 1
img-src 'self' data:; base-uri 'none'; frame-ancestors 'none'; script-src 'self'; form-action 'self'; default-src 'self' 1
frame-ancestors *.american.edu 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ *.fastly-insights.com sentry.io https://api.pwnedpasswords.com https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://warehouse-camo.ingress.cmh1.psfhosted.org/ www.google-analytics.com *.fastly-insights.com; script-src 'self' www.googletagmanager.com www.google-analytics.com *.fastly-insights.com https://cdn.ravenjs.com; style-src 'self' fonts.googleapis.com; worker-src *.fastly-insights.com 1
frame-ancestors 'self' https://wplay.co https://sb1client-altenar.biahosted.com; 1
frame-ancestors https://*.tweaktown.com; 1
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-atRKG6ipgUAl12sqlddA' 'nonce-No/w61jknd5drxzP2aOj' 1
frame-ancestors 'self' search.edweek.org blogs.edweek.org webadmin.edweek.org edweek.org www.edweek.org edweekevents.org app.optimizely.com www.optimizelyedit.com www.clearslide.com; 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://ws.chain.com wss://*.karere.mega.nz localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob: 1
frame-ancestors 'self' *.tapjoy.net:*/ *.tapjoy.com/; 1
default-src 'none'; script-src 'self' https://cdn.polyfill.io https://connect.facebook.net http://www.google-analytics.com https://www.google.com https://www.gstatic.com http://static.ads-twitter.com https://analytics.twitter.com 'nonce-IohfptnaBLXa77QbxLqDUHVvu74nkoyX' data:; connect-src 'self' *.blockchain.com *.blockchain.info https://blockchain.info https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://script.google.com https://script.googleusercontent.com; frame-src 'self' *.blockchain.com *.blockchain.info https://www.google.com https://www.youtube.com; img-src 'self' *.blockchain.com *.blockchain.info data: *.googleusercontent.com https://www.facebook.com http://www.google-analytics.com https://www.google.com http://t.co/i/adsct; style-src 'self' 'unsafe-inline' https://rsms.me https://fonts.googleapis.com 'nonce-IohfptnaBLXa77QbxLqDUHVvu74nkoyX'; font-src 'self' https://rsms.me https://fonts.gstatic.com data:; manifest-src 'self'; object-src 'self'; 1
default-src * blob: https: data: 'unsafe-inline' 'unsafe-eval'; 1
script-src 'nonce-3dQ7zmj0QtzWLf//4P0dTg' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport 1
frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.adroll.com d.adroll.mgr.consensu.org *.dca0.com *.adyen.com *.akamaihd.net *.aexp-static.com *.americanexpress.com app.link tag.yieldoptimizer.com hm.baidu.com x.bidswitch.net bat.bing.com *.branch.io s.thebrighttag.com s.btstatic.com *.brightcove.com *.brightcove.net *.burberry.com burberry.com cdnjs.cloudflare.com *.contentsquare.net script.crazyegg.com *.doubleclick.net connect.facebook.net www.facebook.com *.fitanalytics.com reporting.us1.fredhopperservices.com d1snv67wdds0p2.cloudfront.net *.googleapis.com *.googlesyndication.com *.gstatic.com adservice.google.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.googletagservices.com *.usehero.com *.us1.twilio.com *.eu1.twilio.com *.ipinyou.com www.ist-track.com x.klarnacdn.net *.klarna.com *.liveperson.net *.lpsnmedia.net *.mathtag.com service.maxymiser.net bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com *.online-metrix.net *.openx.net *.optimizely.com cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com ct.pinterest.com s.pinimg.com po.st s.po.st rp.gwallet.com *.rakuten.com *.nxtck.com *.xg4ken.com *.linksynergy.com intljs.rmtag.com ln-rules.rewardstyle.com *.richrelevance.com *.riskified.com sb.scorecardresearch.com *.shoprunner.com *.shoprunner.net shopstylecollective.com i.simpli.fi d1fc8wv8zag5ca.cloudfront.net *.sonobi.com *.spotify.com t.a3cloud.net p.teads.tv idsync.rlcdn.com *.turn.com analytics.twitter.com static.ads-twitter.com platform.twitter.com vjs.zencdn.net sp.analytics.yahoo.com s.yimg.com s.yimg.jp b97.yahoo.co.jp mc.yandex.ru *.zooz.com; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; media-src * blob:; object-src 'self'; frame-ancestors 'self' *.burberry.com burberry.com; upgrade-insecure-requests; base-uri 'self'; report-uri https://brbws.report-uri.com/r/t/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/react@16.12.0/ https://unpkg.com/react-dom@16.12.0/ https://storage.yandexcloud.net/react-pilot/ https://w-api2.aplaut.io https://pay.google.com/gp/p/js/pay.js https://s.ytimg.com/ https://www.youtube.com/iframe_api https://cdn.polyfill.io/v2/polyfill.min.js https://*.o-statm-as01.lmru.tech/ https://static-direct.kameleoon.com/ https://storage.kameleoon.eu/ https://editor.kameleoon.com/ https://static.kameleoon.com/ https://anketolog.ru/api/v2/ https://www.googletagmanager.com/debug/api/ https://get.aplaut.io/ https://track.aplaut.io/ https://storage.kameleoon.eu/ https://leg995zkxf.kameleoon.eu https://dmp.dmpkit.leroymerlin.ru/tm.js https://googleads.g.doubleclick.net/ https://px.adhigh.net/p/tracking.js https://leroymerlinru.push.world/https.embed.js https://ad.adriver.ru/cgi-bin/erle.cgi https://cdn.rtb.com.ru/as-main.js https://tags.soloway.ru/DSPCounter.js https://www.googleadservices.com/pagead/ https://px.adhigh.net/p.js https://sys.refocus.ru/ https://bp-1c51.kxcdn.com/ https://st-eu.dynamicyield.com/ https://cdn-eu.dynamicyield.com/ https://cdp.leroymerlin.ru/pixel/pixel.js https://cdn.lenmit.com/static/js/retag.js https://z.lenmit.com/retag/tags/ https://connect.facebook.net https://partners.leroymerlin.ru/api/tracker/sdk.js https://www.artfut.com/static/ https://tagmanager.google.com https://sslwidget.criteo.com/ https://res.cloudinary.com/aem/raw/ https://*.ru.corp.leroymerlin.com https://suggest-maps.yandex.ru/suggest-geo https://www.googletagmanager.com/gtag/ https://static.criteo.net/js/ld/ld.js blob: https://optimize.google.com/optimize/ https://*.maps.yandex.net/ https://api-maps.yandex.ru/ https://tracking.diginetica.net/divolte.js https://top-fwz1.mail.ru/js/code.js https://cdn.diginetica.net/306/client.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api.js  https://leroymerlinru.webim.ru/ https://kladr-api.ru/api.php https://enterprise.api-maps.yandex.ru https://yastatic.net https://www.google-analytics.com https://get.shoppilot.ru/f/v1/56d42be28ddf8715e9014752/v2/app.js https://get.shoppilot.ru/f/v1/57ceea56437f575050000583/v2/app.js https://www.googletagmanager.com/gtm.js https://mc.yandex.ru/ https://recs.richrelevance.com/rrserver/p13n_generated.js https://media.richrelevance.com/rrserver/js/1.2/p13n.js https://vk.com/js/api/openapi.js https://connect.ok.ru/connect.js https://staging-cdp-lm.konnektu.ru/pixel/pixel.js https://*.dynamicyield.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://unpkg.com/react@16.13.1/umd/react.production.min.js https://unpkg.com/react-dom@16.13.1/umd/react-dom.production.min.js https://res.cloudinary.com/pricemonitoring/raw/; object-src 'self'; style-src 'self' 'unsafe-inline' https://leroymerlin.ru https://w-api2.aplaut.io https://anketolog.ru/api/ https://cdn-eu.dynamicyield.com/ https://fonts.googleapis.com/css https://optimize.google.com/optimize/editor/css/ https://leroymerlin.ru https://res.cloudinary.com https://get.shoppilot.ru https://tagmanager.google.com/debug/ https://fonts.googleapis.com/; frame-ancestors 'self' http://webvisor.com/ 1
default-src 'self';  style-src 'self' 'unsafe-inline' https://embedsocial.com https://cdn.curator.io https://static.flockler.com https://meetandengage.com https://www.gstatic.com https://fonts.googleapis.com https://tagmanager.google.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://embedsocial.com https://analytics.twitter.com/ https://static.ads-twitter.com https://s0.ipstatp.com https://analytics.tiktok.com https://cdn.curator.io https://fl-cdn.scdn1.secure.raxcdn.com https://plugins.flockler.com https://flockler.embed.codes https://static.flockler.com  https://meetandengage.com https://www.googleapis.com https://tagmanager.google.com https://widget.discoveruni.gov.uk https://popcard.unibuddy.co https://discoveruni.gov.uk https://cdn.unibuddy.co https://www.gstatic.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://static.hotjar.com https://www.tag4arm.com https://connect.facebook.net https://sc-static.net https://snap.licdn.com https://www.googleadservices.com https://script.hotjar.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://www.linkedin.com https://widget.unistats.ac.uk; img-src 'self' data: https://t.co https://*.scdn1.secure.raxcdn.com https://*.flockler.com https://pbs.twimg.com/ https://flockler.com https://*.rackcdn.com https://*.fbcdn.net https://cdn.curator.io https://www.instagram.com https://meetandengage.com https://livestream.com https://www.googleapis.com https://discoveruni.gov.uk https://i.ytimg.com https://www.gstatic.com https://ssl.gstatic.com https://*.cdninstagram.com https://www.google-analytics.com https://www.tag4arm.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.googletagmanager.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://le.ac.uk https://www.linkedin.com; frame-src 'self' https://embedsocial.com https://cdn.flipsnack.com/ https://meetandengage.com https://podcasts.le.ac.uk https://leicester.cloud.panopto.eu https://www.google.com https://www.googleapis.com https://w.soundcloud.com/ https://player.vimeo.com https://livestream.com https://tourmkr.com https://popcard.unibuddy.co https://unibuddy.co https://static.ads-twitter.com https://myleicester.le.ac.uk https://www.tag4arm.com https://tr.snapchat.com https://vars.hotjar.com https://www.facebook.com https://widget.unistats.ac.uk https://staticxx.facebook.com https://www.youtube.com https://8832913.fls.doubleclick.net https://www.viewmake.com https://www.le.ac.uk;  frame-ancestors 'self';  connect-src 'self' https://api.curator.io/ https://www.google-analytics.com https://tourmkr.com https://www.google.com https://www.googleapis.com https://prod-discoveruni.azure-api.net https://stats.g.doubleclick.net https://www.tag4arm.com https://in.hotjar.com https://vc.hotjar.io https://www.facebook.com https://ekr.zdassets.com;  font-src 'self' data: https://cdn.curator.io https://fonts.gstatic.com https://le.ac.uk; object-src 'self'; media-src 'self' https://*.fbcdn.net https://*.xx.fbcdn.net https://videos.dailymail.co.uk; upgrade-insecure-requests; 1
default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-e773367725034fd8923fae554df51ed1'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com; font-src 'self' ; frame-ancestors 'none'; 1
frame-ancestors https://app.roll20.net https://roll20.net https://marketplace.roll20.net https://*.inspectlet.com 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-QUtONnpreDExUEUrZ3BJczgrR0VRbmZpQVo3TWhINDdnd0VSNnpwTkU0VT06WXRram1qcE1wWWx6ODkxZXhwbjNNQ0doVWZLSTFCbFR5MnhMbUZkNWVORT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self' stun.nextcloud.com:443 turn.govcloud.gov.ao:3478;media-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' 1
upgrade-insecure-requests;  default-src 'self';  img-src 'self' blob: data: cdn.wfp.org acr.api.spring.wfp.org api.mapbox.com geonode.wfp.org *.jwplatform.com cdn.jwplayer.com *.jwpsrv.com *.jwpltx.com www.google.com www.google-analytics.com *.gstatic.com *.doubleclick.net www.facebook.com ssl.google-analytics.com squizlabs.github.io;  script-src 'self' cdn.wfp.org *.jwplatform.com www.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com survey.g.doubleclick.net *.doubleclick.net *.adalyser.com *.jwpcdn.com www.gstatic.com adservice.google.com connect.facebook.net www.facebook.com squizlabs.github.io cdnjs.cloudflare.com unpkg.com 'unsafe-inline' 'unsafe-eval';  frame-src 'self' *.jwpsrv.com www.google.com survey.g.doubleclick.net *.doubleclick.net cdn.knightlab.com forms.office.com content.jwplatform.com;  font-src 'self' cdn.wfp.org *.jwpcdn.com fonts.gstatic.com *.bootstrapcdn.com data:;  style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.wfp.org tagmanager.google.com fonts.googleapis.com *.bootstrapcdn.com squizlabs.github.io;  connect-src 'self' data: cdn.wfp.org geonode.wfp.org www.google-analytics.com api.mapbox.com geoip.nekudo.com api.ipify.org api.ip2country.info mycountry.picktek.org content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com acr.api.spring.wfp.org;  media-src 'self' content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com blob:;  worker-src 'self' blob:;  child-src 'self' blob: 1
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;object-src *;style-src 'unsafe-inline' *;img-src * data:;media-src *;font-src * data:;connect-src *;child-src * callback:;form-action *;frame-ancestors *;worker-src * blob: 1
default-src 'self' ssllabs.com *.ssllabs.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google.com/ https://cdn.bizible.com https://serve.albacross.com https://collect.albacross.com https://tagmanager.google.com https://js.driftt.com; script-src 'self' https://cdnjs.cloudflare.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google.com/ https://cdn.bizible.com https://serve.albacross.com https://collect.albacross.com https://tagmanager.google.com https://js.driftt.com 'sha256-khWDFUo/+h2RpY43Yb/fpJ+pKAOhiJcwX8XN0zNVIs4=' 'sha256-MIHgzD5ZYexjYZVdlcHHJQONMefhA7YQw4t+st69/FA=' 'sha256-BxzAkiq5sx2G9G9B83/+mizzq5uTli77I4plniiYufA='; 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-a496143bb4c44ccd97e80e1b369ce3ec'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
report-uri https://csp.tsrs.cloud/r/689d203cbda53f62e3b93cb72ba9d999ce62bc94; media-src https://ssl.gstatic.com/; style-src https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; worker-src  'self'; object-src  https://*.online-metrix.net/; frame-src https://connect.facebook.net/ https://www.paypalobjects.com/ https://*.xoom.com/ 'self' https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.facebook.com/ https://*.braintreegateway.com/ https://*.doubleclick.net/ https://*.paypal.com/ https://youtube.com/ https://*.online-metrix.net/; script-src https://www.paypalobjects.com/ 'unsafe-inline' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.mxpnl.com/ https://nexus.ensighten.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://pin-up.vet/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.googletagmanager.com/; frame-ancestors  https://*.salesforce.com/ 'self' https://*.paypal.com/; form-action 'self' https://*.paypal.com/ https://help.xoom.com/; img-src 'self' data: https:; base-uri  'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ data:; plugin-types  application/x-shockwave-flash; connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://*.segment.io/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://paypalobjects.com/; 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ; connect-src 'self' ; img-src 'self' eur-lex.europa.eu data: ; style-src 'unsafe-inline' 'self' *.boe.es ; font-src 'self' ; child-src 'self'  www.youtube.com afirma: ; object-src 'self' ; media-src 'self' 1
default-src 'self' https://*.rhrz.uni-bonn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rhrz.uni-bonn.de https://www.youtube.com https://s.ytimg.com https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://maps.google.com https://maps.googleapis.com https://apis.google.com https://ajax.googleapis.com https://webstat.hrz.uni-bonn.de; img-src 'self' data: https://*.rhrz.uni-bonn.de https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://i.ytimg.com https://maps.gstatic.com https://maps.google.com https://www.uni-bonn.de https://*.googleapis.com https://*.uni-bonn.de; style-src 'self' 'unsafe-inline' https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' https://*.uni-bonn.de:* https://www.youtube.com https://www.youtube-nocookie.com https://content.googleapis.com mailto://*; frame-ancestors 'self' https://*.uni-bonn.de; connect-src 'self' https://shortener.rhrz.uni-bonn.de https://apis.google.com; 1
base-uri 'self'; frame-ancestors 'self' https://*.smartinsights.com; frame-src 'self'  https://ff.doubleclick.net https://cdn.embedly.com https://www.google.com https://staticxx.facebook.com https://www.facebook.com https://www.g2.com https://www.g2crowd.com/ https://vars.hotjar.com https://go.pardot.com https://*.smartinsights.com https://checkout.stripe.com  http://www.scribd.com https://www.slideshare.net/ https://js.stripe.com https://*.twitter.com https://*.vimeo.com https://youtu.be https://*.youtube.com https://www.youtube-nocookie.com; img-src data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://4screens.net https://ws.amazon.co.uk https://z-eu.amazon-adsystem.com https://s3-us-west-1.amazonaws.com https://cdn.ampproject.org https://sjs.bizographics.com https://*.cloudflare.com https://*.cloudfront.net https://secure.comodo.com https://*.convertexperiments.com https://*.g.doubleclick.net https://connect.facebook.net https://t.gatorleads.co.uk https://adservice.google.co.uk https://adservice.google.com https://apis.google.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com https://*.hotjar.com https://instant.page https://widget.intercom.io https://js.intercomcdn.com https://e.issuu.com https://code.jquery.com https://cdn.jsdelivr.net