Values for content-security-policy:
upgrade-insecure-requests 4,832
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 4,191
upgrade-insecure-requests; 2,163
frame-ancestors 'self' 1,356
block-all-mixed-content 707
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 431
frame-ancestors 'self'; 349
frame-ancestors 'none' 283
block-all-mixed-content; 248
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 247
default-src https: data: 'unsafe-inline' 'unsafe-eval' 147
frame-ancestors 'none'; 115
111
frame-ancestors 'self' https://*.ally.ac; 108
default-src * data: 'unsafe-eval' 'unsafe-inline' 101
frame-ancestors 'self' ; 82
report-uri /report-csp-violation 80
img-src https: data:; upgrade-insecure-requests 72
frame-ancestors 'self' http://webvisor.com 51
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests; 51
frame-ancestors 'self' https://app.kajabi.com 47
upgrade-insecure-requests; frame-ancestors 'self' 44
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 42
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 41
frame-ancestors 'self'; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 40
script-src 'self'    37
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 32
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 30
default-src 'self' http: https: data: blob: 'unsafe-inline' 29
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com; base-uri 'self' 26
frame-ancestors about: 'self' 25
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 25
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 24
frame-ancestors 'self' *.google.com *.googleusercontent.com 24
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 24
frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com https://eeho.fa.us2.oraclecloud.com 23
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 22
default-src 'self' 22
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 19
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 19
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://certify-js.alexametrics.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com ;  img-src 'self' data: https://*.highwebmedia.com https://*.stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://certify.alexametrics.com https://stats.g.doubleclick.net ;  font-src 'self' data: https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ;  connect-src 'self' blob: blob https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://internet-up.ably-realtime.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  media-src 'self' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.highwebmedia.com https://download.macromedia.com https://static-pub.highwebmedia.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://static-pub.highwebmedia.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://wnu.com https://checkout.2000charge.com https://www.sofort.com https://*.girogate.de https://txn.apac.paywithpoli.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ;  manifest-src 'self' https://*.highwebmedia.com ;  report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 19
frame-ancestors 'self'; upgrade-insecure-requests 17
default-src='self' 15
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com online.visualstudio.com/api/v1/locations; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-5029ae85.js gist.github.com/socket-worker-5029ae85.js 15
frame-ancestors https://cue.forum.cue.cloud 14
* 14
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 14
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 14
frame-ancestors https://s.salla.sa 14
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 13
upgrade-insecure-requests; block-all-mixed-content 13
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 13
self 13
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 13
frame-ancestors 'self' azeu.marketing.adobe.com 13
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 13
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 13
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 13
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 13
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 12
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 12
default-src 'self'; connect-src *.g.doubleclick.net 'self' www.google-analytics.com https://www.google-analytics.com; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 12
frame-ancestors https://*.poki.io http://localhost:1234 12
frame-ancestors 'self' *.pubble.nl *.pubble.cloud *.pubble.dev *.omnyo.nl 12
default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com 'self' blob:; frame-src *; worker-src * 'unsafe-inline' blob:; 12
frame-ancestors 'self' https://widget.stackla.com https://app-sj14.marketo.com https://store.nvidia.com https://resources.nvidia.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com https://www.nvidia.cn https://wwwqa.nvidia.com https://preview.nvidia.com https://www.nvidia.com https://events.rainfocus.com https://store.nvidia.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in; 11
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com  https://go.indeedassessments.com/ https://take.indeedassessments.com/; frame-src 'self' *.indeed.com  https://accounts.google.com/ https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' *.indeed.com  data: d13w2n5a9i6r56.cloudfront.net d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net d3nbup7htlluyi.cloudfront.net https://indeed-labs-jp-baito.s3.amazonaws.com https://res.cloudinary.com www.google-analytics.com https://www.google.com/ads https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://stats.g.doubleclick.net https://*.tvpixel.com/* https://*.optimizely.com/* https://d.turn.com/* https://idsync.rlcdn.com/* https://pt.ispot.tv; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3fw5vlhllyvee.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://smartlock.google.com/ https://d13w2n5a9i6r56.cloudfront.net/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://d3fw5vlhllyvee.cloudfront.net/frontend-sentry-bundle/v1.1.2/js/sentry.js https://apis.google.com/js/platform.js https://app-sj07.marketo.com/js/forms2/js/forms2.min.js https://browser.sentry-cdn.com/4.3.3/bundle.min.js https://browser.sentry-cdn.com/4.4.2/bundle.min.js https://*.tvpixel.com/* https://*.optimizely.com/* https://cdn.optimizely.com/js/10668710116.js https://munchkin.marketo.net/munchkin.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://pxl.indeed.com/* https://match.prod.bidr.io/cookie-sync/indeed https://rs.fullstory.com/rec/; 11
default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 11
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 11
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 11
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 11
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 11
policy-definition 11
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net *.pardot.com sc-static.net *.tiktok.com *.snapchat.com *.ibytedtos.com *.arabclicks.com js.hsadspixel.net js.usemessages.com *.go-mpulse.net; 11
report-uri /report-csp-violation; upgrade-insecure-requests 10
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 10
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com https://*.giphy.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 10
frame-ancestors none; 10
frame-ancestors 'self'; img-src 'self' i.notino.com cdn.notinoimg.com blob: data: *; 10
frame-ancestors 'self' https://*.plazz.net ; 10
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 9
connect-src http://ip-api.com/ 'self' https: data: 9
base-uri 'self'; 9
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 9
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 9
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 9
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 8
frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 8
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 8
frame-ancestors self 8
default-src *;script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' static-dev-portal.s3-eu-west-1.amazonaws.com d1rv23qj5kas56.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com cdn.inspectlet.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' static-dev-portal.s3-eu-west-1.amazonaws.com d1rv23qj5kas56.cloudfront.net www.gstatic.com js.stripe.com;img-src 'self' data: mediastream: blob: filesystem: d1rv23qj5kas56.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net static-dev-portal.s3-eu-west-1.amazonaws.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google-analytics.com googleads.g.doubleclick.net c.seznam.cz www.facebook.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi;frame-ancestors 'self'; 8
default-src 'none' 8
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com creative.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 8
frame-ancestors  'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 8
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  24703.online-adventskalender.de *.b-ite.com *.bitkomplex.de *.bright-guide.de *.cdn.office.net *.cloudfront.net *.cookiebot.com *.dvinci-hr.com *.etracker.com *.etracker.de *.exmap.de *.facebook.com *.flickr.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk.de *.ihk24.de *.jobcluster.de *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.podigee-cdn.net *.spotify.com *.staticflickr.com *.stream24.net *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.wirecard.com *.xing-events.com *.youtube.com app.cituro.com app.sli.do b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com bc.pressmatrix.com berufsausbildung-aachen-ihk.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.rlets.com cdnjs.cloudflare.com code.createjs.com code.jquery.com/jquery-3.1.1.min.js con.arbeitsagentur.de connect.facebook.net consentcdn.cookiebot.com corona.conterra.de cottbus-ihk-pruefungen.de covid19.webtvcampus.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net editor.signavio.com embed.nexx.cloud events-to-impress.activehosted.com expertenpool.automatisierungsregion.de geoportal-hamburg.de haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net hk24.perbit-job.de hk24.perbit-job.de  html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-darmstadt-portal.rexx-recruitment.com ihk-potsdam.perbit-job.de ihk-schwerin.wahlplus.de ihk-weiterbildung-oldenburg.de ihk.selbstdenker.com ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com inx.odav.de isi.hdb-hamburg.de komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.watch/vp/nachhaltigkeitsdialog.html maxcdn.bootstrapcdn.com pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com roundme.com routenplaner.bus-bahn-thueringen.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com static.issuu.com tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vimeo.com vstdbv3 w.soundcloud.com walls.io web.ihk-pfalz.net web.inxmail.com wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.ausbildungslauf.de www.azubi-magdeburg-ihk.de www.bahn.de www.berufe.tv www.bso-hessen.de www.etermin.net www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.vvs.de www.youtube-nocookie.com  ;  report-uri /blueprint/servlet/serviceport/rest/csplogging/logViolation ;  8
script-src 'unsafe-inline' 'unsafe-eval' http: https: 8
frame-ancestors * 8
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 8
default-src 'self' 'unsafe-inline' 8
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 8
default-src 'self'; connect-src https:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 8
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com; media-src * blob: 7
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=default; 7
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 7
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 7
frame-ancestors 'self'; report-uri /report-csp-violation 7
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 7
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 7
report-uri //report-csp-violation 7
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net tagmanager.google.com platform.twitter.com;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be music.163.com player.bilibili.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com www.youtube.com youtu.be;worker-src 'self' blob: 7
default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' 7
frame-src * 7
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 7
frame-ancestors 'self'; base-uri 'self'; 7
block-all-mixed-content; frame-ancestors 'self' 7
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 7
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 7
frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 6
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 6
frame-ancestors none 6
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 6
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'self' *.ci360.sas.com 6
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 6
frame-ancestors 6
frame-ancestors *; 6
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: * 6
script-src * 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: 6
default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn https://www.ford.com.au https://www.ford.co.th https://www.india.ford.com; connect-src https: wss:; font-src  https: data:; img-src https: data: blob:; media-src https: blob:; object-src 'self'; script-src  https:  'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self'; 6
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 6
frame-ancestors *.youtube.com *.pearsoncmg.com *.pearsonsupport.com *.pearson.com *.ecollege.com *.mathxl.com; 6
default-src http: data: 'unsafe-inline' 'unsafe-eval' 6
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 6
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self' 6
object-src 'none' 6
worker-src 'self' 6
default-src https: 'unsafe-inline' 'unsafe-eval' 6
default-src 'self' http: https: *.yandex.ru *.google.com *.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com *.googlesyndication.com data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://widget.my.feedot.com/ https://a24help.ru/ https://top-fwz1.mail.ru/ https://yastatic.net *.googlesyndication.com *.yandex.ru cdn.ampproject.org pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googletagservices.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com securepubads.g.doubleclick.net www.google-analytics.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com;  img-src 'self'  data: *.alicdn.com *.gstatic.com  *.yandex.ru *.yandex.net  https://wcm-ru.frontend.weborama.fr https://www.tns-counter.ru https://top-fwz1.mail.ru/ https://edugram.com *.doubleclick.net *.googleads.g.doubleclick.net *.googlesyndication.com storage.googleapis.com pagead2.googlesyndication.com  securepubads.g.doubleclick.net google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.googlesyndication.com; font-src 'self' *.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 6
frame-ancestors 'self' https://sage.pathfactory.com https://explore.sage.com; 6
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 6
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob: *.readspeaker.com *.speechstream.net; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 6
frame-ancestors https://oa.sheincorp.cn https://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn https://sqs-admin.biz.sheincorp.cn 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.timeweb.net *.timeweb.ru timeweb.eu *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com connect.facebook.net mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com onthe.io *.onthe.io i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net blob: staging.timeweb.com 5
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 5
frame-ancestors https://*.marketo.com 5
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 5
frame-ancestors 'self' http://localhost:* https://*.bustle.com 5
frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 5
child-src 'self' https://go.taylorandfrancis.com/ https://syndication.twitter.com https://platform.twitter.com https://optimize.google.com https://player.vimeo.com https://w.soundcloud.com https://kit.fontawesome.com https://www.yumpu.com https://www.facebook.com https://vars.hotjar.com https://content.googleapis.com https://accounts.google.com https://calendar.google.com https://www.google.com https://forms.tandfonline.com https://taylorandfrancis.formstack.com https://tfforms.wpengine.com https://web-player.art19.com https://www.youtube.com; connect-src 'self' data: https://www.facebook.com  https://bam.eu01.nr-data.net https://stats.g.doubleclick.net https://www.google-analytics.com https://yoast.com https://ayepeaeye.wpengine.com https://tandfapi.co.uk https://authorservices.taylorandfrancis.com https://vc.hotjar.io https://in.hotjar.com; default-src 'self' https://www.tandf.co.uk https://bam.eu01.nr-data.net https://abc123-wpengine.netdna-ssl.com; font-src 'self' data: https://script.hotjar.com https://static.formstack.com https://abc123-wpengine.netdna-ssl.com https://fonts.googleapis.com https://fonts.gstatic.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; img-src 'self' data: https://platform.twitter.com https://abs.twimg.com https://images.routledge.com https://www.tandfonline.com https://www.google.be https://hm.baidu.com https://p.adsymptotic.com https://www.gstatic.com https://optimize.google.com https://badges.altmetric.com https://covers.tandf.co.uk https://www.linkedin.com https://images.tandf.co.uk https://px.ads.linkedin.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://stats.g.doubleclick.net http://t.co https://www.facebook.com https://s.w.org https://abc123-wpengine.netdna-ssl.com https://app.imagify.io https://cdn.syndication.twimg.com https://i.ytimg.com https://www.google-analytics.com https://imagify.io https://pbs.twimg.com https://storage.imagify.io https://secure.gravatar.com https://t.co https://ton.twimg.com https://maps.googleapis.com https://maps.gstatic.com; media-src 'self' https://www.buzzsprout.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.syndication.twimg.com https://go.taylorandfrancis.com https://static.cloudflareinsights.com https://hm.baidu.com https://www.googleoptimize.com https://optimize.google.com https://d1bxh8uas1mnw7.cloudfront.net https://api.altmetric.com https://bam.eu01.nr-data.net https://d1bxh8uas1mnw7.cloudfront.net https://d1bxh8uas1mnw7.cloudfront.net https://js-agent.newrelic.com https://static.formstack.com https://khan.github.io/tota11y/dist/tota11y.min.js http://www.googleadservices.com https://abc123-wpengine.netdna-ssl.com https://ajax.googleapis.com https://analytics.twitter.com https://api.wpengineapi.com https://apis.google.com https://app.imagify.io https://c.cnzz.com https://cdn.ravenjs.com https://cdnjs.cloudflare.com https://cnzz.mmstat.com https://code.jquery.com https://connect.facebook.net https://content.googleapis.com https://dify.wpengine.com https://fast.wistia.com https://forms.tandfonline.com https://googleads.g.doubleclick.net https://i.ytimg.com https://imagify.io https://in.hotjar.com https://journalapp.taylorandfrancis.com https://maps.googleapis.com https://maps.gstatic.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://pbs.twimg.com https://pi.pardot.com https://pixel.wp.com https://placehold.it https://platform.twitter.com https://player.youku.com https://px.ads.linkedin.com https://s.w.org https://s0.wp.com https://s13.cnzz.com https://script.hotjar.com https://secure.gravatar.com https://sjs.bizographics.com https://snap.licdn.com https://ssl.google-analytics.com https://stackpath.bootstrapcdn.com https://static.addtoany.com https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://stats.wp.com https://storage.imagify.io https://syndication.twitter.com https://t.co https://taylorandfrancis.formstack.com https://tfforms.wpengine.com https://translate.google.com https://translate.googleapis.com https://vars.hotjar.com https://ws.sharethis.com https://www.advancedcustomfields.com https://www.facebook.com https://www.fullstory.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gravityforms.com https://www.gravityforms.local https://www.gstatic.com https://www.netdna-ssl.com https://www.paypalobjects.com https://www.tablepress.org https://www.wpengine.co.uk https://www.yoast.com; style-src 'self' 'unsafe-inline' https://ton.twimg.com https://platform.twitter.com https://optimize.google.com https://d1bxh8uas1mnw7.cloudfront.net https://ajax.googleapis.com https://static.formstack.com https://abc123-wpengine.netdna-ssl.com https://cdn.ravenjs.com https://fonts.googleapis.com https://forms.tandfonline.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://taylorandfrancis.formstack.com https://tfforms.wpengine.com https://www.advancedcustomfields.com https://www.gravityforms.com https://www.gravityforms.local https://www.tablepress.org https://use.fontawesome.com https://www.yoast.com; 5
frame-ancestors https://nurture.solarwinds.com/ https://try.solarwinds.com/ https://www.solarwinds.com/ 5
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us bitdefender.applytojob.com *.alchemer.com 5
upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com http://static.virtualroi.com/; 5
upgrade-insecure-requests; frame-ancestors 'self'; 5
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com; 5
default-src 'self'; 5
default-src 'self'  http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com; img-src https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com ; frame-ancestors 'self' https://trustseal.enamad.ir 5
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 5
frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 5
frame-ancestors 'self' https://www.growingio.com 5
script-src 'self' 'unsafe-inline' 'unsafe-eval'  connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 5
frame-ancestors https://*.flexera.com https://*.flexerasoftware.com https://*.revenera.com; 5
referrer origin 5
img-src data: https: 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com; object-src 'self' 5
default-src blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com  data: *.accesso.com; img-src 'self' https: data: blob:; 5
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 5
img-src *; 5
frame-ancestors cue.test:81 cue.test http://cuedev.ece.ksml.fi cue.media.fi; 5
frame-ancestors 'self' https://preview.citynavigator.nl 5
upgrade-insecure-requests;connect-src * 5
default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com;style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline';  font-src * 'unsafe-inline' 5
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm https://api.mapbox.com https://*.tiles.mapbox.com;block-all-mixed-content;upgrade-insecure-requests; 5
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.qsmly.com *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com widgets.sir.sportradar.com avplayer-cdn.sportradar.com; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 5
frame-ancestors 'self' https://*.etracker.com 5
frame-ancestors 'self' sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br *.hotmart.com; 5
frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 5
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com; object-src 'self' 4
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org; upgrade-insecure-requests 4
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 4
report-uri /v1/csplog; block-all-mixed-content 4
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 4
default-src * data: 'unsafe-inline' 'unsafe-eval'; 4
child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv https://content.uplynk.com/ https://b2b-media.verizonmedia.com;worker-src 'self' blob:;frame-ancestors 'self' https://b2b.verizonmedia.com https://b2b-media.verizonmedia.com 4
frame-ancestors 'self' investor.cmegroup.com  http://investor.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com  www.straitsfinancial.com http://straitsfinancial.com https://datamine.cmegroup.com http://dataminelocal.cmegroup.com https://dataminedev.cmegroup.com https://login.cmegroup.com https://www.home.saxo https://go.cmegroup.com https://app.topsteptrader.com https://help.topsteptrader.com https://staging.topsteptrader.com https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com  https://www.investing.com https://www.benzinga.com https://m.benzinga.com https://amp.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com  https://benzinga.com https://www.benzinga.com https://m.benzinga.com  https://bz.benzinga.com https://zingbot.bz https://www.zingbot.bz https://m.zingbot.bz https://bz.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://stage.barchart.com https://www.barchart.com https://www.infinityfutures.com https://datamineuat.cmegroup.com https://next.benzinga.com https://quotes.benzinga.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com https://uatm.cqg.com  https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com *.straitsfinancial.gate39tech.com us.straitsfinancial.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org https://cofcointl.plateau.com https://rise.articulate.com https://members.tradeday.com http://blf-django.herokuapp.com https://www.bluelinefutures.com https://www.bluelinefutures.live https://www.bluelinefutures.trade; 4
default-src'self'; 4
font-src * 4
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org; upgrade-insecure-requests; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report-block; report-to csp-endpoint-block 4
default-src 'self' http://localhost:* https://*.supercharge-srp.co https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com; prefetch-src http://tpc.googlesyndication.com https://tpc.googlesyndication.com http://securepubads.g.doubleclick.net https://securepubads.g.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://web.sol-data.com http://localhost:* https://*.jobsdb.com/ https://*.supercharge-srp.co https://*.hotjar.com/ https://unpkg.com/ https://polyfill.io/ https://cdnjs.cloudflare.com https://cdn.ravenjs.com https://widget.intercom.io http://www.googletagservices.com https://www.googletagservices.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://adservice.google.com https://securepubads.g.doubleclick.net http://tpc.googlesyndication.com https://tpc.googlesyndication.com https://adservice.google.com.au https://adservice.google.com.hk https://adservice.google.com.sg https://js.intercomcdn.com http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.branch.io/ https://app.link/ https://www.google-analytics.com http://tags.tiqcdn.com https://tags.tiqcdn.com https://www.youtube.com https://s.ytimg.com https://*.useinsider.com; style-src 'unsafe-inline' 'self' http://localhost:* https://*.jobsdb.com/ https://*.supercharge-srp.co https://fonts.googleapis.com/ https://tagmanager.google.com https://*.useinsider.com; img-src * data:; font-src 'self' https://*.jobsdb.com https://*.supercharge-srp.co https://fonts.gstatic.com/ https://static.hotjar.com/ https://js.intercomcdn.com data:; connect-src 'self' https://www.seek.com.au/ http://www.seek.com.au.staging/ https://*.seek.com http://candidate-graphql-api-candy-shared-dev-active.ap-southeast-2.elasticbeanstalk.com/ http://localhost:* ws://localhost:* https://*.sol-data.com https://*.supercharge-srp.co:8080/ https://*.jobsdb.com/ https://*.jobstreet.com/ http://*.supercharge-srp.co https://*.supercharge-srp.co https://*.hotjar.com:*/ https://*.elasticbeanstalk.com:8080/ ws://*.hotjar.com/ wss://*.hotjar.com/ https://*.intercom.io wss://*.intercom.io https://securepubads.g.doubleclick.net https://csi.gstatic.com https://api2.branch.io/ https://app.link/ https://pagead2.googlesyndication.com https://*.useinsider.com https://*.jobstreet.com.ph; frame-src https://vars.hotjar.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://staticxx.facebook.com https://www.youtube.com https://*.useinsider.com https://*.safeframe.googlesyndication.com 4
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net  *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com  dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com *.theadex.com tag.aumago.com js.driftqa.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com *.theadex.com tag.aumago.com ws.zoominfo.com *.redditstatic.com rules.quantcount.com tracking.g2crowd.com *.steelhousemedia.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net *.theadex.com tag.aumago.com *.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw; frame-ancestors 'self' vznrw-piwik.init-ag.de; 4
default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net  *.bing.com  *.ccmp.eu  *.cookiebot.com  *.edge-cdn.net   *.google-analytics.com  *.googletagmanager.com  *.lidl  *.lidl-flyer.com  *.lidl.com  *.lidl.net  *.multichannelacd.de  *.secrz.de  *.virtualearth.net  ads.yahoo.com  advdl.ammadv.it  analytics.google.com  assets.zendesk.com  c.imedia.cz  cm.g.doubleclick.net  connect.facebook.net  d.adroll.com  d.adroll.mgr.consensu.org  form.lidl.com  googleads.g.doubleclick.net  lidl.media01.eu  lidlplus-prod-api.azurewebsites.net lidlqform.omax.cz  s.adroll.com  s.ytimg.com  tagmanager.google.com  track.adform.net  us-u.openx.net  www.dwin1.com  www.googleadservices.com www.google.com www.youtube.com schwarz.adverity.com; img-src 'self' data: *.bing.com *.ccmp.eu *.doubleclick.net *.edge-cdn.net *.google-analytics.com *.googleusercontent.com *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.openstreetmap.org *.osm.org *.secrz.de *.virtualearth.net advdl.ammadv.it assets.zendesk.com c.imedia.cz d.adroll.com google.de ib.adnxs.com idsync.rlcdn.com lidlplusprod.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net lidlplusstoragestaging.blob.core.windows.net s-static.ak.facebook.com ssl.gstatic.com stats.g.doubleclick.net track.adform.net www.facebook.com www.google.com www.googletagmanager.com www.gstatic.com x.bidswitch.net; style-src 'self' 'unsafe-inline' *.bing.com *.secrz.de assets.zendesk.com fonts.googleapis.com form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com form.lidl.com data: themes.googleusercontent.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.edge-cdn.net *.google-analytics.com *.lidl *.lidl.com *.lidl.net *.multichannelacd.de *.openstreetmap.org *.osm.org *.secrz.de *.test *.video-cdn.net *.virtualearth.net appgateway.lidlplus.com content.lidlplus.com form.lidl.com lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlplus-uat-api.azurewebsites.net stats.g.doubleclick.net; frame-ancestors 'self' *.bing.com *.ccmp.eu *.google-analytics.com *.googletagmanager.com *.lidl *.lidl.ch *.lidl.com *.lidl.net *.poi-service.de *.secrz.de *.test accounts-qa.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts.lidl.com website-lidl-account-dev.azurewebsites.net *.lidl-shop.pl *.lidl-sklep.pl; 4
frame-ancestors 'self' *.nexxt.com/ https://lensa.com/; 4
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://rum-http-intake.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://*.hotjar.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum.js; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://vars.hotjar.com https://*.doubleclick.net; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 4
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 4
default-src  https: *.willistowerswatson data: blob: 'unsafe-eval' 'unsafe-inline' 4
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 4
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 4
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru stat.sputnik.ru mc.yandex.ru www.google-analytics.com *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net megatimer.ru stat.sputnik.ru *.stat.sputnik.ru tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' megatimer.ru mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru stat.sputnik.ru cnt.sputnik.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru anycaster.tv *.anycaster.tv livezvezda.mediacdn.ru *.livezvezda.mediacdn.ru newapp.bonus-tv.ru *.newapp.bonus-tv.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru yandex.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com mil.ru *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://vuz.mil.ru https://www.mil.ru https://*.mil.ru https://anycaster.tv https://livezvezda.mediacdn.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 4
default-src 'self'; object-src 'self'; child-src 'self' ujet.co *.ujet.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.go2bank.com  *.fuelcdn.com *.exacttarget.com *.adobe.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; connect-src 'self' *.go2bank.com go2bank.sjv.io  kampyle.com *.kampyle.com mobileapi.locatorsearch.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; img-src 'self' *.go2bank.com *.tvsquared.com google-analytics.com *.google-analytics.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob:; style-src 'self' 'unsafe-inline'  *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com; font-src 'self' data: kampyle.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com; frame-src 'self' *.pardot.com ujet.co  *.go2bank.com *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com; frame-ancestors 'self' https://*.greendot.com https://*.go2bank.com https://*.walmartmoneycard.com; 4
default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://use.fontawesome.com https://hello.myfonts.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.ri.se/sv/report-uri/enforce 4
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps.con.rcmp-grc.gc.ca www.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.clet.ca platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com use.fontawesome.com www.youtube.com; 4
block-all-mixed-content; upgrade-insecure-requests 4
img-src * data:; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 4
default-src 'self' *.cscglobal.com *.swiftypecdn.com  *.swiftype.com script.crazyegg.com *.doubleclick.net *.google-analytics.com geoip-js.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com; script-src 'self' ws.zoominfo.com js.hs-banner.com js.hsadspixel.net *.swiftypecdn.com  *.swiftype.com *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.maxmind.com 'unsafe-inline' 'unsafe-eval' *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com snap.licdn.com; style-src 'self' ocp.cscglobal.com ocu.cscglobal.com gateway.zscalertwo.net *.swiftypecdn.com fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com *.swiftype.com *.cscglobal.com  *.googletagmanager.com googleapis.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' 'unsafe-inline' ocp.cscglobal.com ocu.cscglobal.com data: fonts.gstatic.com *.typekit.net; frame-src 'self' *.youtube.com *.wufoo.com forms.hsforms.com *.zmags.com drive.google.com 4
frame-ancestors https://*.canalplus.com https://*.cnews.fr https://*.canal-bis.com http://*.canalplus.com http://*.canalplus.com:8888 4
frame-ancestors 'self'  wbpa.wdo.io ru.wotblitz.com eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 4
default-src * 'unsafe-inline' 'unsafe-eval'; 4
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 4
frame-ancestors 'self' *.facebook.com *.vk.com 4
frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 4
frame-ancestors 'self' http://*.elsevier.es/ 4
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs-cdn.deviceatlas.com data: 4
frame-ancestors 'self' https://www.bosoy-online.com 4
frame-ancestors 'self' http://webvisor.com https://webvisor.com 4
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 4
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 4
frame-ancestors 'self' https://*.moody.edu 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 4
report-uri https://sentry.io/api/1481323/security/?sentry_key=6a0d90a447e5404786cce69b90774dbc https://sentry.io/api/1481316/security/?sentry_key=5ed17bd323a34165b4278b59fe665e28 4
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon.riskified.com https://tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://*.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net https://*.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: https://img.riskified.com https://web-elb https://*.online-metrix.net https://*.goibibo.com https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://*.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com  https://s3-ap-southeast-1.amazonaws.com https://*.s3-ap-southeast-1.amazonaws.com https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com http://origin-st.redbus.in https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://api.midtrans.com https://www.glassdoor.co.in; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' https://*.firebaseapp.com https://*.firebaseio.com  https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://*.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://*.facebook.com https://www.youtube.com https://dis.as.criteo.com; object-src 'self'; connect-src 'self' wss://rbpub.redbus.com o2.mouseflow.com *.redbus.com *.doubleclick.net *.riskified.com wss://*.gamooga.com www.google-analytics.com graph.facebook.com accounts.google.com 4
sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups; 4
object-src 'self' 4
frame-ancestors 'self' *.heartinternet.com:* *.heartinternet.co.uk:* *.heartinternet.uk:* *.heart-internet.com:* *.heart-internet.co.uk:* *.123-reg.co.uk:* *.vps-10.com:* *.ds-10.com:* *.managethisdomain.com:*; 4
default-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://cdn1.readspeaker.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://f1-eu.readspeaker.com https://monitoring.echobot.de https://event.beyondwork2020.com https://walls.io https://streaming.talk42.de 'unsafe-inline' blob:; img-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://*.tile.openstreetmap.org/ https://api.mapbox.com/ 'unsafe-inline' data:;font-src 'self' data:; 4
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 4
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 4
frame-ancestors 'self' centralnicgroup.activehosted.com; script-src 'unsafe-inline' 'unsafe-eval' *.brandshelter.com *.webinarjam.com snap.licdn.com diffuser-cdn.app-us1.com prism.app-us1.com wp-ui.app-us1.com cdnjs.cloudflare.com trackcmp.net www.google-analytics.com data:; style-src 'unsafe-inline' *.brandshelter.com fonts.googleapis.com fonts.gstatic.com *.webinarjam.com 4
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; 4
default-src https: http://*.sim-cms.net http://sdk.listenlive.co 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: http://cdn.saleminteractivemedia.com; 4
frame-ancestors 'self' *.smartagent.app http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 4
reflected-xss block 4
frame-ancestors 'self' https://*.facebook.com; 4
default-src * 'unsafe-inline' 'unsafe-eval' 4
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-5029ae85.js gist.github.com/socket-worker-5029ae85.js 4
frame-ancestors accounts.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 'self' 4
frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 4
frame-ancestors 'self' https://www.facebook.com/ 4
frame-ancestors https://*.gov.cn  http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn http://www.ceirp.com:8888 4
media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 3
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com 3
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 3
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 3
frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 3
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 3
upgrade-insecure-requests; frame-ancestors 'self' https://www.straitstimes.com http://www.straitstimes.com; 3
frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 3
frame-ancestors 'self' *.mathworks.com feedads.baidu.com; 3
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 3
frame-ancestors http://kpmg.experiencecloud.adobe.com 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://script.hotjar.com/modules.cd1eea15fc08cdfc520a.js https://script.hotjar.com/modules.a6cfc71c5ac4549d913e.js https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://static.hotjar.com/c/ https://script.hotjar.com/modules.0734134ae79697970353.js https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com; connect-src *; img-src 'self' data: https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg; frame-src 'self' https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://vars.hotjar.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/; font-src 'self' data: https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com 3
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com 3
frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob: 3
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 3
default-src 'self'; script-src 'self' c.mql5.com www.tradays.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com player.youku.com https://c.paypal.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com static.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com www.tradays.com 'unsafe-inline'; img-src 'self' msg1.mql5.com c.mql5.com content.mql5.com charts.mql5.com www.tradays.com blob: data: *.tile.openstreetmap.org https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com; media-src 'self' msg1.mql5.com c.mql5.com; font-src c.mql5.com; connect-src 'self' trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com https://cdn.chatbot.com; frame-src 'self' c.mql5.com www.tradays.com trade.mql5.com player.youku.com www.youtube.com https://c.paypal.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com mql5buy: mql4buy:; object-src 'self' c.mql5.com player.youku.com www.youtube.com; worker-src 'self' c.mql5.com player.youku.com www.youtube.com; 3
child-src * 3
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 3
frame-ancestors 'self' https://studio.first.sandbox.ua.coremedia.cloud https://public-studio.first.sandbox.ua.coremedia.cloud https://preview.uat.ua.coremedia.cloud https://studio.uat.ua.coremedia.cloud https://first.sandbox.ua.coremedia.cloud https://studio.production.ua.coremedia.cloud https://preview.production.ua.coremedia.cloud 3
frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 3
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 3
frame-ancestors 'self' http://cloudera.lookbookhq.com https://cloudera.lookbokhq.com http://pages.cloudera.com https://pages.cloudera.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 3
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu https://api.personio.de/recruiting/applicant ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/ 3
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com  brightcove.hs.llnwd.net; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud; report-uri //report-csp-violation 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com *.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com *.tiqcdn.com *.jwpcdn.com *.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com *.facebook.com *.pinterest.com *.googleapis.com *.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com *.addtoany.com *.github.io *.aspnetcdn.com s.gravatar.com *.wp.com *.amazonaws.com *.googleadservices.com *.microsoft.com *.jquery.com *.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com *.nr-data.net tagmanager.google.com *.surveymonkey.com *.brightwhistle.com *.callrail.com *.healthwise.net *.merklesearch.com *.rkdms.com *.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net *.creative-serving.com *.invocacdn.com *.invoca.net *.adsrvr.org *.acquia.com *.segment.com *.rdcdn.com *.msecnd.net *.mymarketingreports.com *.optimizely.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.salesforceliveagent.com *.sanzone.io api.dpx.northwell.io *.yimg.com *.yahoo.com tags.srv.stackadapt.com pagecdn.io *.alpixtrack.com *.basis.net; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com *.acquia.com *.syllable.ai *.force.com *.salesforce.com api.dpx.northwell.io *.yimg.com *.srv.stackadapt.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net *.facebook.com *.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com *.rdcdn.com https://rdcdn.com clickserv.pixel.ad *.syllablecdn.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.sanzone.dev *.northwell.io api.dpx.northwell.io *.yimg.com *.googleusercontent.com *.marketo.com alpixtrack.com *.ipredictive.com *.bidr.io *.sitescout.com; media-src 'self' blob: *.llnw.net *.delvenetworks.com *.llnw.com dam.northwell.edu; frame-src 'self' blob: cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com www.facebook.com insight.adsrvr.org *.acquia.com *.segment.com *.optimizely.com *.force.com *.salesforce.com *.pledgeling.com *.adsrvr.org *.healthgrades.com *.podbean.com *.libsyn.com *.simplecast.com *.sitescout.com; child-src 'self' blob:; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com api.dpx.northwell.io *.hotjar.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com *.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com *.cloudfront.net *.acquia.com *.segment.com *.visualstudio.com *.bugsnag.com *.mktoresp.com *.nr-data.net *.optimizely.com *.syllable.ai *.locationiq.com *.conveythis.com *.force.com *.sanzone.io *.sanzone.dev *.northwell.io *.yimg.com *.srv.stackadapt.com sentry.io *.reachnorthwell.com analytics.google.com *.facebook.net; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 3
default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://www.google-analytics.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 3
frame-ancestors *.nordangliaeducation.com *.tfaforms.net 'self' 3
block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline'  'unsafe-eval'; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 3
frame-ancestors *.straumann.com  3
frame-ancestors 'self' *.freshworks.com *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com 3
frame-ancestors https:; 3
frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3
frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 3
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com  http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe  https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com  https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js  https://ajax.cloudflare.com https://cdn1.affirm.com/ https://www.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://sts.eccmp.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com https://cdn1.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com https://www.affirm.com/  https://zn88kiqxnnojsefct-seaworldcx.siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/;frame-src 'self' https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/ https://cdn1.affirm.com/ https://www.affirm.com/ https://seaworldcx.iad1.qualtrics.com/ https://siteintercept.qualtrics.com/ https://*.hotjar.com/ https://vars.hotjar.com/%0d%0a%0d%0a;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/ https://cdn.quantummetric.com/ https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/ https://api-cf.affirm.com/ https://tracker.affirm.com/ https://www.affirm.com/api/v2/cookie_sent/ https://www.affirm.com/ https://*.siteintercept.qualtrics.com/  https://siteintercept.qualtrics.com/ https://siteintercept.qualtrics.com https://*.hotjar.com/ https://in.hotjar.com/  wss://ws13.hotjar.com https://sts.eccmp.com/; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/; 3
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; 3
upgrade-insecure-requests ; 3
base-uri 'self'; frame-ancestors 'self' 3
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 3
frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 3
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.googleapis.com translate.google.com ajax.cloudflare.com www.google-analytics.com www.googletagmanager.com deepknow.egoid.me static.geetest.com dn-staticdown.qbox.me api.geetest.com *.ronghub.com *.udesk.cn qiyukf.com c.cnzz.com s9.cnzz.com z12.cnzz.com https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top; style-src 'unsafe-inline' 'self' 'unsafe-eval' static.geetest.com translate.googleapis.com *.udesk.cn https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top; frame-src 'self' https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top *.bitz-service.com *.bitz.com *.bit-z.com *.bit-z.pro *.bitz.top *.bitz.so *.bitz.plus *.bitz.my *.bitz.al *.bitz.ai *.bitz.bz *.bitz.info *.bitz.tech *.bitzhd.com *.bitz.cm *.hyjztc.cn *.bitzapp.top appad.ahighapp.com qiyukf.com *.udesk.cn; frame-ancestors *.bitz-service.com; font-src 'self' data: https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top; img-src 'self' data: blob: www.gxchaintop.org static.gxb.io translate.googleapis.com *.google.com bit-z-frontdesk.oss-cn-hongkong.aliyuncs.com www.gstatic.com static.geetest.com stats.g.doubleclick.net www.google-analytics.com sensors.ahighapi.com *.127.net qiyukf.com *.qiyukf.com *.bibidev.com *.udesk.cn z12.cnzz.com cnzz.mmstat.com sensors.bitzapp.top https://imge1.bitzapp.top https://imge2.bitzapp.top https://imge3.bitzapp.top; media-src 'self' static.geetest.com qiyukf.com *.bibidev.com *.127.net *.udesk.cn; connect-src 'self' wss://ws.ahighapi.com wss://*.s2.udesk.cn translate.googleapis.com stats.g.doubleclick.net www.google-analytics.com monitor.geetest.com api.geetest.com *.udesk.cn qiyukf.com sentry.ahighapi.com test-push-trade.biwebapi.com https://sensors.bitzapp.top https://ucapi.ahighapi.com https://otcapinew.ahighapi.com https://app.ahighapi.com https://v2.ahighapi.com https://api.ahighapi.com https://app.ahighapi.com wss://ws.ahighapi.com wss://pushser.ahighapi.com https://app.ahighapi.com 3
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' 3
<options and value> 3
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 3
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 3
frame-ancestors 'none' ; 3
frame-ancestors 'self' https://www.endesaclientes.com 3
frame-ancestors 'self' blaetterkatalog.musicstore.de  ; 3
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 3
frame-ancestors 'self' https://help.jouwweb.nl; 3
img-src * 3
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://shopproxy.p-s-s.de 3
'self' https://ajax.googleapis.com 3
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: 3
script-src * 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' https://www.googletagmanager.com; frame-ancestors 'self'; frame-src 'self' https://www.google.com/recaptcha/; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://s.ytimg.com; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; child-src 'self' https://www.youtube.com; 3
connect-src * 'self' 3
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 3
default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net ;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content; 3
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.surveymonkey.com https://www.youtube.com; 3
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 3
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com code.jquery.com sentry.io stats.g.doubleclick.net sumo.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net data: dp8k5pf9le6li.cloudfront.net static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com themes.googleusercontent.com wrss-2c7e.kxcdn.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.libsyn.com *.twitter.com sumo.com twitter.com; img-src 'self' *.bbb.org *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com about: assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net data: dp8k5pf9le6li.cloudfront.net extended-validation-ssl.thawte.com https://seal.verisign.com pubads.g.doubleclick.net seal.thawte.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com syndication.twitter.com twitter.com verify.authorize.net wrss-2c7e.kxcdn.com; manifest-src ammo.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com wrss-2c7e.kxcdn.com www.ammoforsale.com www.ammoman.com www.ammunitiontogo.com www.bulkammo.com www.cheapammo.com www.luckygunner.com www.targetbarn.com www.wideners.com; media-src 'self' *.facebook.com; object-src 'self' *.facebook.com www.luckyreferrals.com; report-uri https://sentry.io/api/1201369/security/?sentry_key=66651cc2476b475987e75acc58880acc; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.bbb.org *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.twitter.com api.bufferapp.com assets.targetbarn.com blob: browser.sentry-cdn.com buttons.reddit.com cdn-secure.luckygunner.com cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js cdn.jsdelivr.net/npm/instantsearch.js@4 cdn.ravenjs.com code.jquery.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net reddit.com seal.thawte.com seal.verisign.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com verify.authorize.net widgets.pinterest.com wrss-2c7e.kxcdn.com www.linkedin.com www.luckyreferrals.com www.reddit.com; style-src 'self' 'unsafe-inline' *.bbb.org *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net sload.sumo.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com sumo.b-cdn.net wrss-2c7e.kxcdn.com 3
frame-ancestors 'self' weleda.sabio.de 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.inbenta.chat:* wss://*.inbenta.io:* wss://*.inbenta.com:* http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.google.com.mx http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://youtu.be http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.inbenta.chat:* http://*.inbenta.io:* http://*.inbenta.com:* http://*.go-mpulse.net http://*.akstat.io http://*.akamaihd.net http://cdn-akamai.mookie1.com http://*.userway.org http://claro.speedtestcustom.com http://*.clarovideo.net http://*.claromusica.com https://*.hotjar.com:* https://*.hotjar.io https://tags.tiqcdn.com/* https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.com.mx https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.inbenta.chat:* https://*.inbenta.io:* https://*.inbenta.com:* https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://cdn-akamai.mookie1.com https://*.userway.org https://claro.speedtestcustom.com https://*.clarovideo.net https://*.claromusica.com; media-src mediastream:; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.googleapis.com https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://js.hs-banner.com https://s2.adform.net https://c.go-mpulse.net https://173c5b0c.akstat.io https://bam-cell.nr-data.net https://bot.leadoo.com https://files.cdn.leadfamly.com https://rec.smartlook.com dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; connect-src 'self' yandex.ru *.yandex.ru *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.vk.com *.branch.io *.google.com *.google.ru *.livetex.ru *.livetex.me *.usedesk.ru *.mail.ru *.google.com.ua odds.ru *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.usedesk.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; script-src-elem 'self' 'unsafe-inline' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.usedesk.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; img-src 'self' data: *.wp.com *.w.org *.gravatar.com www.facebook.com *.youtube.com *.livetex.ru *.livetex.me *.usedesk.ru *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googleapis.com graph.facebook.com vk.com *.vk.com *.yandex.ru odds.ru opentracking.ru www.opentracking.ru *.twimg.com *.twitter.com *.gstatic.com *.googletagmanager.com *.google.com.ua *.yastatic.net *.adfox.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru *.ligastavok.ru ligastavok.ru *.yandex.net; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com odds.ru *.twitter.com *.twimg.com *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com; child-src 'self' *.youtube.com *.vimeo.com *.facebook.com *.vk.com vk.com *.twitter.com twitter.com *.livetex.ru *.livetex.me *.usedesk.ru onesignal.com *.onesignal.com www.instagram.com *.google.com *.yandex.ru webvisor.com blob: https://mc.yandex.ru *.imgur.com imgur.com *.yastatic.net *.adfox.ru *.yandex.net vimeo.com; font-src 'self' 'unsafe-inline' *.gstatic.com *.livetex.ru *.livetex.me *.usedesk.ru data:; media-src 'self' *.livetex.ru *.livetex.me *.usedesk.ru *.yastatic.net *.adfox.ru *.yandex.net; frame-ancestors 'self' https://metrika.yandex.ru http://webvisor.com https://yastatic.net https://mc.yandex.ru; 3
frame-ancestors 'self' *.basf.com basf-performance-materials.expo-ip.com 3
frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com; 3
frame-ancestors 'self' www.roompotpsa.eu survey.insocial.nl www.detolplas.nl www.familieparken.nl www.onsvakanties.nl www.vakantieparkhellendoorn.nl www.vakantievilla-met-prive-zwembad.nl www.strandparkzeeland.nl www.kronenburgersee.nl www.eifelpark-eks.de www.duinresortdunimar.nl dev72.lined.nl; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 3
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 3
“upgrade-insecure-requests” 3
Content-Security-Policy-Report-Only 3
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com 3
frame-ancestors 'self' https://smartnutri-stag.firebaseapp.com/ https://smartfitnutri.app/ 3
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; child-src * 'self' blob: http:;font-src * data: 3
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 3
connect-src 'self' habboo-a.akamaihd.net *.habbo.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com www.google-analytics.com csi.gstatic.com *.googlesyndication.com *.g.doubleclick.net hb.improvedigital.com pub.tunnl.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com cookie-cdn.cookiepro.com connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net hb.improvedigital.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br hb.improvedigital.com; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; upgrade-insecure-requests; report-uri /csp/report 3
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 3
style-src https: 'unsafe-inline' ; script-src https: data 'unsafe-inline' 'unsafe-eval' ; default-src * data: ; 3
base-uri 'self' 3
default-src https: data:; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline' 3
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 3
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' 'unsafe-inline' *; 3
frame-ancestors whitelabel.camspower.com wlbackoffice3.xcams.com 3
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com;block-all-mixed-content;upgrade-insecure-requests; 3
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://*.oebb.at https://apis.google.com https://*.googleapis.com  https://*.azureedge.net https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://*.azureedge.net https://static.userback.io https://walls.io; connect-src 'self' https://*.oebb.at https://obc.rola.at https://*.azureedge.net https://directline.botframework.com wss://directline.botframework.com https://api.userback.io; img-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://static.userback.io https://oebbtalentinastorage.blob.core.windows.net data: blob:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com  https://at.cloud.fabasoft.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://*.azureedge.net https://live.virtual-events.at https://*.streaming.media.azure.net https://www.traumgutscheine.com https://my.walls.io; frame-ancestors https://oebb-test.hafas.de https://*.oebb.at http://fahrplan.oebb.at; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 3
script-src 'self' 'unsafe-inline' 3
block-all-mixed-content; upgrade-insecure-requests; 3
frame-ancestors 'self' *.facebook.com 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 3
default-src 'self' data: ;   connect-src 'self' https: wss: ;   font-src 'self' chrome-extension: data: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: ;   style-src-attr 'self' 'unsafe-inline' https: ;   worker-src 'self' 'unsafe-inline' https: ;   frame-ancestors 'self' https://*.magnews.it https://*.magnews.com;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src 'self' *.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ceros-creative-services.s3.amazonaws.com ceros-labs.s3.amazonaws.com *.ceros.com *.bidr.io *.bizzabo.com *.cloudfront.net acsbapp.com *.acsbapp.com *.bc0a.com *.b0e8.com *.ads-twitter.com *.adsrvr.org *.srv.stackadapt.com *.stackadapt.com *.fontawesome.com *.cookielaw.org *.jquery.com *.marketo.com *.marketo.net *.twimg.com *.onetrust.com *.driftt.com *.bing.com *.bootstrapcdn.com *.myfonts.net *.cloudflare.com *.callrail.com *.aspnetcdn.com *.vidyard.com *.ceridian.ca *.en25.com *.eloqua.com *.googletagmanager.com *.swiftypecdn.com *.google-analytics.com *.google.com *.google.ca *.licdn.com *.facebook.net *.terminus.services *.windows.net *.g2crowd.com *.adsrvr.org *.ads-twitter.com *.ads.linkedin.com *.twitter.com go.ceridian.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.marketo.com *.twitter.com *.bootstrapcdn.com fastcdn.org *.cloudflare.com optanon.blob.core.windows.net *.swiftypecdn.com go.ceridian.com *.stackadapt.com; img-src * data:; font-src 'self' http://script.hotjar.com https://script.hotjar.com acsbapp.com *.acsbapp.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com; connect-src 'self' *.doubleclick.net ka-p.fontawesome.com *.fontawesome.com *.collector.snplow.net acsbapp.com *.acsbapp.com *.srv.stackadapt.com *.cookielaw.org *.facebook.com *.marketo.com *.mktoresp.com *.eloqua.com *.swiftype.com *.ceridian.ca *.swiftypecdn.com *.callrail.com go.ceridian.com *.onetrust.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com;  media-src * 'unsafe-inline'; frame-src 'self'  *.ceros.com accessibe.com *.accessibe.com *.acsbapp.com acsbapp.com *.bizzabo.com *.facebook.com *.marketo.com *.twitter.com *.youtube.com *.driftt.com *.vidyard.com *.adsrvr.org  go.ceridian.com  *.hotjar.com 3
upgrade-insecure-requests; block-all-mixed-content; 3
frame-ancestors 'self' *.vergic.com 3
default-src 'self' data: 'unsafe-inline' https: *; 3
block-all-mixed-content; report-uri /v1/csplog 3
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 3
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.adobemsbasic.com https://*.lingotek.com https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 3
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 3
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com *.googleapis.com *.gstatic.com  https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://app-sj01.marketo.com https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com *.twimg.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com  *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com  https://*.youtube.com https://app-sj01.marketo.com https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com; media-src 'self' data: blob:; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com; frame-src *.marketo.com *.sitefinity.xyz 'self'  *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/  https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com https://img.youtube.com https://radiomd.com; 3
worker-src 'self'; 3
default-src 'self' http: https: data: blob: 'unsafe-inline' blob: 'unsafe-eval' 3
frame-ancestors 'self' app.contentful.com 3
object-src 3
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 3
frame-ancestors https://my.bigcartel.com; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca; 2
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://overpass-api.de/api/interpreter https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tileserver.memomaps.de *.openstreetmap.fr piwik.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data:; 2
block-all-mixed-content; report-uri /csp-report?p=; base-uri 'none'; default-src 'none'; style-src 'unsafe-inline' 'self' https://*.stripecdn.com; connect-src 'self' https://errors.stripe.com https://*.stripecdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ga.clearbit.com; font-src 'self' https://*.stripecdn.com; frame-src 'self' https://*.stripecdn.com https://www.googletagmanager.com; img-src 'self' https://*.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com data:; media-src 'self' https://*.stripecdn.com https://videos.ctfassets.net; script-src 'self' 'sha256-6hCrKkhcyMhhMFEfSpCTaBOu2I3bF+wiEjLQdI7s+jQ=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://*.stripecdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net 'sha256-ELZBkO1eLwWs6QKigj+FQzktzusJRQek0e2CLudl4N8=' https://www.googletagmanager.com https://ga.clearbit.com 'report-sample' 2
upgrade-insecure-requests; base-uri 'self' 2
frame-ancestors 'self' acs.virtualeventsengine.com virtualexhibits360.com psav.digital 2
frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com https://*.aboutschwab.com 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 2
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com ; 2
upgrade-insecure-requests; frame-ancestors 'self' *.nhs.uk 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' *.execute-api.eu-west-1.amazonaws.com edge.api.brightcove.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net metrics.brightcove.com new.siemens.com assets.new.siemens.com api.dc.siemens.com w3.siemens.com searchapi.new.siemens.com privacyportal-eu.onetrust.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net blob: www.facebook.com; default-src 'self' blob:; font-src 'self' www.siemens.com tools.adlytics.net data:; frame-src 'self' bid.g.doubleclick.net; img-src 'self' *; manifest-src 'self'; media-src 'self' manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com blob:; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com players.brightcove.net vjs.zencdn.net w3.siemens.com prod.ste.dc.siemens.com tools.adlytics.net www.googletagmanager.com connect.facebook.net snap.licdn.com www.googleadservices.com googleads.g.doubleclick.net; style-src 'report-sample' 'self' 'unsafe-inline' tools.adlytics.net; worker-src blob:; report-uri https://o1.ingest.sentry-xl.siemens-web.com/api/2/security/?sentry_key=1ee914da45a24a1491f0e46e1d0d92c9&sentry_environment=siemenscom-prod&sentry_release=759a9c59; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com googletagmanager.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com tagmanager.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com cdn.nativemsg.com hm.baidu.com optimize.google.com siteimproveanalytics.com downloads.mailchimp.com mc.us2.list-manage.com sjs.bizographics.com unicef.us2.list-manage.com s3.amazonaws.com www.googleadservices.com *.doubleclick.net cdn.curator.io eisi-ext.azurewebsites.net *.aparat.com *.tableau.com *.wufoo.com s.pinimg.com ct.pinterest.com cdn.taboola.com static.hotjar.com amplify.outbrain.com  event.getblue.io analytics.tiktok.com; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com downloads.mailchimp.com l.sharethis.com platform.twitter.com optimize.google.com *.unicef.org cdn.curator.io *.twimg.com; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com  *.sharethis.com facebook.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com google.ie google.com.hk google.dk google.co.id google.co.kr google.hr google.com.sg google.fr google.com.br google.mn google.co.zw google.com.lb google.tn google.com.om google.jo google.com.ph google.mw google.nl google.com.tr google.ca google.it google.co.uz google.me google.co.uk google.co.za google.ch google.co.in google.co.jp google.de google.bj google.com.ng google.se google.com.au google.rw google.com.my google.com.np google.ru google.kz google.com.vn google.bi google.com.ua google.ba google.co.ke google.al google.no google.ci google.com.et google.ae google.es google.com.gh google.mv google.co.nz google.iq google.ro google.dj google.cd google.gr google.co.ug google.com.py google.by google.com.ar google.com.pk google.com.bo google.com.na google.lk google.co.th google.mk google.pl google.com.pe google.co.ao google.com.co google.com.ec google.com.uy google.com.pa google.pt google.com.bd google.cn google.com.sl google.com.kh www.google.com *.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io syndication.twitter.com *.twimg.com platform.twitter.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io cdn-images.mailchimp.com gallery.mailchimp.com ct.pinterest.com cx.atdmt.com pixel.quantserve.com i.ytimg.com downloads.mailchimp.com *.tableau.com; media-src 'self' *.cdninstagram.com video.twimg.com; frame-src 'self' *.facebook.com www.google.com *.twitter.com e.infogram.com infogram-download-us2.s3.eu-west-1.amazonaws.com infogram-download-eu.s3.eu-west-1.amazonaws.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org optimize.google.com embed.ted.com *.doubleclick.net player.vimeo.com forms.office.com *.aparat.com *.tableau.com oms.gameloft.com *.soundcloud.com app.powerbi.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org cdnjs.cloudflare.com cdn.curator.io; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com getchute.com *.getchute.com facebook.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org api.curator.io bam.nr-data.net rpapigatewaytest.azurewebsites.net i2e.azurewebsites.net; report-uri /report-csp-violation 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 2
frame-ancestors 'self' *.shopeemobile.com *.shopee.tw *.shopee.cn *.facebook.com;  2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://api.amplitude.com https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://analytics.pgncs.notion.so https://checkout.stripe.com https://js.stripe.com/v3 https://embed.typeform.com https://admin.typeform.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com; connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so http://localhost:* https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https: http: https://api.amplitude.com https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://api.segment.io https://api.pgncs.notion.so https://checkout.stripe.com https://js.stripe.com/v3 https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://api.unsplash.com https://boards-api.greenhouse.io; font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com; img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://platform.twitter.com https://ton.twimg.com; frame-src https: http:; media-src https: http: 2
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 2
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src https://my.tealiumiq.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://static.garmin.com https://static.garmincdn.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.garmin.com https://consent.trustarc.com; img-src *; frame-src https://sso.garmin.com https://sso.garmin.cn https://www.garmin.com https://my.tealiumiq.com https://static.garmincdn.com https://support.garmin.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.youku.com https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; object-src 'none'; upgrade-insecure-requests 2
default-src 'self' *.ecosia.org data: *.sentry.io; script-src 'sha256-KTDFkjLFDkEw7ubSpJFGPsKQsS0RRJdVtHteoO6rG8Q=' 'self' 'self' *.ecosia.org *.sentry.io dy1cy3yp6fd82.cloudfront.net; img-src 'self' *.ecosia.org s3.amazonaws.com data: ecosia-notifications.ghost.io; style-src 'self' *.ecosia.org 'unsafe-inline'; connect-src 'self' *.ecosia.org *.sentry.io; frame-ancestors 'none' 2
frame-ancestors https://pam.mcafee.com 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https:  2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
default-src 'self' http: https: 2
frame-ancestors frame-ancestors 'self' 2
frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.findzen.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 2
frame-ancestors 'self' *.globalsources.com *.asiansources.com *.globalsources.com.hk; 2
frame-ancestors https://*.ionos.com https://ionos.com; 2
default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com *.lynda.com; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com www.linkedin.com www.slideshare.net *.megaphone.fm msit.powerbi.com app.powerbi.com linkedin.github.io; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=gg 2
connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com *.atdmt.com www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com *.youtube.com *.ytimg.com;style-src data: blob: 'unsafe-inline' * *.oculus.com *.facebook.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.facebook.net *.fbthirdpartypixel.com *.akamaihd.net *.oculuscdn.com *.atdmt.com data: blob: www.google-analytics.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com *.ytimg.com alb.reddit.com;frame-src *.oculus.com *.fbthirdpartypixel.com *.facebook.com *.youtube.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://*.dynamicyield.com https://*.salecycle.com https://*.fls.doubleclick.net https://dev.appboy.com https://www.facebook.com https://ct.pinterest.com https://bid.g.doubleclick.net https://videos.contentful.com https://www.youtube.com https://*.api.bazaarvoice.com https://sentry.io https://videos.ctfassets.net https://*.akstat.io https://*.perimeterx.net https://*.urbanoutfitters.com https://www.google-analytics.com https://api.bazaarvoice.com https://d16fk4ms6rqz1v.cloudfront.net https://*.akamaihd.net https://*.rewardstyle.com https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://*.myunidays.com https://www.myregistry.com https://core.conversant.mgr.consensu.org https://tracking.crealytics.com https://*.scene7.com https://*.attn.tv https://freepeople.wufoo.com https://*.trustedshops.com https://*.stg-sessionm.com https://*.sessionm.com https://*.ent-sessionm.com https://*.bluecore.com https://www.googletagmanager.com https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://tags.tiqcdn.com https://www.googleadservices.com https://js.appboycdn.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://*.afterpay.com https://mpsnare.iesnare.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://fast.fonts.net https://ci-mpsnare.iovation.com https://*.bazaarvoice.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://*.criteo.com https://www.ist-track.com https://www.shopzilla.com https://*.googleapis.com https://www.gstatic.com https://app.curalate.com https://cm.g.doubleclick.net https://*.ra.linksynergy.com http://maps.google.cn https://*.clearpay.co.uk https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://images.contentful.com https://images.ctfassets.net https://px0.pbbl.co https://t.co https://*.google.com https://*.gstatic.com https://pinterest.adsymptotic.com https://*.linksynergy.com https://*.dc-storm.com https://consent.nxtck.com https://consent.jrs5.com https://consent.mediaforge.com https://*.g.doubleclick.net https://www.bizrate.com https://rd.connexity.net https://www.google.co.uk https://www.google.ca https://www.google.de https://*.groupbycloud.com https://h.nexac.com http://images.urbanoutfitters.com https://cdn.dynamicyield.com https://www.google.ie https://www.ssense.com https://*.rkdms.com https://www.polyvore.com https://www.google.nl https://www.google.fr https://*.agkn.com https://p.dlx.addthis.com https://www.google.co.jp https://www.google.es https://www.google.com.au http://stores.urbanoutfitters.com http://euimages.urbanoutfitters.com https://email-reflex.com https://www.google.it https://www.google.be https://www.google.co.nz https://www.google.se https://cdn.dashhudson.com https://tracking.lengow.com https://merchants.nextag.com https://events.attentivemobile.com https://fonts.gstatic.com https://*.crazyegg.com https://*.dotomi.com https://cx.atdmt.com https://calotag.com https://product.givingassistant.org https://techsuperb.biz https://track.effitarget.com https://cdnjs.cloudflare.com https://intljs.rmtag.com https://cdn.polyfill.io https://*.adsymptotic.com https://c.go-mpulse.net https://polyfill.io https://cdn.honey.io https://cdn.contentful.com https://*.attentivemobile.com https://g.3gl.net https://r.3gl.net.cn https://r.3gl.net https://trustbadge.api.etrusted.com https://*.tealiumiq.com https://*.salesforce.com https://*.px-cloud.net https://sdk.iad-01.braze.com https://*.siteintercept.qualtrics.com https://idsync.rlcdn.com https://*.qualtrics.com https://*.force.com https://ltv-service.camato.eu https://*.vimeo.com https://d38xvr37kwwhcm.cloudfront.net https://trail.grin.co https://downloads.contentful.com https://*.8x8.com/ https://s0.ipstatp.com https://*.tiktok.com https://*.tiktokcdn.com https://business-sg.topbuzz.com https://business.topbuzz.com https://*.btttag.com bytedance: https://cloudflare.com/cdn-cgi/trace https://*.ibytedtos.com https://*.krxd.net https://www.cloudflare.com/cdn-cgi/trace https://open.spotify.com https://cdn.cookielaw.org https://*.evergage.com;frame-ancestors 'none'; 2
frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 2
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 2
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 2
frame-ancestors 'self' *.ally.com; 2
http://localhost:* file: *.labanquepostale.fr 2
default-src 'self'; frame-ancestors 'self' https://*.facebook.com; connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://api-fra.livechatinc.com https://analytics.google.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/; object-src 'none'; report-uri https://secreport.synology.com/csp/report; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.livechatinc.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://www.facebook.com https://staticxx.facebook.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://player.youku.com/ https://vars.hotjar.com/ https://synology.jobbase.io https://*.synology.com https://synoform.synology.com; img-src 'self' https://www.synology.com https://global.download.synology.com https://download.synology.com https://cndl.synology.cn https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com https://*.google.com https://www.google.com.tw https://*.gstatic.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://www.facebook.com https://wcs.naver.com https://www.facebook.com/tr https://dc.ads.linkedin.com https://px.ads.linkedin.com/ https://www.linkedin.com/px https://alb.reddit.com https://t.co/i/adsct https://p.adsymptotic.com/d/px https://bat.bing.com data: blob:; media-src 'self' https://download.synology.com https://cdn.livechatinc.com; script-src 'self' data: blob: https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://www.google.com https://clients1.google.com https://www.gstatic.com https://www.googletagmanager.com https://cse.google.com https://www.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com https://optimize.google.com https://connect.facebook.net https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://analytics.twitter.com https://static.ads-twitter.com https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com/ https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://synology.jobbase.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://fonts.googleapis.com https://optimize.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css 'unsafe-inline' 2
frame-ancestors http://www.vistaprint.com https://www.vistaprint.com http://vistaprint.com https://vistaprint.com https://www.optimizelyedit.com https://app.optimizely.com http://app.optimizely.com http://script.crazyegg.com https://script.crazyegg.com script.crazyegg.com http://www.radins.com http://fr.igraal.com http://cmsauth.vistaprint.prod https://secure.vistaprint.com https://*.hatchery.vistaprint.com https://*.mobile.vpsvc.com; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.interco.io wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://*.twilio.com wss://*.firebaseio.com  https://cdn.firebase.com https://*.firebaseio.com; report-uri https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV1YajQYljNDyq_HZcQMFwMFIEBS9eHG3wV3FNhihD_eeXQkr_HnJMjSGly5t4VQFrfZujfZFoFY5wHaTC8TvTlxRcur_pISTvX0Dw96EIlb4Q== 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paytm.com paytmstores.com *.paytmstores.com polyfill.io widget.gleamjs.io gleamjs.io platform.twitter.com *.bintray.com bintray.com cdn.syndication.twimg.com gateway.answerscloud.com *.cloudfront.net *.google.com *.hotjar.com apis.mapmyindia.com cdn.ravenjs.com *.youtube.com *.gstatic.com *.googleadservices.com *.doubleclick.net bid.g.doubleclick.net u.heatmap.it cdn.trackjs.com s.ytimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net alipaybridge://* cdn.branch.io googleads.g.doubleclick.net app.link bid.g cdn.ampproject.org dev.visualwebsiteoptimizer.com paytmmall.com *.paytmmall.com *.insider.in blob:; frame-src 'self' *.paytm.com *.twitter.com s.ytimg.com cdn.syndication.twimg.com *.insider.in *.youtube.com assets.zendesk.com apis.mapmyindia.com *.facebook.com *.google.com *.hotjar.com cdn.ravenjs.com s-static.ak.facebook.com tautt.zendesk.com paytmmall.com *.paytmmall.com polyfill.io paytmstores.com *.paytmstores.com alipaybridge://* widget.gleamjs.io gleam.io;  object-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php 2
default-src https:; child-src blob: https:; connect-src https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2
frame-ancestors https://ads.idntimes.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://www.google.com https://connect.facebook.net www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/ https://analytics.webgains.io/ https://analytics-wg.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com/ https://wcs.naver.net/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; img-src 'self' https: data:; media-src 'self' https://ftr.imgix.net; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://www.facebook.com https://*.fls.doubleclick.net https://optimize.google.com www.snapengage.com https://www.expresvpn-private-analytics.net; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.snapengage.com https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://api.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com https://wcs.naver.com/; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 2
default-src * data: blob: ;script-src * 'self' 'unsafe-inline' 'unsafe-eval' ;worker-src * blob: ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' static-s.aa-cdn.net *.appannie.com *.appannie.com.cn *.appannie.org;img-src * data: blob: ;font-src * data: ;media-src * data: blob: ;base-uri 'self' d6tizftlrpuof.cloudfront.net manifest.prod.boltdns.net secure.brightcove.com ;connect-src * data: blob: wss://api.appcues.net;report-uri https://sentry.smart-sense.org/api/96/csp-report/?sentry_key=28d56c139d1542a19730a3eb84757027; 2
frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.youtube.com www.google.com *.google-analytics.com https://www.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.fontawesome.com data: use.typekit.net *.crazyegg.com *.hotjar.com; img-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com twitter.com *.twitter.com *.twimg.com use.fontawesome.com data: blob: *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co match.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com; media-src 'self' data: blob: www.youtube.com; frame-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com; connect-src 'self' polo.feathr.co; 2
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/ http://demo.havendemo.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 2
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.youtube.com  *.clientam.ch  *.clientam.com.hk  s.go-mpulse.net  *.greenwichcompliance.com; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools; media-src * 'unsafe-inline' 'unsafe-eval' data: blob: 2
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 2
frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: d2e70e9yced57e.cloudfront.net d2k0escgkdw2ev.cloudfront.net d3k4ohqf5n453g.cloudfront.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net cdn.ampproject.org bat.bing.com s.yimg.com cdn.taboola.com trc.taboola.com sp.analytics.yahoo.com *.facebook.com connect.facebook.net www.linkedin.com www.reddit.com *.twitter.com static.ads-twitter.com *.linkedin.com *.pinterest.com *.reddit.com www.dianomi.com loadus.exelator.com ct.buyright.com affiliate.icclicktracker.com amplify.outbrain.com track.supersonicads.com ads.trafficjunky.net cdn.ckeditor.com *.wistia.com sentry.io www.datadoghq-browser-agent.com opensharecount.com *.mediaalpha.com smartforms.ekomi.com *.amazonaws.com cfstatic.efdevhub.info cdn.wallethub.com static.olark.com api.olark.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://static.addtoany.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com *.ytimg.com *.qualtrics.com, frame-ancestors 'self' 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' recruitics.com eprotect.vantivcnp.com *.vimeo.com *.recruitics.com soundcloud.com vimeo.com *.soundcloud.com *.adspeed.net sterlingcheck.com *.sterlingcheck.com vimeocdn.com jquery.com *.jquery.com *.vimeocdn.com *.vantivcnp.com worldpay.com *.paypal.com *.worldpay.com paypal.com paypalobjects.com *.paypalobjects.com *.greenhouse.io greenhouse.io *.braintree-api.com adspeed.net adsymptotic.com *.adsymptotic.com linkedin.com *.linkedin.com ads.linkedin.com googleapis.com licdn.com google.ca *.licdn.com iterable.com *.hexagon-analytics.com *.siftscience.com *.iterable.com *.googleapis.com google.com hsforms.com hsadspixel.net hsleadflows.net hs-scripts.com hs-analytics.net hubspot.com *.google.com *.amplitude.com amplitude.com *.getsentry.com hubapi.com hsforms.net *.hscta.net hscta.net *.hsforms.net *.hubapi.com *.hsforms.com *.hsadspixel.net *.hsleadflows.net *.hs-scripts.com *.hs-analytics.net *.hubspot.com getsentry.com akamaihd.net google-analytics.com *.google-analytics.com fls.doubleclick.net googleadservices.com *.googleadservices.com wss://*.care.com *.googletagmanager.com *.care.com *.cdn-care.com g.doubleclick.net *.facebook.net *.akamaihd.net cloudfront.net *.cloudfront.net btttag.com *.btttag.com googletagmanager.com facebook.com facebook.net *.facebook.com care.com cdn-care.com *.gstatic.com siftscience.com *.pinimg.com *.google.ca *.tiqcdn.com pinimg.com pinterest.com *.pinterest.com gstatic.com *.monetate.net monetate.net hexagon-analytics.com tiqcdn.com *.googlesyndication.com *.google.de shareasale.com pmmapads.com *.shareasale.com pmqzads.com *.pmmapads.com *.pmqzads.com *.google.ie *.google.ch *.google.es *.google.nl ieframe.dll *.google.fr *.google.se *.google.fi kis.v2.scr.kaspersky-labs.com *.google.it *.snapchat.com *.ieframe.dll getletterpress.com *.getletterpress.com *.flaticon.com svc.bronze.dom.omni.carezen.net wss://*.tokbox.com talentwise.com *.talentwise.com abtasty.com *.abtasty.com tokbox.com *.tokbox.com opentok.com *.stripe.com *.indeed.com indeed.com snapchat.com sc-static.net *.sc-static.net dropbox.com *.dropbox.com ziprecruiter.com *.ziprecruiter.com *.liveperson.net stripe.com *.opentok.com google.co.in google.com.mx *.youtube.com ytimg.com youtube.com xx.fbcdn.net *.cloudinary.com cloudinary.com *.twitter.com twitter.com google.co.jp emjcd.com *.emjcd.com amazonaws.com google.co.uk google.es google.nl google.fr google.de google.ie google.ch googlesyndication.com google.com.tr *.amazonaws.com google.it google.com.sg google.com.ph liveperson.net *.bing.com bing.com google.co.za s3.amazonaws.com google.se google.fi agkn.com lpsnmedia.net *.lpsnmedia.net v.liveperson.net *.agkn.com *.ytimg.com google.com.jm google.co.nz trendmicro.com *.hsappstatic.net *.trendmicro.com hubspot.net *.usemessages.com *.hscollectedforms.net *.google.tt google.at google.ae google.com.co google.com.sa hsappstatic.net *.hubspot.net alocdn.com *.alocdn.com va.us.criteo.net *.doubleclick.net kinsights.com *.kinsights.com *.criteo.net *.criteo.com da.us.criteo.net sv.us.criteo.net us.criteo.com criteo.net criteo.com *.amazon-adsystem.com *.monetate.org monetate.org ivaws.com *.ivaws.com narrative.io *.narrative.io *.honey.io honey.io mplxtms.com quora.com *.adsrvr.org adsrvr.org amazon-adsystem.com usemessages.com google.al *.google.lt *.google.cz *.google.rs *.google.sk *.google.bg *.google.al google.tt google.com.do google.co.cr cloudflare.com google.sk google.com.au google.hu *.google.hr *.google.bs *.google.hu google.ee google.com.np *.google.ae google.bg *.google.at *.google.cl google.rs *.google.dk *.google.gr *.google.no google.cz google.lt google.hr google.bs google.com.pa google.pl google.com.ar chrome-extension jwpltx.com p.jwpcdn.com google.com.ua google.no google.pt google.com.pr google.com.tw google.co.vi ms-browser-extension google.com.hk yahoo.com *.google.pl thrtle.com *.thrtle.com google.gr google.dk hscollectedforms.net data: blob:; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 2
frame-ancestors 'self' *.marketscreener.com *.zonebourse.com *.scoopnest.com; 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob; img-src data: https: android-webview-video-poster: blob:; font-src data: https:; upgrade-insecure-requests; 2
default-src 'self' *.binomo-website.com *.binomo.com; child-src *; connect-src 'self' analytics.tiktok.com *.adroll.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com top-fwz1.mail.ru *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.optimizely.com *.zopim.com *.launchdarkly.com api.exponea.com ekr.zdassets.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com app.getsentry.com *.binomo-website.com *.binomo.com wss://as.binomo-website.com:* wss://as.binomo.com:* wss://ws.binomo-website.com:* wss://ws.binomo.com:* s.yimg.com; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomo-website.com *.binomo.com; img-src * data:; media-src 'self' *.binomo-website.com *.binomo.com; script-src 'self' static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.googleoptimize.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co *.adroll.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com top-fwz1.mail.ru 'unsafe-eval' 'unsafe-inline' *.binomo-website.com *.binomo.com; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo-website.com *.binomo.com 2
frame-ancestors 'self' *.bentley.com https://players.brightcove.net https://www.virtuosity.com 2
frame-ancestors 'self' https://photo.riteaid.com/ https://chat.riteaid.com/ 2
frame-ancestors 'self' https://admin.vbulletin.com/ https://www.vbulletin.com/ https://members.vbulletin.com/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ https://ssl.kaptcha.com/'; script-src * blob: 'unsafe-inline' 'unsafe-eval' ; object-src * 2
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 2
default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com; img-src 'unsafe-inline' 'unsafe-eval' * data:; 2
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu ; 2
frame-ancestors 'self' *.optus.com.au *.ippayments.com *.pegacloud.net *.gomo.com.au; 2
frame-ancestors  https://*.propellerads.com; 2
frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 2
frame-src https://www.google.com 'self' intent: https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.ftrace.com https://*.lidl-info.com https://*.lidl-onlinenewsletter.de https://*.lidl.com https://*.lidl.de https://*.mynetfair.com https://*.sit.sys.odj.cloud https://*.vrxs.de https://ar.lidl.com https://balancechecks.tx-gate.com https://consentcdn.cookiebot.com https://facebook.com https://h.online-metrix.net https://ldl.viewer.cit-fusion.com https://lidlde.int.userwerk.com https://review.apps.01.cf.eu01.stackit.cloud https://searchhub.io https://www.awin1.com https://www.edge-cdn.net https://www.lidl-gewinnspiel.de https://www.youtube-nocookie.com https://www.youtube.com ; object-src https://www.google.com data: https://*.facebook.com https://*.facebook.net https://*.lidl-flyer.com https://*.online-metrix.net https://facebook.com https://h.online-metrix.net https://searchhub.io ; img-src https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk 'self' data: moz-extension: http://www.adobe.com https://*.360yield.com https://*.addthis.com https://*.adition.com https://*.adnxs.com https://*.adscale.de https://*.advertising.com https://*.adyen.com https://*.casalemedia.com https://*.criteo.com https://*.criteo.net https://*.demdex.net https://*.demoup.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.online-metrix.net https://*.openx.net https://*.parcellab.com https://*.pubmatic.com https://*.searchhub.io https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.stickyadstv.com https://*.taboola.com https://*.twiago.com https://*.virtualearth.net https://*.yahoo.com https://*.yieldlab.net https://analytics.google.com https://balancechecks.tx-gate.com https://contextual.media.net https://event.yoochoose.net https://facebook.com https://h.online-metrix.net https://lidl.de https://lidlde.int.userwerk.com https://match.sharethrough.com https://s.kelkoogroup.net https://searchhub.io https://sync.outbrain.com https://translate.google.com https://via.placeholder.com https://visitor.omnitagjs.com https://www.adobe.com https://www.awin1.com https://www.bing.com https://www.bizrate.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://x.bidswitch.net ; report-uri https://csp-server.prod.varnish-poc.lidl-shop.com/csp/report ; frame-ancestors 'self' https://*.lidl.com https://*.lidl.de https://beeem.co ; style-src https://www.google.com 'self' 'unsafe-inline' https://*.fitanalytics.com https://*.lidl-flyer.com https://*.lidl.de https://*.parcellab.com https://*.sit.sys.odj.cloud https://facebook.com https://searchhub.io https://www.bing.com ; default-src https://www.google.com https://www.google.de 'self' blob: data: intent: wss://127.0.0.1:* https://*.8select.io https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.online-metrix.net https://*.parcellab.com https://*.semtrack.de https://*.simplesurance.de https://*.sit.sys.odj.cloud https://*.virtualearth.net https://analytics.google.com https://balancechecks.tx-gate.com https://event.yoochoose.net https://facebook.com https://fonts.gstatic.com https://h.online-metrix.net https://lidl.media01.eu https://lidlde.int.userwerk.com https://s.kelkoogroup.net https://searchhub.io https://tracking.s24.com https://www.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://www.lacmp.net https://csp-server.prod.varnish-poc.lidl-shop.com ; script-src https://www.google.com 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.8select.io https://*.adyen.com https://*.criteo.com https://*.criteo.net https://*.demoup.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fitanalytics.com https://*.kameleoon.com https://*.kameleoon.eu https://*.lidl-flyer.com https://*.lidl.com https://*.lidl.de https://*.online-metrix.net https://*.parcellab.com https://*.searchhub.io https://*.semtrack.de https://*.simplesurance.de https://*.virtualearth.net https://ajax.googleapis.com https://balancechecks.tx-gate.com https://cdn.ravenjs.com https://code.etracker.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://facebook.com https://h.online-metrix.net https://lidl.de https://lidl.media01.eu https://lidlde.int.userwerk.com https://s.ytimg.com https://searchhub.io https://tracking.s24.com https://www.bing.com https://www.dwin1.com https://www.etracker.de https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lacmp.net https://www.youtube.com ; 2
frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.ziggo.io https://ziggo.io https://*.aem.prod.aws.ziggo.io; 2
frame-ancestors 'self' file: filesystem: http://localhost:8080 app.optimizely.com; 2
frame-ancestors www.red-gate.com; 2
sandbox allow-downloads allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; 2
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 2
object-src 'none'; frame-ancestors 'self'; frame-src 'self' *.procore.com https://js.d https://js.driftt.com/ https://*.wistia.comriftt.com https://go.procore.com https://bid.g.doubleclick.net https://*.bizzabo.com https://fast.wistia.com https://fast.wistia.net https://www.google.com https://vars.hotjar.com/ https://procore.demdex.net https://view.ceros.com https://boards.greenhouse.io https://www.facebook.com; 2
frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 2
nosniff 2
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; default-src 'self'; object-src 'self'; img-src data: https: 'self' *.better.com images.ctfassets.net heapanalytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' data: blob: fonts.googleapis.com assets.braintreegateway.com *.better.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com media.better.com data: chat-assets.frontapp.com; media-src media.better.com 'self' chat-assets.frontapp.com https://player.vimeo.com https:; connect-src wss://*.pusher.com wss://*.pusherapp.com *.pusherapp.com https: 'self'; frame-ancestors 'self' https://mobile2.accountchek.net https://borrower.accountchek.com https://web.pointserv.com https://flex.twilio.com; frame-src https://*.hellosign.com https://accounts.google.com https://assets.braintreegateway.com https://cdn.plaid.com https://useast1.pcipal.cloud/ bid.g.doubleclick.net dntcl.qualaroo.com insight.adsrvr.org match.adsrvr.org player.vimeo.com www.google.com 'self' https:; report-uri https://bettermg.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' stc.marketing.adobe.com *.decibelinsight.net *.decibelinsight.com 2
frame-ancestors 'self' *.blackbaud.com; 2
frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn 2
upgrade-insecure-requests; connect-src * https:; img-src * data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: 'self' data:; img-src https: 'self' data:; 2
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com; object-src 'none'; base-uri https://optimize.google.com; block-all-mixed-content 2
frame-ancestors 'self' http://*.iframely.com 2
default-src 'none'; img-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com  https://images.ctfassets.net https://downloads.ctfassets.net https://www.gstatic.com https://ssl.gstatic.com https://platform.twitter.com https://obs.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://cdn.cookielaw.org https://i.creativecommons.org https://licensebuttons.net; media-src 'self' https://videos.ctfassets.net https://www.youtube.com https://player.vimeo.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://cookies.onetrust.mgr.consensu.org https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://privacyportal-eu.onetrust.com; connect-src 'self' https://cdn.contentful.com https://preview.contentful.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://sentry.io https://cdn.cookielaw.org https://api.twitter.com; script-src 'self' https://www.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://platform.twitter.com https://cdn.syndication.twimg.com data: https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://fonts.gstatic.com https://github.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com/ https://platform.twitter.com https://ton.twimg.com; manifest-src 'self'; worker-src 'self'; child-src 'self'; upgrade-insecure-requests 2
frame-ancestors 'self' https://documentation.sisense.com/; 2
frame-ancestors *.adobe.com  http://adobe.lookbookhq.com https://adobe.lookbookhq.com http://adobeenterprise.lookbookhq.com https://adobeenterprise.lookbookhq.com 2
frame-ancestors 'self' *.tdworldwide.com *.techdata.com *.techdata.ca *.cstenet.com *.techdata.eu; 2
frame-ancestors 'self' www.cv.ee cv.ee; 2
default-src 'self' data: *.bilibili.com *.hdslb.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.biligame.com; style-src 'self' 'unsafe-inline' *.hdslb.com static.geetest.com; img-src 'self' data: blob: 'unsafe-inline' *.bilibili.com *.hdslb.com http://*.hdslb.com static.geetest.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.cnzz.com cnzz.mmstat.com open.weixin.qq.com *.bdstatic.com *.baidu.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bilibili.com *.hdslb.com api.geetest.com static.geetest.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.cnzz.com http://*.cnzz.com *.bdstatic.com *.baidu.com; object-src 'self' *.hdslb.com; media-src 'self' *.acgvideo.com http://*.acgvideo.com *.ksyungslb.com; connect-src 'self' data: wss://*.bilibili.com:* *.bilibili.com *.hdslb.com *.biliapi.net *.biliapi.com *.bigfun.cn *.bigfunapp.cn *.biligame.com; frame-ancestors 'self' *.bilibili.com *.biligame.com *.bigfun.cn *.bigfunapp.cn *.biligame.com; report-uri https://security.bilibili.com/csp_report 2
default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 2
frame-ancestors 'self' https://www.messenger.com https://www.facebook.com/; 2
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.pioneerelectronics.com embedded.pricespider.com embeddedcloud.pricespider.com youtube.com www.google.com ajax.googleapis.com; 2
frame-ancestors self https://*.chaosgroup.com https://secure.avangate.com https://secure.2checkout.com 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn okings.jp.airnewzealand.com flightbookings.airnewzealand.co.jp koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com chat-prod-ap-southeast-2.s3.amazonaws.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self'; media-src 'self' ; frame-src 'self' www.google.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn.optimizely.com nebula-cdn.kampyle.com *.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz hotels.airnewzealand.co.nz; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz chat-prod-ap-southeast-2.s3.amazonaws.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com muscula.herokuapp.com; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.g.doubleclick.net *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.pinterest.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2
default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: 2
script-src 'unsafe-inline' 'unsafe-eval' * 2
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.investis.com *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com *.eqs.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com; connect-src 'self' data: ws: blob: *.googleadservices.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com; 2
child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.googleapis.com *.gstatic.com *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.ampproject.org *.bing.com *.doubleclick.net *.dynad.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ine.mx https: 2
default-src 'self' *.infinity-tracking.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.hotjar.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.krollontrack.com *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.kldiscovery.com *.krollontrack.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp; media-src 'self' data: blob: *.krollontrack.com *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.hotjar.com *.doubleclick.net *.krollontrack.com *.hsforms.com *.typeform.com *.avrotros.nl; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.hsforms.com blob:; connect-src 'self' *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com *.hotjar.com *.infinity-tracking.net google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' jira.reactos.org www.google.com www.gstatic.com; img-src 'self' data:; 2
frame-ancestors 'self' https://tektronix.lookbookhq.com https://buzz.tek.com 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 2
default-src 'self'; img-src 'self' data: https: *.influxdata.com influxdays.com *.influxdays.com *.influxstaging.com www.google.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.influxdata.com https://influxdata.zoom.us https://js.driftt.com *.marketo.com *.googletagmanager.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://docs.google.com https://boards.greenhouse.io https://www.surveymonkey.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com code.jquery.com *.googletagmanager.com *.google.com munchkin.marketo.net; connect-src 'self' https: *.google-analystics.com *.mktoresp.com; media-src 'self' https://345197-1067112-raikfcquaxqncofqfm.stackpathdns.com; 2
frame-ancestors 'self' barhama.com *.museums.tours *.treedis.com *.matterport.com 2
default-src 'self';    media-src 'self' https://www.youtube.com https://cdn.userway.org;    connect-src 'self' https://analytics.google.com https://cdn.userway.org https://in.hotjar.com https://api.curator.io https://stats.g.doubleclick.net https://www.google-analytics.com https://ka-p.fontawesome.com https://api.userway.org;    img-src 'self' data: * https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com;    frame-src 'self' https://bid.g.doubleclick.net https://sheridancollege.formstack.com https://bbox.blackbaudhosting.com https://www.youtube.com *.sheridancollege.ca https://cdn.userway.org https://vars.hotjar.com; frame-ancestors 'self';    font-src 'self' data: https://fonts.gstatic.com https://cdn.curator.io https://cdn.userway.org https://ka-p.fontawesome.com https://fonts.gstatic.com https://use.typekit.net;    script-src 'self' 'nonce-cspScrpt' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://tagmanager.google.com https://ssl.google-analytics.com https://static.formstack.com https://bbox.blackbaudhosting.com https://sheridancollege.formstack.com https://cdn.curator.io https://maps.googleapis.com https://www.youtube.com https://script.hotjar.com https://cdnjs.cloudflare.com https://kit.fontawesome.com  https://www.googletagmanager.com  https://www.google-analytics.com https://static.hotjar.com https://cdn.userway.org https://connect.facebook.net https://analytics.formstack.com https://vc.hotjar.io;    style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://bbox.blackbaudhosting.com https://cdn.curator.io https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://static.formstack.com 2
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' *.typekit.net ti.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.usefathom.com js.tito.io ti.to; connect-src 'self' pro.ip-api.com *.tito.io; img-src 'self' data: marketing-nuxt.herokuapp.com collect.usefathom.com; style-src 'self' 'unsafe-inline' *.typekit.net css.tito.io 2
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-src 'self' https://*.beocms.de https://*.beocms.com data: https: blob:; connect-src 'self' data: https:; media-src 'self' data: https: blob: 2
default-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com cdn.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com; connect-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.truste.com *.newrelic.com *.nr-data.net *.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com ; img-src 'self' data: *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com *.truste.com *.pendo.io pendo-static-5068799715311616.storage.googleapis.com *.navexglobal.com; frame-src 'self' 'unsafe-eval' *.navexglobal.com *.policytech.com *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com player.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.pendo.io pendo-static-5068799715311616.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com; font-src 'self' fonts.gstatic.com ajax.googleapis.com; frame-ancestors 'self' *.pendo.io *.ethicspointvp.com; 2
default-src 'self' data: *.coop.co.uk s3-eu-west-1.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coop.co.uk https://assets.adobedtm.com cdn.embedly.com *.ensighten.com *.crazyegg.com *.google-analytics.com *.youtube.com *.ytimg.com *.facebook.net *.twitter.com s3-eu-west-1.amazonaws.com s3.amazonaws.com *.cloudfront.net cdn.polyfill.io *.algolia.net assets.digital.coop.co.uk cdn-assets-prod.s3.amazonaws.com *.smartsurvey.co.uk *.googletagmanager.com *.google.com *.googleadservices.com *.quantserve.com *.ads-twitter.com *.g.doubleclick.net *.fls.doubleclick.net *.adnxs.com *.teads.tv *.demdex.net rules.quantcount.com *.licdn.com; style-src * 'unsafe-inline'; img-src 'self' data: https://dpm.demdex.net *.google.co.uk *.google.ie *.ensighten.com images.contentful.com images.ctfassets.net *.crazyegg.com www.google-analytics.com www.facebook.com *.cloudfront.net *.twitter.com *.doubleclick.net assets.digital.coop.co.uk www.google.com cm.everesttech.net ads-engagement.presage.io secure.adnxs.com *.google.com pixel.quantserve.com t.co t.teads.tv *.linkedin.com; font-src 'self' s3-eu-west-1.amazonaws.com s3.amazonaws.com assets.digital.coop.co.uk; media-src *; object-src youtube.com vimeo.com; frame-src 'self' https://cooperativegroup.demdex.net https://forms.office.com  https://youtube.com https://www.youtube.com https://vimeo.com *.doubleclick.net *.facebook.com fusiontables.google.com https://google.com https://www.google.com *.smartsurvey.co.uk ash-coopcreatecase.cs88.force.com preprod-coop-preprod.cs87.force.com *.force.com; connect-src https://*.demdex.net/ https://cooperativegroup.tt.omtrdc.net *.algolia.net *.algolianet.com *.google-analytics.com *.g.doubleclick.net; 2
default-src https:; script-src 'unsafe-inline' https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 2
default-src 'self' chat.searchengines.guru d.searchengines.guru; script-src 'self' content.searchengines.guru search.searchengines.guru d.searchengines.guru 'unsafe-inline'; style-src d.searchengines.guru 'unsafe-inline'; img-src 'self' content.searchengines.guru chat.searchengines.guru d.searchengines.guru blob: data:; media-src 'self' chat.searchengines.guru; font-src 'self' d.searchengines.guru; connect-src 'self' content.searchengines.guru https://chat.searchengines.guru wss://chat.searchengines.guru; frame-src 'self' d.searchengines.guru content.searchengines.guru www.youtube.com; frame-ancestors 'self'; object-src 'self' blob:; 2
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 2
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2
default-src 'self' *.gbif.org *.gbif-uat.org *.gbif-dev.org *.gbif-staging.org *.gbif.org *.google.com *.google-analytics.com fonts.gstatic.com images.ctfassets.net data: api.mapbox.com *.tiles.mapbox.com player.vimeo.com eepurl.com gbif.us18.list-manage.com zenodo.org *.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com api.mapbox.com unpkg.com/react@17/umd/react.production.min.js unpkg.com/react-dom@17/umd/react-dom.production.min.js cdn.jsdelivr.net/gh/gbif/gbif-web@latest/packages/react-components/dist/gbif-react-components.js;style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com/ajax/libs/mapbox-gl/1.12.0/mapbox-gl.min.css api.mapbox.com;media-src *;img-src *;worker-src blob:; 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: https://app.acquire.io wss://s.acquire.io data:; img-src https: 'self' data: blob:; font-src 'self' data: https://fonts.gstatic.com https://cdn.dynamicyield.com https://cdn.tollbrothers.com https://app.acquire.io https://s.acquire.io; worker-src https: blob: 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://quip-amazon-cdn.com https://quip-cdn.com; report-uri /csp-report 2
frame-src 'self' https://www.terminland.de *.novomind.com *.datev.de *.datev.com 2
frame-ancestors 'self' https://*.costco.co.uk https://*.costco.com.au https://*.costco.com.mx https://*.costco.co.jp https://*.costco.fr https://*.costco.es https://*.costco.is https://*.costco.co.kr https://*.costco.com.tw 2
frame-ancestors https://*.dondominio.com https://*.mrdomain.com 2
frame-ancestors 'self' *.psplugin.com 2
default-src 'self' http: https: blob: ws: cdnjs.cloudflare.com use.typekit.net wpstream.net www.google-analytics.com fonts.googleapis.com fonts.gstatic.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://securepubads.g.doubleclick.net https://ml314.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'   http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: filesystem:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 2
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 2
; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://analytics.tiktok.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.com https://m.zavvi.com https://checkout.zavvi.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://pagead2.googlesyndication.com https://*.criteo.com https://static.criteo.net https://*.google.co.uk https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 2
frame-ancestors 'self' https://print.hitched.co.uk 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://optimize.google.com certify-js.alexametrics.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com apis.google.com https://js.stripe.com https://www.paypal.com; connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com; worker-src 'self'; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://optimize.google.com *.firebaseapp.com https://js.stripe.com *.paypal.com; 2
frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests 2
default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https:; media-src 'self' video.tesa.com *.youtube.com; connect-src 'self' https: wss://*.hotjar.com 2
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com blob:; style-src 'self' *.flickr.com *.staticflickr.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube.com *.vimeo.com country-profiles.unstatshub.org; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com www.google-analytics.com storage.googleapis.com wss://socket.push.al; report-uri /report-csp-violation 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com idtechex.bamboohr.com platform.twitter.com ssl.google-analytics.com www.googleadservices.com *.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://cdn.syndication.twimg.com www.google.com www.gstatic.com ajax.googleapis.com *.livechatinc.com app.chaport.com *.arcot.com *.verifiedbyvisa.com *.3dsecure-vrp.de *.cardinalcommerce.com *.securesuite.net *.securesuite.co.uk *.securecode.com *.citibank.com *.citibank.co.kr *.cardcenter.ch *.swisscard.ch *.icscards.nl *.sia.eu *.swedbank.se *.dnp-cdms.jp acs.cafis-paynet.jp *.hanacard.co.kr *.shinhancard.com *.wooricard.com *.hyundaicard.com *.wlp-acs.com *.secure.dkb.de *.nab.com.au *.mbank.pl *.ccb.com.cn *.cmbchina.com *.bccard.com *.cartasi.it *.modirum.com *.paylife.at *.ctbcbank.com ws.zoominfo.com 2
default-src 'self' 'unsafe-inline' *.tableau.com *.vimeo.com *.youtube.com cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com fonts.gstatic.com www.google.com *.googleapis.com maps.gstatic.com developers.google.com tagmanager.google.com ssl.gstatic.com www.gstatic.com tagmanager.google.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com cdn.siteimprove.net data:; 2
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline' https://pagead2.googlesyndication.com/ ; img-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' 'self' https://pagead2.googlesyndication.com/ 2
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com google.com; frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; 2
report-uri ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com asciinema.org *.addtoany.com; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors https://explore.particle.io 2
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  s.go-mpulse.net  *.traderstation-international.com; 2
default-src 'self' https: *.gravatar.com *.yahoo.com *.yimg.com *.gstatic.com *.google.com *.adsrvr.org *.adnxs.com *.doubleclick.net *.facebook.net *.sojern.com *.cookielaw.org *.onetrust.com *.google-analytics.com *.bing.com *.crazyegg.com *.googletagmanager.com *.derbysoftsec.com *.simpli.fi *.vimeocdn.com *.jackrabbitsystems.com *.programmatictrader.com *.tiqcdn.com *.w3.org *.azds.com *.montagehotels.com; script-src 'self' *.w3.org *.yahoo.com *.googletagmanager.com *.google.com *.crazyegg.com *.bing.com *.google-analytics.com *.yimg.com *.facebook.net *.onetrust.com *.cookielaw.org *.gstatic.com *.azds.com *.derbysoftsec.com *.sojern.com *.tiqcdn.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.montagehotels.com *.cloudfront.net *.adsrvr.org *.derbysoftca.com *.w3.org * https: *.doubleclick.net *.google.com *.sojern.com *.gravatar.com *.youtube.com data:; style-src 'self' *.azds.com 'unsafe-inline'; font-src 'self' *.azds.com data:; object-src 'self'; 2
default-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital;base-uri 'self';img-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: localhost stats.g.doubleclick.net via.placeholder.com biglotteryfund-assets.imgix.net i.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;font-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;style-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-inline' *.typekit.net;script-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;child-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital www.google.com https://vars.hotjar.com;connect-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com;frame-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;report-uri https://sentry.io/api/226416/csp-report/?sentry_key=53aa5923a25c43cd9a645d9207ae5b6c 2
default-src 'self' https://tramitesanonimos.cnmc.es;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com;  child-src 'self' https://www.google.com/recaptcha/ https://docs.google.com https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: https://translate.google.com https://getbootstrap.com https://www.jsdelivr.com https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://blog.cnmc.es;  media-src 'self';  style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com  https://www.gstatic.com/recaptcha/;  font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://www.gstatic.com/recaptcha/;  object-src 'self';  connect-src 'self' https://bootswatch.com https://translate.googleapis.com https://www.google-analytics.com;  2
block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 2
frame-ancestors 'self' https://*.teamsupport.com/ 2
default-src 'self' *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src *; img-src * blob: data:; child-src *; media-src *; frame-ancestors *; worker-src * blob:; object-src *; 2
default-src 'none'; child-src 'self' https://navigate.portofrotterdam.com blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://bam-cell.nr-data.net https://www.google-analytics.com https://bam.nr-data.net https://hbr-hm-portmaps-service-prod.eu-gb.mybluemix.net https://dhmr-portmapsapi.ha.naiade.portofrotterdam.com https://public-portmapsapi.ha.naiade.portofrotterdam.com https://dhmr-gis.ha.naiade.portofrotterdam.com https://public-gis.ha.naiade.portofrotterdam.com https://api.mapbox.com https://theemswegtraceheadless.s3.amazonaws.com https://*.siteimprove.com https://api.eu.apiconnect.ibmcloud.com https://*.hotjar.com wss://*.hotjar.com https://gis.portofrotterdam.com https://*.arcgis.com https://services.arcgisonline.nl https://*.arcgisonline.com; media-src 'self' data:; object-src 'self' http://www.youku.com https://players.youku.com; img-src 'self' * data: blob:; style-src * 'unsafe-inline'; frame-src 'self' https://360vr-video.nl https://*.hotjar.com https://www.youtube.com https://www.google.com https://player.vimeo.com https://*.akamaihd.net https://shipinfo.dirkzwager.com http://vaarsnelheden.mx-systems.nl https://clients.skycap.com https://inlandlinks.cofano.nl https://portofrotterdam.maps.arcgis.com https://my2.siteimprove.com/overlay/cms/cmssite* https://fotopaulmartens.netcam.nl; font-src * data:; plugin-types application/pdf application/x-shockwave-flash; report-uri https://portofrotterdam.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com gala.acsevents.org main.acsevents.org relay.acsevents.org; report-uri http://main.acsevents.org/site/XFrameViolation 2
frame-ancestors self; 2
default-src * 'unsafe-eval' 'unsafe-inline' data:; 2
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 2
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl 2
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 2
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 2
frame-ancestors 'self' https://www.onbase.sharebase.com https://www.hyland.com https://www.communitylive.com https://www.onbase.com https://profiles.onbase.com; 2
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: mediastream:; connect-src 'self' https: data: mediastream: blob:; font-src 'self' 'unsafe-inline' https: data:; media-src 'self' 'unsafe-inline' https: data: mediastream: blob:; child-src *; form-action 'self' 'unsafe-inline' https:; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; base-uri *; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.recaptcha.net https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://*.ads-twitter.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://change.my.salesforce.com https://help.change.org https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://px-cdn.net https://*.px-cloud.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://p2a.co https://public.profitwell.com https://code.jquery.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://bat.bing.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com https://*.voteamerica.com https://*.jotform.com https://actionnetwork.org; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://*.px-client.net https://*.px-cloud.net https://pxchk.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.profitwell.com https://api.stripe.com https://api.soundcloud.com https://api.airbrake.io https://www.voteamerica.com https://actionnetwork.org; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; img-src * blob: data:; form-action 'self'; 2
frame-ancestors 'self' www.haier.com *.haier.com cnwcm.haier.com http://cnwcm.haier.com https://mgta.trs.cn http://mgta.trs.cn http://devta.trs.cn *.haier.net *.tongshuai.com *.casarte.com *.geappliances.cn 2
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 2
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' blob: https://*.bertelsmann.de https://*.bertelsmann.com  https://*.createyourowncareer.com https://*.video-cdn.net https://*.privacy-mgmt.com  https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://maps.google.com https://*.video-cdn.net https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' blob: https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://*.video-cdn.net https://fonts.gstatic.com data:; frame-src * data: blob: ; frame-ancestors 'self' https://digitalportfolio.bertelsmann.com https://*.bertelsmann.de https://*.bertelsmann.com; connect-src 'self' wss://*.bertelsmann.de https://licensing.bitmovin.com https://cdn.plyr.io https://*.video-cdn.net https://videocdnvod1-vh.akamaihd.net https://stats.g.doubleclick.net https://*.bertelsmann.de https://*.bertelsmann.com https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net 2
frame-src https://*; frame-ancestors *.chivas.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com/iframe_api https://s.ytimg.com/ https://sa.mygov.scot/; img-src 'self' https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com/ https://sa.mygov.scot/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com; object-src 'self'; report-uri /service/csp 2
frame-ancestors 'self'  http://*.impress.ly  http://*.dragndropbuilder.com  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com  https://platform.cloud.coveo.com  https://search.cloud.coveo.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; object-src 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com blob: *.snapengage.com; font-src 'self' *.googleapis.com *.gstatic.com acsbapp.com data:; connect-src 'self' *; report-uri /report-csp-violation 2
frame-ancestors 'self' newjira.waterford.org mentor.waterford.org manager.waterford.org upstart.waterford.org teacher.waterford.org wacsportal.waterford.org wacs.waterford.org help.waterford.org 2
default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
frame-ancestors *.officiallondontheatre.com uktheatre.org *.theatretokens.com *.solt.co.uk *.theatreartists.fund *.theatrehelpline.org *.theatremeansbusiness.info; default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com confluence.acquia.com www.acquiaacademy.com; report-uri /report-csp-violation 2
default-src 'self' https://www.webstream.eu https://www.dbk.de/ https://*.doubleclick.net/ https://domradiomedien.akamaized.net https://medien.domradio.de https://dbk.de/ https://youtu.be/ https://app-eu.readspeaker.com https://www.dbk-shop.de https://player.vimeo.com https://www.google.com https://www.google-analytics.com https://graph.facebook.com https://www.juicer.io https://*.katholisch.de https://www.domradio.de https://www.youtube.com https://stats.dbk.de; img-src 'self' data: https://dbk.de/ https://*.youtube.com/ https://www.webstream.eu https://www.dbk.de/ https://stats.dbk.de https://www.google-analytics.com https://pbs.twimg.com https://*.fbcdn.net https://*.juicer.io https://*.imgur.com https://*.gstatic.com https://*.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://dbk.de/  https://www.google.com https://*.doubleclick.net https://www.webstream.eu https://www.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://*.juicer.io https://*.ytimg.com https://f1-eu.readspeaker.com https://stats.dbk.de https://*.youtube.com; font-src 'unsafe-inline' 'self' data: https://fonts.gstatic.com  https://*.juicer.io https://s3.amazonaws.com https://f1-eu.readspeaker.com; style-src 'unsafe-inline' 'self' https://www.webstream.eu https://s3.amazonaws.com https://fonts.googleapis.com https://f1-eu.readspeaker.com https://*.juicer.io ; 2
default-src 'self'; img-src 'self'; 2
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 2
default-src 'self'; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google.de https://consent.jtl-software.de https://stats.jtl-software.de https://www.youtube.com https://maps.googleapis.com https://s.ytimg.com https://www.jtl-software.de https://jira.jtl-software.de https://*.paypal.com https://www.paypalobjects.com https://www.gstatic.com https://code.jquery.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net data:; img-src 'self' https://bilder.jtl-software.de https://stats.jtl-software.de https://img.youtube.com https://*.ytimg.com https://maps.gstatic.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google.ch https://www.google.de https://www.google.at https://www.google.pl https://www.google.com.ua https://www.google.com.pk https://www.google.hu https://www.google.co.uk https://www.google.dk https://www.google.br https://www.google.it https://www.google.ae https://www.google.ca https://www.google.hr https://www.google.com.au https://www.google.sk https://www.google.es https://www.googletagmanager.com https://www.google.com.tr https://www.google.cz https://www.google.be https://www.google.co.in https://www.google.ge https://www.google.nl https://www.google.lu https://www.google-analytics.com https://www.facebook.com https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://www.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://cdn.jtl-software.com data:; frame-src 'self' https://stats.jtl-software.de https://consent.jtl-software.de https://www.youtube.com https://jira.jtl-software.de https://www.google.com https://stats.jtl-software.de https://www.facebook.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com; form-action 'self' https://jtl-software.us9.list-manage.com https://www.paypal.com https://oauth2.api.jtl-software.com https://www.facebook.com https://checkout.jtl-software.com; base-uri 'self'; connect-src 'self' https://stats.jtl-software.de https://consent.jtl-software.de https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; report-uri https://report.api.jtl-software.com/csp/; 2
frame-ancestors https://*.trend.at http://*.trend.at; upgrade-insecure-requests; block-all-mixed-content 2
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline';  2
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; 2
default-src 'self' blob: https://*.map.qq.com ; connect-src 'self' https://*.mapbox.com https://*.tiles.mapbox.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.googlesyndication.com https://translate.googleapis.com https://*.parkopedia-ppds.com https://*.google.com https://slack.com https://business.parkopedia.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.map.baidu.com https://*.baidu.com https://*.bdstatic.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.map.baidu.com https://*.baidu.com https://*.bdstatic.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://*.fuelcdn.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.fontawesome.com https://*.tiles.mapbox.com https://*.gstatic.com https://*.mapbox.com https://unpkg.com;font-src 'self' 'unsafe-inline' chrome-extension data: https: https://*.fontawesome.com http://fonts.gstatic.com;img-src 'self' blob: data: https: http://p.parkopedia.com http://p.parkopedia.cn http://*.openstreetmap.org;frame-src 'self' https://*.g.doubleclick.net https://*.qq.com https://*.google.com https://*.stripe.com https://*.googlesyndication.com https://*.parkopedia.com https://*.parkopedia.com https://*.dcos.parkopedia.com https://*.localhost.com https://*.localhost.co.uk;object-src blob: data: https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.localhost.com https://*.parkopedia.com;report-uri https://csp.parkopedia.com/api/csppolicyreport/?apiver=23&cid=avalon_iu4ryufghgjrf 2
frame-ancestors 'self' https://newapp.etracker.com; 2
sandbox allow-forms allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation-by-user-activation 2
frame-ancestors https://*.complex.com 2
frame-ancestors 'self' https://*.sageintacct.com https://*.intacct.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com https://www-w28.intacct.com https://www-p02.intacct.com https://www-p03.intacct.com https://www-p04.intacct.com https://beta.intacct.com https://www.intacct-adv.com https://www-w27.intacct.com https://www-p03-w028.intacct.com https://www-p02-w028.intacct.com https://www-p04-w028.intacct.com https://www-dr.intacct.com https://stg-hk.intacct.com https://dev45.intacct.com https://dev31.intacct.com https://dev24.intacct.com https://dev33.intacct.com; 2
frame-ancestors 'self' *.bbb.org bbb.org *.bluebbb.org bluebbb.org *.myfloridacfo.com myfloridacfo.com jsfiddle.net fiddle.jshell.net 2
frame-ancestors *.ndtv.com *.gadgets360.com pricee.com hotdeals360.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com  services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com verify.sheerid.com services.sheerid.com platform.twitter.com;frame-ancestors;frame-src download.lumion.com verify.sheerid.com services.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com;object-src none; 2
worker-src 'self' http://*.austlii.edu.au *.datalex.org www.lawnet.sg; 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://*.ionos.it https://ionos.it; 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 2
frame-ancestors  *.marincounty.org *.marinpublic.com *.mcera.org *.marinfair.org *.marincountyhr.org *.marincountyparks.org *.marinhhs.org 2
default-src 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.linkedin.com *.bizographics.com *.loggly.com *.doubleclick.net *.wistia.com *.twimg.com *.twitter.com *.googleadservices.com *.facebook.com *.googletagmanager.com *.snapengage.com *.visualwebsiteoptimizer.com *.facebook.net *.iforex.com *.google-analytics.com *.bootstrapcdn.com *.youtube.com *.wistia.net *.opmnstr.com *.webapi-services.net *.googlesyndication.com *.optnmnstr.com *.mxpnl.net https://pixel-tracking.appspot.com https://pixelmachine-981.appspot.com *.mte-media.com mte-media.com *.typekit.net  *.optimizely.com d5phz18u4wuww.cloudfront.net *.hotjar.com *.ads-twitter.com *.finadsr.com wcs.naver.net *.criteo.net *.criteo.com https://s.yimg.com https://sp.analytics.yahoo.com; img-src 'self' data: blob: *; font-src 'self' data: blob: *.gstatic.com *.bootstrapcdn.com *.typekit.net *.webapi-services.net *.hotjar.com; connect-src 'self' data: *.doubleclick.net *.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net *.googletagmanager.com *.opmnstr.com *.mxpnl.net *.iforex.com *.webapi-services.net *.litix.io *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.finadsr.com *.snapengage.com *.criteo.com *.criteo.net *.iforex.co.uk *.vestle.com *.toredofx.com https://s.yimg.com; child-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-src 'self' data: gap: *.webapi-services.net *.facebook.com *.twitter.com *.google.com *.linkedin.com *.snapengage.com *.youtube.com *.wistia.com *.googlesyndication.com *.googletagmanager.com *.iforex.com https://fast.wistia.net *.hotjar.com *.criteo.com; media-src 'self' blob: data: *.iforex.com *.webapi-services.net *.gstatic https://embedwistia-a.akamaihd.net *.mte-media.com *.snapengage.com; object-src 'self' https://embed-ssl.wistia.com *.mte-media.com; worker-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-ancestors 'self' *.iforex.com *.efix.local; report-uri https://content.webapi-services.net/csp-reports; 2
frame-ancestors https://accounts.cft.ru 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://stats.g.doubleclick.net https://*.iis.se https://*.readspeaker.com https://tagmanager.google.com https://www.googletagmanager.com https://*.bugsnag.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://www.google.com https://*.gstatic.com https://*.amazonaws.com https://secure.gravatar.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://yoa.st https://html5-player.libsyn.com https://cdn.cookielaw.org https://snap.licdn.com https://px.ads.linkedin.com https://privacyportal-eu.onetrust.com https://www.linkedin.com 2
default-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au; script-src 'self' data: blob: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au public.tableau.com *.openforms.com *.serving-sys.com player.vimeo.com spreadsheets.google.com cdn.storerocket.io cdn.jsdelivr.net *.mapbox.com; style-src 'self' 'unsafe-inline' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.googleapis.com tagmanager.google.com ui.chatbot.digital.vic.gov.au fast.fonts.net *.openforms.com fontlibrary.org; img-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.g.doubleclick.net www.google.com *.google.com *.google.com.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mapbox.com *.gstatic.com vic-bot.netlify.app secure.adnxs.com www.facebook.com i.ytimg.com www.google.com.eg www.google.com.co www.google.ie www.google.com.br www.google.co.jp www.google.gr www.google.co.za www.google.co.uk www.google.com.mx www.google.com.na www.google.it www.google.rs www.google.com.sg www.google.co.id www.googletagmanager.com www.google.com.tr www.google.com.pk www.google.nl www.google.lk www.google.hr www.google.fr www.google.com.bo www.google.com.co www.google.com.om www.google.com.ua au-gmtdmp.mookie1.com lh3.googleusercontent.com *.fastly.net; font-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com fontlibrary.org; frame-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com www.vic.gov.au *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com *.vic.gov.au macuport.com dhhs.carto.com public.tableau.com *.libsyn.com *.soundcloud.com *.openforms.com; connect-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.elastic.sdp1.sdp.vic.gov.au *.elastic.sdp.vic.gov.au *.hotjar.io *.google-analytics.com *.g.doubleclick.net api.ipify.org *.myvictoria.vic.gov.au *.mapbox.com discover.data.vic.gov.au drwgdblqzrfiz.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au iam.twilio.com tsock.us1.twilio.com flex-api.twilio.com tsock.us1.twilio.com wss://tsock.us1.twilio.com www.facebook.com www.google.com secure-ds.serving-sys.com api.sdp.vic.gov.au api.go.vic.gov.au *.fastly.net storerocket.io; frame-ancestors 'self' *.lagoon.vicsdp.amazee.io *.vic.gov.au; report-uri https://sdpops.report-uri.com/r/d/csp/enforce; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 2
frame-ancestors 'self' https://backend.diario26.com 2
frame-ancestors 'self' https://content.amplience.net; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.antillephone.com vk.com onesignal.com *.onesignal.com *.cloudflare.com/ajax/libs/webcomponentsjs/ *.hybrid.ai *.ravenjs.com mc.yandex.ru yastatic.net *.gstatic.com glem.io *.google.com *.adroll.com *.adroll.mgr.consensu.org *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net js.gleam.io *.gleamjs.io *.youtube.com mc.yandex.ua mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.ru;img-src 'self' data: blob: static.wax.io *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.mx *.google.com.ua *.google.com.bd *.google.com.ph *.google.com.ua *.google.com.au *.google.com.ph *.google.com.tw *.google.com.ar *.google.com.pk *.google.com.tr *.google.com.eg *.google.com.co *.google.com.sg *.google.com.vn *.google.com.kh *.google.com.ec *.google.com.hk *.google.com.uy *.google.com.br *.google.co.kr *.google.co.in *.google.co.il *.google.co.ma *.google.co.ve *.google.co.th *.google.co.jp *.google.co.uk *.google.co.id *.google.co.za *.google.com *.google.ru *.google.dz *.google.ae *.google.rs *.google.cl *.google.ee *.google.be *.google.at *.google.gr *.google.sk *.google.fr *.google.am *.google.dk *.google.cz *.google.nl *.google.it *.google.ps *.google.fi *.google.cm *.google.mn *.google.az *.google.is *.google.iq *.google.de *.google.ch *.google.hr *.google.by *.google.ro *.google.kz *.google.pt *.google.no *.google.ge *.google.bg *.google.es *.google.lv *.google.hu *.google.se *.google.pl *.google.lt *.google.ca *.csgofast.com upi.csgofastbackend.com *.yandex.ru *.yandex.by crossmetrix.com *.linksynergy.com *.digitru.st *.targetix.net *.ytimg.com *.gleam.io *.gleamjs.io *.adform.net *.rubiconproject.com *.advertising.com *.3lift.com *.surfe.be surfe.pro *.pubmatic.com *.casalemedia.com *.outbrain.com *.yahoo.com *.rlcdn.com makesource.cool *.adroll.mgr.consensu.org *.adroll.com *.angsrvr.com pippio.com *.onesignal.com *.antillephone.com *.taboola.com mc.admetrica.ru *.teads.tv countmake.cool *.userapi.com *.opskins.media *.openx.net *.adnxs.com *.adriver.ru *.smartadserver.com *.siliconanalytics.com *.hybrid.ai *.weborama.fr *.1dmp.io *.aidata.io ad.mail.ru *.gravatar.com cardinaldata.net *.betweendigital.com *.bestssp.com *.admixer.net *.doubleclick.net *.facebook.com x.bidswitch.net i.btcoon.com a.23b4.ru *.yadro.ru promclickapp.biz *.capitaller.ru *.vk.com vk.com *.akamaihd.net *.steamstatic.com *.adorable.io d2lomvz2jrw9ac.cloudfront.net de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net tjh8gngtzf.execute-api.us-east-1.amazonaws.com d1zi9q96rsh4iw.cloudfront.net;font-src 'self' data: *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' onesignal.com *.google.com *.googleapis.com;media-src 'self' de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net d2lomvz2jrw9ac.cloudfront.net;connect-src 'self' s3.amazonaws.com onesignal.com *.yandex.ru *.devfast.io *.webvisor.com *.webvisor.org *.mxpnl.net sentry.io google-analytics.com vk.com *.api4load.com *.adroll.com *.adroll.mgr.consensu.org *.googleapis.com *.doubleclick.net *.google-analytics.com *.demofast.ru *.csgofastbackend.com *.ajdfbkjab.ru wss://m.ajdfbkjab.ru wss://*.demofast.ru wss://*.csgofastbackend.com wss://*.devfast.io *.csgofast.com wss://*.csgofast.com *.csgofast123.com wss://*.csgofast123.com *.csgofast.tl wss://*.csgofast.tl *.csgocasino.ru wss://*.csgocasino.ru *.csgofast.ru wss://*.csgofast.ru *.dapubg.net wss://*.dapubg.net *.gojackpod.com wss://*.gojackpod.com *.rusgofast.ru wss://*.rusgofast.ru *.dapubg.com wss://*.dapubg.com *.csgofast4.com wss://*.csgofast4.com *.rucsgofast.ru wss://*.rucsgofast.ru *.pubgfast.com wss://*.pubgfast.com *.csgofastbackend.com wss://*.csgofastbackend.com *.cs2gofast.com wss://*.cs2gofast.com *.opdota2.com wss://*.opdota2.com *.demofast.ru wss://*.demofast.ru *.demogofast.com wss://*.demogofast.com *.csgetfast.com wss://*.csgetfast.com *.gainskins.com wss://*.gainskins.com *.casecsgo.com wss://*.casecsgo.com wss://*.xcsgofast.ru *.xcsgofast.ru wss://*.xcsgofast.com *.xcsgofast.com wss://*.csgofastx.com *.csgofastx.com wss://*.csgofastx.ru *.csgofastx.ru wss://*.csgfst.org *.csgfst.org;frame-ancestors 'self' webvisor.com http://webvisor.com;frame-src blob: *.poggiplay.com *.yandex.ru *.webvisor.com *.webvisor.org skytraf.xyz *.facebook.com gleam.io *.gleamjs.io *.1dmp.io onesignal.com *.google.com *.youtube.com *.csgofastbackend.com *.gainskins.com slots-prod.csgofastbackend.com d1phhoo4f618zo.cloudfront.net *.csgofast.com *.csgofast123.com *.csgofast.tl *.csgocasino.ru *.csgofast.ru *.dapubg.net *.gojackpod.com *.rusgofast.ru *.dapubg.com *.csgofast4.com *.rucsgofast.ru *.pubgfast.com *.csgofastbackend.com *.cs2gofast.com *.opdota2.com *.demofast.ru *.demogofast.com *.csgetfast.com *.gainskins.com *.casecsgo.com *.xcsgofast.ru *.csgofastx.com *.csgofastx.com *.xcsgofast.com *.csgfst.org;object-src 'none';report-uri //in.csgofast.com/csp; 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors http://webvisor.com 2
default-src 'self'; img-src https: 'self' data:; script-src 'sha256-0de8WxQkivARaxoGMrQ6hb5y5mJkarMFv2RS0v3MIuY=' 'self' 'self' 'unsafe-inline' www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com www.google.com static.hotjar.com script.hotjar.com c.imedia.cz connect.facebook.net polyfill.io cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.goout.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com www.google.com static.hotjar.com script.hotjar.com c.imedia.cz connect.facebook.net *.facebook.com polyfill.io; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.goout.net; font-src data: 'self' fonts.gstatic.com static.goout.net; connect-src 'self' phpservices.goout.net sentry.io www.google-analytics.com stats.g.doubleclick.net in.hotjar.com *.facebook.com connect.facebook.net; object-src 'none'; frame-src vars.hotjar.com *.facebook.com connect.facebook.net *.imedia.cz 2
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 2
frame-ancestors 'self' https://www.clearslide.com https://www.purdueglobalpresents.com http://upload.clearslide.com 2
frame-ancestors *.kfst.dk *.forbrug.dk *.stormraadet.dk *.forbrugerombudsmanden.dk *.energianke.dk *.forbrugereuropa.dk *.consumerombudsman.dk *.consumereurope.dk *.danishstormcouncil.dk *.energysuppliescomplaintboard.dk 2
frame-ancestors 'self' https://*.boditrax.com/; 2
default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;frame-src 'self' *;font-src 'self' *;connect-src 'self' *;child-src 'self' * 2
frame-ancestors https://*.obozrevatel.com http://*.googlesyndication.com https://api.esp.piano.io http://api.traq.li 2
frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ 2
default-src 'self' https://*.guidehouse.com https://*.navigant.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.guidehouse.com https://*.navigant.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://ajax.googleapis.com https://optimize.google.com https://code.jquery.com https://img.en25.com https://s2090192166.t.eloqua.com https://www.youtube.com https://s.ytimg.com https://*.linkedin.com https://*.licdn.com https://siteimproveanalytics.com https://*.ceros.com https://*.mouseflow.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org; img-src 'self' data: https://*.guidehouse.com https://*.navigant.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://s2090192166.t.eloqua.com https://i.ytimg.com https://static.licdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://*.doubleclick.net https://*.siteimproveanalytics.io; style-src 'self' 'unsafe-inline' https://*.guidehouse.com https://*.navigant.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.youtube.com https://cdn.jsdelivr.net https://*.typekit.net https://cloud.typography.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org; font-src 'self' data: https://*.guidehouse.com https://*.navigant.com https://fonts.gstatic.com https://*.typekit.net; frame-src 'self' mailto: https://*.guidehouse.com https://*.navigant.com http://sdn.sitecore.net https://www.youtube.com https://navigant.postclickmarketing.com https://www.slideshare.net https://w.soundcloud.com https://platform.linkedin.com https://*.ceros.com https://optimize.google.com; child-src 'self' https://*.guidehouse.com https://*.navigant.com http://sdn.sitecore.net https://www.youtube.com https://navigant.postclickmarketing.com https://www.slideshare.net https://w.soundcloud.com; connect-src 'self' https://*.guidehouse.com https://*.navigant.com https://www.google-analytics.com https://*.cookielaw.org https://*.mouseflow.com; 2
default-src * 'unsafe-inline' data: 'unsafe-eval'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' about: https://goodwin.photoshelter.com https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net http://cdnjs.cloudflare.com http://us1.siteimprove.com https://p.typekit.net https://fonts.gstatic.com https://siteimproveanalytics.com https://view.ceros.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com photoshelter.com https://player.vimeo.com/ https://cdn.cookielaw.org;                                                          script-src 'self' 'unsafe-inline' 'unsafe-eval' https://view.ceros.com https://goodwin.photoshelter.com https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net http://cdnjs.cloudflare.com http://us1.siteimprove.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com https://photoshelter.com https://player.vimeo.com/ https://cdn.cookielaw.org  https://j.6sc.co;                                                          frame-ancestors 'self' http://goodwinlaw.com https://goodwinlaw.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io;                                                          frame-src 'self'  https://goodwin.photoshelter.com http://players.brightcove.net https://www.google.com https://www.youtube.com https://player.simplecast.com https://embed.simplecast.com https://players.brightcove.net https://ud.tiaa-cref.org https://view.ceros.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com photoshelter.com https://player.vimeo.com/;                                                          img-src 'self' data: https://us1.siteimprove.com https://www.google-analytics.com https://nowexttype.com https://p.typekit.net https://www.googletagmanager.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://cdn.cookielaw.org;                                                          font-src 'self' https://fonts.gstatic.com https://advance.lexis.com https://use.typekit.net https://61282325.global.siteimproveanalytics.io;                                                          connect-src 'self' https://performance.typekit.net https://www.google-analytics.com https://61282325.global.siteimproveanalytics.io https://cdn.cookielaw.org;                                                          report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 2
script-src *; 2
default-src 'self'; img-src 'self' https://* data:; child-src https://www.youtube.com/ https://www.google.com/; style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales; script-src 'self' blob: https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs='; connect-src 'self' https://www.google-analytics.com https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https: wss: 2
frame-ancestors https://*.lifecell.com.ua https://*.lifecell.ua 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.valcartier.com *.calypsopark.com gcv-static.azureedge.net gcv-cms-static.azureedge.net gcv-staging-static.azureedge.net gcv-dev-static.azureedge.net gcv-qa-static.azureedge.net gcv-qa2-static.azureedge.net gcv-qa3-static.azureedge.net www-gcv-static.azureedge.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.ticket-ops.com data: *.tripadvisor.ca *.tripadvisor.com *.jscache.com static.tacdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google.com fonts.gstatic.com facebook.net *.facebook.com *.google.ca *.googleadservices.com *.doubleclick.net acuityplatform.com securecode.com *.securecode.com moneris.com *.moneris.com visa.com *.visa.com verifiedbyvisa.com *.verifiedbyvisa.com *.arcot.com *.vgdelivery.com vgdelivery.com *.cardinalcommerce.com cardinalcommerce.com *.online-metrix.net online-metrix.net securesuite.net *.securesuite.net az416426.vo.msecnd.net dc.services.visualstudio.com connect.facebook.net player.vimeo.com cdn.livechatinc.com secure.livechatinc.com app.livechatinc.com www.livechatinc.com; 2
frame-ancestors 'self' *.nosfair.com https://toolbox.gls.de 2
frame-ancestors 'self'; default-src 'self' https: wss:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' blob: https: data: 2
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.klevu.com/ https://cdn.bronto.com/ https://acsbapp.com/ data: http://cdn.materialdesignicons.com/ *.formstack.com/ http://ajax.googleapis.com/ *.fonts.googleapis.com/ *.richpanel.com https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com https://app.bronto.com/ http://app.bronto.com/ https://input.noibu.com/ *.formstack.com/ http://ajax.googleapis.com/ http://highcountrygardens.com/ http://www.americanmeadows.com/ http://www.landrethseed.com/ https://highcountrygardens.com/ https://www.americanmeadows.com/ https://www.landrethseed.com/ https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://accessibe.com/ https://assets.braintreegateway.com/ https://secure.livechatinc.com/ *.formstack.com/ https://www.youtube.com/ http://ajax.googleapis.com/ https://api.richpanel.com/ https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.hotjar.com *.weltpixel.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.klevu.com/ http://fast.wistia.com/ https://fast.wistia.com/ 'self' https://embed-fastly.wistia.com/ http://cdn.bronto.com/ http://services.postcodeanywhere.co.uk https://acsbapp.com/ http://assets.pinterest.com/ http://media.americanmeadows.com/ http://t.powerreviews.com/ https://log.pinterest.com/ http://res.cloudinary.com/ http://embed.wistia.com/ https://amidev.americanmeadows.com/ https://embedwistia-a.akamaihd.net/ https://cdn.livechatinc.com/ *.formstack.com/ *.ksearchnet.com/ https://script.crazyegg.com/ http://app.bronto.com/ https://app.bronto.com/ https://input.noibu.com/ https://email.americanmeadows.com/ http://ajax.googleapis.com/ *.richpanel.com https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.bing.com/ *.amazonaws.com *.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com https://cdn.polyfill.io/ https://cdn.noibu.com/ http://script.crazyegg.com/ https://cdn.bronto.com/ https://snip.bronto.com/ https://acsbap.com/ *.klevu.com/ https://acsbapp.com/ http://cdn.bronto.com/ https://cdn.acsbapp.com/ https://secure.livechatinc.com/ http://ui.powerreviews.com/ https://fast.wistia.com/ http://fast.wistia.com/ http://rest.bronto.com/ http://api.addressy.com/ http://static.powerreviews.com/ http://connect.facebook.net/ http://assets.pinterest.com/ https://js-agent.newrelic.com/ http://www.americanmeadows.com/ *.formstack.com/ https://bam.nr-data.net/ *.ksearchnet.com/ https://script.crazyegg.com/ *.magento.cloud/ https://app.bronto.com/ https://input.noibu.com/ https://email.americanmeadows.com/ http://ajax.googleapis.com/ *.richpanel.com https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ https://mpsnare.iesnare.com/snare.js http://js.braintreegateway.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.hotjar.com/ *.bing.com/ *.googleapis.com www.google.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com http://ajax.googleapis.com/ *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.klevu.com/ http://cdn.bronto.com/ http://ui.powerreviews.com/ http://api.addressy.com/ http://cdn.materialdesignicons.com/ *.formstack.com/ *.ksearchnet.com/ https://script.crazyegg.com/ *.magento.cloud/ https://app.bronto.com/ https://input.noibu.com/ https://email.americanmeadows.com/ https://fonts.googleapis.com/ *.richpanel.com https://bam-cell.nr-data.net https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ data: *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://cdn.livechatinc.com/ https://embed-fastly.wistia.com/ http://embed.wistia.com/ blob: https://embedwistia-a.akamaihd.net/ https://ws.richpanel.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ https://js.braintreegateway.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.formstack.com/ data: *.bing.com/ https://c.paypal.com/ https://tst.kaptcha.com/ *.amazonaws.com *.richpanel.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com wss://metroplex-dot-noibu-unicron.uc.r.appspot.com/ https://maw.bronto.com/ https://acsbapp.com/ https://cdn.acsbapp.com/ http://ui.powerreviews.com/ http://pipedream.wistia.com/ http://distillery.wistia.com/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://api.addressy.com/ *.braintreegateway.com *.braintree-api.com wss: https://i.noibu.com/ http://display.powerreviews.com/ https://tracking.crazyegg.com/ https://fiddler.brontops.com/ https://input.noibu.com/ https://shipseasons.americanmeadows.com/ https://bam.nr-data.net/ https://uscs22.ksearchnet.com/ *.ksearchnet.com/ https://embedwistia-a.akamaihd.net/ https://script.crazyegg.com/ *.klevu.com/ https://email.americanmeadows.com/ *.formstack.com/ *.google-analytics.com/ https://stats.g.doubleclick.net/ *.richpanel.com https://bam-cell.nr-data.net https://embed-fastly.wistia.com/ https://ws.richpanel.com/ https://js.braintreegateway.com/ https://c.paypal.com/ https://tst.kaptcha.com/ https://vc.hotjar.io/ https://script.hotjar.com/ http://writeservices.powerreviews.com/ https://writeservices.powerreviews.com/ http://js.braintreegateway.com/ http://api.cloudinary.com/ *.americanmeadows.com/ *.highcountrygardens.com/ *.landrethseed.com/ *.hotjar.com *.bing.com/ wss://*.richpanel.com *.googleapis.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
img-src https://www.facebook.com https://abs.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com www.google-analytics.com https://www.googletagmanager.com https://www.google.cl https://www.google.com https://ton.twimg.com 'self' data:; frame-ancestors 'self'; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdn.nanigans.com https://api.nanigans.com https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://acdn.adnxs.com/dmp/up/pixie.js https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com https://admin.relay42.com https://t.svtrd.com/t-1295/ https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api https://img03.en25.com/i/elqCfg.min.js https://static2.creative-serving.com/pixel_loader.js https://api.salesfeed.com https://script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://api.tiles.mapbox.com/mapbox-gl-js/v0.50.0/mapbox-gl.css https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com;media-src 'self' data: https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://9108254.fls.doubleclick.net https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com https://www.google.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com https://cdn.bluebillywig.com/fonts/;connect-src 'self' *.eneco.nl https://www.google-analytics.com *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://ct.pinterest.com https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com/events/v2 https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://api.adcalls.nl https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' blob: data: * 2
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 2
default-src https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://*.gstatic.com/ 'self'; child-src  'self'; connect-src wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/  wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ 'self'; frame-src https://*.linkedin.com/ https://*.googlesyndication.com/ https://crossmedia.mediasite.com/ https://*.crossmediaplatform.nl/ https://widgets.bnr.nl/ https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; frame-ancestors  'self'; img-src https://www.facebook.com/ http://www-medischcontact-tst-1.gxcloud.local/ http://www-medischcontact-tst.gxcloud.local/ http://www-medischcontact-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.local/  https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/  'self' data:; media-src  'self'; object-src  'self'; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.printfriendly.com https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 2
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 2
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 2
frame-ancestors 'none'; upgrade-insecure-requests 2
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 2
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 2
default-src 'none'; media-src https://d10lpsik1i8c69.cloudfront.net; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geolocation.onetrust.com https://cdn.cookielaw.org https://d10lpsik1i8c69.cloudfront.net https://www.google.com https://www.gstatic.com https://panel.acens.net https://*.searchcdn.com https://addsearch.com https://s0.2mdn.net https://connect.facebook.net https://code.jquery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://scripts.isl.teledemos.net https://www.googletagmanager.com https://*.adform.net; connect-src 'self' https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org https://www.google-analytics.com https://stats.g.doubleclick.net wss://visitors.live wss://in.visitors.live https://settings.luckyorange.net https://yoast.com; img-src 'self' data: http://www.acens.com https://*.acens.com https://panel.acens.net https://cdn.cookielaw.org https://img.youtube.com https://secure.adnxs.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net https://*.entelgystats.com https://stats.sec.telefonica.com https://ajax.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://static.acens.com https://*.cloudfront.net https://app.addsearch.com https://ajax.googleapis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.acens.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://www.google.com https://www.facebook.com/ https://www.youtube.com/; manifest-src 'self'; 2
default-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.marketo.com/ *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ anchor.fm gateway.zscalertwo.net static3.avast.com *.mktoutil.com *.google.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.marketo.com *.marketo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com cdn.mouseflow.com *.mouseflow.com/ munchkin.marketo.net *.marketo.com *.mktorest.com assets.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.linkedin.com *.youtube.com s.ytimg.com *.facebook.com connect.facebook.net t.co static.ads-twitter.com analytics.twitter.com js-agent.newrelic.com fast.gehealthcare.demdex.net dpm.demdex.net gateway.zscalertwo.net snap.licdn.com bam.nr-data.net gehealthcare.sc.omtrdc.net gelifedigitalhubprod.112.2o7.net cx.atdmt.com cm.everesttech.net static.cloud.coveo.com *.thunderhead.com google.com googleads.g.doubleclick.net *.evidon.com *.consensu.org *.adroll.com maps.googleapis.com *.onetrust.com *.google.com api.fouanalytics.com *.b2c.com *.b2c.com:* *.b2c.com/ smetrics.cytivalifesciences.com stats.g.doubleclick.net play.vidyard.com play.vidyard.com/; img-src * data:; media-src 'self' cdn.cytivalifesciences.com *.youtube.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data: static3.avast.com; frame-src 'self' *.adobe.com *.marketo.com facebook.com *.facebook.com *.anchor.fm anchor.fm cytiva.demdex.net youtube.com *.youtube.com bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ gateway.zscalertwo.net; connect-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net *.mktoutil.com *.google.com/; report-uri https://www.cytivalifesciences.com/api/csp/report 2
frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 2
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.eu01.nr-data.net js-agent.newrelic.com sp.analytics.yahoo.com s.yimg.com userprotect.de.stihl-dns.net tagmanager.google.com www.google-analytics.com www.googletagmanager.com analytics-udg.netdna-ssl.com assets.adobedtm.com maps.googleapis.com typekit.net *.typekit.net *.adyen.com *.geoplugin.net *.openweathermap.org *.google.com *.google.de *.gstatic.com *.criteo.net *.criteo.com *.g.doubleclick.net *.facebook.net *.bing.com *.outbrain.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.mouseflow.com *.pinimg.com *.excentos.com; connect-src 'self' *.pinterest.com s.yimg.com bam.eu01.nr-data.net *.youtube-nocookie.com *.google.com *.google.de analytics.google.com *.g.doubleclick.net *.bing.com stihl-sso.com stihl.tui-servicelayers.io ext.nonstoppartner.net www.google-analytics.com *.omtrdc.net *.demdex.net adobeioruntime.net *.adobeioruntime.net maps.googleapis.com typekit.net *.typekit.net *.mouseflow.com stihlb2bdocuments.blob.core.windows.net *.excentos.com; img-src 'self' *.criteo.com *.smaato.net *.pinterest.com *.google.ch *.doubleclick.net *.rubiconproject.com *.smartadserver.com *.3lift.com *.adnxs.com *.yahoo.com *.casalemedia.com *.pubmatic.com *.360yield.com *.openx.net *.twiago.com *.adscale.de *.adform.net *.advertising.com *.teads.tv *.media.net *.yieldlab.net *.omnitagjs.com *.bidswitch.net *.sharethrough.com *.ivitrack.com *.e-planning.net *.stickyadstv.com *.tremorhub.com *.taboola.com *.googleusercontent.com *.youtube-nocookie.com *.atdmt.com *.criteo.net *.ytimg.com stats.g.doubleclick.net *.google.com *.google.de www.google-analytics.com www.googletagmanager.com *.facebook.com *.bing.com *.outbrain.com *.everesttech.net *.demdex.net *.omtrdc.net static.stihl.com *.stihlusa.com typekit.net *.typekit.net *.gstatic.com maps.googleapis.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com data: *.mouseflow.com *.stihl.e2c60971c7ab4045b5e9.westeurope.aksapp.io *.excentos.com; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.excentos.com;font-src 'self' cdnjs.cloudflare.com *.typekit.net typekit.net fonts.googleapis.com fonts.gstatic.com data: *.mouseflow.com *.excentos.com;frame-src 'self' *.criteo.net userprotect.de.stihl-dns.net *.criteo.com e.video-cdn.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.demdex.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com static.stihl.com *.fls.doubleclick.net *.mouseflow.com *.excentos.com;child-src 'self' *.mouseflow.com 2
default-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://www.google-analytics.com http://cdn.sendpulse.com https://*.twitch.tv https://cdn.jsdelivr.net https://www.youtube.com https://s.ytimg.com https://widget.gleamjs.io https://gleam.io https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagservices.com https://ad.doubleclick.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://cdn.jsdelivr.net https://cdn.sendpulse.com 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://v2assets.zopim.io https://static.zdassets.com data: https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://static-cdn.jtvnw.net https://cdn.sendpulse.com https://*.gravatar.com https://graph.facebook.com https://i0.wp.com/www.allkeyshop.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net https://*.googleusercontent.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://js.gleam.io https://static-cdn.jtvnw.net https://i.ytimg.com 2
frame-ancestors 'self' http://webvisor.com; 2
value 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 2
frame-ancestors https://punchoutcommerce.com https://*.ptown.local https://*.ariba.com http://*.ariba.com https://*.e-procurementservices.com https://*.ibuyefficient.com http://*.adaco.com http://*.p2p.na1.fourth.com http://*.eprosvcs.com https://*.eprosvcs.com https://*.buyerquest.net  https://*.edirx.com http://*.edirx.com https://*.degdarwin.com https://equallevel.com https://*.punchout2go.com https://*.disney.com https://*.astoundcommerce.com https://*.partstown.com https://*.partstown.ca 2
form-action https: 2
default-src 'self' gap: 'unsafe-inline';     script-src 'self'         data: https://cdn.amcharts.com         data: https://c.mql5.com/         data: https://cdn.ampproject.org/         data: https://content.mql5.com/         data: https://connect.facebook.net/         data: https://ifccd.net         data: https://apis.google.com         data: www.google-analytics.com         data: www.googletagmanager.com         data: trade.mql5.com         data: https://ipinfo.io         data: https://ajax.cloudflare.com         data: https://yastatic.net/share2/share.js         data: https://mc.yandex.ru/metrika/tag.js         'unsafe-eval' 'unsafe-inline';     frame-src 'self'         data: https://component.autochartist.com         data: https://www.tradays.com/         data: https://www.mql5.com         data: https://www.facebook.com         data: https://www.youtube.com/         data: https://chat.irifcm.asia/         data: https://chat.trifcm.asia/         data: https://chat.ifcmarkets.com         data: https://chat.ifcmfx.com         data: https://chat.ifcmfx.cn         data: https://chat.ifcm.co.uk         data: https://chat.ifcmarkets.tw         data: https://chat.ifcmarkets.my         data: https://chat.ifcmarkets.net         data: https://chat.ifcmarkets.hk         data: https://chat.ifcmarkets.mx         data: https://chat.ifcmarkets.com.br         data: https://chat.ifcmarkets.co.id         data: https://chat.ifcmarkets.co.in         data: https://chat.ifcmarkets.co         data: https://chat.ifcmarkets.ae         data: https://trade.mql5.com         data: *.googletagmanager.com;     object-src *;     style-src 'self'         data: https://ifccd.net         data: https://pr.ifccd.net         data: https://fonts.googleapis.com         'unsafe-inline';     img-src *         data: http://www.w3.org/;     font-src 'self'         data: https://ifccd.net         data: https://fonts.gstatic.com         data: https://fonts.googleapis.com         data: https://pr.ifccd.net;     connect-src *;  manifest-src 'self' data: https://ifccd.net 2
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 2
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 2
frame-ancestors 'self' *.windy.com:* 2
default-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline' https://www.gstatic.com https://cdn.datatables.net https://cdnjs.cloudflare.com;img-src 'self' data: https://*.stripe.com https://*.google.com https://www.google-analytics.com https://googletagmanager.com;connect-src https://checkout.stripe.com https://api.stripe.com https://q.stripe.com https://www.google-analytics.com https://stats.g.doubleclick.net https://stage.run.dataminer.io https://stage5.dataminer.io https://run.dataminer.io https://dev.dataminer.io:5443;frame-src https://checkout.stripe.com https://js.stripe.com https://hooks.stripe.com https://www.emailmeform.com https://www.youtube.com https://docs.google.com;script-src 'self' 'unsafe-inline' https://js.stripe.com https://checkout.stripe.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.gstatic.com https://cdn.datatables.net;object-src 'none' 2
frame-ancestors 'self' www.amway.id admin.amway.id beta.amway.id www.amway.co.th admin.amway.co.th beta.amway.co.th smart.amway.co.th admin.smart.amway.co.th 2
frame-ancestors 'self' http://tags2.adshell.net http://clk.sportstream.live 2
default-src 'self' https://ajax.googleapis.com https://maps.googleapis.com http://ajax.googleapis.com http://maps.googleapis.com https://*.ubembed.com http://*.ubembed.com  https://y.c3portal.net https://c3sbx.net https://c3plp.net https://*.ctctcdn.com http://*.ctctcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com/iframe_api http://www.google-analytics.com/ https://lkq.qumucloud.com/ https://c3sbx.net https://c3plp.net https://cdn.qumucloud.com/ https://ssl.google-analytics.com/ https://www.gstatic.com/ https://www.google.com/ https://www.googletagservices.com/ https://www.googletagmanager.com https://connect.facebook.net/ https://googleads.g.doubleclick.net/ http://www.googleadservices.com/ https://gateway.zscalertwo.net https://fs17.formsite.com/ http://cdn.jsdelivr.net/ https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com/ https://maps.googleapis.com/  http://ajax.googleapis.com/ http://maps.googleapis.com http://www.interactivegarage.com https://www.interactivegarage.com http://emarketing.ekeystone.com/ http://static.ctctcdn.com/ https://static.ctctcdn.com/ https://cdnjs.cloudflare.com/ http://cdnjs.cloudflare.com/;  style-src 'self' 'unsafe-inline' https://cdn.qumucloud.com/ https://lkq.qumucloud.com http://fonts.googleapis.com/ http://fonts.gstatic.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com https://*.ctctcdn.com http://*.ctctcdn.com; img-src 'self' *.ekeystone.com/ http://maps.gstatic.com/ http://maps.googleapis.com/ http://media.ekeystone.com/ https://lkq.qumucloud.com/ https://cdn.qumucloud.com/ https://fonts.gstatic.com/ https://www.google-analytics.com/  http://vehiclepartimages.com/ https://www.google.com/ http://www.google-analytics.com/ https://www.facebook.com/ https://gateway.zscalertwo.net https://stats.g.doubleclick.net https://ssl.google-analytics.com/ http://media.viantp.com/ https://www.google.co.in/pagead/ http://www.googletagmanager.com/ https://*.ubembed.com http://*.ubembed.com https://ajax.googleapis.com http://emarketing.ekeystone.com https://*.ctctcdn.com http://*.ctctcdn.com data:; child-src 'self' https://lkq.instilled.com https://lkq.qumucloud.com https://sdn.sitecore.net https://c3sbx.net https://c3plp.net https://n.c3portal.net http://sdn.sitecore.net https://www.google.com https://recruiting.adp.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://fs17.formsite.com/ http://www.youtube.com https://*.ubembed.com/ http://www.facebook.com  https://*.pages.ubembed.com http://*.ubembed.com http://*.pages.ubembed.com http://www.interactivegarage.com https://www.interactivegarage.com https://gateway.zscalertwo.net  https://docs.google.com/ https://y.c3portal.net  blob:; font-src 'self' https://cdn.qumucloud.com/ https://fonts.gstatic.com https://*.ubembed.com  http://*.ubembed.com  https://*.ctctcdn.com http://*.ctctcdn.com data:; frame-ancestors 'self'; media-src 'self' http://media.ekeystone.com/ http://vehiclepartimages.com/ https://*.ubembed.com http://*.ubembed.com https://*.ctctcdn.com http://*.ctctcdn.com;  2
base-uri 'self'; object-src 'none'; img-src 'self' https://www.google-analytics.com https://storage.googleapis.com/operating-anagram-8280/ https://lh3.googleusercontent.com/ https://stats.g.doubleclick.net/r/collect https://i.ytimg.com/ https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com data:; script-src 'self' 'unsafe-eval' 'sha256-If5YkXjOaX9+Y2b1TABwFRqsMHrOMW2l2cQ5lJdj3w8=' https://www.google-analytics.com/analytics.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular-animate.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular-touch.min.js https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v3.js https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js https://www.googletagmanager.com/gtag/js https://stats.g.doubleclick.net/r/collect https://www.youtube.com/iframe_api https://s.ytimg.com/yts/ 2
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.eon-hungaria.com 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; img-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; style-src 'self' 'unsafe-inline' http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; font-src 'self' data: http: https: w1.stiebel-eltron.de w2.stiebel-eltron.de www.stiebel-eltron.de www0.stiebel-eltron.de; 2
frame-ancestors 'self' groupebpce.com *.groupebpce.com; 2
object-src 'none'; frame-ancestors 'none' 2
child-src 'self'; default-src 'self' *.usave.co.uk 'unsafe-eval' 'unsafe-inline' phplaravel-354301-1685373.cloudwaysapps.com ajax.cloudflare.com static.cloudflareinsights.com optimize.google.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.com connect.facebook.net www.googleadservices.com www.google.com www.gstatic.com www.redditstatic.com *.tawk.to *.smartlook.com *.cookiebot.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com manager.eu.smartlook.cloud *.amazonaws.com *.tinymce.com *.tiny.cloud; img-src https: data:; frame-src www.googletagmanager.com www.measurementlab.net www.facebook.com www.google.com va.tawk.to *.stickeemobiles.co.uk optimize.google.com www.googleoptimize.com; 2
default-src 'self'; img-src 'self' data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com; font-src *.gstatic.com *.hotjar.com;frame-src *.twitter.com *.hotjar.com *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net; connect-src *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://ws12.hotjar.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https: mailto: tel:; font-src 'self' data: https:; connect-src 'self' https: wss://*.hotjar.com; frame-ancestors 'self' https://vshow.on24.com https://login-staging.qlik.com/ https://login.qlik.com/; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; img-src 'self' https: data: 2
frame-ancestors 'self' http://bleudigo.the513.top https://www.indigo-net.com https://www.indigo.fr; 2
default-src 'none';connect-src 'self' https://*.salemove.com wss://pubsub.salemove.com wss://kluster.salemove.com https://*.twilio.com wss://chunderw-vpc-gll.twilio.com https://*.secumd.org https://*.bethpagefcu.com https://*.bellco.org https://js.callrail.com https://n2.mouseflow.com https://s.yimg.com wss://mpsnare.iesnare.com wss://ci-mpsnare.iovation.com https://*.google.com https://stats.g.doubleclick.net https://files.bethpagefcu.com https://api.datatrac.net https://*/api/fraudforce/FraudForce/Post https://siteintercept.qualtrics.com https://*.nanorep.co https://*.nanorep.com https://performance.typekit.net https://bat.bing.com https://secure-ds.serving-sys.com https://www.google-analytics.com https://*.jotform.com https://app.textrecruit.com https://app1.textrecruit.com https://*.segmint.net https://s3.amazonaws.com/cdn.segmint.net/ https://*.fontawesome.com https://*.glia.com;font-src 'self' data: https://*.gstatic.com https://use.typekit.net https://insight.adsrvr.org https://*.fontawesome.com https://apps.pcdgroup.com https://*.cloudflare.com https://*.formstack.com;frame-src 'self' https://*.doubleclick.net https://pixel-a.basis.net https://www.youtube.com https://youtu.be https://vimeo.com https://*.vimeo.com https://pixel.sitescout.com https://*.locatorsearch.com https://pixel.mathtag.com https://insight.adsrvr.org https://*.cloudfront.net https://*.google.com https://www2.iraservicecenter.com https://*.bethpagefcu.com https://*.secumd.org https://*.bellco.org https://*.orb.alkamitech.com https://www.agentinsure.com https://fliphtml5.com https://vizi.vizirecruiter.com https://secumd.satmetrix.com https://www.youtube-nocookie.com https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://a.pgtb.me https://*.formstack.com https://*.jotform.io https://*.jotform.us https://*.jotform.com https://www.facebook.com https://connect.segmint.net https://m.lndg.page;frame-ancestors 'self';img-src 'self' data: https://*.google.com https://bat.bing.com https://bs.serving-sys.com https://pixel-a.basis.net https://p.typekit.net https://*.siteimproveanalytics.io https://detectca.easysol.net https://www.facebook.com https://pixel.sitescout.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://ssiteid.t.eloqua.com https://*.salemove.com https://images.locatorsearch.com https://www.pages03.net https://pixel.mathtag.com https://track.hubspot.com https://insight.adsrvr.org https://cs.choozle.com https://idsync.rlcdn.com https://s3.amazonaws.com/provelo.bold360demo.com/ https://images.printable.com https://mpp.specificclick.net https://cx.atdmt.com https://dpm.demdex.net https://pixel.rubiconproject.com https://pixel.advertising.com https://tags.bluekai.com https://pixel.tapad.com https://idpix.media6degrees.com https://aa.agkn.com https://dsum-sec.casalemedia.com https://loadm.exelator.com https://odr.mookie1.com https://cache.vindicosuite.com https://uipglob.semasio.net https://eb2.3lift.com https://e.nexac.com https://dmp.truoptik.com https://mid.rkdms.com https://ml314.com https://cw.addthis.com https://cache.vindicosuite.com https://www.glassdoor.com https://*.oflows.net https://www.navyfederal.org https://match.adsrvr.org https://online.citi.com https://www2.bac-assets.com https://*.adnxs.com http://img.en25.com/EloquaImages/clients/BellcoCreditUnion/ https://*.facebook.net https://*.simpli.fi https://*.jotfor.ms https://*.jotform.com https://*.formstack.com https://ups.analytics.yahoo.com https://simplifi.partners.tremorhub.com https://sync.intentiq.com https://image2.pubmatic.com https://ads.stickyadstv.com https://fei.pro-market.net https://sync.bfmio.com https://stags.bluekai.com https://bcp.crwdcntrl.net https://ce.lijit.com https://load77.exelator.com https://sync.search.spotxchange.com https://bh.contextweb.com https://us-u.openx.net https://pippio.com https://sync1.intentiq.com https://in.xspadvertising.com https://usermatch.krxd.net https://beacon.krxd.net https://su.addthis.com https://d.agkn.com https://match.sharethrough.com https://simage2.pubmatic.com https://io.narrative.io https://i.liadm.com https://x.bidswitch.net https://s.thebrighttag.com https://t.mookie1.com https://login.dotomi.com https://*.googleusercontent.com https://*.gstatic.com https://app.textrecruit.com https://app1.textrecruit.com https://jelly.mdhv.io https://www.yext-pixel.com https://*.amazon-adsystem.com https://*.adnxs.com https://*.bethpagefcu.com https://*.bellco.org https://*.secumd.org https://*.mediaiqdigital.com;media-src 'self' data: https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com https://libs.salemove.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.callrail.com https://*.salemove.com https://bat.bing.com https://cdn.mouseflow.com https://*.facebook.net https://detectca.easysol.net https://googleads.g.doubleclick.net https://s.btstatic.com/tag.js https://s.yimg.com/wi/ytc.js https://siteimproveanalytics.com https://www.google-analytics.com https://*.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com/iframe_api https://youtu.be https://vimeo.com https://*.vimeo.com https://*.bethpagefcu.com https://mpsnare.iesnare.com https://use.typekit.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://script.crazyegg.com https://sp.analytics.yahoo.com https://code.getmdl.io/1.3.0/material.min.js https://www.googleadservices.com https://img.en25.com/i/elqCfg.min.js https://s.thebrighttag.com https://s.ytimg.com https://ci-mpsnare.iovation.com https://js.callrail.com https://js.locatorsearch.com https://*.cloudflare.com https://*.cloudfront.net https://www.sc.pages03.net https://*.siteintercept.qualtrics.com https://pixel.mathtag.com https://browser.sentry-cdn.com https://*.nanorep.co https://*.nanorep.com https://*.gstatic.com https://s3.amazonaws.com/data.vizirecruiter.com/ https://*.fontawesome.com https://*.cudlautosmart.com https://nexus.ensighten.com https://ssl.geoplugin.net https://secure.checkout.visa.com http://*.serving-sys.com https://*.serving-sys.com https://cdn.rawgit.com/noelboss/featherlight/ https://schedule.lobbycentral.com https://*.simpli.fi https://bethpagefederalcreditunion.formstack.com https://*.jotform.com https://*.jotform.us https://*.jotformpro.com https://*.jotfor.ms https://*.jotform.io https://*.formstack.com https://sandbox.secure.checkout.visa.com https://knowledgetags.yextpages.net https://app.textrecruit.com https://app1.textrecruit.com https://action.dstillery.com https://cdn.segmint.net https://analytics.yext-static.com https://*.youtube.com https://*.glia.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.salemove.com https://code.getmdl.io/1.3.0/ https://cloud.typography.com https://*.fontawesome.com https://*.cloudflare.com https://cdn.rawgit.com/noelboss/featherlight/ https://schedule.lobbycentral.com https://*.jotfor.ms https://*.formstack.com https://*.google.com https://*.segmint.net; 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 2
default-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com/; child-src 'self'; worker-src 'self'; frame-src 'self'; img-src 'self' data: https://www.gravatar.com/ https://ps.w.org/; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/;frame-ancestors 'self'; 2
style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com cdnjs.cloudflare.com tagmanager.google.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data:; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: https://www.youtube.com/ static.issuu.com e.issuu.com docs.google.com www.google-analytics.com fonts.googleapis.com *.disquscdn.com www.votervoice.net www.googletagmanager.com ims.informz.net connect.facebook.net www.google.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://pbs.twimg.com platform.twitter.com www.facebook.com staticxx.facebook.com disqus.com fonts.gstatic.com stats.g.doubleclick.net referrer.disqus.com https://services.texmed.org/45/Tma.CspReportApi/api/csp *.blubrry.com *.feathr.co servedbyadbutler.com *.fontawesome.com *.vimeo.com p2a.co *.jotform.com *.sharethis.com *.cognitoforms.com https://cognitoforms.com/ *.blogspot.com secure.givelively.org; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtm.js https://tagmanager.google.com/debug https://ajax.googleapis.com/ajax/libs/jquery/ https://fonts.googleapis.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://fd10.formdesk.com/scripts/fd_general.js https://cdn.feedbackify.com/f.js https://cdn.feedbackify.com/dialog.js https://www.feedbackify.com/touch https://s3.amazonaws.com/fby-form/13644/d.js https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: http://www.royalfloraholland.com/ https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.googletagmanager.com/ https://i.ytimg.com/ https://cdn.feedbackify.com/img/classic/ https://dev.visualwebsiteoptimizer.com/v.gif https://s3.amazonaws.com/fby-form/13644/logo.jpg; font-src 'self' https://fonts.googleapis.com/ data:; frame-src 'self' *.royalfloraholland.com *.floraholland.nl https://www.google.com/ https://www.youtube.com/ https://forms.office.com/ https://www.formdesk.com/ https://fd10.formdesk.com/; connect-src 'self' https://fhctest.rimote.nl/myfloraholland/ https://fhc-acc.rimote.nl/myfloraholland/ https://community.royalfloraholland.com/myfloraholland/ https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect 2
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl itesco.sk 2
default-src 'self' 'unsafe-inline' www.paypal.com *.apple.com tunemymusic-xvbumqfixmhzxo.stackpathdns.com code.jquery.com www.google-analytics.com www.google.com www.facebook.com connect.facebook.net; img-src * data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 2
default-src * data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'  https://*.cms.vwfs.tools https://*.vwfsindia.co.in;  img-src 'self'  data:  https://cms-assets.vwfs.io https://*.cms.vwfs.tools https://*.volkswagenbank.de https://*.omtrdc.net https://*.demdex.net https://img.youtube.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.iadvize.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://cm.everesttech.net  https://*.scene7.com https://*.userzoom.com https://smetrics.www.vwfs.de https://smetrics.vwfs.de https://*.adform.net https://www.facebook.com https://*.linkedin.com https://t23.intelliad.de https://c.imedia.cz https://dev.day.com https://t.co https://www.google.com https://www.google.de;    script-src 'self'  'unsafe-inline' https://*.volkswagenbank.de https://*.iadvize.com https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.googleapis.com https://storagewebcalcweud.blob.core.windows.net https://www.volkswagenbank-cloud.de https://t23.intelliad.de https://t13.intelliad.de https://assets.adobedtm.com https://*.omtrdc.net https://*.omniture.com https://*.adobe.com https://*.demdex.net https://cm.everesttech.net https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://www.googletagmanager.com https://c.imedia.cz https://www.seznam.cz https://*.thunderhead.com https://*.twitter.com https://*.fls.doubleclick.net https://static.ads-twitter.com https://www.googleadservices.com https://*.vwfsindia.co.in https://cc.cdn.civiccomputing.com https://*.advsearch.vwfs.io  ;  style-src 'self' 'unsafe-inline' https://*.iadvize.com https://fonts.googleapis.com https://*.userzoom.com https://*.vwfsindia.co.in;  connect-src 'self' https://vimeo.com    https://calculator.volkswagenbank.de https://*.iadvize.com wss://*.iadvize.com https://*.youtube.com https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.demdex.net https://cm.everesttech.net https://*.tt.omtrdc.net https://*.omtrdc.net *.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://smetrics.www.vwfs.de;  frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com;  object-src 'none';  font-src 'self' https://fonts.gstatic.com ;  frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://*.adform.net https://*.iadvize.com https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://vwfms.com https://online.flowpaper.com https://jobs.careerpage.fr https://faleconosco.bancovw.com.br https://atendimento-eletronico.bancovw.com.br https://www.vwfstools.co.uk https://lead.vwfsstore.com.br; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline' 2
frame-ancestors 'self' https://aula.educaixa.org; 2
frame-ancestors 'self'; block-all-mixed-content 2
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src 'self' https://submit.jotform.com/ https://form.jotform.com/ https://www.youtube.com/ https://lpcdn.lpsnmedia.net/ https://sy.msg.liveperson.net/ https://sy.idp.liveperson.net/ https://www.facebook.com/ https://m.facebook.com/ https://omny.fm/ https://cdn.flipsnack.com/ https://player.vimeo.com/ https://roller.app/ https://www.google.com/; connect-src 'self' https://weather-ydn-yql.media.yahoo.com https://www.google-analytics.com/ wss://sy.msg.liveperson.net/ws_api/account/1987918/messaging/consumer; media-src 'self' https://lpcdn.lpsnmedia.net/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://content.jwplatform.com/ https://assets-jpcust.jwpsrv.com/ https://content.jwplatform.com/ https://videos-fms.jwpsrv.com/ http://ssl.p.jwpcdn.com/               http://jwpltx.com/v1/ http://customer.cludo.com/scripts/ https://customer.cludo.com/css/ https://personalization.tombras.com/ http://gateway.answerscloud.com/                           https://fonts.googleapis.com/css https://maps.googleapis.com/ http://www.googletagmanager.com/ https://fonts.gstatic.com/ https://developers.google.com/              https://demanddetroit.com/ http://detroit.azureedge.net/ https://demanddetroit.blob.core.windows.net/ https://dtnacontent-dtna-stg.qa.freightliner.com/ https://dtnacontent-dtna.prd.freightliner.com              https://videos-cloudflare.jwpsrv.com/ https://detroitadsaem.azureedge.net/ https://www.google-analytics.com/ https://script.crazyegg.com/ https://bs.serving-sys.com/ https://tags.srv.stackadapt.com/              https://secure-ds.serving-sys.com/ https://stats.g.doubleclick.net/ https://secure.adnxs.com/ https://www.google.com/ads/ https://maps.gstatic.com/ https://api-us1.cludo.com/ https://freightliner.blob.core.windows.net/;               img-src * data:; 2
default-src * blob:;connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net https://analytics.google.com https://api.hubspot.com https://api.hubapi.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://forms.hubspot.com;frame-src 'self' https://i.prefinery.com https://app.hubspot.com https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://www.clickcease.com https://ajax.googleapis.com https://js.hs-banner.com https://widget.prefinery.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://js.hsadspixel.net https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com data: 2
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.gymboree.com *.childrensplace.com dpm.demdex.net tcp.demdex.net *.xtlo.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adobedtm.com *.google.com *.googleapis.com *.bazaarvoice.com *.getcandid.com *.candid.io *.quantummetric.com *.omniture.com *.vibescm.com search.unbxd.io *.braintreegateway.com *.braintree-api.com *.borderfree.com *.briteverify.com *.raygun.io *.gstatic.com *.theplace.com *.omtrdc.net *.paypal.com *.paypalobjects.com *.iperceptions.com *.melissadata.net *.facebook.net *.facebook.com *.stylitics.com stylitics-ampersand-production.sfo2.cdn.digitaloceanspaces.com comenity.net *.netdna-ssl.com *.comenity.net *.fiftyone.com *.omtrdc.net *.demdex.net *.channeladvisor.com *.impactradius-event.com *.googletagmanager.com *.micpn.com *.bing.com *.filepicker.io *.cloudinary.com *.cloudfront.net *.theplace.com *.netdna-ssl.com *.filepicker.io *.iesnare.com *.googleadservices.com *.steelhousemedia.com *.impactradius-event.com *.channeladvisor.com *.amazonaws.com *.kaptcha.com thechildrensplace.ay6u.net *.unbxdapi.com *.dotomi.com match.prod.bidr.io *.adsrvr.org *.pegacloud.net *.doubleclick.net *.forter.com *.monetate.net *.google-analytics.com *.wufoo.com *.mapbox.com search-dr.unbxd.io; worker-src 'self' blob: 2
frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve 2
default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://storage.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.polyfill.io/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://fonts.googleapis.com https://s3.eu-west-1.amazonaws.com https://www.google-analytics.com www.google-analytics.com https://www.gchq.gov.uk/* https://*.ncscdev.co.uk https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/; worker-src https://*.ncsc.gov.uk/static-assets/dist/ncsc/service-worker.js https://*.ncscdev.co.uk/static-assets/dist/ncsc/service-worker.js https://*.gchq.gov.uk/static-assets/dist/ncsc/service-worker.js; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src https://www.youtube-nocookie.com 2
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.netinnederland.nl *.2doc.nl *.vprogids.nl; 2
default-src 'self' https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://*.google.com https://www.google-analytics.com https://*.hotjar.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://mc.yandex.ru https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://*.draghmar.pl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.google.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; img-src 'self' https://purefarminggame.com https://*.purefarminggame.com https://tormentgame.com https://*.tormentgame.com https://techland.net https://*.techland.net https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://t.co/i/adsct; frame-src 'self' https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/; connect-src 'self' https://mc.yandex.ru https://in.hotjar.com 2
frame-ancestors 'self' covid-check.generali.de 2
frame-ancestors https://*.smartrecruiters.com 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.googleapis.com ajax.aspnetcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com *.fontawesome.com *.crowdriff.com *.sa-as.com *.licdn.com *.facebook.net *.googleadservices.com siteimproveanalytics.com *.doubleclick.net;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' iowa.gov *.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.typekit.net *.fontawesome.com *.crowdriff.com;img-src 'self' localhost:* localtest.com:* *.jquery.com *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.crowdriff.com *.cloudfront.net *.doubleclick.net *.arrivalist.com *.google.com *.sa-as.com *.adnxs.com *.siteimproveanalytics.io *.linkedin.com *.facebook.com *.adsymptotic.com *.ytimg.com *.google.ca *.googletagmanager.com;media-src *.spindustry.com;frame-src *.spindustry.com *.google.com *.youtube.com *.facebook.com *.doubleclick.net *.moz.com;font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.typekit.net *.fontawesome.com;connect-src 'self' *.spindustry.com *.crowdriff.com *.fontawesome.com *.doubleclick.net *.google-analytics.com *.facebook.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com;form-action 'self' *.spindustry.com *.facebook.net *.facebook.com;frame-ancestors *.spindustry.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true 2
default-src 'self' https:; font-src 'self' https: data: data://* use.typekit.net; img-src 'self' https: data: my.raspberrypi.org profiles-production.s3.eu-west-1.amazonaws.com p.typekit.net images.ctfassets.net; object-src 'none'; script-src 'self' https: data: 'unsafe-inline' www.google-analytics.com www.googletagmanager.com use.typekit.net tagmanager.google.com; style-src 'self' https: 'unsafe-inline' use.typekit.net; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://api.postcodes.io https://www.google-analytics.com https://*.typekit.net https://api-cdn.embed.ly https://*.stripe.com; frame-ancestors 'self' https://trinket.io https://*.trinket.io; report-uri https://raspberrypi.report-uri.com/r/d/csp/enforce 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 2
frame-ancestors 'self' https://www.google-analytics.com https://www.roedl.de/ https://www.roedl.com/ https://test-sp.roedl.com/ https://test-sp.roedl.de/ https://www.roedl.de:10006/ https://karriere.roedl.de/ https://adm-karriere.roedl.de/; form-action 'self' https://www.google-analytics.com; connect-src https://www.google-analytics.com 'self' https://orca.roedlcloud.com/ https://DEFFMSPFWEBD01.roedl.org:86 https://www.wetter.com/; img-src 'self' matomo.roedlcloud.com https://www.google-analytics.com https://chart.googleapis.com https://cs3.wettercomassets.com/; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net *.googletagmanager.com tagmanager.google.com www.gstatic.com *.google-analytics.com www.googleadservices.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io connect.facebook.net *.blueconic.net knltb.sb.blueconic.net service.force.com *.salesforceliveagent.com *.googleapis.com knltb.my.salesforce.com knltb.secure.force.com ajax.aspnetcdn.com *.cloudfront.net www.instagram.com www.mollie.com *.youtube.com *.ytimg.com *.newrelic.com *.nr-data.net *.g.doubleclick.net snap.licdn.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net tagmanager.google.com fonts.googleapis.com service.force.com knltb.secure.force.com *.cloudfront.net www.mollie.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: dashboard.umbraco.org our.umbraco.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io www.facebook.com *.ytimg.com *.googleapis.com *.gstatic.com *.blueconic.net stats.g.doubleclick.net *.persgroep.net *.google.nl; connect-src 'self' 'unsafe-eval' 'unsafe-inline' our.umbraco.com tagmanager.google.com www.google-analytics.com *.hotjar.com:* *.hotjar.io *.blueconic.net knltb.sb.blueconic.net service.force.com knltb.secure.force.com homerun.co *.nr-data.net stats.g.doubleclick.net; frame-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.youtube.com bid.g.doubleclick.net *.hotjar.com *.hotjar.io service.force.com www.facebook.com widgets.knltb.club www.instagram.com www.mollie.com nlpadel.meshlink.nl m.facebook.com crionet-ms-widgets.azurewebsites.net; style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.blueconic.net service.force.com knltb.secure.force.com *.cloudfront.net; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: fonts.gstatic.com *.hotjar.com *.hotjar.io *.sfdcstatic.com; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.hotjar.io *.youtube.com *.blueconic.net knltb.sb.blueconic.net; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net knltb.sb.blueconic.net; block-all-mixed-content; 2
default-src 'self' wss://www.reasedoper.pw wss://www.nathetsof.com https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src *;script-src 'self' http://sdnats.com http://zstat.org/ http://www.sparnove.com/ https://www.sparnove.com/ http://sparnove.com/ https://sparnove.com/ http://sparnove.com https://sparnove.com http://www.sparnove.com https://www.sparnove.com http://igropoisk.com http://www.igropoisk.com http://rigaletto.info/ http://listat.org https://listat.org https://static.reasedoper.pw https://nathetsof.com https://www.nathetsof.com http://nathetsof.com http://www.nathetsof.com http://static.reasedoper.pw https://dl.metabar.ru/ http://azbns.com/ http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://sparnove.com https://api.push.world/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.nathetsof.com wss://nathetsof.com wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 2
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 2
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2
style-src 'self' 'unsafe-inline' *.wales.ac.uk 2
frame-ancestors 'self' https://commerceinsights.ibmcloud.com 2
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://bat.bing.com https://cdn.jsdelivr.net https://www.trustradius.com https://ssl.google-analytics.com https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com https://com-avaya.netmng.com https://nan.netmng.com https://audiences.ignitionone.com https://a.rfihub.com https://c1.rfihub.net https://4529201.fls.doubleclick.net https://sp.analytics.yahoo.com com-avaya.qa.netmng.com https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.adroll.com https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://avaya.greenshootlabs.com https://*.kaltura.com https://*.linkedin.com https://*.serving-sys.com https://*.webengage.co https://*.webengage.com https://*.webtrends.com https://*.webtrendslive.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com https://*.arkoselabs.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.trustradius.com https://*.avaya.com https://*.kaltura.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://avaya.greenshootlabs.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://analytics.google.com https://s1737033466.t.eloqua.com https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://www.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.kaltura.com https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://c.webengage.com https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://avaya.greenshootlabs.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca; frame-ancestors 'self' https://*.avaya.com ; report-uri https://ce4597319c39d6fb9172e9cd9821a217.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' http://odc.world http://www.odc.world https://odc.world https://www.odc.world http://testspace.brain-berlin.com https://testspace.brain-berlin.com; 2
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 2
default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 2
font-src 'self' data: *.bookatable.com *.googleapis.com *.tenkites.com *.bing.com *.microsoft.com *.designmynight.com *.gstatic.com *.cloudfront.net; style-src 'self' data: *.googleapis.com *.bing.com *.bookatable.com *.microsoft.com *.designmynight.com *.tenkites.com *.cloudfront.net 'unsafe-inline'; frame-ancestors 'self' *.tenkites.com 2
script-src 'self' 'sha256-VWY8CMqPn65CVz0iNM9Dr0YiOBkr5gjQXk3Cwp57D6E=' 'sha256-LR5XzSRtZYBSoocc2iufIRqZnGkVF56pgpCTA56nrFg=' 'sha256-5gyJHECkm/JgYwitsBz3dGo320nNHR/NB+SWKAgJs2I='   *.googleapis.com *.google-analytics.com;  object-src 'self'; frame-ancestors 'self'; 2
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2
upgrade-insecure-requests; default-src https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' 2
frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com 2
frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 2
object-src 'none'; base-uri 'none'; 2
frame-ancestors 'self' https://booking2.centerparcs.fr https://booking2.centerparcs.nl https://booking2.centerparcs.de https://booking2.centerparcs.com https://booking2.centerparcs.eu https://booking2.centerparcs.ch https://booking2.centerparcs.be 2
frame-ancestors 'self' stage-portal.aerztekammer-hamburg.org portal.aerztekammer-hamburg.org; 2
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://*.ytimg.com http://awards.ratingruneta.ru https://cbzxy.com cdn3.caltat.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://push4site.com/static/sw/legalbet.js https://legalbet.push4site.com/sdk https://*.push4site.com https://push4site.com/Subscriber/Add https://e.infogram.com; frame-src 'self' https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.push4site.com https://push4site.com/Subscriber/Add https://e.infogram.com; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.push4site.com https://push4site.com/Subscriber/Add; child-src blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; worker-src 'self' https://*.push4site.com; report-uri /csp-report/; 2
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 2
report-uri https://fargond.gov/csp-report ; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fargond.gov *.cityoffargo.com translate.googleapis.com ajax.googleapis.com *.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com translate.google.com www.google-analytics.com www.google.com *.gstatic.com www.youtube.com i.ytimg.com *.ggpht.com js.arcgis.com static.arcgis.com server.arcgisonline.com services.arcgisonline.com connect.facebook.net *.facebook.com platform.twitter.com syndication.twitter.com *.fbcdn.net *.twimg.com api.cablecast.tv data: blob: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.jquery.com *.addtoany.com use.fontawesome.com *.cloudflare.com *.youtube.com *.ytimg.com *.googleapis.com *.googletagmanager.com connect.facebook.net cdnjs.cloudflare.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.addtoany.com cloud.typography.com www.groningerforum.nl; font-src 'self' *.gstatic.com data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com www.facebook.com www.googletagmanager.com *.doubleclick.net *.google.nl *.googleusercontent.com; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com youtu.be *.activetickets.com activetickets.groningerforum.nl www.facebook.com *.ticketworks.nl *.afasonline.com groningerforum.podiumnederland.nl forum.podiumnederland.nl open.spotify.com www.geodienst.xyz;media-src 'self' *.youtube.com *.vimeo.com *.vimeocdn.com *.akamaized.net;connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl www.google-analytics.com stats.g.doubleclick.net; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com; frame-ancestors 'self'; 2
frame-ancestors 'self' dev.dieselserviceandsupply.com www.dieselserviceandsupply.com ; 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' *; script-src * data: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com 2
'unsafe-inline'; 2
form-action 'self' https://coworkingresources.org https://*.coworkingresources.org https://www.facebook.com https://getkisi.com https://*.getkisi.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://a.omappapi.com https://a.optmnstr.com https://a.quora.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://d.adroll.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com https://www.redditstatic.com https://s.adroll.com https://ssl.google-analytics.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com 2
base-uri 'self';block-all-mixed-content;connect-src *.llamaya.com *.masmovil.es *.yoigo.com *.masmovil.com 'self' *.abtasty.com *.adyen.com *.ampproject.org *.bing.com *.byside.com wss://*.byside.com *.cdnwebcloud.com *.clarity.ms *.configcat.com *.contentful.com *.doubleclick.net *.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.google.es *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.indigitall.com *.krxd.com *.krxd.net *.netmng.com *.realytics.io *.rfihub.com *.taboola.com *.tiktok.com;default-src *.llamaya.com *.masmovil.es *.yoigo.com *.masmovil.com 'self';font-src 'self' https: data: *.gstatic.com;frame-ancestors 'self';frame-src *.llamaya.com *.masmovil.es *.yoigo.com *.masmovil.com *.adyen.com *.byside.com *.doubleclick.net *.facebook.com *.google.com *.hotjar.com *.krxd.net *.weborama.fr *.zenaps.com;img-src *.llamaya.com *.masmovil.es *.yoigo.com *.masmovil.com data: 'self' *.adyen.com *.awin1.com *.bing.com *.byside.com *.cdnwebcloud.com *.contentful.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.google.com *.google.es *.googletagmanager.com *.gstatic.com *.hotjar.com *.krxd.com *.krxd.net *.taboola.com t.co *.zenaps.com;object-src data:;script-src *.llamaya.com *.masmovil.es *.yoigo.com *.masmovil.com 'self' 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.ad4m.at *.adyen.com *.amazonaws.com *.ampproject.org *.bing.com *.byside.com *.cdnwebcloud.com *.clarity.ms *.contentful.com *.doubleclick.net *.dwin1.com *.facebook.net *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.hotjar.com *.jquery.com *.krxd.com *.krxd.net *.realytics.io *.realytics.net *.taboola.com *.tiktok.com *.twitter.com *.ads-twitter.com *.weborama.com *.weborama.fr *.youtube.com;style-src 'self' https: 'unsafe-inline' *.google.com *.googleapis.com;upgrade-insecure-requests;worker-src blob: 2
frame-ancestors *.ivanti.com https://dash.cloudflare.com 2
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 2
frame-ancestors 'self' *.dja.com; 2
frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com https:; object-src 'self' data: https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' *.crazyegg.com data: https:; media-src 'self' data: https:; frame-src 'self' *.hubspot.com https:; font-src 'self' data: https:; connect-src 'self' *.crazyegg.com https:; frame-ancestors 'self' *.hubspot.com; base-uri 'none'; form-action 'self' https://webto.salesforce.com *.hsforms.com; upgrade-insecure-requests; 2
frame-src 'self' https://intranet.m800.com https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com 2
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline'; media-src *; img-src * 'self' filesystem: data: blob:; 2
default-src 'self'; script-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; object-src 'none' 2
frame-ancestors 'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 2
connect-src *; default-src 'self'; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
frame-ancestors *.cas.cn 2
base-uri 'self'; form-action 'self' https://login.windows.net https://login.microsoftonline.com; connect-src 'self' https://www.google-analytics.com https://*.tealiumiq.com https://api.consent.talpanetwork.com https://*.privacymanager.io https://our.umbraco.com; default-src ; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' ; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.fls.doubleclick.net https://*.tealiumiq.com https://*.sbsnet.nl https://*.wufoo.com https://*.etribez.com https://*.eventim.nl https://*.aanmelden.tv https://aanmelden.tv https://*.sbs6.nl https://*.net5.nl https://*.veronicatv.nl https://*.sbs9.nl https://*.privacymanager.io https://talpanetwork.com https://consent.talpanetwork.com *.ticketcounter.nl; img-src 'self' data: https://www.google-analytics.com https://www.google.nl https://www.google.com https://www.w3.org https://dashboard.umbraco.org https://our.umbraco.com https://talpanetwork.com https://www.facebook.com; media-src 'self' https://talpanetwork.com; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://*.tealiumiq.com https://www.google-analytics.com https://www.googletagmanager.com https://*.privacymanager.io https://static.talpanetwork.com https://static.talpanetwork.com https://tags.tiqcdn.com https://utils.consent.talpanetwork.com https://acc.utils.consent.talpanetwork.com; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://*.tealiumiq.com https://www.google-analytics.com https://www.googletagmanager.com https://*.privacymanager.io https://static.talpanetwork.com https://static.talpanetwork.com https://tags.tiqcdn.com https://utils.consent.talpanetwork.com https://acc.utils.consent.talpanetwork.com; style-src 'unsafe-inline' 'self' blob: https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' blob: https://fonts.googleapis.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net d.la1-c2-frf.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com d.la2-c2-cdg.salesforceliveagent.com d.la2-c1cs-cdg.salesforceliveagent.com c.la2-c1cs-cdg.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com ajax.googleapis.com stackpath.bootstrapcdn.com ajax.aspnetcdn.com www.google.com www.google-analytics.com www.gstatic.com www.eventbrite.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src 'self' api.psauthority.org.uk http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com fonts.googleapis.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.google.com response.pure360.com www.eventbrite.co.uk https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src *; object-src 'none' 2
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
frame-src 'self' *.jiathis.com *.baidu.com 2
frame-ancestors 'self' junchae.com linkharu.com 2
default-src 'self';script-src 'self' 'unsafe-inline' *.jquery.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.aspnetcdn.com ajax.aspnetcdn.com *.googletagmanager.com *.cookiebot.com *.pingdom.net *.actonservice.com browser-update.org consent.cookiebot.com marketing.hhglobal.com cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' *.jquery.com *.google.com *.gstatic.com *.googleapis.com *.aspnetcdn.com stats.g.doubleclick.net;img-src 'self' stats.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google.com *.google.co.uk googleads.g.doubleclick.net *.hhglobal.com data:;frame-src 'self' googleads.g.doubleclick.net *.google.com *.google.co.uk *.vimeo.com bid.g.doubleclick.net *.cookiebot.com *.youtube.com marketing.hhglobal.com *.googletagmanager.com;connect-src 'self' *.pingdom.net www.google-analytics.com stats.g.doubleclick.net 2
default-src https:; style-src 'self' 'unsafe-inline' https://d32qhklnbkpwwi.cloudfront.net https://fonts.googleapis.com;script-src 'self' https://d32qhklnbkpwwi.cloudfront.net https://maps.googleapis.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:;frame-ancestors 'none'; form-action 'self' https: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ravenjs.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://www.gstatic.com https://use.fontawesome.com https://*.googlesyndication.com https://googleadservices.com https://tag.getdrip.com https://connect.facebook.net https://cdnjs.cloudflare.com https://*.google.com https://code.jquery.com https://cdn.mathjax.org https://*.google-analytics.com https://*.googleapis.com https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://checkout.stripe.com; frame-src https://checkout.stripe.com https://googleads.g.doubleclick.net https://docs.google.com https://maps.google.com https://www.google.com https://www.youtube.com https://player.vimeo.com https://*.facebook.com; block-all-mixed-content; frame-ancestors 'none'; report-uri https://ivydev.report-uri.io/r/default/csp/enforce 2
frame-ancestors 'self' https://www.sanaltur.com.tr/ 2
font-src https://www.callisonrtkl.com https://cdn.crtkl.com data: 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: 2
script-src 'self' https://az416426.vo.msecnd.net/; form-action 'self'; font-src 'self'; frame-ancestors 'self'; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 2
report-uri /csp-hotline.php; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net  https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com http://tomsk.effad.ru *.effad.ru effad.ru *.me-talk.ru disgusting.ru https://api-maps.yandex.ru *.yandex.net yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com https://d3js.org; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000 https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://www.google.com https://fonts.googleapis.com; 2
default-src 'self'; connect-src 'self' stats.g.doubleclick.net api.hubspot.com vimeo.com www.google-analytics.com wp.ocelotbot.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com js.hs-banner.com; prefetch-src: js.hs-banner.com js.usemessages.com js.hs-analytics.com snap.licdn.com www.google-analytics.com www.googletagmanager.com; font-src 'self' data:; frame-src app.hubspot.com player.vimeo.com; img-src 'self' data: wp.ocelotbot.com www.google.com p.adsymptotic.com track.hubspot.com px.ads.linkedin.com www.google-analytics.com www.gstatic.com ssl.gstatic.com i.vimeocdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' wp.ocelotbot.com slate.technolutions.net px.ads.linkedin.com snap.licdn.com track.hubspot.com p.adsymptotic.com js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com apis.google.com f.vimeocdn.com; style-src 'self' 'unsafe-inline' f.vimdeocdn.com; object-src 'none'; upgrade-insecure-requests; 2
default-src * 'self' m5.msy.gov.ir:* *.m5.msy.gov.ir:* itpishkhan.ir:* *.itpishkhan.ir:* hooshco.com:* *.hooshco.com:* ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com:* *.bootstrapcdn.com:* *.gstatic.com:* http://*:* m5.msy.gov.ir:* *.m5.msy.gov.ir:* itpishkhan.ir:* *.itpishkhan.ir:* hooshco.com:* *.hooshco.com:* ; style-src 'self' 'unsafe-inline' *.google.com:* *.bootstrapcdn.com:* m5.msy.gov.ir:* *.m5.msy.gov.ir:* itpishkhan.ir:* *.itpishkhan.ir:* hooshco.com:* *.hooshco.com:* ; img-src data: blob: 'self' *.google.com:* *.bootstrapcdn.com:* http://*:* m5.msy.gov.ir:* *.m5.msy.gov.ir:* itpishkhan.ir:* *.itpishkhan.ir:* hooshco.com:* *.hooshco.com:* ; connect-src 'self' http://*:* ws://localhost:* m5.msy.gov.ir:* *.m5.msy.gov.ir:* itpishkhan.ir:* *.itpishkhan.ir:* hooshco.com:* *.hooshco.com:* ; child-src 'self' *.google.com:* *.bootstrapcdn.com:* *.gstatic.com:* m5.msy.gov.ir:* *.m5.msy.gov.ir:* itpishkhan.ir:* *.itpishkhan.ir:* hooshco.com:* *.hooshco.com:* ; frame-src 'self' *.google.com:* *.bootstrapcdn.com:* *.gstatic.com:* m5.msy.gov.ir:* *.m5.msy.gov.ir:* itpishkhan.ir:* *.itpishkhan.ir:* hooshco.com:* *.hooshco.com:* ; frame-ancestors 'self' *.google.com:*  *.bootstrapcdn.com:* *.gstatic.com:* m5.msy.gov.ir:* *.m5.msy.gov.ir:* itpishkhan.ir:* *.itpishkhan.ir:* hooshco.com:* *.hooshco.com:* ; reflected-xss filter; referrer no-referrer-when-downgrade;  2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
default-src https: 'unsafe-inline' 'self' data: 'unsafe-eval' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.kontent.ai/ 2
default-src 'self' * 'unsafe-inline' data:; 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 2
form-action 'self' 2
frame-ancestors 'self' *.medialift.nl *.drugsinfo.nl *.alcoholinfo.nl *.helderopvoeden.nl *.rokeninfo.nl *.verslaafdaanjou.nl *.gokkeninfo.nl *.gameninfo.nl *.mentaalvitaal.nl; 2
frame-ancestors 'self' analytics.pt-dlr.de 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; 2
default-src 'self'; frame-src 'self' data: fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.postcodeanywhere.co.uk https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com https://www.paypalobjects.com; 2
default-src https://player.vimeo.com www.abtasty.com wss://*.hotjar.com try.abtasty.com https://*.hotjar.io stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl data: 'self'; style-src *.googleads.g.doubleclick.net https://tagmanager.google.com bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://teddytor.abtasty.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl googleads.g.doubleclick.net https://skk.erecruiter.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl https://www.ytimg.com 52.166.95.107 https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://www.facebook.com https://pixel.wp.pl https://cm.g.doubleclick.net https://*.googleapis.com stats.g.doubleclick.net *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl *.app.abtasty.com www.google.com bcp.crwdcntrl.net *.ratatu.pl www.google-analytics.com www.0.s-nk.pl *.googleads.g.doubleclick.net https://www.i1.ytimg.com bnp-paribas.user.com *.gstatic.com https://www.googleapis.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com bnp-optima-uat-search01.squiz.pl https://ib.adnxs.com https://dot.wp.pl https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com teddytor.abtasty.com *.abtasty.com https://www.emplocity.com clients1.google.com https://tbl.tradedoubler.com https://ad.doubleclick.net www.linkedin.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com *.ratatu.pl https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net www.facebook.com *.googleads.g.doubleclick.net https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://script.hotjar.com https://app.ehoundplatform.com https://pixel.wp.pl https://www.ssl.gstatic.com https://*.googleapis.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net *.ratatu.pl www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://cse.google.com *.vimeo.com bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://www.bnpparibas.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.googleads.g.doubleclick.net https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com *.ratatu.pl 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.facebook.com try.abtasty.com bnp-optima-uat-search01.squiz.pl stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net wss://ws9.hotjar.com https://vc.hotjar.io bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 https://insights.hotjar.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self' 2
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 2
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca an.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.net verify.yandex.ru *.verify.yandex.ru 'self'; frame-src http: https: awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; font-src http: https: data: an.yandex.ru yastatic.net yastat.net 'self'; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru static-mon.yandex.net 'self'; media-src http: https: data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net report-uri https://livejournal.com/csp_reports 2
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 2
frame-ancestors 'self' *.roomlynx.net  2
default-src 'self' data: code.jquery.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com; frame-src 'self' *.youtube-nocookie.com 2
frame-ancestors 'self' https://*.xealth.io; 2
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://api.autopilothq.com https://apenterprise.io https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://apenterprise.io https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl https://api.livechatinc.com/ wss://ws9.hotjar.com/ wss://ws8.hotjar.com/api/v2/client/ws https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://api.autopilothq.com https://apenterprise.io; form-action https:; report-uri /debug/csp; 2
upgrade-insecure-requests; frame-ancestors 'self'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.google.com.au *.google.ca *.gstatic.com *.google-analytics.com *.googleadservices.com *.pingdom.net js.hs-analytics.net *.cloudfront.net js-agent.newrelic.com *.doubleclick.net *.nr-data.net *.mastersoftgroup.com *.quantserve.com *.idmanagedsolutions.com *.addthis.com *.xg4ken.com *.lightboxcdn.com *.brightcove.net *.youtube.com player.vimeo.com *.cloudflare.com *.onmodulus.net *.bootstrapcdn.com *.tradingroom.com.au *.services.visualstudio.com *.azurewebsites.net *.windows.net *.msecnd.net *.bing.com  is-ff-cdn-www.azureedge.net is-gb-cdn-www.azureedge.net is-rs-cdn-www.azureedge.net is-pz-cdn-www.azureedge.net is-ct-cdn-www.azureedge.net is-jw-cdn-www.azureedge.net is-develop-cdn-www.azureedge.net is-uat-cdn-www.azureedge.net is-master-stg-cdn-www.azureedge.net  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.yourshare.com.au image.mail.eurekareport.com.au ii-uploads.s3.amazonaws.com *.intercom.io wss://*.intercom.io *.intercom.com *.intercomcdn.com *.intercomassets.com dnn506yrbagrg.cloudfront.net/pages/scripts/0018/4016.js *.crazyegg.com s3.amazonaws.com/trk.cetrk.com/ gtrk.s3.amazonaws.com *.disqus.com disqus.com *.disquscdn *.disquscdn.com *.typekit.net pub.s7.exacttarget.com cl.s7.exct.net *.coveritlive.com *.segment.com *.segment.io *.kissmetrics.com https://pixel.tapad.com  *.adsrvr.org *.quantcount.com *.dianomi.com *.jquery.com cdn.jsdelivr.net *.highcharts.com *.mypropertytools.com.au *.static.omnilife.com.au static.omnilife.com.au outlook.office365.com  placehold.it placeholdit.imgix.net fakeimg.pl fullstory.com *.fullstory.com *.facebook.net *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.mixpanel.com *.mxpnl.com *.bugherd.com *.bugsnag.com https://omny.fm/ marketo.net *.marketo.net *.mktoresp.com app-sn04.marketo.com *.dacast.com *.viglink.com *.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com *.bloomberg.com *.afr.com *.2gb.com *.forbes.com *.smh.com.au *.economist.com *.asx.com.au *.abc.net.au *.skynews.com.au *.theaustralian.com.au *.seniorsnews.com.au *.appcues.com *.firebaseio.com *.firebase.com appcues-quickstart.s3-us-west-2.amazonaws.com *.cloudinary.com *.appcues.net appcues-content-api-prod.herokuapp.com nh436jpc4i.execute-api.us-west-2.amazonaws.com 104cl9psz3.execute-api.us-west-2.amazonaws.com wss://api.appcues.net wss://*.firebaseio.com cdn.jsdelivr.net calendly.com *.calendly.com https://portal.ttds.com.au/ http://thetermdepositshop.com.au/ *.inspectlet.com https://*.buzzsprout.com www.buzzsprout.com *.imgix.net vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com *.zoho.com abr.business.gov.au https://www.googleoptimize.com *.rlets.com *.gannettdigital.com *.reachlocalservices.com 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * 'self'; img-src * 'self' data: 2
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 2
default-src 'self'; frame-src 'self'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.egoid.me https://*.zopim.com https://*.geetest.com https://*.qbox.me https://*.wx.qq.com https://*.bhex.com https://*.bhfastime.com https://*.bit-e.com https://www.googletagmanager.com https://hm.baidu.com https://www.google-analytics.com https://static.zdassets.com https://*.hbtc.ai https://*.hbtc.fm https://*.hbtc.live https://*.hbtc.today https://*.bluehelix.com; connect-src 'self' https://*.bhfastime.com https://api.geetest.com wss://*.zopim.com https://ekr.zdassets.com https://*.zendesk.com  https://www.google-analytics.com https://*.hbtc.ai wss://*.hbtc.ai https://*.hbtc.fm wss://*.hbtc.fm https://*.hbtc.live wss://*.hbtc.live https://*.hbtc.today wss://*.hbtc.today https://*.bluehelix.com wss://*.bluehelix.com  https://*.bhex.com wss://*.bhex.com https://*.hbtc.com wss://*.hbtc.com https://*.hbtc.co wss://*.hbtc.co https://*.bit-e.com wss://*.bit-e.com https://*.bhex.us wss://*.bhex.us https://*.bhex.cn wss://*.bhex.cn https://*.gobhex.com wss://*.gobhex.com https://*.bhexb.com wss://*.bhexb.com; img-src * data: blob:; object-src 'none'; base-uri 'self'; style-src 'self' https://static.geetest.com 'unsafe-inline' blob: https://*.bhex.com https://*.bhfastime.com https://*.bit-e.com; font-src * data: blob:; manifest-src 'self' https://*.bhfastime.com; media-src 'self' https://static.zdassets.com https://*.bhfastime.com 2
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 2
default-src 'none'; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; connect-src 'self' wss://*.glr.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com 2
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=newspaper&d=2021-02-27 2
font-src *.gstatic.com *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action *.pardot.com *.douglaslabs.com *.seroyal.com *.pureencapsulations.com *.kleanathlete.com *.douglaslabs.ca *.seroyal.ca *.pureencapsulations.ca *.kleanathlete.ca 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.artifi.net *.facebook.com *.nr-data.net *.google.com 'self' 'unsafe-inline'; img-src data: *.nextopia.net *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.newrelic.com *.bootstrapcdn.com *.douglaslabs.com *.seroyal.com *.pureencapsulations.com *.kleanathlete.com *.douglaslabs.ca *.seroyal.ca *.pureencapsulations.ca *.kleanathlete.ca 'self' 'unsafe-inline'; script-src www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.nextopiasoftware.com *.artifi.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com maps.googleapis.com *.googletagmanager.com *.gstatic.com *.newrelic.com *.nr-data.net *.pardot.com *.nextopia.net *.ecomm-nav.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.facebook.com *.facebook.net *.google.com *.googleapis.com *.bootstrapcdn.com *.pardot.com *.nextopia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.nextopia.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline';  connect-src *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.nr-data.net *.pardot.com *.nextopia.net  'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2
default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 2
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 2
frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://www.paypalobjects.com https://insights.algolia.io; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com https://ct.pinterest.com https://scontent.xx.fbcdn.net https://alb.reddit.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://www.myregistry.com https://www.babylist.com/ https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://assets.adobedtm.com https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://bam-cell.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://ln-rules.rewardstyle.com https://members.cj.com https://s.pinimg.com https://s.yimg.com https://sp.analytics.yahoo.com/ https://www.redditstatic.com; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.smartrecruiters.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://bam-cell.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://web.delighted.com https://www.facebook.com https://ct.pinterest.com https://insights.algolia.io https://graph.instagram.com https://*.algolianet.com https://*.algolia.net https://s.yimg.com; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com https://members.cj.com; frame-src 'self' https://*.bazaarvoice.com blob: https://www.myregistry.com https://www.babylist.com/ https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com https://player.simplecast.com https://wellsaid.simplecast.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src www.openstreetmap.org; 2
frame-ancestors 'self' learn.arcgis.com *.esri.com 2
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' ; frame-src 'self' ; 2
frame-ancestors 'self' https://www.domainedevillers.fr https://www.thalasso-deauville.com https://benerville.fr http://www.lacloseriedeauville.com http://www.augeval.com http://www.congres-deauville.com https://www.hotel-saint-james.fr https://www.bellevue-hotel.fr https://www.mairie-benerville.neopse-site.fr https://www.benerville.fr https://www.acapars.com/ 2
frame-ancestors https: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' ws: https: http: data: 2
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.stihl.com https://wm.wiredminds.de https://www.google-analytics.com https://www.googletagmanager.com https://analytics-udg.netdna-ssl.com https://www.googleadservices.com https://bat.bing.com https://rns.matelso.de https://googleads.g.doubleclick.net https://maps.googleapis.com https://static.criteo.net https://sslwidget.criteo.com https://static.hotjar.com https://connect.facebook.net https://ssl.geoplugin.net https://www.google.com https://www.gstatic.com https://api.openweathermap.org https://e.video-cdn.net https://79423.analytics.edgekey.net https://mc.yandex.ru https://vk.com https://top-fwz1.mail.ru https://cdn.taboola.com https://trc.taboola.com https://ssl.google-analytics.com https://www.sc.pages02.net https://track.adform.net https://s2.adform.net https://cstatic.weborama.fr https://chimpstatic.com https://amplify.outbrain.com https://tr.outbrain.com https://lib-3pas.admatrix.jp https://eventd-cro.admatrix.jp https://static.ads-twitter.com https://analytics.twitter.com https://s.pinimg.com https://ajax.googleapis.com https://wm.wiredminds.de https://static.stihl-timbersports.com https://www.youtube.com https://s.ytimg.com https://*.mouseflow.com https://secure-ds.serving-sys.com https://ng361.infusionsoft.com https://bs.serving-sys.com;style-src 'self' 'unsafe-inline' https://static.stihl.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://static.stihl-timbersports.com;img-src 'self' data: *;font-src 'self' https://static.stihl.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://e.video-cdn.net https://maxcdn.bootstrapcdn.com https://*.mouseflow.com;child-src 'self' https://*.mouseflow.com;frame-src 'self' https://www.google.com https://www.facebook.com https://e.video-cdn.net https://googleads.g.doubleclick.net https://www.google.de https://ad3.adfarm1.adition.com https://*.fls.doubleclick.net https://cstatic.weborama.fr https://rd.frontend.weborama.fr https://www.youtube-nocookie.com https://www.youtube.com https://e.issuu.com https://*.mouseflow.com https://app11.jaggaer.com https://player.vimeo.com https://ng361.infusionsoft.app;connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://d.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://ma307-r.analytics.edgekey.net https://asset-out-cdn.video-cdn.net https://mc.yandex.ru https://top-fwz1.mail.ru https://trc-events.taboola.com https://ext.nonstoppartner.net https://ct.pinterest.com https://*.mouseflow.com https://secure-ds.serving-sys.com https://static.stihl.com https://static.stihl-timbersports.com https://static.viking-garden.com;media-src 'self' https://videocdnvod1-vh.akamaihd.net https://asset-out-cdn.video-cdn.net;object-src 'self' https://static.stihl.com; 2
frame-ancestors 'self' *.sber.ru *.championat.com 2
frame-ancestors 'self' tvoy-priz.ru lasterlast.ru guru-games.ru gigath.oneth.ru oneth.ru netheml.ru gamazer.ru gamcloud.ru maigamers.ru sotgame.ru igamir.ru girgame.ru vk.com livehelp.trueplay.io 2
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline';script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *;frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 2
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 2
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 2
default-src 'self'; style-src 'self' 'unsafe-inline'; 2
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 2
frame-ancestors 'self' http://www.fx-graphics.com; 2
script-src *.sentry-cdn.com *.b2brain.com *.nr-data.net *.ytimg.com *.newrelic.com *.googletagmanager.com *.fullstory.com *.youtube.com *.tidiochat.com *.tidio.co *.doubleclick.net cbandrey2static.s3.amazonaws.com *.google-analytics.com *.googleadservices.com  optimize.google.com www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval';style-src cbandrey2static.s3.amazonaws.com *.b2brain.com 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com *.google.com *.youtube.com; 2
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https:; upgrade-insecure-requests; 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net adservice.google.com *.adservice.google.com cardinalcommerce.com *.cardinalcommerce.com paypal.com *.paypal.com; frame-ancestors 'self' *.environmental-expert.com *.xprt.com *.agriculture-xprt.com *.energy-xprt.com environmental-expert.com xprt.com agriculture-xprt.com energy-xprt.com 2
default-src https: 'self'; base-uri 'self' optimize.google.com; block-all-mixed-content; child-src www.youtube.com player.vimeo.com fast.wistia.net; connect-src 'self' *.algolia.net *.algolianet.com bam.nr-data.net camaloon-web.s3-eu-west-1.amazonaws.com *.camaloon.media *.fullstory.com *.google-analytics.com *.sentry.io *.reviews.io *.crazyegg.com *.landbot.io stats.g.doubleclick.net; font-src 'self' data: *.fontawesome.com *.gstatic.com; form-action 'self' calendly.com; frame-ancestors *.myshopify.com; frame-src 'self' optimize.google.com *.reviews.io *.stripe.com *.youtube.com *.landbot.io bid.g.doubleclick.net; img-src data: blob: *; media-src 'self'; object-src 'self'; plugin-types application/pdf; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.adroll.mgr.consensu.org *.bing.com fullstory.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.google.com *.googleapis.com *.leadfeeder.com *.newrelic.com *.nr-data.net *.reviews.io *.stripe.com *.sentry-cdn.com *.crazyegg.com *.landbot.io googleads.g.doubleclick.net connect.facebook.net; style-src 'unsafe-inline' 'self' blob: *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 2
frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 2
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 2
frame-ancestors *.benq.com *.benq.eu 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net blob: data: 2
frame-ancestors 'self' http: https: *.flysepehran.ir flysepehran.ir *.safarbooking.com  safarbooking.com *.allinsafar.com allinsafar.com  website.safar.lan help.safarbooking.com 'unsafe-inline' 2
frame-ancestors 'self' www.lgechat.com www.group-digital.fr; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self'; base-uri 'self'; object-src 'self'; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; frame-ancestors 'self' 2
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 2
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; frame-ancestors 'self' nvidia.lookbookhq.com nvidia.pathfactory.com resources.nvidia.com www.nvidia.com www.nvidia.cn preview.nvidia.com; report-uri https://nvidia.report-uri.com/r/d/csp/wizard 2
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 2
default-src https://www.heemstede.nl https://www.bloemendaal.nl ;report-to csp; report-uri https://report-uri.simplyadmire.com/ ; frame-ancestors 'self' https://www.heemstede.nl https://www.bloemendaal.nl;script-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://www.heemstede.nl https://www.bloemendaal.nl https://www.youtube.com https://stats.pusher.com/ https://cloudstatic.obi4wan.com/ https://*.readspeaker.com https://www.vrk.nl/GemeentebannersV2 https://*.readspeaker.com https://siteimproveanalytics.com https://gemeente-bloemendaal.email-provider.nl/a/ https://ilost.co ;object-src 'self'; style-src 'self' data: 'unsafe-inline' https://www.heemstede.nl https://www.bloemendaal.nl https://f1-eu.readspeaker.com ;img-src 'self' data: https://www.heemstede.nl https://www.bloemendaal.nl https://s3-eu-west-1.amazonaws.com/ https://6006146.global.siteimproveanalytics.io https://eu2.siteimprove.com/ https://ilost.co ;media-src 'self' https://www.heemstede.nl https://www.bloemendaal.nl https://www.youtube.com https://*.readspeaker.com ;frame-src 'self' https://www.heemstede.nl https://www.bloemendaal.nl https://www.youtube.com https://bloemendaal.maps.arcgis.com https://heemstede.maps.arcgis.com https://*.readspeaker.com https://gemeente-bloemendaal.email-provider.nl/ https://ilost.co ;font-src 'self' data: https://www.heemstede.nl https://www.bloemendaal.nl ;connect-src 'self' https://www.heemstede.nl https://www.bloemendaal.nl https://chatapi.obi4wan.com/ wss://ws-eu.pusher.com/ https://cloudstatic.obi4wan.com/ https://6006146.global.siteimproveanalytics.io/ https://rstts-eu.readspeaker.com/ https://www.google-analytics.com/ ; 2
frame-ancestors 'self' *.betssongroupaffiliates.com 2
default-src 'self'; font-src 'self' data: https://resources.ricoh-europe.com https://fast.fonts.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://resources.ricoh-europe.com https://code.jquery.com https://unpkg.com https://service.maxymiser.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com https://maps.googleapis.com https://*.en25.com https://fullstory.com https://edge.fullstory.com https://script.hotjar.com https://static.hotjar.com https://www.youtube.com https://s.ytimg.com https://secure.leadforensics.com https://app-static.turtl.co https://ldynamicspublicapi.leadforensics.com https://snap.licdn.com https://cdn.mouseflow.com https://tag.demandbase.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://resources.ricoh-europe.com https://fast.fonts.net https://unpkg.com https://fonts.googleapis.com https://*.en25.com https://app-static.turtl.co https://use.fontawesome.com; img-src 'self' data: https://resources.ricoh-europe.com https://*.t.eloqua.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://service.maxymiser.net https://assets.turtl.co https://assets.ricoh-europe.com https://www.google.com https://px.ads.linkedin.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://www.googletagmanager.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://rs.fullstory.com https://in.hotjar.com https://www.googleadservices.com; frame-src https://resources.ricoh-europe.com https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://vars.hotjar.com https://ricoh-docuware-calculator.tbtmarketing.com https://gestiondocumentaire.ricoh.fr https://supportrequest.ricoh.ch https://discover.ricoh.co.uk https://webforms.ricoh.de https://*.t.eloqua.com 2
frame-ancestors 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net www.onlinechatcenters.com *.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net data:; style-src 'unsafe-inline' 'self' fonts.gstatic.com www.gstatic.com  fonts.googleapis.com tagmanager.google.com 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com 2
script-src 'self'; object-src 'self' 2
script-src 'unsafe-eval' 'self' wss://*.zopim.com *.criteo.net  *.criteo.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net *.googleadservices.com consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.addthis.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.* *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com  prefmgr-cookie.truste-svc.net 'self' 'unsafe-inline' hm.baidu.com data: 2
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 2
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src blob: js.driftt.com *.youtube-nocookie.com *.marketo.com; connect-src 'self' *.6sc.co *.6sense.com *.company-target.com *.google-analytics.com *.litix.io *.mktoresp.com *.mktoutil.com *.stripe.com *.wistia.com s3.amazonaws.com api.lever.co embedwistia-a.akamaihd.net hackerone.com secure.adnxs.com stats.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.marketo.com *.twitter.com; frame-ancestors 'self'; frame-src 'self' fast.wistia.com js.driftt.com *.youtube.com *.youtube-nocookie.com *.marketo.com *.twitter.com my.pima.app; object-src 'self'; img-src 'self' data: *.6sc.co *.adsymptotic.com *.bidr.io *.company-target.com *.google-analytics.com *.google.com *.linkedin.com *.techtarget.com *.twimg.com *.twitter.com s3.amazonaws.com cdn.bizible.com cdn.bizibly.com cdn.ttgtmedia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com id.rlcdn.com stats.g.doubleclick.net t.co via.placeholder.com; media-src 'self' blob: data: *.wistia.com s3.amazonaws.com embedwistia-a.akamaihd.net; script-src 'self' 'unsafe-eval' 'sha256-chw1FVji+ddLlO/RrcP3fhKOLsJUUh+FaKbjsOC2BiQ=' 'sha256-D6d37gZGDMRuNu3bDdYkGuOfCaaNGdTrB3eF5d5IU/Y=' 'sha256-XrP50Mq6s78GLH2Vyt4BfKhn8rx4OdU6FYqQGbxRuZc=' *.6sc.co *.ads-twitter.com *.cloudflare.com *.demandbase.com *.google-analytics.com *.linkedin.com *.techtarget.com *.twitter.com *.marketo.com *.ads-twitter.com s3.amazonaws.com cdn.bizible.com cdn.syndication.twimg.com fast.wistia.com js.driftt.com munchkin.marketo.net snap.licdn.com unpkg.com; style-src 'self' 'unsafe-inline' *.twitter.com *.marketo.com s3.amazonaws.com checkout.stripe.com fast.wistia.com fonts.googleapis.com; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; 2
frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; report-to https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; 2
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 2
frame-ancestors 'self' godaddy.com *.godaddy.com test-godaddy.com *.test-godaddy.com dev-godaddy.com *.dev-godaddy.com *.dev-godaddy.com:8443 2
frame-ancestors 'self' app.optimizely.com unileverde.inone.useinsider.com *.adobe.com 2
default-src 'self' https:; script-src 'self' 'unsafe-eval' https: *.gravatar.com 'unsafe-inline' https://www.google-analytics.com https://maps.googleapis.com https://platform.twitter.com https://maps.googleapis.com https://maps.gstatic.com *.youtube.com https://jotform.com https://api.instagram.com *.adobedtm.com https://dpm.demdex.net https://therandomhousegroupl.tt.omtrdc.net; connect-src https: 'self'; object-src 'none'; frame-ancestors https: 'self'; child-src https: 'self'; frame-src https: 'self'; style-src 'self' 'unsafe-inline' fonts.com https://use.typekit.net https://p.typekit.net https://code.jquery.com https://cdnjs.cloudflare.com; img-src https: 'self' data: blob: https://penguinreadsta.wpengine.com/; font-src https: 'self' data: https://use.typekit.net https://cdnjs.cloudflare.com; 2
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.ametek.com *.ametekweb.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.usemessages.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com  *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.techmfg.com *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.leadfeeder.com https://chimpstatic.com *.zygo.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.amazonaws.com https://js.hscta.net https://js.hs-banner.com https://js.hsleadflows.net *.force.com https://analytics-eu.clickdimensions.com https://widgets.wp.com *.clickdimensions.com *.zoominfo.com https://snap.licdn.com *.salesforceliveagent.com https://bat.bing.com *.salesforce.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.lightning.com *.visualforce.com *.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.kickfire.com *.doubleclick.net *.lightning.com *.adroll.com *.ytimg.com *.loopanalytics.com *.surveymonkey.com https://www.qlzn6i1l.com https://secure.neck6bake.com 'unsafe-eval';style-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data:;frame-src * 'unsafe-inline';connect-src * 'unsafe-inline';worker-src 'self' blob:;media-src 'self' *.boltdns.net *.akamaihd.net blob:;object-src 'unsafe-inline' 'self' 2
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com; connect-src 'self' data: *.google.com https://freegeoip.app *.plyr.io https://noembed.com *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com  https://ampcid.google.com.br; img-src 'self' data: *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net; font-src 'self' data: *.gstatic.com script.hotjar.com; worker-src https: blob: 2
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; report-uri /csp/reporting/add; 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: blob: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net blob: 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com   https://www.google-analytics.com https://twitter.com https://app.link  'nonce-YjI2ZTJiMmUtYmM1OS00ZWJlLWI5N2MtYzE1NWYzODgyYzBm'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
frame-ancestors https://www.icicibank.com https://rmwb.icicibank.com https://ipfms.icicibank.com https://imbuat.icicibank.com https://cibnext.icicibank.com https://help.icicibank.com https://infiniteindia.icicibank.com 1
script-src 'report-sample' 'nonce-rtDDyQNwCwD4Jr26k0m8aA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MjQ0LDE0OCw0MCw0MiwxNjYsMTcyLDYsNDM=' https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/; 1
frame-ancestors 'self' https://cms.qz.com; upgrade-insecure-requests 1
frame-src 'self' https: https://optimize.google.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; font-src 'self' data: https: https://fonts.gstatic.com; img-src 'self' data: https: https://g.foolcdn.com http://px.moatads.com https://optimize.google.com https://www.google-analytics.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; media-src 'self' https:; upgrade-insecure-requests 1
frame-ancestors https://*.facebook.com https://*.parallels.com https://*.parallels.cn https://*.prls.net; 1
frame-ancestors 'self' *.wildberries.ru 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-OTcsMTcwLDE2MSwxNDgsNywxNDgsMjUzLDEzNQ==' https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
object-src 'none'; base-uri 'none'; script-src https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://ngastatic.com https://www.googletagmanager.com https://assets.allegrostatic.com https://adservice.google.pl https://adservice.google.com https://securepubads.g.doubleclick.net https://ad.doubleclick.net https://allegro.hit.gemius.pl https://connect.facebook.net https://nebula-cdn.kampyle.com https://www.googletagservices.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net https://www.youtube.com https://player.vimeo.com https://www.googleadservices.com https://s.ytimg.com https://www.google-analytics.com https://secure.payu.com https://maps.googleapis.com https://*.go-mpulse.net 'nonce-sV5jDbJ1c7EF8v++slNS1g==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample'; block-all-mixed-content; report-uri https://edge.allegro.pl/seclog/csp; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mailto: data: census.gov *.census.gov http://www.census.gov 2020census.gov *.2020census.gov cep.gov house.gov *.house.gov senate.gov *.senate.gov *.sharethis.com *.ytimg.com *.consensu.org *.addthis.com *.moatads.com *.exelator.com *.youtube.com *.twitter.com *.facebook.net *.facebook.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.doubleclick.net *.jquery.com *.alicdn.com  *.highcharts.com *.adobe.com *.adobedtm.com *.amsadobe.com *.demdex.net *.omtrdc.net *.everesttech.net *.arcgisonline.com *.digitalgov.gov *.calendarwiz.com *.tableau.com *.instagram.com *.go-mpulse.net *.cspan.org sitecatalyst.omniture.com authorize.omniture.com; 1
upgrade-insecure-requests; default-src 'self' blob: *.brightcove.com ; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: http: *.images.express.co.uk *.images.dailyexpress.co.uk; media-src https: data: blob:; font-src https: data:; frame-src https: data: blob:; connect-src https: wss: blob:; object-src https:; 1
frame-ancestors https://ads.idntimes.com https://fyi.idntimes.com 1
default-src 'none'; script-src 'self' cdn.robinhood.com 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com boards.greenhouse.io www.googleadservices.com; frame-src www.google.com/recaptcha/ www.youtube.com/embed/ www.googletagmanager.com tr.snapchat.com boards.greenhouse.io; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com; font-src 'self' cdn.robinhood.com data:; media-src 'self' cdn.robinhood.com; img-src 'self' cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net images.ctfassets.net/fomw95h5b4ty/ www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com tr.snapchat.com googleads.g.doubleclick.net; connect-src 'self' robinhood.com *.robinhood.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com sentry.io www.googletagmanager.com tagmanager.google.com boards-api.greenhouse.io; block-all-mixed-content; upgrade-insecure-requests; report-uri https://report-uri.robinhood.com/_csp?type=static-sites; base-uri 'self' 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.co.id *.shopee.cn *.facebook.com;  1
frame-ancestors 'self' hhs.gov *.hhs.gov 1
base-uri 'self';form-action 'self' https://*.facebook.com https://pubs.ouedkniss.com  https://plus.ouedkniss.com  https://images.ouedkniss.com ; object-src 'self'; frame-ancestors 'self'; default-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://*.ouedkniss.com https://*.criteo.com https://*.criteo.net https://*.googletagservices.com https://*.google-analytics.com https://*.cloudfront.net https://*.doubleclick.net  https://*.google.fr https://*.google.dz https://*.alexametrics.com https://*.google.com https://*.googlesyndication.com https://*.autobip.com https://*.facebook.com https://*.facebook.net https://*.jquery.com https://*.gstatic.com https://*.tripadvisor.com https://*.googleapis.com https://*.doubleclick.net https://*.gstatic.com https://*.ampproject.org https://*.tripadvisor.com https://*.tripadvisor.fr https://*.facebook.com https://partner.googleadservices.com https://www.googletagmanager.com https://www.googleadservices.com https://annuaire.ouedkniss.com 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://seekingalpha.com/report/csp 1
default-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/; style-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ 'unsafe-inline'; script-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ https://ssl.google-analytics.com/ga.js 'unsafe-inline' resource: data: blob:; img-src 'self' https://www.freebsd.org/ https://docs.freebsd.org https://ssl.google-analytics.com/ https://chart.googleapis.com/ data: blob:; upgrade-insecure-requests 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.com.my *.shopee.cn *.facebook.com;  1
default-src 'self'; img-src https: data: 1
default-src 'self' data: https://*.pcdn.co http://*.pcdn.co https://www.google-analytics.com https://www.googletagmanager.com http://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat http://t.co https://*.facebook.com https://*.facebook.net https://*.quora.com http://trk.in25app.com https://*.ads-twitter.com https://*.media.net http://*.media.net https://*.cookiepro.com https://*.onetrust.com https://*.twitter.com https://*.youtube.com https://*.ytimg.com https://noembed.com https://cdn.plyr.io https://*.akamaihd.net https://*.googleapis.com  https://*.googleusercontent.com https://*.gstatic.com https://*.consensu.org https://*.livechatinc.com/ https://*.ads.linkedin.com/ https://*.linkedin.com/ https://*.pm-srv.co https://bat.bing.com/bat.js https://bat.bing.com 'unsafe-inline'; 1
script-src 'nonce-ba0d05aaccc9a3f010efe64786854080' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=5580562562097615; frame-ancestors 'self' 1
frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' http://q-xx.bstatic.com http://dom.jtb.co.jp secure.worldpay.com centinelapi.cardinalcommerce.com images.krisshop.com http://pix6.agoda.net maps.gstatic.com *.googleapis.com *.ggpht.com edge.prod-ext.api.manulife.com  cm.g.doubleclick.net fcmatch.google.com fcmatch.youtube.com www.trinaxmind.com api-us.faceplusplus.com cdn.glassboxcdn.com report.gbpilot.glassboxdigital.io report.dbs.glassboxdigital.io s.ytimg.com  idealanalyticsapi.dbs.com vc.hotjar.io dbs.com.sg https://qmslivechat.dbs.com www.orangeteeproperties.com storage.googleapis.com v1.addthisedge.com v1.addthis.com ampcid.google.com adservice.google.com ad.doubleclick.net ampcid.google.com.sg amp-error-reporting.appspot.com cdn.ampproject.org ssl.gstatic.com i.travelapi.com http://www.tripadvisor.com marketplace.dbs.com.sg marketplace-pilot.dbs.com.sg avp.blob.core.windows.net marketplace-pilot.dbs.com in.hotjar.com prod2-content-care-community-cdn.sprinklr.com script.hotjar.com vars.hotjar.com http://www.outbrain.com static.hotjar.com pixel.tapad.com res.cloudinary.com sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com directline.com blob: data:; style-src 'self' 'unsafe-inline' tagmanager.google.com prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com chatbanking.dbs.com; 1
base-uri 'self';connect-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.sentry.io https://sentry.io https://*.sentry.io;default-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net;font-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net data: https://fonts.gstatic.com;frame-ancestors https://www.creditkarma.com https://accounts.creditkarma.com https://*.apply.creditkarma.com;frame-src https://tags.creditkarma.com https://creditkarmacdn-a.akamaihd.net;img-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://creditkarma-cms.imgix.net/ https://creditkarma.imgix.net/ https://ck-content.imgix.net/ https://ck-assets.imgix.net/ https://www.google-analytics.com https://seal.digicert.com https://stats.g.doubleclick.net https://www.google.com data: https://d29u10q7qlh006.cloudfront.net https://financialprovider-e2e-logos.platform.intuit.com;object-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net;script-src 'nonce-6fd560da8bb19cd6ff6de625bd7c3e5a' 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://www.google-analytics.com https://www.googleadservices.com https://seal.digicert.com https://js-agent.newrelic.com 'strict-dynamic' 'report-sample' data: 'nonce-207064aebdd3c0b532db819a00aeb27e';style-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net 'unsafe-inline' data: https://fonts.googleapis.com;worker-src 'self';report-uri https://sentry.io/api/1213169/security/?sentry_key=6ccb2738843e424b8bc559905d29b115 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.vn *.shopee.cn *.facebook.com;  1
connect-src 'self' https: blob: data: 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; worker-src 'self' blob:; 1
default-src 'none';script-src https://*.divarcdn.com https://*.hotjar.com 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://ammaar.delivery.zeerak.cloud https://www.google-analytics.com https://cdn.yektanet.com https://s1.mediaad.org;style-src 'self' 'unsafe-inline' https://*.divarcdn.com;img-src 'self' data: blob: https://divar.ir https://*.divarcdn.com https://trustseal.enamad.ir https://www.google-analytics.com https://www.googletagmanager.com https://*.openstreetmap.org https://*.balad.ir https://www.google.com https://www.google.nl https://www.google.de https://www.google.ae https://www.google.fr https://www.google.ca https://www.google.co.uk https://logo.samandehi.ir;connect-src 'self' https://divar.ir https://*.divar.ir https://files.divarcdn.com https://www.google-analytics.com https://*.doubleclick.net https://*.delivery.zeerak.cloud https://*.leogames.co https://*.hotjar.com https://*.googleapis.com https://firebase.the-wall.io https://api.mediaad.org https://ua.yektanet.com https://audience.yektanet.com;font-src 'self' https://*.divarcdn.com data:;object-src 'none';frame-ancestors 'none';base-uri 'self';frame-src 'self' https://*.hotjar.com https://ua.yektanet.com https://mediacdn.mediaad.org;manifest-src 'self';upgrade-insecure-requests;block-all-mixed-content 1
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.wired2fish.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-sivbygdtie5/VxLyVKTSZrtanuJENR/AqeBv3NhZHVvqHSn1' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https: data:; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://nexus.ensighten.com https://*.go-mpulse.net https://*.akstat.io https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thoughtco.com 1
frame-ancestors 'self' *.shutterfly.com *.tinyprints.com *.onehippo.io; 1
default-src http: https: data: blob:; media-src http: https: data: blob:; img-src http: https: data: blob:; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data:; worker-src http: https: data: blob:; font-src http: https: data:; 1
frame-ancestors *.104.com.tw 1
default-src * blob: data:; object-src 'none'; base-uri 'self'; script-src 'nonce-056a21fd-0476-4458-befc-a683850765e6' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https: http:; style-src https: http: 'unsafe-inline'; report-uri https://analytics.quizizz.com/csp-violations?render_time=1614388336191&render_path=/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com *.googleapis.com *.google.com 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' 'sha256-587vJAV9t9k86IMQixmyKa7lbPaDhkGzrJsdngtoiAA=' 'sha256-kYDvl4o9O3XKKtgQW4BZzZZ44BDD2lwJj6eNJ8HyqWg=' *.googleapis.com *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com plus.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com; img-src * data: blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com; object-src 'none'; default-src 'self' *.gstatic.com; base-uri 'none' 1
frame-ancestors *.makerbot.com *.thingiverse.com *.mbot.me *.onshape.com *.makerbot.local *.thingiverse.local; 1
default-src 'self' ; connect-src 'self' https://s1259914507.t.eloqua.com https://www.google-analytics.com https://syndication.twitter.com https://api.company-target.com; font-src 'self' https://fonts.mopub.com http://cdn.cms-mpdigitalassets.com data:; frame-src 'self' https://www.youtube.com https://*.mopub.com; img-src 'self' https://www.google-analytics.com https://s1259914507.t.eloqua.com https://*.ads.linkedin.com https://*.g.doubleclick.net http://cdn.cms-mpdigitalassets.com https://cdn-cms.mopub.com https://p.adsymptotic.com/d/px https://www.google.com/ads/ga-audiences https://www.google.com/pagead/1p-user-list/690709767/ data:; media-src 'self' https://*.mopub.com http://cdn.cms-mpdigitalassets.com; object-src 'self' https://*.mopub.com http://cdn.cms-mpdigitalassets.com; script-src 'self' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' https://*.mopub.com 'nonce-4f08b8d5ed74d6bd231832fdd745576' http://cdn.cms-mpdigitalassets.com; style-src 'self' 'unsafe-inline' http://cdn.cms-mpdigitalassets.com https://*.mopub.com; report-uri ; frame-ancestors 'self' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.lifewire.com 1
default-src *;font-src 'self' fonts.gstatic.com;img-src 'self' https: data:;script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;upgrade-insecure-requests;frame-ancestors 'none';base-uri 'none' 1
frame-ancestors 'self' https://*.adobe.com; 1
default-src 'none';              img-src 'self';              style-src 'self';              script-src 'self' https://www.openhub.net;              font-src 'self';              child-src 'self' https://www.openhub.net https://www.youtube.com https://www.youtube-nocookie.com;              object-src 'none';              media-src 'self' https://download.gimp.org https://www.mirrorservice.org;              base-uri 'self';              form-action 'self' https://www.paypal.com https://gitlab.gnome.org;              frame-ancestors 'self';               1
default-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.google.com cdn.datatables.net; object-src 'self'; base-uri *.caltech.edu; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.mathjax.org stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.google.com *.googleapis.com api.duosecurity.com browser.sentry-cdn.com www.feedrapp.info sentry.io static.addtoany.com *.facebook.net cdn.datatables.net; child-src 'self' www.youtube.com player.vimeo.com www.slideshare.net *.wufoo.com calendar.google.com docs.google.com accounts.google.com; frame-src 'self' www.youtube.com player.vimeo.com www.ustream.tv www.slideshare.net *.wufoo.com calendar.google.com docs.google.com www.google.com maps.google.com accounts.google.com cse.google.com s3-us-west-2.amazonaws.com form.jotform.com static.addtoany.com *.facebook.com *.facebook.net api-a3b78b57.duosecurity.com cdn.knightlab.com www.buzzsprout.com; connect-src 'self' www.google-analytics.com stats.addtoany.com sentry.io; font-src 'self' public.slidesharecdn.com fonts.gstatic.com; frame-ancestors *.caltech.edu; media-src 'self' www.youtube.com player.vimeo.com; img-src 'self' data: caltech-prod.s3.amazonaws.com s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/ i.ytimg.com www.youtube.com player.vimeo.com ustvstaticcdn1-a.akamaihd.net www.slideshare.net cdn.slidesharecdn.com www.gravatar.com stats.g.doubleclick.net cdnjs.cloudflare.com *.staticflickr.com *.cdninstagram.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com www.facebook.com cdn.datatables.net; form-action 'self' *.wufoo.com docs.google.com www.its.caltech.edu caltech.us5.list-manage.com; report-uri /_csp 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 1
script-src 'nonce-Pn3RWhMdzCJV5NlANbuyQg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/about_google; base-uri 'none' 1
child-src mc.yandex.com mc.yandex.md mc.yandex.ru yandex.com yandex.ru;connect-src mc.admetrica.ru mc.yandex.com mc.yandex.ru yandex.com yastat.net yastatic.net;default-src yastat.net yastatic.net;img-src 'self' *.verify.yandex.ru avatars.mds.yandex.net data: favicon.yandex.net mc.admetrica.ru mc.yandex.com mc.yandex.ru yandex.com yandex.ru yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.com.com&showid=1614395457.53624.97968.74942&h=prestable-morda-vla-yp-138&csp=new&date=20210227&yandexuid=2536601911614395457;script-src 'nonce-kuMLab4qejD1xBMMmMNfyg==' mc.yandex.com mc.yandex.ru yandex.com yastatic.net;style-src 'unsafe-inline' yastatic.net 1
frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 1
frame-ancestors 'self' *.shopeemobile.com *.shopee.ph *.shopee.cn *.facebook.com;  1
frame-ancestors https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com https://academy.asana.com; report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.ads-twitter.com https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://reveal.clearbit.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://search-api.swiftype.com https://s.swiftypecdn.com https://analytics.twitter.com https://platform.twitter.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com https://*.marketo.com https://*.marketo.net https://js.driftt.com/* https://www.googleoptimize.com https://cdnjs.cloudflare.com https://api.ipify.org https://cdn.pdst.fm https://*.vimeocdn.com https://js.driftt.com https://widget.drift.com https://resources.asana.com https://w58858w0sjxx.statuspage.io https://optimize.google.com  https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.logs.datadoghq.com https://www.datadoghq-browser-agent.com 1
frame-ancestors 'self' https://*.gamer.com.tw; 1
default-src 'self';connect-src 'self' ws: https://*.google-analytics.com https://s3-eu-west-1.amazonaws.com;img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com/ data: https://*.google-analytics.com https://*.doubleclick.net https://s3.amazonaws.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://js-agent.newrelic.com/nr-1044.min.js https://www.google.com https://www.gstatic.com https://*.google-analytics.com http://*.getclicky.com;style-src 'self' 'unsafe-inline' http://maxcdn.bootstrapcdn.com https://*.googleapis.com https://www.gstatic.com;font-src 'self' https://www.gstatic.com https://*.gstatic.com http://maxcdn.bootstrapcdn.com;frame-src 'self' https://www.google.com https://*.s3.amazonaws.com;report-uri /csp; 1
default-src 'self' https://arduino.cc; script-src 'self' 'unsafe-inline' https://*.iubenda.com https://*.hotjar.com data: https://tagmanager.google.com/debug https://js.intercomcdn.com https://widget.intercom.io https://*.googletagservices.com https://*.googlesyndication.com https://consent.trustarc.com https://forum.arduino.cc https://store.arduino.cc https://store-cdn.arduino.cc https://arduino.cc https://checkout.stripe.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://ads.supplyframe.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://js.stripe.com https://auth.arduino.cc https://hydra.arduino.cc https://cdn.arduino.cc https://content.arduino.cc https://cdnjs.cloudflare.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com https://arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://content.arduino.cc; font-src 'self' https://fonts.gstatic.com https://content.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://js.intercomcdn.com/fonts/; img-src 'self' data: https:; connect-src 'self' https://*.iubenda.com https://*.algolia.net https://*.algolianet.com https://content.arduino.cc https://fonts.gstatic.com https://*.hotjar.com https://login.arduino.cc https://auth.arduino.cc https://blog.arduino.cc https://api.arduino.cc https://api2.arduino.cc https://my.arduino.cc https://forum.arduino.cc https://store.arduino.cc https://checkout.stripe.com https://api.stripe.com https://cdn.arduino.cc https://www.google-analytics.com https://cdn-stag.arduino.cc https://trackerapi.trustarc.com https://api-iam.intercom.io/messenger/web/ wss://nexus-websocket-a.intercom.io/pubsub/ https://api-iam.intercom.io/messenger/web/ping; child-src 'self' https://create.arduino.cc https://downloads.arduino.cc https://checkout.stripe.com https://www.youtube.com https://js.stripe.com https://www.hackster.io; frame-src 'self' https://*.hotjar.com https://login.arduino.cc https://consent-pref.trustarc.com https://hydra.arduino.cc https://auth.arduino.cc https://create.arduino.cc https://downloads.arduino.cc https://docs.google.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://www.hackster.io https://staticxx.facebook.com https://iframe.dacast.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' *.arduino.cc 1
report-uri https://frontendservice.report-uri.com/r/t/csp/enforce; child-src 'self'; connect-src *; default-src 'self'; img-src 'self' data: *.facebook.com https://transferwise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://alb.reddit.com https://assistly-production.s3.amazonaws.com https://b97.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.transferwise.com/ https://lienzo.s3.amazonaws.com https://platform-lookaside.fbsbx.com https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://transferwise.desk.com https://widgets.transferwise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com http://wi.se https://wi.se; font-src 'self' data: https://fonts.gstatic.com https://widgets.transferwise.com/ https://script.hotjar.com; object-src 'self'; media-src 'self'; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' polyfill.io https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com s.yimg.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://b97.yahoo.co.jp www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com www.facebook.com staticxx.facebook.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com connect.facebook.net www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://d2dgj1jjqgsb96.cloudfront.net https://sc-static.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com transferwise.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/; frame-ancestors https://transferwiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com https://wiseturkiye.com.tr; frame-src https://staticxx.facebook.com/ https://www.facebook.com youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://tr.snapchat.com https://transferwise.com https://wise.com https://wise.com 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancecareers.com 1
frame-ancestors 'self' https://*.rapid7.com 1
default-src 'self' blob: ; style-src https: 'self' 'unsafe-inline' blob: *.onetrust.com fast.wistia.com *.wistia.com *.wistia.net *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.onetrust.local *.youtube-nocookie.com *.googleleadservices.com *.cookiebanners.com *.g2.com *.otprivacy.com ;script-src 'self' 'unsafe-inline' blob: 'unsafe-eval'  fast.wistia.com *.wistia.com *.wistia.net *.onetrust.com *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.amazonaws.com *.gstatic.com *.google.com *.greenhouse.io *.onetrust.local onetrust.local *.google-analytics.com *.youtube-nocookie.com *.bizographics.com *.bing.com *.en25.com *.googleleadservices.com *.eloqua.com *.licdn.com *.googleadservices.com *.linkedin.com *.otprivacy.com;font-src https: 'self' data: *.googletagmanager.com fonts.google.com;img-src * data: fast.wistia.com *.wistia.com *.wistia.net *.akamaihd.net *.greenhouse.io *.onetrust.com *.g2.com *.otprivacy.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net *.akamaihd.net *.youtube-nocookie.com *.g2.com *.otprivacy.com;object-src 'none'; frame-ancestors 'self'; frame-src 'self' fast.wistia.com *.wistia.com *.wistia.net *.onetrust.com *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.youtube-nocookie.com *.google.com *.gstatic.com *.cookiebanners.com *.g2.com *.otprivacy.com;connect-src 'self' data: * pipedream.wistia.com distillery.wistia.com embed-e.wistia.com *.wistia.com *.wistia.net *.chargebeestatic.com *.g2.com ; 1
script-src 'nonce-1c6e052de2770d8cb39bda4ad24240d0' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=6582634787571673; frame-ancestors 'self' 1
frame-ancestors 'self' piwik.mpg.de statistics.mpg.de analytics.mpg.de; 1
default-src 'self' blob: ; style-src https: 'self' 'unsafe-inline' *.onetrust.com *.wistia.com *.wistia.net *.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.cookielaw.org ;script-src 'self' 'unsafe-inline' blob: 'unsafe-eval'  *.wistia.com *.wistia.net *.cookielaw.org *.googletagmanager.com *.chargebee.com *.chargebeestatic.com *.cloudfront.net *.amazonaws.com *.greenhouse.io *.google-analytics.com *.cookiepro.com *.en25.com *.bing.com *.ads-twitter.com *.twitter.com *.1trust.app *.onetrust.com *.eloqua.com *.google.com *.gstatic.com;font-src https: 'self' data: *.googletagmanager.com fonts.google.com;img-src * data: *.wistia.com *.wistia.net *.akamaihd.net *.greenhouse.io *.onetrustpro.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net *.akamaihd.net;object-src 'none'; frame-ancestors 'self'; frame-src 'self' *.wistia.com *.wistia.net *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.greenhouse.io *.cookielaw.org *.google.com;connect-src 'self' data: * ; 1
script-src 'sha256-pnoQF//j0RwJZqwALpwhuO+vdkna5cglLd7M+mpd09o=' 'nonce-oeu+NSBVVlJ6NT772BEdFA==' 'self' 'unsafe-inline' https://note.com https://d291vdycu0ht11.cloudfront.net https://d2l930y2yx77uc.cloudfront.net https://polyfill.io https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com/firebasejs https://*.facebook.net https://platform.twitter.com https://*.twimg.com cdn.iframe.ly https://cdn.embedly.com https://*.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com https://speakerdeck.com https://*.flickr.com https://*.mul-pay.jp https://stage-travel.fraudprevention.jp https://travel.fraudprevention.jp http://cloudfront.loggly.com https://*.canva.com; object-src 'none'; base-uri 'self' 1
default-src 'self' curl.haxx.se www.curl.se curl.se www.fastly-insights.com fastly-insights.com; style-src 'unsafe-inline' 'self' curl.haxx.se www.curl.se curl.se 1
script-src * 'unsafe-inline'; style-src * 'unsafe-inline' blob:; img-src * data: blob: 1
frame-ancestors 'self' https://*.justia.com http://*.justia.com 1
script-src 'self'  'nonce-ZmZjOTM0NTUyOTVjNDEzNTk1YWZhMTNmYTdjZmU5Nzk='; script-src-elem 'self' 'nonce-ZmZjOTM0NTUyOTVjNDEzNTk1YWZhMTNmYTdjZmU5Nzk=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0='  'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk='  'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://gateway.zscaler.net https://translate.google.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://pcdnscwx001.azureedge.net https://ajax.googleapis.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://tagmanager.google.com https://live-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://marketo-scwx-pe.pantheonsite.io https://app-ab44.marketo.com https://stats.g.doubleclick.net; img-src 'self' pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org s1659.t.eloqua.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com b.6sc.co www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com match.prod.bidr.io id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com segments.company-target.com www.linkedin.com ; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
frame-ancestors 'self' *.lycos.com 1
script-src 'nonce-8b7505da2507a865c1e726fa508bd181' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1771447947445018; frame-ancestors 'self' 1
default-src https: data: vine:;img-src 'self' data: https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com https://t.co https://analytics.twitter.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://twemoji.maxcdn.com https://twitter.github.io/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vine.co https://*.twitter.com https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co https://platform.vine.co https://stats.g.doubleclick.net https://ssl.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co;media-src 'self' blob: https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://*.vncdn.co https://media.vineapp.com;object-src 'self' blob: https://vine.co https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com;connect-src 'self' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com https://graph.facebook.com;font-src 'self' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co;report-uri https://twitter.com/i/csp_report?a=OZUW4ZI=&ro=false 1
default-src * 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com/gsi/style; default-src 'self'; object-src 'none'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://releases.wagtail.io https://login.thinkwithgoogle.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.googletagmanager.com *.doubleclick.net https://*.google.com https://*.youtube.com https://accounts.google.com/; img-src 'self' data: *.googleapis.com https://*.googleadservices.com *.google-analytics.com *.googletagmanager.com https://*.doubleclick.net https://*.google.com *.youtube.com https://*.ytimg.com https://*.googleusercontent.com https://www.google.com.co/ads/ga-audiences; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://*.youtube.com https://*.ytimg.com https://apis.google.com https://accounts.google.com/gsi/client 'sha256-X/2y0k5CqBhwyz7GjCuTbjDh8SEG3n0yZQXUof0iutg=' 'sha256-NcpdQlNlNRkHugLjvly0tTsNmv1u+XFNMVyZJt9OME8=' 'sha256-X0JWsAG/k2sIeTfXAL+VH5SdA6bef2aT/CoRG/FEQFc=' 'sha256-uV3MJak3jcDQZeDpjoi5NuUOKAQe8qE+Z+MpOCWxhpE=' 'sha256-p8DHh8ADxJ+fxRhMf8/63d8uDUhed5gGb94GSjXk/mo=' 'sha256-0Cqwq2yr0A7o9kZpqY/cNveUUoUADOFM99v4/8FS4i4=' 'sha256-iesGR3JHRGeyvATAtjwQmvlAioN6sazp6KuT/uKGobQ=' 'sha256-QANjaoIfOQm9O/Caf6DcNtAQEU052VPjPZkZCkqFlbc=' 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: 'unsafe-inline'; manifest-src 'self'; media-src *; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self'; base-uri 'self'; form-action *; frame-ancestors 'self' http://content.to https://content.to 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 1
frame-ancestors http://*.crionline.cn http://*.cri.cn 1
frame-ancestors *.dowjones.net *.onservo.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MjI2MjA0MTA1OSwzNzQ2MTM5OTU3'; report-uri https://exceptions.hubspot.com/csp/report; 1
default-src 'none'; script-src 'self' https://cdn.polyfill.io https://connect.facebook.net http://www.google-analytics.com https://www.google.com https://www.gstatic.com http://static.ads-twitter.com https://analytics.twitter.com 'nonce-**CSP_NONCE**' data:; connect-src 'self' *.blockchain.com *.blockchain.info *.cryptocompare.com https://blockchain.info https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://script.google.com https://script.googleusercontent.com; frame-src 'self' *.blockchain.com *.blockchain.info https://www.google.com https://www.youtube.com; img-src 'self' *.blockchain.com *.blockchain.info data: *.cryptocompare.com *.googleusercontent.com https://www.facebook.com http://www.google-analytics.com https://www.google.com http://t.co/i/adsct; style-src 'self' 'unsafe-inline' https://rsms.me https://fonts.googleapis.com 'nonce-**CSP_NONCE**'; font-src 'self' https://rsms.me https://fonts.gstatic.com data:; manifest-src 'self'; object-src 'self'; 1
child-src 'self' *.yandex.ru *.yandexadexchange.net awaps.yandex.net banners.adfox.ru blob: mc.yandex.md mc.yandex.ru storage.mds.yandex.net yandex.ru yandexadexchange.net yastat.net yastatic.net zen.yandex.ru;connect-src 'self' *.cdn.ngenix.net *.mediascope.mc.yandex.ru *.strm.yandex.net *.strm.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru an.yandex.ru auto.ru awaps.yandex.net awaps.yandex.ru favicon.yandex.net frontend.vh.yandex.ru games.yandex.ru jstracer.yandex.ru log.strm.yandex.ru matchid.adfox.yandex.ru mc.admetrica.ru mc.yandex.ru mobile.yandex.net portal-xiva.yandex.net strm.yandex.ru thequestion.ru wss://portal-xiva.yandex.net wss://push.yandex.ru wss://webasr.voicetech.yandex.net www.kinopoisk.ru www.maximonline.ru yabs.yandex.ru yandex.ru yandex.st yastat.net yastatic.net zen.yandex.ru;default-src awaps.yandex.net awaps.yandex.ru yastat.net yastatic.net zen.yandex.ru;font-src 'self' an.yandex.ru data: yastat.net yastatic.net zen.yandex.ru;img-src 'self' *.mediascope.mc.yandex.ru *.strm.yandex.net *.tns-counter.ru *.verify.yandex.ru ad.adriver.ru ad.doubleclick.net ads.adfox.ru ads6.adfox.ru amc.yandex.ru an.yandex.ru auto.ru avatars-fast.yandex.net avatars.mds.yandex.net awaps.yandex.net awaps.yandex.ru banners.adfox.ru bs.serving-sys.com content.adfox.ru data: favicon.yandex.net gdeby.hit.gemius.pl gdero.hit.gemius.pl mc.admetrica.ru mc.yandex.com mc.yandex.ru pixel.adlooxtracking.com px.moatads.com resize.yandex.net s3.mds.yandex.net storage.mds.yandex.net strm.yandex.net strm.yandex.ru thequestion.ru verify.yandex.ru wcm-ru.frontend.weborama.fr wcm.solution.weborama.fr www.kinopoisk.ru www.maximonline.ru yandex.ru yastat.net yastatic.net zen.s3.yandex.net zen.yandex.ru;media-src *.cdn.ngenix.net *.strm.yandex.net *.strm.yandex.ru *.yandex.net banners.adfox.ru blob: content.adfox.ru data: strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net;object-src avatars.mds.yandex.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1614405852.16513.94847.75232&h=prestable-morda-vla-yp-66&csp=new&date=20210227&yandexuid=1854964951614405852;script-src 'nonce-P3pHJkEwqHgwAPNOqXwZ0g==' 'self' ads.adfox.ru ads6.adfox.ru an.yandex.ru banners.adfox.ru mc.yandex.ru yandex.ru yandex.st yastat.net yastatic.net zen.yandex.ru;style-src 'unsafe-inline' banners.adfox.ru content.adfox.ru yandex.st yastat.net yastatic.net zen.yandex.ru 1
default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com *.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://*.decibelinsight.net *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 1
frame-ancestors 'self'; upgrade-insecure-requests; 1
block-all-mixed-content; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns https://www.scotiabank.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellmind.com 1
default-src 'self' *.filezilla-project.org; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * blob: 1
frame-ancestors https://talks.uzone.id https://www.useetv.com https://www.rctiplus.com https://technology.uzone.id https://entertainment.uzone.id https://automotive.uzone.id https://travel.uzone.id https://movie.uzone.id https://hangout.uzone.id http://internetpositif.uzone.id http://mercusuar.uzone.id https://sport.uzone.id https://health.uzone.id https://games.uzone.id https://startup.uzone.id https://telco.uzone.id https://gadget.uzone.id https://digilife.uzone.id https://www.alexa.com https://certify-js.alexametrics.com https://uzone.id 1
default-src 'none'; script-src 'nonce-IPjjTW/0MjbcMmh5RATKqg==' 'unsafe-inline' https://yastatic.net mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; style-src 'unsafe-inline' https://yastatic.net; img-src 'self' https://yastatic.net mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; font-src yastatic.net; connect-src yandex.ru mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru; 1
frame-ancestors *.skysports.com *.livefyre.com *.google.com *.google.co.uk *.ampproject.org; 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-e9bab482f7c14b8d82269a5815bc0cc9'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-wHpaj3lyUzFrMG6ymXfdNg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv; media-src * blob:; object-src *; connect-src *; font-src * data:; child-src blob:; 1
script-src 'nonce-FhHbO5Ov+O/AdC7VLl4PQg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport 1
frame-ancestors 'self' *.imperial.ac.uk *.ic.ac.uk 1
script-src 'report-sample' 'nonce-tr9JrnA/v9Qf3v4l6GFq3A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
script-src 'nonce-4427f348f4a60a45b80bc7ad33e6b4d3' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=3583438709808764; frame-ancestors 'self' 1
default-src 'self' api2.firefoxchina.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tiny.lishitu.com/open/changeXinzuo  http://a.alimama.cn g.click.taobao.com platform.sina.com.cn suggestion.baidu.com www.baidu.com hm.baidu.com nssug.baidu.com tui.cnzz.net www.google-analytics.com *.googlesyndication.com static.huohu123.com https://www.duba.com/main3_json.html http://www.duba.com/main3_json.html https://tiny.51hl.me/; img-src * data:; child-src 'self' *.firefoxchina.cn  *.17huohu.com; frame-src 'self' *.firefoxchina.cn  *.17huohu.com www.taobao.com entry.baidu.com; frame-ancestors 'self' *.firefoxchina.cn tongji.baidu.com about:; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; report-uri /_/csp-reports 1
upgrade-insecure-requests, upgrade-insecure-requests 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net;  worker-src blob: 'self';  connect-src * wss: blob:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 1
script-src 'report-sample' 'nonce-eLrHflWSuJkRnvrp7UtYWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors 'self' *.parentlink.com *.parentlink.net *.parlant.com *.cloudspeaker.com *.memberspark.com 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net *.hotjar.com bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com *.soundcloud.com ti.to *.tito.io *.cdn.optimizely.com tpc.googlesyndication.com www.google.com ethn.io *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com sentry.io www.facebook.com *.akamaihd.net *.optimizely.com *.wistia.com *.wistia.net *.quora.com *.soundcloud.com *.sndcdn.com *.clearbit.com 258-clw-344.mktoresp.com bat.bing.com cdn.bizible.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net rum-http-intake.logs.datadoghq.com public-trace-http-intake.logs.datadoghq.com heapanalytics.com api.company-target.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.optimizely.com cdn3.optimizely.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com ethn.io fast.wistia.com fast.wistia.net ga.clearbit.com googleads.g.doubleclick.net sjs.bizographics.com js.stripe.com munchkin.marketo.net platform.twitter.com reveal.clearbit.com rtp-static.marketo.com script.hotjar.com secure.adnxs.com snap.licdn.com static.hotjar.com stats.g.doubleclick.net store.intercom.io ti.to tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com *.jquery.com *.tito.io *.linkedin.com *.quora.com *.soundcloud.com *.sndcdn.com *.widerfunnel.com 'strict-dynamic' 'nonce-MzBkN2MxMTctMTgyNS00ZTJhLTk3NzUtMzA2MDIxNGFhYzg5'; style-src 'self' 'unsafe-inline' *.tito.io app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com heapanalytics.com; worker-src data: blob: 1
default-src 'self'; child-src * 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 1
script-src  'unsafe-inline' data: *.dwstatic.com *.huya.com *.msstatic.com  *.huya.com:*  'unsafe-eval'  *.qq.com static2.fengkongcloud.com   http://127.0.0.1:20192 hm.baidu.com http://*.huya.com *.huyainfo.com blob: ;style-src  'unsafe-inline' *.dwstatic.com *.huya.com *.msstatic.com *.huyainfo.com;connect-src 'self' blob: data: *.huya.com *.huya.com:* http://*.huya.com wss://*.huya.com wss://*.mobgslb.tbcache.com wss://*.huya.com:* ws://*.huya.com ws://*.huya.com:* *.msstatic.com *.dwstatic.com hm.baidu.com *.qq.com *.smtcdns.net *.ourdvsss.com *.mobgslb.tbcache.com *.ksyungslb.com  *.w5cc.com wss://*.ourdvsss.com http://*.msstatic.com *.yystatic.com http://*.yystatic.com vr.duowan.com http://vr.duowan.com wss://*.ksyungslb.com *.jomodns.com wss://*.jomodns.com *.huya.info http://*.huya.info ws://*.huya.info wss://*.huya.info *.qvb.qcloud.com wss://*.qvb.qcloud.com *.host.00cdn.com *.host.00cdn.com:* wss://*.host.00cdn.com wss://*.host.00cdn.com:* huya-p.xylive.tv  wss://huya-p.xylive.tv *.v2l.pkoplink.com wss://*.v2l.pkoplink.com *.v2l.pkoplink.com:* wss://*.v2l.pkoplink.com:* wss://*.cdn1218.com *.cdn1218.com wsapi-global.master.live  wss://*.v2l.szbdyd.com:* https://*.v2l.szbdyd.com:* wss://*.host.00cdn.com:* https://*.host.00cdn.com:* wss://*.ckeyer.com:* https://*.ckeyer.com:* *.aliyuncs.com wss://*.aliyuncs.com *.ppio.cloud:* wss://*.ppio.cloud:*;img-src *.dwstatic.com *.huya.com *.msstatic.com *.dwstatic.com http://*.dwstatic.com  *.huya.com:* hm.baidu.com *.hiido.com http://*.msstatic.com http://*.huya.com *.yy.com http://*.yy.com data: *.image.myqcloud.com http://*.image.myqcloud.com ad.doubleclick.net *.qq.com about: hyweb-test.oss-cn-shenzhen.aliyuncs.com vhuya-img.oss-cn-hangzhou.aliyuncs.com *.huanjuyun.com *.yst.aisee.tv http://*.yst.aisee.tv wegame.gtimg.com web-diymaterial.oss-cn-shenzhen.aliyuncs.com web-diymaterial.oss-cn-shenzhen.aliyuncs.com *.picgz.myqcloud.com *.myhuaweicloud.com qzapp.qlogo.cn http://qzapp.qlogo.cn *.aliyuncs.com;report-uri https://csp.huya.com/csp?sentry_id=101&sentry_key=8f7b23a903b842e5b61b8f8decd45478; 1
script-src 'nonce-800cad4bef7643aad16e7940e1057d6d' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline'; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1429161050750697; frame-ancestors 'self' 1
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' www.sprint.com shop.sprint.com mysprint.sprint.com m.sprint.com es.sprint.com sprint.inq.com static.inq.com api-sprint.touchcommerce.com auth-sprint.touchcommerce.com portal-sprint.touchcommerce.com chatrouter-sprint.inq.com cobrowse-sprint.inq.com forms-sprint.inq.com media-sprint.inq.com api.touchcommerce.com auth.touchcommerce.com portal.touchcommerce.com chatrouterv3.inq.com cobrowse.inq.com formsv3.inq.com mediav3.inq.com business.sprint.com smallbusiness.sprint.com stage-er-www.sprint.com opmt.sprint.com tc.sprint.com storelocator.sprint.com storelocator-staging.sprint.com 1
img-src 'self' https: data: cdn.paris.fr 1
default-src https:; style-src https: 'unsafe-inline'; img-src       * data:; worker-src    * blob:; font-src      *; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src   *; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com bbox.blackbaudhosting.com olx.britishmuseum.org www.britishmuseum.org maps.googleapis.com cdn.rawgit.com services.postcodeanywhere.co.uk www.youtube.com s.ytimg.com payments.blackbaud.com secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com connect.facebook.net secure.quantserve.com edge.quantserve.com www.google-analytics.com rules.quantcount.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com payments.blackbaud.com bbox.blackbaudhosting.com partners.designmynight.com cdn.loop11.com www.loop11.com platform.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com; img-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com ssl.gstatic.com www.googletagmanager.com googletagmanager.com www.gstatic.com gstatic.com maps.gstatic.com maps.googleapis.com cdn.rawgit.com olx.britishmuseum.org secure.adnxs.com ad.360yield.com ib.adnxs.com cm.g.doubleclick.net prf.audiencemanager.de cdn.audiencemanager.de secure-ds.serving-sys.com bs.serving-sys.com www.facebook.com pixel.quantserve.com www.google-analytics.com stats.g.doubleclick.net www.google.com/ads www.google.co.uk/ads static.designmynight.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com ttp://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io openseadragon.github.io libimages1.princeton.edu 51.11.16.222 media.britishmuseum.org http://media.britishmuseum.org data:;; frame-src 'self' player.vimeo.com payments.blackbaud.com bbox.blackbaudhosting.com sketchfab.com w.soundcloud.com www.youtube.com bookings.designmynight.com www.facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-ancestors 'self'; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'self'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:;; connect-src 'self' www.google-analytics.com payments.blackbaud.com olx.britishmuseum.org bookings.designmynight.com www.facebook.com facebook.com cdn.loop11.com www.loop11.com platform2.cloud-iq.com platform2.cloud-iq.com content.cloud-iq.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://51.143.128.218 media.britishmuseum.org 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruceeats.com 1
frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw standchartbank.experiencecloud.adobe.com experience.adobe.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
"default-src 'self';" 1
frame-ancestors https://*.swissinfo.ch 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sbeta.cz *.sdn.cz *.sdn.szn.cz *.pliing.com *.imedia.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com www.instagram.com https://www.gstatic.com https://ajax.googleapis.com http://*.adnxs.com *.adform.net se2.pliing.com *.adnxs.com *.adnxs.net *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.adsafeprotected.com *.seznam.cz http://*.seznam.cz https://*.seznam.cz *.novinky.cz https://www.novinky.cz login.szn.cz https://login.szn.cz notifikace.seznam.cz https://notifikace.seznam.cz https://*.dev.dszn.cz sk.adocean.pl go.eu.bbelements.com cz.search.etargetnet.com *.cloudfront.net toi.cdn.dopc.cz sb.scorecardresearch.com collect-eu-central-1.tealiumiq.com secure.quantserve.com js-agent.newrelic.com *.pubmatic.com *.doubleverify.com *.serving-sys.com *.consensu.org *.sklik.cz *.scif.cz *.im.cz ads.celtra.com; frame-ancestors 'self' www.novinky.cz api.novinky.cz a.novinky.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com https://cdn.datamatic.io https://public.flourish.studio; worker-src blob: 1
default-src 'self' blob: https://*.futurelearn.com; object-src https://*.vzaar.com https://vzaar-video.ccindex.cn https://vjs.zencdn.net; base-uri 'self' https://*.futurelearn.com; frame-ancestors 'self' https://*.futurelearn.com; frame-src 'self' *; connect-src 'self' *; form-action 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: about: *; style-src 'self' 'unsafe-inline' blob: *; img-src 'self' data: *; media-src 'self' * blob:; font-src 'self' about: data: *; report-uri /csp-violation 1
frame-ancestors 'self' https://*.sproutsocial.com; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 1
default-src 'self' ; img-src data: 'self' http://etransaction.rajasthan.gov.in https://etransaction.rajasthan.gov.in http://bioscope.rajasthan.gov.in https://bioscope.rajasthan.gov.in http://gis.rajasthan.gov.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bioscope.rajasthan.gov.in https://bioscope.rajasthan.gov.in https://www.google.com/recaptcha/api.js https://www.gstatic.com/ http://gis.rajasthan.gov.in;  style-src 'self' 'unsafe-inline'; child-src 'self' http://etransaction.rajasthan.gov.in https://etransaction.rajasthan.gov.in http://bioscope.rajasthan.gov.in https://bioscope.rajasthan.gov.in https://www.google.com/ https://www.gstatic.com http://gis.rajasthan.gov.in; font-src 'self' ;connect-src 'self' http://etransaction.rajasthan.gov.in https://etransaction.rajasthan.gov.in http://bioscope.rajasthan.gov.in https://bioscope.rajasthan.gov.in http://gis.rajasthan.gov.in 1
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com data:; connect-src 'self' https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com; frame-src https://www.googletagmanager.com https://optimize.google.com; object-src 'self' 1
frame-ancestors *.motorsport.com *.motorsport.uol.com.br motorsport.uol.com.br *.autosport.com 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ *.fastly-insights.com sentry.io https://api.pwnedpasswords.com https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://warehouse-camo.ingress.cmh1.psfhosted.org/ www.google-analytics.com *.fastly-insights.com; script-src 'self' www.googletagmanager.com www.google-analytics.com *.fastly-insights.com https://cdn.ravenjs.com; style-src 'self' fonts.googleapis.com; worker-src *.fastly-insights.com 1
report-uri https://m.namava.ir/CSPreports; script-src blob: data 'self' 'unsafe-eval' 'unsafe-inline' namava.ir *.namava.ir https://www.namava.tv www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://stats.g.doubleclick.net www.gstatic.com http://xslt.alexa.com http://ssl.p.jwpcdn.com https://cdn.jsdelivr.net https://cdn.ampproject.org https://www.google.com https://script.crazyegg.com http://script.crazyegg.com https://ssl.widgets.webengage.com https://c.webengage.com https://static.hotjar.com https://script.hotjar.com https://www.clarity.ms; object-src 'self' 1
report-uri https://cspreport.bol.com/report/b/14100  ; default-src https://tpc.googlesyndication.com https://www.bol.com ; connect-src https://*.akstat.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.mpstat.us https://*.s-bol.com https://aai.bol.com https://c.go-mpulse.net https://chat1.bol.com https://chatr.bol.com https://fbstatic-a.akamaihd.net https://firefly.bol.com https://www.bol.com ; font-src data: https://*.s-bol.com https://fonts.gstatic.com https://secure.ogone.com https://www.bol.com ; frame-src https://*.2mdn.net https://*.adyen.com https://*.akstat.io https://*.doubleclick.net https://*.mpstat.us https://*.youtube-nocookie.com https://bolfelicitatie.b05-apps.nl https://chat1.bol.com https://chatr.bol.com https://info.bol.com https://platform.twitter.com https://s-static.ak.facebook.com https://secure.ogone.com https://tpc.googlesyndication.com https://view.publitas.com https://www.bol.com https://www.facebook.com https://www.google.com ; img-src blob: data: https://*.2mdn.net https://*.adyen.com https://*.akstat.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.krxd.net https://*.moatads.com https://*.mpstat.us https://*.s-bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://bol.com https://bol.ugc.bazaarvoice.com https://cbks0.googleapis.com https://cbks1.googleapis.com https://csi.gstatic.com https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://img.youtube.com https://kbimages1-a.akamaihd.net https://khms0.googleapis.com https://khms1.googleapis.com https://m.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://photos-eu.bazaarvoice.com https://platform.twitter.com https://secure.ogone.com https://ssl.gstatic.com https://static.bol.com https://swa.bol.com https://syndication.twitter.com https://tpc.googlesyndication.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.ups.com ; media-src blob: https://*.kobo.com https://*.phononet.de https://*.s-bol.com https://bolfelicitatie.b05-apps.nl https://rovimusic.rovicorp.com https://static.bol.com https://www.bol.com ; object-src https://bolfelicitatie.b05-apps.nl https://st1.streamzilla.jet-stream.nl https://view.publitas.com https://www.bol.com ; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.2mdn.net https://*.adyen.com https://*.doubleclick.net https://*.google-analytics.com https://*.krxd.net https://*.moatads.com https://*.s-bol.com https://*.youtube-nocookie.com https://aai.bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://ajax.googleapis.com https://apis.google.com https://bol.com https://c.go-mpulse.net https://cbks0.googleapis.com https://cdn.ampproject.org https://cdn.syndication.twimg.com https://cdn.syndication.twitter.com https://chat1.bol.com https://connect.facebook.net https://d31qbv1cthcecs.cloudfront.net https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://firefly.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://partner.googleadservices.com https://platform.twitter.com https://s.ytimg.com https://secure.ogone.com https://static.bol.com https://tpc.googlesyndication.com https://translate.googleapis.com https://tu.tu-vms.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com ; style-src 'unsafe-inline' https://*.s-bol.com https://bol.com https://fonts.googleapis.com https://partner.bol.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://view.publitas.com https://www.bol.com ; worker-src blob: ; frame-ancestors 'self' 1
script-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; default-src 'self'; img-src 'self' data: 1
default-src 'self' *.binomo-webtrading.com *.binomo.com; child-src *; connect-src 'self' analytics.tiktok.com *.adroll.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com top-fwz1.mail.ru *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.optimizely.com *.zopim.com *.launchdarkly.com api.exponea.com ekr.zdassets.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com app.getsentry.com *.binomo-webtrading.com *.binomo.com wss://as.binomo-webtrading.com:* wss://as.binomo.com:* wss://ws.binomo-webtrading.com:* wss://ws.binomo.com:* s.yimg.com; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomo-webtrading.com *.binomo.com; img-src * data:; media-src 'self' *.binomo-webtrading.com *.binomo.com; script-src 'self' static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.googleoptimize.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co *.adroll.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com top-fwz1.mail.ru 'unsafe-eval' 'unsafe-inline' *.binomo-webtrading.com *.binomo.com; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo-webtrading.com *.binomo.com 1
default-src 'self' data: https://*.tum.de https://www.google.com/ https://ajax.googleapis.com https://cse.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.br.de https://maps.google.de https://geoportal.bayern.de https://www.googleapis.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn3.gstatic.com https://ngp.zdf.de https://www.arte.tv https://zdfvodnone-vh.akamaihd.net https://img.youtube.com https://www.ardaudiothek.de https://tum.cloud.panopto.eu https://vimeo.com https://player.vimeo.com 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://biogen-preprod.plateau.com https://biogen.plateau.com https://hcm12preview.sapsf.eu https://performancemanager5.successfactors.eu 1
default-src 'self' *.binomo.com *.binomo.com; child-src *; connect-src 'self' analytics.tiktok.com *.adroll.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com top-fwz1.mail.ru *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.optimizely.com *.zopim.com *.launchdarkly.com api.exponea.com ekr.zdassets.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com app.getsentry.com *.binomo.com *.binomo.com wss://as.binomo.com:* wss://as.binomo.com:* wss://ws.binomo.com:* wss://ws.binomo.com:* s.yimg.com; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomo.com *.binomo.com; img-src * data:; media-src 'self' *.binomo.com *.binomo.com; script-src 'self' static.ads-twitter.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com www.redditstatic.com *.googleoptimize.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co *.adroll.com my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com top-fwz1.mail.ru 'unsafe-eval' 'unsafe-inline' *.binomo.com *.binomo.com; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo.com *.binomo.com 1
frame-ancestors  'self' https://zhof.matse.rwth-aachen.de/ https://rwth.expo-ip.com/ 1
script-src 'nonce-3UNvhievfIqxn2xH7/+HTQ==' 'strict-dynamic' 'self' dgbricks.foxycart.com cdnjs.cloudflare.com www.google-analytics.com connect.liblynx.com www.googletagmanager.com tag.manager.google.com mozilla.github.io cc.cdn.civiccomputing.com; object-src 'self' www.googletagmanager.com; base-uri 'none' 1
frame-ancestors *.ntu.edu.sg 1
default-src 'self'  https://analytics.govinfo.gov https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self'   https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; object-src 'unsafe-inline' 'self' ; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com   https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://analytics.govinfo.gov data:; font-src 'unsafe-inline' 'self'  https://stackpath.bootstrapcdn.com  https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self'; frame-src 'self'  https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; 1
frame-ancestors 'self' https://wendy.westpac.com.au; 1
frame-ancestors https://edmodo.com https://*.edmodo.com https://*.edmodo.com; 1
frame-ancestors 'self' *.tapjoy.net:*/ *.tapjoy.com/; 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ; connect-src 'self' ; img-src 'self' eur-lex.europa.eu data: ; style-src 'unsafe-inline' 'self' *.boe.es ; font-src 'self' ; child-src 'self'  www.youtube.com afirma: ; object-src 'self' ; media-src 'self' 1
frame-ancestors 'self' *.bazaarvoice.com 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src-elem 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://b-code.liadm.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://b-code.liadm.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.paypal.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://d.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://pixel.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com https://s.amazon-adsystem.com https://sp.analytics.yahoo.com https://rp.liadm.com/ https://beacon.krxd.net; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.paypal.com https://www.sandbox.paypal.com https://www.youtube.com https://x.skimresources.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://www.paypal.com https://*.launchdarkly.com https://*.cybersource.com https://*.aciondemand.com https://*.googleapis.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; 1
'frame-ancestors' http://localhost:8100 https//*.tn.gov 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-5QBIroGruLQatcwpqQoM' 'nonce-h2XzVZvGmxSqdyc+E7xF' 1
connect-src 'self' https://*.akafms.net https://*.akamaihd.net https://*.media.brightcove.com https://*.brightcove.com https://*.brightcovecdn.com https://*.brightcove.net https://*.digitalpfizer.com https://*.evidon.com https://*.hotjar.com https://*.llnw.net/ https://*.llnwd.net/ https://adservice.google.com https://amer-identity.pfizer.com https://bam-cell.nr-data.net https://bam.nr-data.net https://brightcove.hs.llnwd.net https://emea-identity.pfizer.com https://house-cloudfront.ap-northeast-1.prod.boltdns.net https://house-cloudfront.ap-southeast-1.prod.boltdns.net https://house-cloudfront.ap-southeast-2.prod.boltdns.net https://house-cloudfront.eu-west-1.prod.boltdns.net https://house-cloudfront.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://knrpc.olark.com/nrpc/ https://l.betrad.com https://stats.addtoany.com/menu https://stats.g.doubleclick.net https://tagmanager.google.com https://vc.hotjar.io/ https://www.facebook.com https://www.google-analytics.com wss://*.hotjar.com wss://*.pfizer.com https://pfe-pfizercom-d8-dev.s3.us-east-1.amazonaws.com https://m.addthis.com https://api-v3.conductrics.com https://cdn-v3.conductrics.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.us-east-1.amazonaws.com https://players.brightcove.net/ https://players.brightcove.net/1852113022001/ByY1aeWF_default/config.json https://players.brightcove.net/1852113022001/7eDMrqTZyS_default/config.json https://www.youtube.com/iframe_api https://svc.webspellchecker.net; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://script.hotjar.com https://use.fontawesome.com/releases/ https://use.typekit.net https://vjs.zencdn.net https://www.youtube.com https://maxcdn.bootstrapcdn.com https://s3.us-east-2.amazonaws.com https://svc.webspellchecker.net; frame-src 'self' tel: https://*.fls.doubleclick.net https://*.janrainsso.com https://bid.g.doubleclick.net https://l3.evidon.com https://players.brightcove.net https://static.addtoany.com https://static.olark.com https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.google.com/maps/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.youtube.com https://s7.addthis.com https://platform.twitter.com https://syndication.twitter.com https://www.hapyak.com https://player.simplecast.com https://p2a.co https://www.pfizer.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://action.pfizer.com https://www.medrespond-pfra.com https://twitter.com https://insight.adsrvr.org; img-src 'self' about: data: https://* https://img.youtube.com https://cdnjs.cloudflare.com https://pbs.twimg.com https://images-cdn.newscred.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://syndication.twitter.com https://abs.twimg.com https://ton.twimg.com https://platform.twitter.com https://developers.google.com https://pixel.newscred.com https://t.co/i/adsct https://tr.outbrain.com/pixel https://amplifypixel.outbrain.com/pixel https://px.ads.linkedin.com/collect https://p.adsymptotic.com/d/px/ https://app.icontact.com https://s3.us-east-2.amazonaws.com https://secure.adnxs.com https://pixel.mediaiqdigital.com; media-src 'self' data: blob: https://brightcove.hs.llnwd.net https://*.media.brightcove.com https://static.olark.com https://secure.brightcove.com/services/mobile/streaming/ https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.digitalpfizer.com https://ajax.googleapis.com https://api.olark.com https://assets.adobedtm.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://connect.facebook.net https://c.evidon.com https://l.evidon.com https://d1v9u0bgi1uimx.cloudfront.net https://d29usylhdk1xyu.cloudfront.net https://d7v0k4dt27zlp.cloudfront.net/assets/ https://docs.gcs.digitalpfizer.com https://googleads.g.doubleclick.net https://js.bizographics.com https://js-agent.newrelic.com https://knrpc.olark.com/nrpc/ https://l.betrad.com https://maps.googleapis.com https://optoutapi.evidon.com https://p.adsymptotic.com https://pfizer-grv-eu.janraincapture.com https://players.brightcove.net https://px.ads.linkedin.com https://rpxnow.com/load/ https://s3.amazonaws.com/pfe_grv https://s3.amazonaws.com/pfe_im/ https://script.hotjar.com https://sjs.bizographics.com https://static.hotjar.com https://static.addtoany.com https://static.olark.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vjs.zencdn.net https://www.bizographics.com https://www.google.com/recaptcha/ https://www.google.com/search/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.linkedin.com https://cdn.jsdelivr.net https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://platform.twitter.com https://cdn.syndication.twimg.com https://p2a.co https://www.youtube.com/iframe_api https://action.pfizer.com https://s.ytimg.com https://maxcdn.bootstrapcdn.com https://static.ads-twitter.com/uwt.js https://analytics.twitter.com https://amplify.outbrain.com https://snap.licdn.com https://app.icontact.com https://d2qrdklrsxowl2.cloudfront.net https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://js.adsrvr.org https://svc.webspellchecker.net cdn-v3.conductrics.com cdnjs.cloudflare.com https://pkg-cdn.digitalpfizer.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://cookies.pfizer.com https://d3hmp0045zy3cs.cloudfront.net https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://pfredirect.pfizersite.io https://quilt-cdn.janrain.com/HEAD/providers.css https://quilt-cdn.janrain.com/HEAD/widgets.css https://s3.amazonaws.com/pfe_grv/ https://static.olark.com https://stackpath.bootstrapcdn.com https://tagmanager.google.com https://translate.googleapis.com https://use.typekit.net https://cdn.jsdelivr.net https://p.typekit.net https://www.youtube.com https://platform.twitter.com https://ton.twimg.com https://app.icontact.com https://pfe-pfizercom-d8-dev.s3.amazonaws.com https://pfe-pfizercom-d8-prod.s3.amazonaws.com https://svc.webspellchecker.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; child-src 'self'; manifest-src 'self'; worker-src 'self' blob:; report-uri https://pfeprod.report-uri.com/r/t/csp/enforce 1
base-uri 'self'; frame-ancestors 'self' https://*.smartinsights.com; frame-src 'self'  https://ff.doubleclick.net https://cdn.embedly.com https://www.google.com https://staticxx.facebook.com https://www.facebook.com https://www.g2.com https://www.g2crowd.com/ https://vars.hotjar.com https://go.pardot.com https://*.smartinsights.com https://checkout.stripe.com  http://www.scribd.com https://www.slideshare.net/ https://js.stripe.com https://*.twitter.com https://*.vimeo.com https://youtu.be https://*.youtube.com https://www.youtube-nocookie.com; img-src data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://4screens.net https://ws.amazon.co.uk https://z-eu.amazon-adsystem.com https://s3-us-west-1.amazonaws.com https://cdn.ampproject.org https://sjs.bizographics.com https://*.cloudflare.com https://*.cloudfront.net https://secure.comodo.com https://*.convertexperiments.com https://*.g.doubleclick.net https://connect.facebook.net https://t.gatorleads.co.uk https://adservice.google.co.uk https://adservice.google.com https://apis.google.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com https://*.hotjar.com https://instant.page https://widget.intercom.io https://js.intercomcdn.com https://e.issuu.com https://code.jquery.com https://cdn.jsdelivr.net https://snap.licdn.com/ https://platform.linkedin.com https://*.newrelic.com https://bam.nr-data.net https://a.opmnstr.com https://api.opmnstr.com https://*.pardot.com https://assets.pinterest.com https://secure.polldaddy.com https://scout-cdn.salesloft.com https://go.smartinsights.com https://checkout.stripe.com https://js.stripe.com https://static.ads-twitter.com https://analytics.twitter.com https://cdn.syndication.twimg.com https://platform.twitter.com https://unpkg.com https://platform.vine.co https://visual.ly https://fast.wistia.com https://t.wowanalytics.co.uk; style-src 'self' 'unsafe-inline' https://code.ionicframework.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.pardot.com https://pi.pardot.com https://checkout.stripe.com https://static.ads-twitter.com https://*.twitter.com; 1
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com agent.bold360.com *.cox-ondemand.com *.yext-cdn.com *.yextpages.net 1
upgrade-insecure-requests;  default-src 'self';  img-src 'self' blob: https: data:;   script-src 'self' cdn.wfp.org *.jwplatform.com www.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com survey.g.doubleclick.net *.doubleclick.net *.adalyser.com *.jwpcdn.com www.gstatic.com adservice.google.com connect.facebook.net www.facebook.com squizlabs.github.io cdnjs.cloudflare.com unpkg.com cdn.sparkcentral.com *.smooch.io *.user1st.info www.googleadservices.com     adservice.google.com adservice.google.ac adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.com.kh adservice.google.cc adservice.google.cd adservice.google.cf adservice.google.cat adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gf adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.iq adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.io adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.com.lc adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.ne adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pk adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.pl adservice.google.com.pg adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.sm adservice.google.so adservice.google.st adservice.google.sr adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.to adservice.google.tn adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.co.za adservice.google.co.zm adservice.google.co.zw     'unsafe-inline' 'unsafe-eval';  frame-src 'self' *.jwpsrv.com www.google.com survey.g.doubleclick.net *.doubleclick.net cdn.knightlab.com forms.office.com content.jwplatform.com *.user1st.info;  font-src 'self' cdn.wfp.org *.jwpcdn.com fonts.gstatic.com *.bootstrapcdn.com cdn.sparkcentral.com *.user1st.info data:;  style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.wfp.org tagmanager.google.com fonts.googleapis.com *.bootstrapcdn.com squizlabs.github.io cdn.sparkcentral.com *.user1st.info;  connect-src 'self' data: cdn.wfp.org geonode.wfp.org www.google-analytics.com api.mapbox.com geoip.nekudo.com api.ipify.org api.ip2country.info mycountry.picktek.org content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com acr.api.spring.wfp.org cdn.sparkcentral.com *.smooch.io *.user1st.info stats.g.doubleclick.net 'self' ws:;  media-src 'self' content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com cdn.sparkcentral.com *.user1st.info blob:;  worker-src 'self' blob:;  child-src 'self' blob: 1
style-src 'self' 'unsafe-inline' *.consumerfinance.gov fast.fonts.net tagmanager.google.com optimize.google.com api.mapbox.com fonts.googleapis.com; default-src 'self'; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com api.iperceptions.com *.qualtrics.com; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com www.gstatic.com ssl.gstatic.com stats.g.doubleclick.net img.youtube.com *.google-analytics.com trk.cetrk.com searchstats.usa.gov gtrk.s3.amazonaws.com *.googletagmanager.com tagmanager.google.com maps.googleapis.com optimize.google.com api.mapbox.com *.tiles.mapbox.com stats.search.usa.gov blob: data: www.facebook.com www.gravatar.com *.qualtrics.com *.mouseflow.com; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com optimize.google.com www.youtube.com *.doubleclick.net universal.iperceptions.com www.facebook.com staticxx.facebook.com mediasite.yorkcast.com *.qualtrics.com; font-src 'self' data: *.consumerfinance.gov fast.fonts.net fonts.google.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov *.google-analytics.com *.googletagmanager.com tagmanager.google.com optimize.google.com ajax.googleapis.com search.usa.gov api.mapbox.com js-agent.newrelic.com dnn506yrbagrg.cloudfront.net bam.nr-data.net *.youtube.com *.ytimg.com trk.cetrk.com universal.iperceptions.com cdn.mouseflow.com n2.mouseflow.com us.mouseflow.com geocoding.geo.census.gov tigerweb.geo.census.gov about: connect.facebook.net www.federalregister.gov storage.googleapis.com *.qualtrics.com; media-src 'self' *.consumerfinance.gov 1
frame-src data: *.yandex.ru *.yandexadexchange.net awaps.yandex.net banners.adfox.ru yandexadexchange.net yastatic.net yastat.net api-maps.yandex.ru blob: mc.yandex.ru 'self' media.adrcdn.com awaps.yandex.ru rest-api.bannerstorage.yandex.net forms.yandex.ru kinopoisk.ru *.kinopoisk.ru auth.kinopoisk.ru sso.kinopoisk.ru sso.passport.yandex.ru *.mds.yandex.net tickets.widget.kinopoisk.ru widget.tickets.yandex.ru widget.tickets.yandex.kz widget.afisha.yandex.ru widget.afisha.yandex.kz video.yandex.ru player.video.yandex.net datalens.yandex yandex.ru; media-src data: *.strm.yandex.ru *.yandex.net banners.adfox.ru content.adfox.ru strm.yandex.ru yandex.ru yandex.st yastatic.net yastat.net *.adfox.ru *.adfox.yandex.ru *.cdn.yandex.net video.kinopoisk.ru; script-src 'unsafe-eval' 'unsafe-inline' ads.adfox.ru ads6.adfox.ru an.yandex.ru banners.adfox.ru mc.yandex.ru yandex.st yastatic.net yastat.net yandex.ru api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz 'self' *.adfox.ru *.adfox.yandex.ru forms.yandex.ru auth.kinopoisk.ru st.kinopoisk.ru *.kp.yandex.net sso.kinopoisk.ru sso.passport.yandex.ru tickets.widget.kinopoisk.ru widget.tickets.yandex.ru widget.tickets.yandex.kz widget.afisha.yandex.ru widget.afisha.yandex.kz video.kinopoisk.ru; style-src 'unsafe-eval' 'unsafe-inline' banners.adfox.ru content.adfox.ru yandex.st yastatic.net yastat.net blob: 'self' auth.kinopoisk.ru st.kinopoisk.ru *.kp.yandex.net; img-src 'self' data: ads.adfox.ru ads6.adfox.ru an.yandex.ru avatars-fast.yandex.net banners.adfox.ru content.adfox.ru favicon.yandex.net *.verify.yandex.ru yastat.net avatars.mds.yandex.net 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru *.adfox.ru *.adfox.yandex.ru media.adrcdn.com *.adrcntr.com amc.yandex.ru avatars.mdst.yandex.net awaps.yandex.net awaps.yandex.ru rest-api.bannerstorage.yandex.net ext.captcha.yandex.net *.cdn.yandex.net clck.yandex.ru ad.doubleclick.net kinopoisk-cm.s3.yandex.net mc.kinopoisk.ru st.kinopoisk.ru *.kp.yandex.net sso.kinopoisk.ru sso.passport.yandex.ru storage.mds.yandex.net ceditor.setka.io https://static-maps.yandex.ru www.tns-counter.ru ar.tns-counter.ru web-metrica.yandex.ru *.weborama.fr files.messenger.yandex.net *.tns-counter.ru wcm-ru.frontend.weborama.fr wcm.solution.weborama.fr ad.adriver.ru bs.serving-sys.com gdeby.hit.gemius.pl verify.yandex.ru px.moatads.com gdero.hit.gemius.pl pixel.adlooxtracking.com; connect-src 'self' adfox.yandex.ru ads.adfox.ru ads6.adfox.ru an.yandex.ru jstracer.yandex.ru matchid.adfox.yandex.ru mc.yandex.ru strm.yandex.ru yandex.st yastatic.net yastat.net yandex.ru awaps.yandex.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru *.adfox.ru *.adfox.yandex.ru awaps.yandex.ru csp.yandex.net forms.yandex.ru http-check-headers.yandex.ru kinopoisk.ru *.kinopoisk.ru ott-widget.yandex.ru api.passport.yandex.ru sentry.iddqd.yandex.net static-mon.yandex.net log.strm.yandex.ru proxy.video.yandex.net static.video.yandex.net files.messenger.yandex.net aab-pub.s3.yandex.net; font-src 'self' data: an.yandex.ru yastatic.net yastat.net *.adfox.ru *.adfox.yandex.ru; child-src api-maps.yandex.ru blob: mc.yandex.ru; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com toloka.yandex.ru toloka.yandex.com yang.yandex-team.ru iframe-toloka.com; default-src 'self'; form-action 'self' forms.yandex.ru bo.kinopoisk.ru sso.kinopoisk.ru sso.passport.yandex.ru; object-src 'self' *.adfox.ru *.adfox.yandex.ru awaps.yandex.net awaps.yandex.ru rest-api.bannerstorage.yandex.net betastatic.yandex.net kinopoisk.ru *.kinopoisk.ru storage.mds.yandex.net yastatic.net; manifest-src 'self' yastatic.net; prefetch-src 'self' yastatic.net; report-uri https://csp.yandex.net/csp?from=kinopoisk&project=kinopoisk; 1
script-src 'nonce-10b0a6aeda24fd9deb9c53d360682381' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1716747252955303; frame-ancestors 'self' 1
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com 1
frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 1
frame-ancestors 'self' btprt.dj snip.ly 1
frame-ancestors 'self' https://webhare.utwente.nl https://employees.utwente.nl 1
base-uri 'self'; default-src 'self'; connect-src 'self' blob: https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://api.tenor.com https://api.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv https://*.google.com 'nonce-NTFjYTg0MjQtMDc1Yi00YTdjLTkzZTktZWU4ZmEzMDc0NWMx' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/ https://*.google.com https://*.googleapis.com; object-src 'none' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 1
default-src 'self'; img-src 'self' data: *; object-src 'self'; connect-src 'self' https://www.roboform.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.roboform.com/ https://tagmanager.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://widget.reviews.io https://www.google-analytics.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.doubleclick.net/ https://tagmanager.google.com/ https://bat.bing.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.redditstatic.com/; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.roboform.com; frame-src 'self' https://docs.google.com/ https://widget.reviews.io/ https://*.doubleclick.net/ https://www.google.com https://www.facebook.com https://www.emjcd.com https://cj.dotomi.com https://www.youtube.com 1
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 1
default-src 'self' https://*.rhrz.uni-bonn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rhrz.uni-bonn.de https://www.youtube.com https://s.ytimg.com https://maps.google.com https://maps.googleapis.com https://apis.google.com https://ajax.googleapis.com https://webstat.hrz.uni-bonn.de https://cms-webstat3.hrz.uni-bonn.de; img-src 'self' data: https://*.rhrz.uni-bonn.de https://i.ytimg.com https://maps.gstatic.com https://maps.google.com https://www.uni-bonn.de https://*.googleapis.com https://*.uni-bonn.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' https://*.uni-bonn.de:* https://content-youtube.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://content.googleapis.com mailto://*; frame-ancestors 'self' https://*.uni-bonn.de; connect-src 'self' https://cms-webstat3.rhrz.uni-bonn.de https://shortener.rhrz.uni-bonn.de https://apis.google.com; 1
default-src https:; base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: blob:; font-src https: data:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations; 1
default-src *.marxists.org 'self'; script-src *.marxists.org 'self' 'unsafe-inline' 'unsafe-eval'; worker-src *.marxists.org 'self'; style-src *.marxists.org 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
require-sri-for script 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' js.agkn.com www.google-analytics.com www.googletagmanager.com c.betrad.com www.c.betrad.com c.evidon.com optout.betrad.com ajax.googleapis.com code.jquery.com optanon.blob.core.windows.net cdn.cookielaw.org geolocation.onetrust.com 1
default-src 'self' *.adsrvr.org *.vmmpxl.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com fast.fonts.net *.abtasty.com *.hotjar.com *.cloudflare.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com *.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: static.lobbytools.com *.boldchat.com code.jquery.com www.healow.com js-agent.newrelic.com congress.api.sunlightfoundation.com maps.googleapis.com tagmanager.google.com sp.analytics.yahoo.com analytics.twitter.com static.ads-twitter.com s.yimg.com cdnjs.cloudflare.com t.sharethis.com www.googletagmanager.com *.google-analytics.com ws.sharethis.com www.youtube.com www.googleadservices.com secure.quantserve.com bat.bing.com *.e.akamai.net *.rfihub.com s.ytimg.com fast.fonts.net connect.facebook.net ppactionvoterguide.org *.ppactionvoterguide.org cdn.optimizely.com *.openlayers.org *.newtonsoftware.com bs.serving-sys.com *.quora.com i.simpli.fi secure.adnxs.com e.issuu.com d10lpsik1i8c69.cloudfront.net *.luckyorange.net *.luckyorange.com storify.com *.userzoom.com nextpatient.co *.nr-data.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish bbox.blackbaudhosting.com *.adroll.com *.optimizely.com widget.surveymonkey.com www.google.com www.gstatic.com *.instagram.com ajax.googleapis.com *.yelp.com *.yelpcdn.com ajax.cloudflare.com *.doubleclick.net optimizely.s3.amazonaws.com *.ad.gt tags.srv.stackadapt.com *.hotjar.com *.civicengine.com *.abtasty.com c1.rfihub.net *.quantcount.com www.tintup.com *.twitter.com *.tintup.com *.twimg.com *.ngpvan.com d3js.org *.gstatic.com *.sitomobile.com *.simpli.fi *.quantcount.com *.adsrvr.org *.vmmpxl.com *.d3js.org *.rezync.com sc-static.net *.adnxs.com *.crwdcntrl.net *.google.com *.cloudfront.net *.hotjar.io *.callrail.com *.callrail.com *.tiqcdn.com *.yimg.com *.tealiumiq.com *.iqm.com *.civicengine.com openlayers.org; connect-src 'self' *.openlayers.org *.google-analytics.com secure.ppaction.org www.ppaction.org l.sharethis.com logx.optimizely.com e.issuu.com pingback.issuu.com nextpatient.co *.luckyorange.com *.luckyorange.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish *.tealiumiq.com *.abtasty.com *.hotjar.com api.ppsne.net *.salesforce.com *.optimizely.com *.everyaction.com *.myngp.com *.hotjar.io *.callrail.com databridge.tdbtrk.com *.yimg.com; img-src 'self' 'unsafe-inline' data: *.quora.com *.ib5k.com *.boldchat.com insight.adsrvr.org www.plannedparenthood.org i.ytimg.com *.gstatic.com maps.googleapis.com t.co www.googleadservices.com sb.scorecardresearch.com l.sharethis.com *.google-analytics.com www.googletagmanager.com www.google.com ping.chartbeat.net pixel.quantserve.com bat.bing.com bat.r.msn.com img.youtube.com *.vimeo.com *.facebook.com www.healow.com vmap0.tiles.osgeo.org *.doubleclick.net image.isu.pub bbox.blackbaudhosting.com *.googleusercontent.com *.simpli.fi *.adroll.com *.paypalobjects.com *.phreesia.com openlayers.org *.openstreetmap.org tags.srv.stackadapt.com sync.search.spotxchange.com *.hotjar.com *.w55c.net *.adxcel-ec2.com *.userzoom.com acuityplatform.com *.twitter.com *.twimg.com *.myngp.com *.everyaction.com *.sitomobile.com *.adsrvr.org *.vmmpxl.com *.cloudfront.net *.google.com *.crwdcntrl.net *.adnxs.com sc-static.net gwmtracking.com *.hotjar.io; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com nextpatient.co tagmanager.google.com fonts.googleapis.com fast.fonts.net ws.sharethis.com *.phreesia.com bbox.blackbaudhosting.com *.civicengine.com *.abtasty.com optimize.google.com *.userzoom.com *.twitter.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com openlayers.org; frame-src 'self' *.boldchat.com www.healow.com docasap.com www.google.com maps.googleapis.com maps.google.com external.ppsne.org e.issuu.com www.tintup.com tagmanager.google.com fonts.googleapis.com t.sharethis.com *.70n7.com secure.ppaction.org seg.sharethis.com ws.sharethis.com www.youtube.com player.vimeo.com www.ppaction.org register2.rockthevote.com connect.facebook.net *.facebook.com *.rfihub.com docs.google.com *.newtonsoftware.com *.doubleclick.net mapsengine.google.com storify.com *.meltwater.com bbox.blackbaudhosting.com surveymonkey.com *.surveymonkey.com *.nomotraplaws.com *.yelp.com *.yelpcdn.com feed.meltwater.com/gyda feed.meltwater.com *.ppaction.org *.optimizely.com cdn.hypemarks.com ww2.matchinggifts.com optimize.google.com *.hotjar.com *.vote.org *.civicengine.com *.everyaction.com *.userzoom.com *.twitter.com *.71n7.com *.nextgen.com register.vote.org myrvplist.com *.adsrvr.org *.vmmpxl.com *.weareplannedparenthood.org *.weareplannedparenthoodaction.org *.snapchat.com *.actblue.com javamatch.matchinggifts.com www.flipcause.com secure.everyaction.com *.hotjar.io; frame-ancestors 'self' *.twitter.com www.healow.com *.ppaction.org *.adsrvr.org *.vmmpxl.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com/beacon.min.js https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://code.highcharts.com https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/Chart.js/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://*.weirdgloop.org https://*.runescape.wiki https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://unpkg.com; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.weirdgloop.org https://*.runescape.wiki https://*.googleapis.com https://www.google-analytics.com; frame-src https://www.google.com/recaptcha/; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; base-uri 'self' 1
default-src http: https://*.livemaster.ru https://*.googlesyndication.com 'self'; script-src http: https://*.livemaster.ru https://googletagmanager.com https://*.cloudfront.net https://*.maps.yandex.net https://secure.payu.ru https://use.fontawesome.com https://adservice.google.com https://adservice.google.ru https://*.google-analytics.com https://www.googletagservices.com https://*.yandex.ru https://mc.webvisor.org https://www.googletagmanager.com https://*.google.com https://securepubads.g.doubleclick.net https://cdn.jsdelivr.net https://www.gstatic.com https://*.pinterest.com https://i.pinimg.com https://*.twitter.com https://twitter.com https://connect.facebook.net https://yastatic.net https://vk.com https://cdn.ampproject.org https://pagead2.googlesyndication.com https://top-fwz1.mail.ru https://api.vk.com https://connect.ok.ru https://connect.mail.ru https://checkout.rbk.money 'unsafe-inline' 'unsafe-eval' 'self' blob: data:; font-src http: https://*.livemaster.ru 'self' https://fonts.gstatic.com; img-src https://*.livemaster.ru https://www.livemaster.ru:1812 https://csi.gstatic.com https://log.pinterest.com https://*.adfox.ru https://*.googlesyndication.com https://*.googletagmanager.com https://syndication.twitter.com https://top-fwz1.mail.ru https://*.google-analytics.com https://*.facebook.com https://*.google.com https://*.google.ru https://counter.yadro.ru https://*.yandex.ru https://*.yandex.net https://mc.webvisor.org https://vk.com https://*.vk.com https://*.g.doubleclick.net https://*.livemaster.ru https://*.livemaster.com 'self' data: blob: http:; frame-src http: https://*.livemaster.ru 'self' https://*.facebook.net https://*.googlesyndication.com https://dl.metabar.ru https://static.cmptch.com https://www.livemaster.ru:1862 https://secure.payu.ru https://checkout.rbk.money https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://*.google.com https://player.vimeo.com https://mc.webvisor.org; frame-ancestors 'self' https://*.livemaster.ru https://www.livemaster.ru:1862 https://*.payu.ru https://secure.payu.ru https://checkout.rbk.money https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://www.google.com https://player.vimeo.com https://mc.webvisor.org https://webvisor.com http://webvisor.com; style-src http: https://*.livemaster.ru 'unsafe-inline' https://tagmanager.google.com https://*.googleapis.com https://www.livemaster.ru:1862 https://*.livemaster.ru; connect-src https://*.livemaster.ru https://*.googlesyndication.com https://yandex.ru https://yandex.com  https://mc.webvisor.org https://login.vk.com http: https://yandexmetrica.com:29010 https://*.payu.ru https://*.payu.com https://www.livemaster.ru:1862 https://*.lmteam.ru https://*.yandex.net https://ymetrica.com https://ymetrica1.com https://ymetrica2.com https://*.google-analytics.com http://*.google.com https://www.googleapis.com wss://*.livemaster.ru https://*.livemaster.ru https://*.livemaster.com https://graph.facebook.com https://matchid.adfox.yandex.ru https://*.g.doubleclick.net https://top-fwz1.mail.ru https://*.adfox.ru https://*.yandex.ru https://*.yandex.com https://getyabrowser.com https://*.appmetrica.webvisor.com https://www.facebook.com https://csi.gstatic.com https://player.vimeo.com https://*.clickmeeting.com 'self'; object-src http: https://*.livemaster.ru 'self' https://player.vimeo.com https://www.youtube.com; report-uri /ajax/cspcollector.php 1
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ioam.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.bunchbox.co; img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com *.argosdata.io *.bunchbox.co; media-src * mediastream: blob:; frame-src 'self' localhost:* *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.ioam.de *.bunchbox.co; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.surrey.ac.uk hello.myfonts.net www.google.com www.google.co.uk www.googleadservices.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com www.youtube.com d2oh4tlt9mrke9.cloudfront.net cdnjs.cloudflare.com *.linkedin.com *.bizographics.com *.click4assistance.co.uk *.seatadvisor.com connect.facebook.net ws.sessioncam.com widget.unistats.ac.uk *.discoveruni.gov.uk discoveruni.gov.uk discoveruni.org.uk *.gstatic.com *.facebook.com *.twitter.com *.twimg.com *.blackbaudhosting.com *.ads-twitter.com t.co *.ads.linkedin.com *.g.doubleclick.net snap.licdn.com scontent.cdninstagram.com js-agent.newrelic.com cdn.rawgit.com *.youtube-nocookie.com cdn.polyfill.io surrey.funnelback.co.uk *.instagram.com s.ytimg.com *.vimeo.com cdn.jsdelivr.net polyfill.io youtu.be i.vimeocdn.com i.ytimg.com prod-discoveruni.azure-api.net payments.blackbaud.com *.hotjar.com *.hotjar.io unibuddy.co *.unibuddy.co *.cdninstagram.com bat.bing.com sc-static.net static.bytedance.com aax-eu.amazon-adsystem.com pool.a8723.com secure.quantserve.com pixel.quantserve.com rules.quantcount.com tr.snapchat.com wss://*.hotjar.com pool.adizio.com pool.admedo.com; 1
script-src 'sha256-7ef4mcEfSJMi8xir/d1cWFSXGfg9Uw29ukHGUbeRxNU=' 'self' 'self' 'unsafe-eval' https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.googleadservices.com https://googleads.g.doubleclick.net http://*.geetest.com https://*.geetest.com https://*.zdassets.com https://*.zopim.com https://*.qbox.me; frame-ancestors 'self' https://*.hotjar.com/ https://*.zdassets.com 1
frame-ancestors 'self' http://*.stumbleupon.com https://*.stumbleupon.com http://*.medpagetoday.com https://*.medpagetoday.com; 1
font-src 'self' code.freent.de oauth.freenet.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 1
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security 1
frame-ancestors https://app.roll20.net https://roll20.net https://marketplace.roll20.net https://*.inspectlet.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prdnpci.tbk.cl https://unpkg.com/markdown-it/dist/markdown-it.min.js https://unpkg.com/adaptivecards/dist/adaptivecards.js https://connect.facebook.net https://www.portaltransbank.cl https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com *.liveperson.net *.liveperson.com *.lprnd.net *.lpsnmedia.net; frame-ancestors 'self' https://www.transbank.cl/; object-src 'none'; base-uri 'none'; 1
img-src * data:; 1
frame-ancestors https://*.demandbase.com 1
frame-ancestors 'self' http://*.bbt.com https://*.bbt.com; 1
block-all-mixed-content;frame-ancestors 'self' https://www.dashlane.com https://www.google.com https://www-dashlane-com.cdn.ampproject.org https://www-dashlane-com.amp.cloudflare.com;base-uri 'none';default-src https://d38muu3h4xeqr1.cloudfront.net;style-src 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://app-ab14.marketo.com https://go.dashlane.com https://heapanalytics.com;font-src data: https://fonts.gstatic.com https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://heapanalytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kck3hlb9.dashlane.com https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://cdn.ampproject.org https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://cdn.heapanalytics.com https://js.stripe.com https://js.processout.com https://widget.trustpilot.com https://munchkin.marketo.net https://app-ab14.marketo.com https://api.greenhouse.io https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://tagmanager.google.com https://platform.twitter.com https://*.visualwebsiteoptimizer.com https://khan.github.io/tota11y/dist/tota11y.min.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com https://connect.facebook.net https://cm.g.doubleclick.net https://bid.g.doubleclick.net/ https://googleads.g.doubleclick.net https://s.pinimg.com/ct/ https://a.quora.com/qevents.js https://b-code.liadm.com/a-00ou.min.js https://bat.bing.com/bat.js https://platform.twitter.com/oct.js https://www.googleadservices.com/pagead/ https://www.redditstatic.com/ads/pixel.js https://static.criteo.net https://*.criteo.com https://*.taboola.com https://t.a3cloud.net https://collector-9064.us.tvsquared.com https://js.adsrvr.org https://u.ipw.metadsp.co.uk https://snap.licdn.com https://*.rokt.com http://go.dashlane.com;img-src 'self' data: https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://d2erpoudwvue5y.cloudfront.net https://kwift-icons-desktop.s3.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com/static-icons/_web/ https://blog.dashlane.com https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://q.stripe.com https://www.gstatic.com https://ssl.gstatic.com https://app-ab14.marketo.com https://*.visualwebsiteoptimizer.com https://www.google.com https://www.facebook.com https://ct.pinterest.com/v3/ https://*.liadm.com https://goo.gl https://stats.g.doubleclick.net https://*.adsymptotic.com https://q.quora.com https://i.geistm.com/x/ https://gravatar.com https://t.co https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://alb.reddit.com https://bat.bing.com/action/ https://js.processout.com https://*.taboola.com https://pixel.videohub.tv https://tn.alphonso.tv https://ib.adnxs.com https://segment.a3cloud.net https://*.metadsp.co.uk https://collector-9064.us.tvsquared.com https://px.ads.linkedin.com https://*.adnxs.com https://www.dianomi.com https://connect.facebook.net https://ampcid.google.at https://ampcid.google.be https://ampcid.google.ca https://ampcid.google.ch https://ampcid.google.co.id https://ampcid.google.co.in https://ampcid.google.co.jp https://ampcid.google.co.kr https://ampcid.google.co.nz https://ampcid.google.co.uk https://ampcid.google.co.za https://ampcid.google.com https://ampcid.google.com.ar https://ampcid.google.com.au https://ampcid.google.com.br https://ampcid.google.com.co https://ampcid.google.com.do https://ampcid.google.com.mx https://ampcid.google.com.my https://ampcid.google.com.np https://ampcid.google.com.ph https://ampcid.google.com.sg https://ampcid.google.com.tr https://ampcid.google.com.vr https://ampcid.google.de https://ampcid.google.dk https://ampcid.google.es https://ampcid.google.fi https://ampcid.google.fr https://ampcid.google.ie https://ampcid.google.it https://ampcid.google.lk https://ampcid.google.nl https://ampcid.google.no https://ampcid.google.pl https://ampcid.google.pt https://ampcid.google.ro https://ampcid.google.ru https://ampcid.google.se;media-src 'self' https://d38muu3h4xeqr1.cloudfront.net;connect-src 'self' https://*.dashlane.com https://cdn.ampproject.org https://d1sk9wm475w15q.cloudfront.net https://d38muu3h4xeqr1.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://api.stripe.com https://widget.trustpilot.com https://*.mktoresp.com https://api.trustpilot.com https://*.visualwebsiteoptimizer.com https://ampcid.google.com/v1 https://403-exy-689.mktoutil.com https://www.facebook.com https://ct.pinterest.com/ https://*.liadm.com https://stats.g.doubleclick.net https://checkout.processout.com https://api.processout.com https://*.taboola.com https://tn.alphonso.tv http://go.dashlane.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.co.za https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.co https://*.google.com.do https://*.google.com.mx https://*.google.com.my https://*.google.com.np https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.com.vr https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ie https://*.google.it https://*.google.lk https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se;object-src 'self';child-src 'self' blob:;worker-src 'self' blob:;manifest-src 'self';frame-src 'self' https://d1sk9wm475w15q.cloudfront.net https://d3mfqat9ni8wb5.cloudfront.net https://d3qm0vl2sdkrc.cloudfront.net https://s3.eu-west-1.amazonaws.com/mac.dashlane.com/ https://s3.eu-west-1.amazonaws.com/binaries.dashlane.com/ https://app.adjust.com https://*.dashlane.com safari-extension://com.dashlane.dashlanesafari-5p72e3gc48 dashlane: https://js.stripe.com https://hooks.stripe.com https://*.checkout.com https://js.processout.com https://widget.trustpilot.com https://app-ab14.marketo.com http://go.dashlane.com https://www.youtube.com https://staticxx.facebook.com https://platform.twitter.com https://www.facebook.com https://i.liadm.com https://checkout.processout.com https://api.processout.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.adsrvr.org https://*.rokt.com 1
base-uri *.rivals.com;frame-ancestors  'self' *.rivals.com *.rivals.com *.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-modals; report-uri https://csp.rivals.com/api/v1/content_security_policy_reports 1
frame-ancestors 'self' https://piwik.mz.tu-dresden.de 1
img-src https: 1
frame-ancestors 'self' https://bz-medien.expo-ip.com/ 1
default-src 'none'; base-uri 'self'; child-src 'self' blob: accounts.google.com cdn.dochub.com content.googleapis.com docs.google.com js.stripe.com platform.twitter.com syndication.twitter.com www.google.com www.youtube.com; connect-src 'self' blob: *.gravatar.com *.pusher.com *.zopim.com wss://*.zopim.com df.api.onedrive.com bam.nr-data.net cdn.dochub.com checkout.stripe.com dochub.zendesk.com docs.google.com ekr.zdassets.com graph.microsoft.com macroplant.zendesk.com maps.gstatic.com platform.twitter.com sentry.io stats.g.doubleclick.net www.dropbox.com www.google-analytics.com www.google.com www.googleapis.com wss://ws.pusherapp.com tattle.api.osano.com consent.api.osano.com disclosure.api.osano.com locale.cmp.osano.com; font-src 'self' data: cdn.dochub.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com pro.fontawesome.com; form-action 'self' accounts.google.com; frame-ancestors 'self' mail.google.com chrome-extension://mjgcgnfikekladnkhnimljcalfibijha; frame-src 'self' blob: accounts.google.com cdn.dochub.com checkout.stripe.com content.googleapis.com dochub.com docs.google.com js.stripe.com platform.twitter.com syndication.twitter.com www.google.com www.gstatic.com www.youtube.com content-classroom.googleapis.com classroom.google.com/; img-src * blob: data:; manifest-src 'self'; media-src 'self' cdn.dochub.com docs.google.com static.zdassets.com; object-src 'self'; script-src 'self' blob: 'unsafe-eval' *.gravatar.com *.pusher.com ajax.googleapis.com apis.google.com bam.nr-data.net cdn.dochub.com checkout.stripe.com content.googleapis.com docs.google.com js-agent.newrelic.com js.live.net js.stripe.com static.zdassets.com www.dropbox.com www.google-analytics.com accounts.google.com www.googleapis.com maps.googleapis.com www.googletagmanager.com www.google.com/recaptcha/api.js www.gstatic.com ajax.cloudflare.com cmp.osano.com 'nonce-F9Dm1LBfGBBOeSgcByGnebF5Q5mjqbp7sX6dqtkNd+I=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdn.dochub.com docs.google.com fonts.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com platform.twitter.com pro.fontawesome.com; report-uri https://dochub.report-uri.com/r/t/csp/enforce 1
default-src 'none'; script-src 'strict-dynamic' 'nonce-vRem6YcFFRE1FjDmMEQhUCO0IRNxEQCL8cqMgSbap4gEuhybyH' 'self' 'report-sample' 'unsafe-inline' assets.wearehearken.com cdn.syndication.twimg.com connect.facebook.net emp.bbci.co.uk ems.wearehearken.com modules.wearehearken.com mybbc-analytics.files.bbci.co.uk nav.files.bbci.co.uk news.files.bbci.co.uk platform.twitter.com public.flourish.studio static.bbc.co.uk static.bbci.co.uk static.chartbeat.com static2.chartbeat.com www.bbc.co.uk www.instagram.com www.ons.gov.uk gn-web-assets.api.bbc.com www.google-analytics.com static.files.bbci.co.uk; img-src 'self' c.files.bbci.co.uk data: https://a1.api.bbc.co.uk i.ytimg.com ichef.bbci.co.uk logws1363.ati-host.net news.bbcimg.co.uk news.files.bbci.co.uk newsimg.bbc.co.uk pbs.twimg.com ping.chartbeat.net platform.twitter.com r.bbci.co.uk sb.scorecardresearch.com syndication.twitter.com ton.twimg.com www.google-analytics.com static.files.bbci.co.uk; font-src gel.files.bbci.co.uk static.bbci.co.uk news.files.bbci.co.uk ws-downloads.files.bbci.co.uk; style-src cdn.riddle.com flo.uri.sh news.files.bbci.co.uk platform.twitter.com static.bbc.co.uk static.bbci.co.uk ton.twimg.com www.riddle.com 'unsafe-inline'; frame-src 'self' bbc001.carto.com bbc003.carto.com bbc-maps.carto.com cdn.riddle.com chartbeat.com emp.bbc.co.uk emp.bbc.com flo.uri.sh m.facebook.com news.files.bbci.co.uk personaltaxcalculator2.deloittecloud.co.uk platform.twitter.com public.flourish.studio static2.chartbeat.com syndication.twitter.com web.facebook.com www.bbc.co.uk www.facebook.com www.instagram.com www.ons.gov.uk www.riddle.com www.youtube.com; object-src 'none'; worker-src 'self' blob:; manifest-src static.files.bbci.co.uk; connect-src 'self' cookie-oven.api.bbc.co.uk cookie-oven.api.bbc.com ems.wearehearken.com https://a1.api.bbc.co.uk locator-service.api.bbci.co.uk logws1363.ati-host.net modules.wearehearken.com mybbc-analytics.files.bbci.co.uk news.files.bbci.co.uk static.files.bbci.co.uk platform.twitter.com search.api.bbci.co.uk search.api.bbci.com www.bbc.co.uk www.bbc.com www.google-analytics.com idcta.api.bbc.co.uk https://europe-west1-bbc-otg-traf-mgr-bq-prod-4591.cloudfunctions.net; child-src blob:; base-uri 'none'; form-action 'self' platform.twitter.com syndication.twitter.com; frame-ancestors 'none'; upgrade-insecure-requests; report-to default; report-uri https://europe-west1-bbc-otg-traf-mgr-bq-prod-4591.cloudfunctions.net/report-endpoint; 1
style-src 'unsafe-inline' 'self' *.yximgs.com https://captcha.gtimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.yximgs.com hm.baidu.com/hm.js retcode.alicdn.com/retcode/bl.js https://captcha.guard.qcloud.com https://captcha.gtimg.com; img-src 'self' *.yximgs.com data: http: *.kuaishou.com hm.baidu.com/hm.gif arms-retcode.aliyuncs.com/r.png; media-src 'self' *.yximgs.com data:; font-src 'self' *.yximgs.com data:; worker-src 'self' *.yximgs.com blob:; report-uri /api/csp-report 1
frame-ancestors 'self' *.services.local *.yandex.com *.webvisor.com; base-uri 'self'; 1
frame-ancestors 'self' https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=88cj2ahg3jold&partner=; 1
frame-ancestors 'self' https://*.cdn.ampproject.org/ https://cdn.ampproject.org https://www.google.com http://opr.carwale.com http://oprst.carwale.com https://www.autobiz.in http://allaboutcars.yahoo.com/ https://cwoprst.carwale.com https://cwoprst-1.carwale.com https://cwoprst-2.carwale.com https://cwoprst-3.carwale.com https://operations.carwale.com  https://www.bikewale.com https://*.bikewale.com http://*.bikewale.com http://*.cartrade.com https://*.cartrade.com 1
default-src * 'unsafe-inline' 'unsafe-eval'  data: blob: https://optimize.google.com ;frame-src self  https://6337982.fls.doubleclick.net https://*.loopnet.com http://*.loopnet.com https://*.loopnet.co.uk http://*.loopnet.co.uk http://*.loopnet.ca https://*.loopnet.ca https://*.costargroup.com https://www.facebook.com https://servedby.flashtalking.com https://adclick.g.doubleclick.net/ https://optimize.google.com https://*.googlesyndication.com/ https://s0.2mdn.net/ https://*.adsrvr.org/ https://www.googletagservices.com/ https://*.cybersource.com/ https://*.doubleclick.net/ https://*.firebaseapp.com/ https://*.us.criteo.com https://*.criteo.com https://*.criteo.net https://static.criteo.net criteo.net criteo.com *.criteo.com *.criteo.net https://players.brightcove.net https://www.youtube.com https://flickrembed.com https://*.knightlab.com https://viewer.panoskin.com https://my.matterport.com https://accounts.google.com https://*.ten-x.com https://tpc.googlesyndication.com https://tpc.googlesyndication.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com/iframe_api https://s.ytimg.com/; img-src 'self' data: https://cdn.prgloo.com/ https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.googletagmanager.com https://www.youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com; object-src 'self'; report-uri /service/csp; 1
default-src 'self'; font-src https://github-atom-io-herokuapp-com.freetls.fastly.net https://github-atom-io-herokuapp-com.global.ssl.fastly.net; frame-src 'self' https://www.youtube.com; img-src https: 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net data:; media-src 'self'; object-src 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net; script-src 'self' 'unsafe-inline' https://platform.twitter.com https://github-atom-io-herokuapp-com.freetls.fastly.net; style-src 'self' 'unsafe-inline' https://github-atom-io-herokuapp-com.freetls.fastly.net; 1
frame-ancestors https://cont-sites.bajajfinserv.in/ https://www.bajajfinserv.in/ 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net *.hotjar.com bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com *.soundcloud.com ti.to *.tito.io *.cdn.optimizely.com tpc.googlesyndication.com www.google.com ethn.io *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com sentry.io www.facebook.com *.akamaihd.net *.optimizely.com *.wistia.com *.wistia.net *.quora.com *.soundcloud.com *.sndcdn.com *.clearbit.com 258-clw-344.mktoresp.com bat.bing.com cdn.bizible.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net rum-http-intake.logs.datadoghq.com public-trace-http-intake.logs.datadoghq.com heapanalytics.com api.company-target.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.optimizely.com cdn3.optimizely.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com ethn.io fast.wistia.com fast.wistia.net ga.clearbit.com googleads.g.doubleclick.net sjs.bizographics.com js.stripe.com munchkin.marketo.net platform.twitter.com reveal.clearbit.com rtp-static.marketo.com script.hotjar.com secure.adnxs.com snap.licdn.com static.hotjar.com stats.g.doubleclick.net store.intercom.io ti.to tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com *.jquery.com *.tito.io *.linkedin.com *.quora.com *.soundcloud.com *.sndcdn.com *.widerfunnel.com 'strict-dynamic' 'nonce-NzYyYmQ5ZTEtMjgxZC00NzU1LWE5MDctOTE0NWQ4MmMyZmFl'; style-src 'self' 'unsafe-inline' *.tito.io app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com heapanalytics.com; worker-src data: blob: 1
style-src * 'self' 'unsafe-inline'; frame-ancestors 'self' *.thinglink.com cdn.thinglink.me *.tlsrv.net teams.microsoft.com *.teams.microsoft.com *.skype.com *.itslearning.com *.itsltest.com; 1
child-src 'self' *.cdn.yandex.net *.yandex.ru *.yandexadexchange.net awaps.yandex.net banners.adfox.ru blob: browser.yandex.kz downloader.yandex.net mc.yandex.kz mc.yandex.md mc.yandex.ru storage.mds.yandex.net yabs.yandex.kz yandex.kz yandex.ru yandexadexchange.net yastat.net yastatic.net zen.yandex.kz;connect-src 'self' *.cdn.ngenix.net *.mediascope.mc.yandex.ru *.strm.yandex.net *.strm.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru an.yandex.ru auto.ru awaps.yandex.net awaps.yandex.ru favicon.yandex.net frontend.vh.yandex.ru games.yandex.ru jstracer.yandex.ru log.strm.yandex.ru matchid.adfox.yandex.ru mc.admetrica.ru mc.yandex.kz mc.yandex.ru mobile.yandex.net portal-xiva.yandex.net strm.yandex.ru thequestion.ru wss://portal-xiva.yandex.net wss://push.yandex.ru wss://webasr.voicetech.yandex.net www.kinopoisk.ru www.maximonline.ru yabs.yandex.kz yabs.yandex.ru yandex.kz yandex.ru yandex.st yastat.net yastatic.net zen.yandex.kz;default-src awaps.yandex.net awaps.yandex.ru yastat.net yastatic.net zen.yandex.kz;font-src 'self' an.yandex.ru data: yastat.net yastatic.net zen.yandex.kz;img-src 'self' *.mediascope.mc.yandex.ru *.strm.yandex.net *.tns-counter.ru *.verify.yandex.ru ad.adriver.ru ad.doubleclick.net ads.adfox.ru ads6.adfox.ru amc.yandex.ru an.yandex.ru auto.ru avatars-fast.yandex.net avatars.mds.yandex.net awaps.yandex.net awaps.yandex.ru banners.adfox.ru bs.serving-sys.com content.adfox.ru data: favicon.yandex.net gdeby.hit.gemius.pl gdero.hit.gemius.pl mc.admetrica.ru mc.yandex.com mc.yandex.kz mc.yandex.ru pixel.adlooxtracking.com px.moatads.com resize.yandex.net s3.mds.yandex.net storage.mds.yandex.net strm.yandex.net strm.yandex.ru thequestion.ru verify.yandex.ru wcm-ru.frontend.weborama.fr wcm.solution.weborama.fr www.kinopoisk.ru www.maximonline.ru yabs.yandex.kz yandex.kz yandex.ru yastat.net yastatic.net zen.s3.yandex.net zen.yandex.kz;media-src *.cdn.ngenix.net *.strm.yandex.net *.strm.yandex.ru *.yandex.net banners.adfox.ru blob: content.adfox.ru data: strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net;object-src avatars.mds.yandex.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.kz&showid=1614407432.35235.97836.76427&h=prestable-morda-vla-yp-232&csp=new&date=20210227&yandexuid=1626909451614407432;script-src 'nonce-tWEaxaPA0PgsOO8odErAHg==' 'self' ads.adfox.ru ads6.adfox.ru an.yandex.ru banners.adfox.ru mc.yandex.kz mc.yandex.ru yandex.kz yandex.ru yandex.st yastat.net yastatic.net zen.yandex.kz;style-src 'unsafe-inline' banners.adfox.ru content.adfox.ru yandex.st yastat.net yastatic.net zen.yandex.kz 1
frame-ancestors https://*.alternativeto.net https://alternativeto.net 1
style-src 'self' 'unsafe-inline'; 1
frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca 1
frame-ancestors 'self' http://info.barchart.com 1
default-src 'self' https://*.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  connect.facebook.net yandex.st *.doubleclick.net *.googleadservices.com  *.googlesyndication.com *.criteo.com *.criteo.net vk.com *.vk.com *.imgsmail.ru *.google.com *.google.ru connect.mail.ru *.connect.mail.ru *.ok.ru *.adriver.ru *.r-99.com cdn.mxpnl.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.googleadservices.com *.gstatic.com yandex.ru *.yandex.ru *.yandex.md yastatic.net cdnjs.cloudflare.com  *.yandex.net oimenkr.com *.2mdn.net 2mdn.net   *.twitter.com *.google.com.ua *.google.by *.google.cz *.google.kz *.google.de *.google.es js.mamydirect.com  abp.smartadcheck.de *.ampproject.org  *.adfox.ru mc.webvisor.org *.google.ge *.google.ee *.google.me *.google.co.uk *.google.be *.google.no *.google.bg *.google.fr *.google.az *.google.is *.google.lu *.google.in *.google.lv *.google.lt *.google.nl *.google.iq *.google.dk *.google.kg *.google.com.tr *.google.fi *.google.md *.google.me *.google.gr *.google.it *.google.pl *.google.co.il *.google.hu *.google.ae *.google.co.ve *.google.ch *.google.co.uz *.google.co.th *.betweendigital.com yastat.net  *.google.rs *.google.at *.google.com.cy *.google.jo *.google.com.qa *.google.com.tj *.google.pt *.google.ro *.google.ca *.google.ie *.google.sk *.google.tm *.google.co.jp *.google.co.ug *.google.com.ng *.google.com.sg *.google.se *.webvisor.org *.googletagservices.com *.googletagmanager.com code.jquery.com; object-src 'self' *; style-src 'unsafe-inline' 'unsafe-eval' 'self'  * *.googleapis.com; img-src 'self' data: blob: * ; media-src 'self' data: *; frame-src 'self' *.googlesyndication.com *.facebook.com  facebook.com vk.com *.vk.com apis.google.com connect.odnoklassniki.ru *.ok.ru connect.mail.ru accounts.google.com  *.doubleclick.net  *.doubleclick.net  *.youtube.com www.google.com *.criteo.com  *.criteo.net *.gstatic.com yandex.ru *.yandex.ru *.r-99.com oimenkr.com *.oimenkr.com   *.yandexadexchange.net yandexadexchange.net *.2mdn.net 2mdn.net *.twitter.com yastatic.net *.yandex.net *.vimeo.com *.hpmdnetwork.ru ams.creativecdn.com *.betweendigital.com *.archive.org archive.org yastat.net *.adfox.ru *.yandex.md *.google-analytics.com *.webvisor.org irecommend.ru *.googletagservices.com; font-src 'self' data: blob: * ; connect-src 'self' * 1
default-src * data: blob:;script-src *.workplace.com workplace.com *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net www.google-analytics.com;style-src data: blob: 'unsafe-inline' *;connect-src *.workplace.com workplace.com *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.workplace.com:* ws://localhost:* blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com *.workplace.tools;block-all-mixed-content;upgrade-insecure-requests; 1
base-uri 'self'; frame-ancestors https://*.tweaktown.com; 1
connect-src 'self' https://*.clicktale.net https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com https://tpc.googlesyndication.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://cdn.securelist.com https://infogram.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://assets.threatpost.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com http://media.threatpost.com https://*.addthis.com https://*.cdninstagram.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://assets.threatpost.com https://blog.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://media.threatpost.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://tagmanager.google.com https://threatpost.com https://tpc.googlesyndication.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://polldaddy.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com 1
frame-ancestors 'self' https://*.ohio.edu http://*.ohio.edu http://*.ohiou.edu https://*.ohiou.edu; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://cdn.polyfill.io https://*.dynamicyield.com https://intljs.rmtag.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://tags.tiqcdn.com https://www.googleadservices.com https://js.appboycdn.com https://static.ads-twitter.com https://js-agent.newrelic.com https://*.afterpay.com https://mpsnare.iesnare.com https://bam.nr-data.net https://*.datasteam.io https://ci-mpsnare.iovation.com https://*.bazaarvoice.com https://*.bluecore.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://*.criteo.com https://tags.tiqcdn.cn https://adadvisor.net https://s3.amazonaws.com https://www.gstatic.com http://maps.google.cn https://www.myregistry.com https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://*.agkn.com https://polyfill.io http://ditu.google.cn https://*.clearpay.co.uk https://*.stg-sessionm.com https://*.sessionm.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://app.curalate.com https://images.ctfassets.net https://*.google.com https://images.contentful.com https://h.nexac.com https://p.dlx.addthis.com https://y8ui6jzp.micpn.com https://ct1.ra.linksynergy.com https://consent.nxtck.com https://consent.mediaforge.com https://consent.jrs5.com https://*.linksynergy.com https://*.fpassets.com https://www.googletagmanager.com https://*.googleapis.com https://*.dc-storm.com https://*.ggpht.com https://*.akstat.io https://*.groupbycloud.com https://static.criteo.com https://cdn.dynamicyield.com https://*.rkdms.com https://*.gstatic.com http://images.freepeople.com https://www.google.ca https://www.google.com.au https://static.criteo.net https://www.google.co.uk https://*.freepeople.com https://*.facebook.com https://www.google.nl https://www.google.de https://www.google.fr https://www.google.es https://www.google.com.mx https://www.google.co.jp https://www.google.it https://www.google.co.il https://www.google.com.ar https://cdn.dashhudson.com https://track.securedvisit.com https://cx.atdmt.com https://fonts.gstatic.com https://use.fontawesome.com https://ct.pinterest.com https://c.go-mpulse.net https://nyt2.dc-storm.com https://sentry.io https://*.fls.doubleclick.net https://www.facebook.com https://dis.as.criteo.com https://dis.us.criteo.com https://videos.contentful.com https://www.youtube.com https://dis.eu.criteo.com https://*.api.bazaarvoice.com https://videos.ctfassets.net https://*.g.doubleclick.net https://dev.appboy.com https://*.perimeterx.net https://api.bazaarvoice.com https://www.google-analytics.com https://*.akamaihd.net https://freepeople.wufoo.com https://*.rewardstyle.com https://core.conversant.mgr.consensu.org https://*.scene7.com https://*.attn.tv https://*.dotomi.com https://events.attentivemobile.com https://*.adsymptotic.com https://t.co https://cdn.honey.io https://g.3gl.net https://r.3gl.net.cn https://r.3gl.net https://*.hotjar.com https://cdn.contentful.com wss://*.hotjar.com https://*.hotjar.io https://*.attentivemobile.com https://trustbadge.api.etrusted.com https://*.tealiumiq.com https://*.salesforce.com https://*.px-cloud.net https://app.viralsweep.com https://*.typeform.com https://sdk.iad-01.braze.com https://open.spotify.com https://idsync.rlcdn.com https://*.force.com https://*.crazyegg.com https://*.tiktok.com https://business.topbuzz.com https://s0.ipstatp.com https://d38xvr37kwwhcm.cloudfront.net https://trail.grin.co https://downloads.contentful.com https://business-sg.topbuzz.com https://*.tiktokcdn.com https://*.8x8.com/ https://*.btttag.com https://cloudflare.com/cdn-cgi/trace https://*.ibytedtos.com https://*.krxd.net https://cdn.cookielaw.org https://*.evergage.com;frame-ancestors 'none'; 1
worker-src blob: 'self' www.youtube-nocookie.com www.youtube.com; style-src 'unsafe-inline' data: *.qwant.com *.qwantjunior.com *.kamoov.com; form-action 'self'; media-src blob: *.qwant.com *.apple.com *.qobuz.com; connect-src *.qobuz.com *.apple.com wss://masq-ws.qwant.com *.qwant.com extras.qwantjunior.com; object-src 'self'; base-uri 'self'; block-all-mixed-content; frame-src viewer.dood3d.com *.vid.web.acsta.net player.twitch.tv player.vimeo.com www.dailymotion.com *.qwant.com *.qwantjunior.com www.youtube-nocookie.com *.tvlocale.fr *.smartrezo.com *.femmesetcitoyennete.fr *.jeunesreporterssansfrontieres.fr *.medias-francophones.com *.trendy-community.fr *.tvcitoyenne.com *.veitech.com *.localetv.eu player.myvideoplace.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com; default-src 'self' data: blob:; frame-ancestors *.qwant.com *.qwantjunior.com lmqt.fyi; img-src blob: 'self' s1.qwant.com s2.qwant.com s.qwant.com f.qwant.com data: s-boards.qwant.com s-lite.qwant.com www.qwant.com; font-src 'self'; 1
upgrade-insecure-requests; script-src 'self' *.harbortest.com *.harborfreight.com cdn.480app.com cdn.cookielaw.org view.publitas.com pixel.mathtag.com *.cdn-net.com *.accdab.net *.dynamicyield.com *.oracleinfinity.io *.googletagmanager.com docs.paymentjs.firstdata.com bat.bing.com tracker.marinsm.com cloud.moovweb.net www.youtube.com s.ytimg.com *.marinsm.com *.bing.com *.vimeo.com cdns.brsrvr.com www.google-analytics.com *.adobetag.com assets.moovweb.net *.gstatic.com cdn.tt.omtrdc.net harborfreight.tt.omtrdc.net px.owneriq.net *.res-x.com seal.verisign.com *.google.com *.igodigital.com *.akamaihd.net *.googleadservices.com *.google-analytics.com *.g.doubleclick.net *.demdex.net *.mouseflow.com *.fastly.net *.sitelabweb.com mpsnare.iesnare.com *.googleapis.com *.payeezy.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.nmgassets.com *.turnto.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.harbortest.com *.harborfreight.com *.dynamicyield.com *.moovweb.net *.googleapis.com *.akamaihd.net *.turnto.com *.vimeo.com *.fontawesome.com tagmanager.google.com 'unsafe-inline'; img-src 'self' blob: data: *.harborfreight22.com *.harbortest.com cdn.cookielaw.org cdn.dynamicyield.com *.harborfreight.com pixel.mathtag.com *.oracleinfinity.io *.googletagmanager.com cx.atdmt.com www.googleadservices.com bat.bing.com p.brsrvr.com *.akamaihd.net akamai.mathtag.com *.edgecastcdn.net *.www.turnto.com *.youtube.com *.ytimg.com *.vimeocdn.com px.owneriq.net *.g.doubleclick.net www.google-analytics.com *.ggpht.com *.google.com images.scanalert.com *.facebook.com scontent.xx.fbcdn.net ssl.gstatic.com *.sitelabweb.com *.igodigital.com *.cloudinary.com *.moovweb.net *.googleapis.com *.abmr.net *.gstatic.com *.nr-data.net *.norton.com *.nmgplatform.com *.marinsm.com cdn.ywxi.net; worker-src 'self' *.akamaihd.net player.vimeo.com www.google.com *.youtube.com youtube.com *.cloudinary.com *.facebook.com *.nr-data.net *.apply2jobs.com; connect-src 'self' *.harbortest.com *.harborfreight.com pixel.mathtag.com privacyportal.onetrust.com cdn.cookielaw.org *.accdab.net *.dynamicyield.com www.facebook.com *.nmgplatform.com *.demdex.net *.sitelabweb.com *.nr-data.net *.akamaihd.net *.cloudinary.com *.google-analytics.com *.mouseflow.com *.doubleclick.net vimeo.com fonts.googleapis.com use.fontawesome.com fonts.gstatic.com bat.bing.com  1
frame-ancestors https://*.runescape.com:* https://*.jagex.com:* 1
frame-ancestors 'self' https://www.moddb.com https://*.moddb.com 1
script-src 'nonce-b55295343e72c15f7c516aa299e27246' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=5544330812673958; frame-ancestors 'self' 1
script-src 'report-sample' 'nonce-df09D9GrOaCr8IEJZDDVdA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
script-src 'nonce-5c1f2f451d13e9bd5994f4628792ec58' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1950550099216476; frame-ancestors 'self' 1
frame-ancestors https://www.dow.com/ http://rsc.intranet.dow.com/ 1
frame-ancestors https://www.r18.com/ 1
report-uri https://www.yelp.com/csp_block?id=a94b05045a255eb1&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1614391373; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
frame-ancestors 'self' www.facebook.com www.messenger.com liligo.fr admin.liligo.fr; report-uri /vsctcspreport 1
child-src 'self' blob: mc.yandex.md mc.yandex.ru;connect-src mc.admetrica.ru mc.yandex.ru wss://webasr.voicetech.yandex.net yandex.ru;default-src 'none';img-src 'self' *.verify.yandex.ru avatars.mds.yandex.net data: favicon.yandex.net mc.admetrica.ru mc.yandex.com mc.yandex.ru yandex.ru yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.yaru.ru&showid=1614391544.36788.100196.74517&h=stable-morda-yaru-vla-yp-9&csp=new&date=20210227&yandexuid=3615683681614391544;script-src 'nonce-YWW6NhhtRzPEHbYy4PYhtg==' mc.yandex.ru yandex.ru yastatic.net;style-src 'unsafe-inline' 1
frame-ancestors 'self' bjs.gov ucrdatatool.gov www.googletagmanager.com www.google.com 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.sumologic.com sentry.io *.sentry-cdn.com wss: wss://*.pusher.com slack.com github.com exist.io *.visualwebsiteoptimizer.com app.vwo.com logo.clearbit.com *.ubembed.com *.userleap.com *.usersnap.com; font-src 'self' data: fonts.gstatic.com app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; form-action 'self' *.welltory.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; img-src 'self' data: assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com *.visualwebsiteoptimizer.com app.vwo.com track.customer.io secure.gravatar.com logo.clearbit.com *.ubembed.com *.userleap.com *.usersnap.com; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io *.ubembed.com *.userleap.com *.usersnap.com *.sentry-cdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; upgrade-insecure-requests; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1
frame-ancestors 'self' https://www.stems-music.com; 1
frame-ancestors 'self' https://mtt-live.apps.emea.vwapps.io https://mtt-live-blue.apps.emea.vwapps.io https://mtt.apps.emea.vwapps.io https://mtt-blue.apps.emea.vwapps.io http://mtt-local.apps.emea.vwapps.io; 1
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'report-sample' 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'report-sample' 'self' https://fonts.gstatic.com https://www.mbank.pl; connect-src 'report-sample' 'self' https://ad.doubleclick.net https://adservice.google.com https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://lp.skp.mbank.pl https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'report-sample' 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'report-sample' 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'report-sample' 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'report-sample' 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'report-sample' 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'report-sample' 'self' https://www.mbank.pl;  1
frame-src https://*.webchat.helpshift.com https://*.surveymonkey.com https://*.twitch.tv https://www.eventbrite.com https://open.spotify.com https://tockify.com https://*.tockify.com https://*.youtube-nocookie.com/ https://*.lpsnmedia.net/ https://tr.snapchat.com/ http://localhost:8811/ https://*.ci.civicactions.net https://*.pantheonsite.io https://*.instagram.com/ https://*.addtoany.com/ https://*.serving-sys.com https://*.adsrvr.org https://*.doubleclick.net https://*.fbcdn.net https://*.youtube.com https://*.twitter.com https://*.hotjar.com https://*.amazon.com https://secure.doctorswithoutborders.org https://*.doctorswithoutborders.org https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.clickdimensions.com https://*.brighttag.com https://*.thebrighttag.com https://*.agkn.com https://*.btstatic.com https://*.caselmedia.com https://*.crwdcntrl.net https://*.taboola.com https://*.demdex.net https://*.licdn.com https://*.ad-twitter.com https://*.bttrack.com https://bttrack.com https://s.amazon-adsystem.com/ https://tpc.googlesyndication.com/ https://cdn.knightlab.com/ https://uploads.knightlab.com/ https://*.js.ubembed.com https://*.vimeo.com https://*.pages.ubembed.com/ https://*.thinglink.com/ https://*.livestream.com/ https://livestream.com/ https://*.exposure.co/ https://*.qualtrics.com/ https://*.twitter.com/ https://twitter.com/ https://pbs.twimg.com/ https://www.scribd.com/ https://soundcloud.com/; child-src https://open.spotify.com https://tockify.com https://*.tockify.com https://*.youtube-nocookie.com/ https://*.lpsnmedia.net/ https://tr.snapchat.com/ http://localhost:8811/ https://*.ci.civicactions.net https://*.pantheonsite.io https://*.instagram.com/ https://*.addtoany.com/ https://*.serving-sys.com https://*.adsrvr.org https://*.doubleclick.net https://*.fbcdn.net https://*.youtube.com https://*.twitter.com https://*.hotjar.com https://*.amazon.com https://secure.doctorswithoutborders.org https://*.doctorswithoutborders.org https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.clickdimensions.com https://*.brighttag.com https://*.thebrighttag.com https://*.agkn.com https://*.btstatic.com https://*.caselmedia.com https://*.crwdcntrl.net https://*.taboola.com https://*.demdex.net https://*.licdn.com https://*.ad-twitter.com https://*.bttrack.com https://bttrack.com https://s.amazon-adsystem.com/ https://tpc.googlesyndication.com/ https://cdn.knightlab.com/ https://uploads.knightlab.com/ https://*.js.ubembed.com https://*.vimeo.com https://*.pages.ubembed.com/ https://*.thinglink.com/ https://*.livestream.com/ https://livestream.com/ https://*.exposure.co/ https://*.qualtrics.com/ https://*.twitter.com/ https://twitter.com/ https://pbs.twimg.com/ https://www.scribd.com/ https://soundcloud.com/; report-uri /report-csp-violation 1
default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.com/r/d/csp/enforce; 1
default-src https://api.mobilum.com https://widget.mobilum.com https://sdk.im.jiguang.cn https://*.kucoin.top https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://upload.qiniup.com https://frontend-helper.cloudtechnet.cn https://*.staticimg.com  https://*.kucoin.com https://*.kucoin.cc https://*.kucoin.biz https://pool-x.io  https://*.kumex.com  https://*.kumex.top  https://*.pool-x.io https://*.kubi.cc https://*.kcs.top https://*.googleapis.com  https://*.kcsfile.com  https://*.recaptcha.net  https://*.alicdn.com  https://*.google-analytics.com https://*.gstatic.cn  https://*.gstatic.com  https://*.doubleclick.net https://*.growingio.com  https://*.giocdn.com  data:  ws:  wss:  eval:  inline:  'unsafe-eval'  'unsafe-inline'  https://*.leancloud.cn  https://*.lncld.net  https://*.geetest.com https://*.qbox.me https://*.youtube.com  https://*.tradingview.com  https://*.zendesk.com  https://*.zdassets.com  https://*.zopim.com  https://*.google.com;  font-src  http:  https:  data:;  img-src  http:  https:  data:  blob:;  worker-src http: https: data: blob:; child-src http: https: data: blob:;  frame-ancestors  'self'  https://www.growingio.com  https://*.zopim.com  https://*.google.com;  report-uri  https://sentry.kucoin.com/api/4/security/?sentry_key=24025117382843a3adbbd8a8cb5dc2fc 1
frame-ancestors 'self' https://run.leadsquared.com 1
frame-ancestors 'self' https://*.theactivetimes.com https://*.thedailymeal.com https://*.doubleclick.net https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.casalemedia.com 1
frame-ancestors https://ww2.coolmathgames.com https://www.coolmathgames.com http://www.coolmath-games.com https://www.coolmath-games.com 1
style-src 'self' https://static.comdirect.de/ccf2/ 'unsafe-inline' ;script-src 'self' https://static.comdirect.de/ccf2/ https://www.comdirect.de/cms/ 'unsafe-eval' 'unsafe-inline' ;form-action 'self' https://www.comdirect.de https://kunde.comdirect.de https://trading.comdirect.de https://b2b.comdirect.de https://nutzer.comdirect.de https://mobileapp.comdirect.de https://cfdapp.comdirect.de https://static.comdirect.de https://api.comdirect.de https://*.comdirect-versicherungsmakler.de https://geldautomaten.comdirect.de/ https://cfd.comdirect.de/ https://community.comdirect.de/ ;frame-src 'self' https://www.comdirect.de https://b2b.comdirect.de https://static.comdirect.de https://kunde.comdirect.de ;img-src data: 'self' https://*.comdirect.de/ https://charts.comdirect.de https://charts.test.comdirect.de ;default-src 'self' https://www.comdirect.de https://trading.comdirect.de https://kunde.comdirect.de https://b2b.comdirect.de https://nutzer.comdirect.de https://mobileapp.comdirect.de https://cfdapp.comdirect.de https://static.comdirect.de https://api.comdirect.de https://*.comdirect-versicherungsmakler.de https://community.comdirect.de/ ;font-src data: 'self' https://static.comdirect.de/ccf2/ ;report-uri https://www.comdirect.de/cp/csp/reports ; 1
frame-ancestors 'self' qa-app.fastspring.com app.fastspring.com go.fastspring.com *.onfastspring.com qa4-identity-service.fastspring.com identity-service.fastspring.com; 1
frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 1
upgrade-insecure-requests;default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:;media-src https: blob:;child-src https: blob:;font-src https: data:; img-src https: data:; 1
worker-src 'self' *.austlii.edu.au *.datalex.org www.lawnet.sg; 1
frame-ancestors 'self' https://www.bitmex.com https://static.bitmex.com https://cx-k8s.app-production.prod.eu-west-1.aws.bitmex https://support.abs.sh https://support.rescue.services.bitmex.com https://support.services.bitmex.com https://www.bitmex.com https://www.rescue.services.bitmex.com https://www.services.bitmex.com;report-uri https://sentry.services.bitmex.com/api/2/csp-report/?sentry_key=5a2d0d5524c54b908d447fe1ca308d25; 1
default-src 'self' *.thehartford.com *.hfdstatic.com aa.agkn.com; font-src 'self' *.thehartford.com *.hfdstatic.com ; frame-ancestors 'self' *.thehartford.com; frame-src *.optimizely.com *.thehartford.com cl.exct.net www.youtube.com pub.s1.exacttarget.com *.doubleclick.net hosted.where2getit.com nebula-cdn.kampyle.com uk132.infusionsoft.com *.tealiumiq.com connect.facebook.net *.akamaihd.net pinecast.com storage.pinecast.net insight.adsrvr.org match.adsrvr.org pixel.mathtag.com; connect-src *.tealiumiq.com *.thehartford.com rules.atgsvcs.com www.google-analytics.com *.doubleclick.net img.c3tag.com www.googletagmanager.com ui.powerreviews.com ampcid.google.com s.srvsynd.com readservices-b2c.powerreviews.com ct.pinterest.com api.genesyscloud.com 530-ct.c3tag.com display.powerreviews.com *.akamaihd.net *.optimizely.com ; img-src 'self' data: *.thehartford.com *.optimizely.com *.hfdstatic.com ecf.d41.co aa.agkn.com so.rlcdn.com http://image.insurance.thehartford.com res.cloudinary.com aa.agkn.com ct.pinterest.com pinterest.adsymptotic.com *.tealiumiq.com da.usaa.com uk132.infusionsoft.com hits.convergetrack.com t.powerreviews.com www.google-analytics.com *.doubleclick.net www.google.com www.facebook.com secure.adnxs.com nebula-cdn.kampyle.com udc-neb.kampyle.com www.googletagmanager.com sp.analytics.yahoo.com bat.bing.com analytics.convertlanguage.com *.akamaihd.net thumb.service.pinecast.com px.ads.linkedin.com insight.adsrvr.org px.ads.linkedin.com p.adsymptotic.com www.linkedin.com pixel.mathtag.com sync.mathtag.com cookie.havasedge.com event.havasedge.com tag.havasedge.com ads.stickyadstv.com cx.atdmt.com idsync.rlcdn.com simage2.pubmatic.com us-u.openx.net pixel.rubiconproject.com ib.adnxs.com dsum-sec.casalemedia.com ce.lijit.com pixel.advertising.com sync.search.spotxchange.com i.liadm.com rtb-csync.smartadserver.com sync.go.sonobi.com x.bidswitch.net eb2.3lift.com px.powerlinks.com match.sharethrough.com gw.helixbi.io s.amazon-adsystem.com; style-src 'self' *.thehartford.com *.hfdstatic.com ui.powerreviews.com fonts.googleapis.com *.custhelp.com *.akamaihd.net 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tealiumiq.com *.optimizely.com *.thehartford.com *.hfdstatic.com vsvipmw01.rightnowtech.com *.custhelp.com rules.atgsvcs.com display.powerreviews.com www.linkedin.com s.pinimg.com *.doubleclick.net *.akamaihd.net secure.adnxs.com insight.adsrvr.org data.adxcel-ec2.com aa.agkn.com aa.agkn.com sp.analytics.yahoo.com static.atgsvcs.com beacon.krxd.net bat.bing.com sjs.bizographics.com 530-ct.c3tag.com assets.contently.com track.contently.com hits.convergetrack.com s.delvenetworks.com as00.estara.com conv-tm.everesttech.net www.facebook.com connect.facebook.net adservice.google.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com mpsnare.iesnare.com uk132.infusionsoft.com solutions.invocacdn.com nebula-cdn.kampyle.com secure.leadforensics.com video.limelight.com www.limelight.com px.ads.linkedin.com www.livelook.com cdn.mouseflow.com mpp.mxptint.net onlinebusinessservicsc60333118us1.cobrowse.oraclecloud.com public.cobrowse.oraclecloud.com pixelg.adswizz.com readservices-b2c.powerreviews.com t.powerreviews.com ui.powerreviews.com www.rackcdn.com bcvipmw11.rightnowtech.com www.rnengage.com s.srvsynd.com trc.taboola.com tags.tiqcdn.com www.youtube.com i.ytimg.com i9.ytimg.com s.ytimg.com adadvisor.net cdn.ampproject.org analytics.convertlanguage.com so.rlcdn.com ecf.d41.co cdn.embed.ly js.adsrvr.org cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com cdn.invoca.solutions pnapi0.invoca.net sdk.helixbi.io snap.licdn.com pnapi.invoca.net pixel.mathtag.com cdn.evgnet.com sftp.us-4.evergage.com hartfordfire.evergage.com; media-src storage.pinecast.net pinecast.com; 1
default-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://cdn1.readspeaker.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://f1-eu.readspeaker.com https://evergabe.bmbfcluster.de blob:; img-src 'self' https://www.bmbf.de https://*.bmbfcluster.de data:;style-src 'self' https://cdn1.readspeaker.com 'unsafe-inline';font-src 'self' data:; 1
frame-ancestors 'self' *.winfuture.de *.winfuture.mobi; 1
script-src 'nonce-_HISpPd_KHS1M6ilRW_Wiw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
frame-ancestors 'self'  http://*.droom.in https://*.droom.in 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d34qmkt8w5wll9.cloudfront.net https://cdn.epidemicsound.com https://cdn.epidemicsound.com https://bat.bing.com https://js.braintreegateway.com https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://www.paypalobjects.com https://client-analytics.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://mbsy.co https://dev.visualwebsiteoptimizer.com https://connect.facebook.net/ https://serve.albacross.com https://assets.braintreegateway.com https://www.paypal.com https://www.googleadservices.com https://code.jquery.com https://js.driftt.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.recurly.com/ https://cdn.ampproject.org/ https://static.ads-twitter.com/uwt.js https://static.hotjar.com https://script.hotjar.com https://sc-static.net/scevent.min.js https://sc-static.net/js-sha256-v1.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://px.ads.linkedin.com/collect https://global.oktacdn.com/ https://ajax.googleapis.com/ https://cookie-cdn.cookiepro.com/ https://mc.yandex.ru; style-src 'self' 'unsafe-inline' https://d34qmkt8w5wll9.cloudfront.net https://cdn.epidemicsound.com https://cdn.epidemicsound.com https://tagmanager.google.com https://assets.braintreegateway.com https://global.oktacdn.com/ https://maxcdn.bootstrapcdn.com/; worker-src blob:; media-src 'self' https://*.epidemicsound.com https://d34qmkt8w5wll9.cloudfront.net https://cdn.epidemicsound.com https://cdn.epidemicsound.com https://dkihjuum4jcjr.cloudfront.net https://s3-eu-west-1.amazonaws.com https://videos.ctfassets.net https://global.oktacdn.com/; frame-src 'self' https://cdn.epidemicsound.com https://cdn.epidemicsound.com https://assets.braintreegateway.com https://*.cardinalcommerce.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://c.paypal.com https://www.youtube.com https://www.paypal.com https://www.sandbox.paypal.com https://js.driftt.com https://www.google.com/recaptcha/ https://api.recurly.com/ https://vars.hotjar.com https://mc.yandex.ru https:; font-src 'self' https://d34qmkt8w5wll9.cloudfront.net https://cdn.epidemicsound.com https://cdn.epidemicsound.com data: https://script.hotjar.com https://global.oktacdn.com/; child-src 'self' assets.braintreegateway.com c.paypal.com https://vars.hotjar.com https://mc.yandex.ru; object-src 'self'; img-src 'self' data: https: https://cdn.epidemicsound.com/player/20210225.18-f68d39cb305ebc24609eec3625a2a365ef885c19/ https://cdn.epidemicsound.com/player/20210225.18-f68d39cb305ebc24609eec3625a2a365ef885c19/ https://tr.snapchat.com/p https://mc.yandex.ru; default-src 'self' https://*.epidemicsound.com https://d34qmkt8w5wll9.cloudfront.net https://cdn.epidemicsound.com https://cdn.epidemicsound.com https://dkihjuum4jcjr.cloudfront.net https://s3-eu-west-1.amazonaws.com; connect-src 'self' https://cdn.epidemicsound.com https://cdn.epidemicsound.com https://*.epidemicsound.com https://www.googleapis.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://api.braintreegateway.com https://*.cardinalcommerce.com https://client-analytics.braintreegateway.com https://sentry.io https://dev.visualwebsiteoptimizer.com https://rec1.visualwebsiteoptimzer.com https://rec2.visualwebsiteoptimizer.com https://rec3.visualwebsiteoptimizer.com https://rec4.visualwebsiteoptimizer.com https://heatmap.visualwebsiteoptimizer.com https://www.facebook.com/tr/ https://*.braintree-api.com https://www.paypal.com https://cdn.contentful.com https://preview.contentful.com https://api.recurly.com/ https://cdn.ampproject.org/ https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/pagead/ https://bat.bing.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://dev-557126.okta.com/ https://cookie-cdn.cookiepro.com/ https://privacyportal.cookiepro.com/ https://mc.yandex.ru 1
script-src 'nonce-5328d78c921018832bda7df3eacb1142' 'nonce-b4IKuvM04IkjkY7qVM/uti0BX15NRLySwI12viroofg=' 'self' 'unsafe-eval' https: 'sha256-jTbbX7kA2AFEiHkjGYboK9ooUurX+Mc9th2/quUZwkI=' 'sha256-yntX1DMo3v8w5zK0Wt5LS96gm1dTl95wU0As+x8+vsU='; frame-ancestors 'none' 1
base-uri 'none'; default-src 'self'; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.addthis.com https://*.facebook.com https://*.google.com; connect-src 'self' https://*.mopinion.com https://*.addthis.com https://www.clarity.ms https://www.google-analytics.com; font-src 'self' https://use.fontawesome.com https://*.mopinion.com https://fonts.gstatic.com https://unpkg.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://* * blob: data:; media-src 'self'; object-src 'self'; script-src 'self' https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com https://*.mopinion.com https://connect.facebook.net https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://*.facebook.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://pagination.js.org https://cdnjs.cloudflare.com https://www.clarity.ms 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://unpkg.com https://cdn.jsdelivr.net https://*.mopinion.com https://use.fontawesome.com https://*.addthis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; report-uri /csp_violation_reporting_endpoint; report-to PolicyName; upgrade-insecure-requests 1
frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com 'unsafe-eval' 'unsafe-inline'; 1
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; connect-src * https:; img-src * blob: data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 1
worker-src 'none'; report-uri about:blank 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-OTI1MzQ1ODU5LDMzMTMxODM5NjU='; report-uri https://exceptions.hubspot.com/csp/report; 1
frame-ancestors https://we.are.expensify.com www.expensify.com https://viewer.expensify.com chrome-extension://oiicpdkmeclmgmlmbajefnkalcfageek 1
default-src 'self' https:;connect-src 'self' https: https://api.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.honeybadger.io https://api.sail-personalize.com https://api.sail-track.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://privacyportal.onetrust.com wss://*.hotjar.com;font-src 'self' data: https: https://ga-static-assets-s3.global.ssl.fastly.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://ga-static-assets-s3.global.ssl.fastly.net https://www.google-analytics.com https://ga-core.s3.amazonaws.com https://stats.g.doubleclick.net https://dc.ads.linkedin.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/ https://generalassemb.ly/ https://s3.amazonaws.com/static-assets.generalassemb.ly/;object-src 'none';worker-src blob: https:;media-src 'self' data: blob: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://cdn.cookielaw.org https://ga-static-assets-s3.global.ssl.fastly.net https://ak.sail-horizon.com https://www.google-analytics.com https://d1fc8wv8zag5ca.cloudfront.net https://tagmanager.google.com https://connect.facebook.net/ https://code.jquery.com/ https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdn.optimizely.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://stats.g.doubleclick.net;script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ak.sail-horizon.com https://cdn.optimizely.com https://www.googleadservices.com https://stats.g.doubleclick.net https://js-agent.newrelic.com;style-src 'self' data: https: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net;upgrade-insecure-requests;report-uri /core_content_security_policy/reports; 1
default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.yoast.com data: 'unsafe-inline' 'unsafe-eval' code.jquery.com *.gravatar.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com; frame-ancestors 'self' atos.net *.atos.net atosnews.net; 1
frame-ancestors 'self' *.facebook.com facebook.com *.miniclip.com miniclip.com 1
frame-ancestors self https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com; 1
img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net bat.bing.com res.cloudinary.com dxkdvuv3hanyu.cloudfront.net *.clover.com cloverstatic.com images.contentful.com mver.agkn.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net www.google-analytics.com lh3.googleusercontent.com www.google.com www.google.com.pr www.google.com.br www.google.com.co www.google.ca www.google.de www.google.ie www.google.co.uk www.google.co.in www.google.co.id www.googletagmanager.com *.gstatic.com heapanalytics.com static.intercomassets.com js.intercomcdn.com *.intercomcdn.com uploads.intercomusercontent.com *.online-metrix.net *.perka.com *.rfihub.com api.swiftype.com pixel.quantserve.com apintego.com app.nav.com t.powerreviews.com *.t.eloqua.com track.hubspot.com play.vidyard.com cdn.vidyard.com px.ads.linkedin.com p.adsymptotic.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io recaptcha.net www.linkedin.com s.amazon-adsystem.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com data.adxcel-ec2.com s.yimg.com *.mydisputemanager.com *.evidon.com; font-src data: 'self' maxcdn.bootstrapcdn.com *.clover.com cloverstatic.com fonts.gstatic.com heapanalytics.com js.intercomcdn.com use.fontawesome.com *.walkme.com; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com cloverstatic.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.perka.com player.vimeo.com www.youtube.com *.ytimg.com play.vidyard.com *.lendingfront.com s.amazon-adsystem.com *.walkme.com mainstreetinsights.firstdata.com *.mydisputemanager.com; connect-src 'self' bat.bing.com *.clover.com cloverstatic.com wss://*.clover.com *.contentful.com stats.g.doubleclick.net secure.geonames.org www.facebook.com www.google-analytics.com apis.google.com storage.googleapis.com *.greenhouse.io heapanalytics.com in.hotjar.com vc.hotjar.io uploads.intercomcdn.com uploads.intercomusercontent.com *.intercom.io wss://*.intercom.io h.online-metrix.net *.optimizely.com *.perka.com sentry.io api.swiftype.com d8a92f8280d84184bb69a3a4b74b61d1.app-search.us-west-2.aws.found.io *.powerreviews.com collection.bgalytics.com *.tt.omtrdc.net oamportal.fdvs.com *.donorschoose.org collection.sperse.io data.pendo.io recaptcha.net *.walkme.com ordering.app s.yimg.com *.mydisputemanager.com *.evidon.com; default-src 'self' *.clover.com cloverstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com *.clover.com cloverstatic.com nifegwy.neustar.biz googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.googleadservices.com www.google-analytics.com apis.google.com maps.googleapis.com tagmanager.google.com optimize.google.com www.google.com www.googletagmanager.com tracker.gaconnector.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com www.youtube.com secure.quantserve.com *.ytimg.com ui.powerreviews.com *.t.eloqua.com play.vidyard.com apps.mypurecloud.com secure.adnxs.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com img.en25.com snap.licdn.com amplify.outbrain.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com recaptcha.net *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com s.yimg.com sp.analytics.yahoo.com *.mydisputemanager.com *.evidon.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.clover.com cloverstatic.com fonts.googleapis.com tagmanager.google.com optimize.google.com heapanalytics.com *.natwest-tyl.com *.usetyl.com ui.powerreviews.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com *.mydisputemanager.com; media-src 'self' *.clover.com cloverstatic.com videos.ctfassets.net js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com h.online-metrix.net vd.vidoplay.com; frame-ancestors *.clover.com cloverstatic.com *.natwest-tyl.com *.usetyl.com *.perka.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.m-pathy.com *.amazon-adsystem.com *.ampproject.org *.glassboxdigital.io *.glassboxcdn.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.ytimg.com *.facebook.com *.healthwise.net *.humanavitality.com *.go365.com *.requirejs.org *.cdc.gov *.outbrain.com *.eloqua.com *.4see.mobi *.foreseeresults.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com humananews.com *.humananews.com *.en25.com *.msecnd.net *.visualstudio.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.ads-twitter.com *.3lift.com *.everesttech.net *.gumgum.com *.deepintent.com *.teads.tv *.everestjs.net *.googletagmanager.com *.mathtag.com *.demdex.net *.coveo.com data: blob:; object-src 'none'; 1
script-src 'self' 'unsafe-eval' https://static-sandbox.intsig.net https://static12013.intsig.net https://static.intsig.net https://www.googletagmanager.com https://hm.baidu.com https://www.google-analytics.com/ https://*.geetest.com/; worker-src 'self' blob: 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' d3svog4tlx445w.cloudfront.net *.fullstory.com *.googletagmanager.com *.google.com *.getclicky.com *.getdrip.com *.pingdom.net *.pardot.com *.freshdesk.com *.freshchat.com data:; style-src * 'self' 'unsafe-inline' d34uoa9py2cgca.cloudfront.net d3svog4tlx445w.cloudfront.net unpkg.com d36mpcpuzc4ztk.cloudfront.net; img-src * data: blob:; font-src * data:; connect-src * 'self' *.fullstory.com *.googletagmanager.com *.google.com *.getclicky.com; media-src * *.getdrip.com *.pingdom.net d36mpcpuzc4ztk.cloudfront.net *.freshdesk.com *.freshchat.com; frame-src * ; worker-src * blob: ; child-src * 1
default-src http: https: data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' builder.io; report-uri https://everlane.report-uri.com/r/d/csp/enforce' 1
default-src 'self' www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com fonts.gstatic.com api.kudoway.com stats.g.doubleclick.net cdn-broadcast002-iad.tokbox.com prd.jwpltx.com blob: cdn-broadcast002-pdx.tokbox.com *.tokbox.com www.odwebp.svc.ms; font-src 'self' fast.fonts.net fonts.gstatic.com; img-src 'self' i.ytimg.com www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com stats.g.doubleclick.net ssl.p.jwpcdn.com content.jwplatform.com developer.jwplayer.com blob: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline' www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com ssl.p.jwpcdn.com content.jwplatform.com translate.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com fast.fonts.net kudo-widget.s3.amazonaws.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.neh.gov/report-uri/enforce 1
script-src 'nonce-f72a55f7c56e734a6515741dd7ff87d4' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1566219408152923; frame-ancestors 'self' 1
frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com *.ariba.com 1
frame-ancestors 'self' https://cms.chronicle.com 1
frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 1
frame-src 'self' https://*.omniture.com https://*.adobe.com https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://analytics.analytics-egain.com https://princesscruises.egain.cloud https://princess.qualtrics.com https://sr.rlcdn.com https://www.facebook.com https://assets.adobedtm.com https://cdn.appdynamics.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://carnivalbrands.demdex.net https://servedby.flashtalking.com https://www.youtube.com https://*.princess.com; frame-ancestors 'self' https://*.princess.com https://*.polarres.com; 1
frame-ancestors 'self' https://autresiteclientdiframe.com 1
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https:; upgrade-insecure-requests; 1
connect-src 'self' *.novoresume.com https://uploads.intercomcdn.com *.stripe.com https://www.google-analytics.com connect.facebook.net api.usabilla.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io vc.hotjar.io *.hotjar.com ws://*.hotjar.com https://widget.trustpilot.com; default-src 'self' 'unsafe-inline' *.novoresume.com; font-src 'self' data: *.novoresume.com fonts.gstatic.com *.googleapis.com d6tizftlrpuof.cloudfront.net js.intercomcdn.com; frame-src 'self' *.stripe.com *.novoresume.com *.googleapis.com d6tizftlrpuof.cloudfront.net *.google.com *.hotjar.com https://intercom-sheets.com https://optimize.google.com https://widget.trustpilot.com https://player.vimeo.com; img-src 'self' data: https://downloads.intercomcdn.com https://www.googletagmanager.com https://cx.atdmt.com *.novoresume.com csi.gstatic.com www.gstatic.com *.doubleclick.net *.google.com *.google-analytics.com connect.facebook.net *.googleadservices.com www.facebook.com d6tizftlrpuof.cloudfront.net w.usabilla.com gifs.intercomcdn.com t.co static.intercomassets.com js.intercomcdn.com https://www.google-analytics.com https://optimize.google.com https://bat.bing.com www.google.us; media-src 'self' js.intercomcdn.com *.novoresume.com; object-src 'self' 'unsafe-eval' *.novoresume.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com d6tizftlrpuof.cloudfront.net *.novoresume.com *.google.com *.google-analytics.com *.googleadservices.com connect.facebook.net www.googletagmanager.com *.doubleclick.net www.facebook.com api.usabilla.com w.usabilla.com widget.intercom.io js.intercomcdn.com *.hotjar.com https://optimize.google.com https://bat.bing.com https://widget.trustpilot.com https://player.vimeo.com www.google.us; style-src 'self' 'unsafe-inline' tagmanager.google.com *.novoresume.com d6tizftlrpuof.cloudfront.net *.googleapis.com https://optimize.google.com 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.gstatic.com *.crisp.chat; img-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.crisp.chat data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com *.crisp.chat *.gstatic.com *.vimeo.com; connect-src *.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.stripe.com *.wappalyzer.com *.amazonaws.com wss://*.crisp.chat; worker-src 'none'; object-src 'none'; form-action 'self'; frame-ancestors 'none'; frame-src *.stripe.com *.crisp.chat *.vimeo.com; media-src 'self' *.crisp.chat; font-src 'self' *.crisp.chat 1
upgrade-insecure-requests; report-uri https://prezly.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://*.centris.ca https://*.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://www.google.ca https://www.google.com https://www.googletagmanager.com https://sb.scorecardresearch.com https://cdn.jsdelivr.net https://*.locallogic.co https://cdnjs.cloudflare.com https://browser.sentry-cdn.com https://segment.prod.bidr.io https://maps.google.com https://maps.google.ca https://maps.googleapis.com https://*.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com https://*.arcgis.com https://events.mapbox.com https://maxcdn.bootstrapcdn.com https://*.lrcontent.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.loginradius.com https://www.prospectsweb.com https://qc.prospects.com https://www.youtube.com https://*.tryinteract.com https://spark.adobe.com https://*.surveymonkey.com https://ajax.googleapis.com blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
default-src none; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://demo.mindbreeze.com https://www.google.com/recaptcha/* https://*.azurewebsites.net https://*.cloudflare.com https://s.ytimg.com https://www.youtube.com/iframe_api https://piwik.wu.ac.at https://ajax.googleapis.com https://maps.googleapis.com https://*.newrelic.com https://*.nr-data.net https://platform.twitter.com https://connect.facebook.net https://*.vo.msecnd.net/ https://newsletter.wu.ac.at/ https://*.clickdimensions.com; style-src 'self' 'unsafe-inline' https://*.azurewebsites.net https://*.clickdimensions.com https://demo.mindbreeze.com https://*.fabasoft.com https://piwik.wu.ac.at/ https://fonts.googleapis.com https://*.vo.msecnd.net/; frame-src https:; frame-ancestors 'self' http://*.coe.at https://piwik.wu.ac.at/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.azurewebsites.net https://vimeo.com https://bach.wu.ac.at https://apps.wu.ac.at; form-action 'self' https:; media-src 'self'; object-src 'self'; manifest-src 'self' 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
default-src 'self' blob: *.brightcove.com *.brightcove.net  https: data: 'unsafe-inline' 'unsafe-eval' 1
frame-src 'self' *.eprice.com.tw *.eprice.com.hk *.doubleclick.net *.g.doubleclick.net *.googletagservices.com *.googlesyndication.com *.safeframe.googlesyndication.com *.google.com *.yahoo.com www.facebook.com platform.twitter.com www.youtube.com datawrapper.dwcdn.net *.instagram.com *.tiktok.com *.rubiconproject.com a.amnet.tw cdn.aralego.net s7.addthis.com s0.2mdn.net r-tmk.sascdn.com csync.smartadserver.com *.bilibili.com *.adform.com *.ad-generation.jp *.admanmedia.com *.admixer.net *.adnxs.com *.Adsolut.in *.adsparc.com *.adtech.com *.Advertising.com *.advertising.com *.aniview.com *.aol.com *.aolcloud.net *.appnexus.com *.aps.amazon.com *.aralego.com *.atemda.com *.beachfront.com *.betweendigital.com *.betweendigital.com *.btrll.com *.buzzoola.com *.connectad.io *.console.cmcm.com *.contextweb.com *.districtm.io *.EMXDGT.com *.fair-trademedia.com *.freewheel.tv *.gammassp.com *.genieesspv.jp *.google.com *.gumgum.com *.impactify.io *.improvedigital.com *.indexexchange.com *.innity.com *.lijit.com *.loopme.com *.mox.tv *.oogle.com *.openx.com *.openx.net *.pubmatic.com *.revcontent.com *.rhythmone.com *.rtb.bidsxchange.com *.rtbhouse.com *.rubiconproject.com *.selectmedia.asia *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.springserve.com *.synacor.com *.teads.tv *.tremorhub.com *.truvid.com *.truvidplayer.com *.ucfunnel.com *.undertone.com *.vdo.ai *.xad.com *.criteo.com *.yimg.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com creative.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com trafforsrv.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: data: blob: 1
connect-src 'self' https://api.starlink.com https://www.starlink.com; script-src 'self' 'unsafe-eval' https://api.starlink.com https://maps.googleapis.com/ https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' https://api.starlink.com https://fonts.gstatic.com; worker-src 'self' blob: ; style-src 'self' 'unsafe-inline' https://api.starlink.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self' https://api.starlink.com; frame-src https://hcaptcha.com https://*.hcaptcha.com; 1
default-src 'self' fastly-insights.com *.fastly-insights.com blob: https://www.google-analytics.com https://docs.google.com 'unsafe-inline' 1
default-src 'self' https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://members.cj.com https://www.s2d6.com https://ad.admitad.com https://www.google-analytics.com https://di0tpek82kamr.cloudfront.net https://d2r1yp2w7bby2u.cloudfront.net https://www.googletagmanager.com https://wzrkt.com http://static.clevertap.com https://connect.facebook.net https://www.gstatic.com https://www.google.com; script-src 'self' 'unsafe-inline' https://members.cj.com https://dci.o18.click https://www.s2d6.com https://di0tpek82kamr.cloudfront.net https://www.google-analytics.com https://wzrkt.com https://d2r1yp2w7bby2u.cloudfront.net https://www.googletagmanager.com http://static.clevertap.com https://connect.facebook.net https://www.gstatic.com https://www.google.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://members.cj.com https://fonts.googleapis.com;  img-src *; media-src 'self' https://dci.o18.click https://tracktrack.org https://1.tracktrack.org https://assets.magzter.com; frame-src 'self' https://ts.tradetracker.net https://members.cj.com https://cj.dotomi.com https://www.emjcd.com https://tracking.icubeswire.co https://tracking.salesleaf.com https://ad.admitad.com https://traqkar.com https://staticxx.facebook.com https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://members.cj.com https://facebook.com https://ad.admitad.com https://nx739gu4ee.execute-api.ap-southeast-1.amazonaws.com https://m01og1v9h2.execute-api.ap-southeast-1.amazonaws.com https://sls.magzter.com https://www.google-analytics.com https://services.magzter.com https://magarticles.magzter.com https://newsfeeds.magzter.com https://live.magzter.com https://helpservices.magzter.com https://graph.facebook.com https://stats.g.doubleclick.net; report-uri https://sls.magzter.com/trackevents/prod/log/csplog 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: wss: 1
default-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 1
object-src 'none'; base-uri 'none'; script-src 'nonce-chZPh1pbueRR1f87TFfhiw==' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' http: https:; worker-src 'self'; report-uri https://csp.withgoogle.com/csp/appsheet/2; 1
frame-ancestors https://*.zscalertwo.net 'self' *.gehealthcare.com *.gehealthcare.com https://virtualevents.6connex.com https://ecr2020admin.expo-ip.com https://ecr2020.expo-ip.com/ https://overcome.6connex.eu https://gehealthcare.6connex.eu/ https://gehealthcare-oncology.com http://ge-eanm-sympo.com https://www.genworkshealth.com https://lives2020.e-lives.org https://www.virtualexpo.rf.gd https://ecr2021.expo-ip.com 1
default-src 'self' * data: blob: https: *.websiteplanet.com websiteplanet.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: websiteplanet.com *.websiteplanet.com  *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
default-src 'none'; connect-src bloghelpers.troyhunt.com links.services.disqus.com www.google-analytics.com stats.g.doubleclick.net syndication.twitter.com troyhunt.report-uri.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src disqus.com c.disquscdn.com www.google.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com; img-src 'self' c.disquscdn.com referrer.disqus.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com syndication.twitter.com platform.twitter.com *.twimg.com data:; script-src 'self' c.disquscdn.com disqus.com troyhunt.disqus.com www.google.com www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ 'sha256-dblwN9MUF0KZKfqYU7U9hiLjNSW2nX1koQRMVTelpsA=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com fonts.googleapis.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com; form-action *.twitter.com; media-src 'self'; base-uri 'self'; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 1
upgrade-insecure-requests;      frame-ancestors 'none';      object-src 'none';      base-uri 'self';      script-src 'self' 'nonce-t6YotzDY2RP3GQuAUjaNqqXd1ijfzXWXE8xjQDuSICA=' js.intercomcdn.com js.verygoodvault.com cdn.branch.io connect.facebook.net https://static.wolt.com/ *.google-analytics.com tagmanager.google.com www.googletagmanager.com apis.google.com      widget.intercom.io websdk.appsflyer.com *.googleapis.com d1tdp7z6w94jbb.cloudfront.net cdn.wolt.com beacon.riskified.com      d3e54v103j8qbb.cloudfront.net www.google.com *.cdn.prismic.io *.twitter.com appleid.cdn-apple.com;      worker-src blob:;      report-uri https://sentry.io/api/1433537/security/?sentry_key=6e2826809a1a476ab2c9aa8f03059910&sentry_environment=production 1
frame-ancestors 'self' https://*.spglobal.com 1
frame-ancestors 'self' qiqochat.com *.qiqochat.com; 1
default-src 'self'; connect-src 'self'  https://col.site24x7rum.com https://app.litmusworld.com https://*.tatasky.com https://*.g.doubleclick.net https://logs.juspay.in https://payments.juspay.in https://*.taboola.com/ https://www.google-analytics.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sf16-muse-va.ibytedtos.com https://s0.ipstatp.com https://static.bytedance.com https://a.quora.com https://bat.bing.com https://www.googletagservices.com https://maps.googleapis.com https://code.jquery.com https://*.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.sokrati.com https://ad.doubleclick.net https://www.googleadservices.com https://static.site24x7rum.com https://tagmanager.google.com https://ssl.gstatic.com https://www.tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://*.google.co.in/ https://www.gstatic.com/recaptcha/ https://*.twitter.com/ https://*.twimg.com/ https://www.youtube.com/ https://s.ytimg.com/ https://*.googlesyndication.com/ https://*.taboola.com/ https://payments.juspay.in/ https://static.ads-twitter.com/ https://cdn.invitereferrals.com/ https://www.googleoptimize.com/ https://optimize.google.com https://www.ref-r.com/ ; img-src 'self' https://business-sg.topbuzz.com https://business.topbuzz.com https://q.quora.com https://www.ref-r.com https://bat.bing.com https://maps.gstatic.com https://maps.googleapis.com https://*.facebook.com https://*.sokrati.com https://www.google.com https://www.google.co.in https://*.fls.doubleclick.net https://*.linkedin.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://ad.doubleclick.net/ https://*.google.com/ https://*.google.co.in/ https://*.tatasky.com/ https://*.taboola.com/ https://secure.adnxs.com/ https://optimize.google.com https://www.gstatic.com/ data: ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://*.twitter.com/ https://*.twimg.com/ https://optimize.google.com ; font-src 'self' https://tagmanager.google.com https://fonts.gstatic.com https://ssl.gstatic.com https://optimize.google.com data: ; frame-src 'self' bytedance: https://*.g.doubleclick.net https://*.fls.doubleclick.net https://app.litmusworld.com https://www.youtube.com https://www.google.com/ https://help.tatasky.com https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://www.ref-r.com/ https://player.vimeo.com/ https://payments.juspay.in/ https://optimize.google.com ; object-src 'self'; frame-ancestors https://*.tatasky.com ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.utsouthwestern.edu https://tagmanager.google.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.youvisit.com/tour/Embed/js3 https://s.ytimg.com/yts/jsbin/www-widgetapi-vfldp9JMF/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflGYMLFw/www-widgetapi.js https://www.youvisit.com/SmartScript/latest/smartscript.js https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.utsouthwestern.edu *.crazyegg.com *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.utsouthwestern.edu https://forms.office.com/ *.hotjar.com https://www.youvisit.com https://cdn.youvisit.com https://w.soundcloud.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 1
frame-ancestors 'self' hdfcrealty.com *.hdfcred.com   *.hdfc.com 1
child-src blob:;connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://edgecast-cf-prod.yahoo.net/;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://delivery.vidible.tv/ https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://cdn-ssl.vidible.tv/prod/ https://safeframes-mbst-pub-uw1.s3-us-west-1.amazonaws.com/darla/;img-src data: blob: http: https:;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/rq/darla/ https://fc.yahoo.com/sdarla/ https://e2e.fc.yahoo.com/sdarla/ https://safeframes-mbst-pub-uw1.s3-us-west-1.amazonaws.com/darla/ https://s.yimg.com/ds/scripts/ https://www.yahoo.com/polyfill.min.js https://yep.video.yahoo.com/js/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://cdn-ssl.vidible.tv/prod/player/js/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/aaq/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'nonce-LVw0VIh84yFxbnZ1fCa5UdQbsfpshHmzzOtTap2tmtlS10Ok' ;style-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://s.yimg.com/aaq/fp/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
frame-ancestors 'self' https://*.yandex.ru https://yastatic.net http://*.webvisor.com http://webvisor.com; 1
default-src 'self' https://*.dermstore.com; child-src 'self' https://*.dermstore.com https://*.dermstoretech.com https://www.googleadservices.com https://*.fls.doubleclick.net https://www.facebook.com https://www.google.com https://pubads.g.doubleclick.net https://px0.pbbl.co https://bam-cell.nr-data.net https://www.facebook.com; object-src 'none'; img-src 'self' data: about: 'self' https://*.dermstore.com https://dermstore.com https://*.dermstoretech.com https://p.typekit.net https://www.googletagmanager.com https://dermstore.evergage.com https://www.google.com https://collector-8550.tvsquared.com https://www.google.com https://ct.pinterest.com https://www.google-analytics.com https://www.google-analytics.com https://api.bam-x.com https://www.google-analytics.com https://pinterest.adsymptotic.com https://stats.g.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://bat.bing.com https://pubads.g.doubleclick.net https://px0.pbbl.co https://aa.agkn.com https://p.brsrvr.com https://tpc.googlesyndication.com https://resource.bizrate.com https://www.bluecore.com https://bevo.adsnative.com https://googleads.g.doubleclick.net https://tr.outbrain.com/ https://trc.taboola.com https://assets.pinterest.com https://log.pinterest.com https://medals.bizrate.com https://www.emjcd.com https://widget.rangeme.com; font-src 'self' data: https://*.dermstore.com https://media.dermstore.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.dermstore.com https://fonts.googleapis.com https://resource.bizrate.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.dermstore.com https://media.dermstore.com https://media.dermstore.com https://*.dermstoretech.com https://chat.dermstore.com/ https://js-agent.newrelic.com https://cdn.evgnet.com/beacon/dermstore/engage/scripts/ https://bam.nr-data.net https://www.googletagmanager.com https://edge.fullstory.com https://www.fullstory.com https://fullstory.com https://collector-8550.tvsquared.com https://www.google-analytics.com https://www.googleadservices.com https://static.narrativ.com https://pixel.mathtag.com https://s.pinimg.com https://s.yimg.com https://googleads.g.doubleclick.net https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://cdns.brsrvr.com https://insights.bizrate.com/ https://resource.bizrate.com https://cdn.pbbl.co https://px0.pbbl.co https://storage.googleapis.com https://connect.facebook.net https://www.googlecommerce.com https://www.bluecore.com https://bat.bing.com https://cl.qualaroo.com https://connect.facebook.net https://www.google.com https://apis.google.com https://cdns.brsrvr.com https://sc-static.net https://bam-cell.nr-data.net https://ah8.facebook.com https://cdn.taboola.com https://amplify.outbrain.com https://static.bam-x.com https://cdn.powerinboxedge.com https://d22xmn10vbouk4.cloudfront.net https://tr.outbrain.com https://www.gstatic.com https://platform.twitter.com https://assets.pinterest.com https://pixel.admedia.com https://medals.bizrate.com https://seal.stellaservice.com https://ln-rules.rewardstyle.com https://widget.rangeme.com; frame-src 'self' https://*.dermstore.com https://bid.g.doubleclick.net https://api.bam-x.com https://pixel.mathtag.com https://ct.pinterest.com https://accounts.google.com https://www.facebook.com https://tr.snapchat.com https://www.google.com https://cdn.pbbl.co https://*.fls.doubleclick.net https://dntcl.qualaroo.com https://tr6.snapchat.com https://fast.wistia.net/ https://platform.twitter.com https://www.checkbca.org https://ln-rules.rewardstyle.com; connect-src 'self' https://*.dermstore.com https://*.smartystreets.com https://dermstore.evergage.com https://bam.nr-data.net https://www.google-analytics.com https://www.google-analytics.com https://ct.pinterest.com https://api.bam-x.com https://rs.fullstory.com https://bam-cell.nr-data.net https://stats.g.doubleclick.net https://www.facebook.com https://bat.bing.com https://pubads.g.doubleclick.net https://analytics.google.com https://api.bluecore.com https://insights.bizrate.com https://s.yimg.com https://suggest.dxpapi.com; 1
frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com 1
default-src 'self' data: https://*.googleapis.com https://apis.google.com https://accounts.google.com https://www.google.com *.addthis.com https://*.facebook.com *.facebook.com https://*.linkedin.com https://*.thecn.com https://platform.twitter.com platform.twitter.com *.pinterest.com https://www.google-analytics.com; connect-src 'self' https://translate.googleapis.com https://www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' translate.googleapis.com *.addthis.com *.addthisedge.com *.pinterest.com https://www.google.com https://translate.google.com https://ajax.googleapis.com https://www.gstatic.com https://apis.google.com apis.google.com https://accounts.google.com https://translate.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.facebook.com https://platform.twitter.com *.facebook.com platform.twitter.com https://*.thecn.com https://*.linkedin.com; frame-ancestors 'self' http://www.oeconsortium.org https://www.oeconsortium.org; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://fonts.googleapis.com http://www.w3.org/2000/svg; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' * https://* *.addthis.com data: 1
default-src 'self' https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com http://w.soundcloud.com https://*.soundcloud.com http://platform.instagram.com https://platform.instagram.com https://randomhouse.scnem.com https://cloudbridge.eu http://cloudbridge.eu https://sharingbox.rhspecial.de https://*.google.com https://www.youtube-nocookie.com https://s7.addthis.com https://www.facebook.com/ https://vars.hotjar.com/ https://cdn.podigee.com/ https://open.spotify.com https://platform.twitter.com https://syndication.twitter.com https://*.instagram.com https://*.pinterest.com; connect-src 'self' http://*.issuu.com https://*.issuu.com http://*.digitalstores.net https://*.digitalstores.net https://www.facebook.com https://*.randomhouse.de  https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.google-analytics.com https://*.g.doubleclick.net http://*.playbuzz.com https://*.playbuzz.com  https://*.addthis.com http://*.addthis.com http://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://ct.pinterest.com https://book-base.de; font-src 'self' fonts.gstatic.com https://use.typekit.net/ https://cdn.podlove.org/ http://script.hotjar.com https://script.hotjar.com https://*.podigee.com; frame-ancestors 'self' https://open.spotify.com http://rhdemobilepreview:28080/ http://rhdemobilepreview:28081/ ; frame-src 'self' https://audionow.de/ https://open.spotify.com https://www.youtube-nocookie.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://s7.addthis.com/ https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com http://w.soundcloud.com https://*.soundcloud.com http://platform.instagram.com https://platform.instagram.com https://randomhouse.scnem.com https:/penguinrandomhouse.scnem2.com https://cloudbridge.eu http://cloudbridge.eu https://sharingbox.rhspecial.de  https://*.google.com  https://www.youtube-nocookie.com https://s7.addthis.com  https://cdn.podigee.com/  https://*.twitter.com https://*.instagram.com https://*.pinterest.com https://*.audionow.de; img-src 'self' data: www.google-analytics.com csi.gstatic.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com http://platform.twitter.com https://*.twimg.com http://randomhouse.scnem.com https:/penguinrandomhouse.scnem2.com https://randomhouse.scnem.com https://www.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com http://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://cx.atdmt.com https://cs.lkqd.net ttps://maps.gstatic.com https://maps.googleapis.com https://*.hotjar.com http://*.hotjar.com  https://*.smartadserver.com https://www.penguinrandomhouse.de; manifest-src 'self' data: www.google-analytics.com csi.gstatic.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com http://platform.twitter.com https://*.twimg.com http://randomhouse.scnem.com https:/penguinrandomhouse.scnem2.com https://randomhouse.scnem.com https://www.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com http://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://cx.atdmt.com https://cs.lkqd.net ttps://maps.gstatic.com https://maps.googleapis.com https://*.hotjar.com http://*.hotjar.com  https://*.smartadserver.com https://www.penguinrandomhouse.de; media-src 'self' 10.4.91.62 www.penguinrandomhouse.de; object-src 'self' 10.4.91.62 www.penguinrandomhouse.de; report-to /ContentSecurityPolicyReporter; script-src 'self' https://*.outbrain.com/ https://s.pinimg.com rhspecials.penguinrandomhouse.de www.penguinrandomhouse.de 'unsafe-eval' 'unsafe-inline' http://e.issuu.com/embed.js https://e.issuu.com/embed.js https://*.googleapis.com *.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com http://platform.instagram.com https://platform.instagram.com http://platform.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://randomhouse.scnem.com http://randomhouse.scnem.com  https:/penguinrandomhouse.scnem2.com https://sharingbox.rhspecial.de https://secure.quantserve.com https://rules.quantcount.com  https://*.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.gstatic.com https://connect.facebook.net  https://cdn.adrtx.net  http://vgrh.stage.digitalstores.net https://stage.digitalstores.net https://www.googleadservices.com https://layover.penguinrandomhouse.de  https://layover.randomhouse.de https://www.bic-media.com https://*.g.doubleclick.net https://www.facebook.com https://*.playbuzz.com http://*.playbuzz.com https://cdnjs.cloudflare.com https://s7.addthis.com http://s7.addthis.com http://m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com http://m.addthis.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com http://tagmanager.google.com https://s.ytimg.com https://*.podigee.com https://randomhouse.digitalstores.net/pbs.2.js https://cdn.podlove.org  https://*.hotjar.com https://www.instagram.com https://*.pinterest.com ; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com http://platform.twitter.com https://*.twimg.com  https://res-format-story.playbuzz.com https://optimize.google.com https://*.typekit.net https://cdn.podlove.org/ https://*.podigee.com; worker-src * 1
upgrade-insecure-requests; block-all-mixed-content;img-src 'self' data: https:;script-src  'unsafe-inline' 'unsafe-eval' https:;style-src  'unsafe-inline' 'unsafe-eval' https: ;frame-ancestors 'none'; 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com googletagmanager.com cdn.ravenjs.com ssl.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com 'nonce-yR9FMvMw4U1xiemiPaUlWsUAAVt0pPJ86HDTyOE2Hi9k/aW4'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com; connect-src http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src 'self'; script-src 'self' 'unsafe-inline' bat.bing.com cdn.aimtell.com cdn.shopify.com cdn.shopifycloud.com cdnjs.cloudflare.com connect.facebook.net d2wy8f7a9ursnm.cloudfront.net www.gstatic.com s3.amazonaws.com static.leadpages.net www.google-analytics.com www.googletagmanager.com www.google.com 7209406.collect.igodigital.com tags.tiqcdn.com deploytealium.com stats.g.doubleclick.net www.google-analytics.com player.vimeo.com/api/player.js noembed.com/embed; style-src 'self' 'unsafe-inline' blob: cdn.shopifycloud.com cdnjs.cloudflare.com; img-src 'self' blob: data: bat.bing.com cdn.shopify.com cdn.shopifycloud.com exchange.shopifycdn.com notify.bugsnag.com www.google.com www.gravatar.com www.facebook.com stats.g.doubleclick.net www.google-analytics.com v.shopify.com www.google.com www.google.ac www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.com.kh www.google.cc www.google.cd www.google.cf www.google.cat www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn g.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gf www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.iq www.google.ie www.google.co.il www.google.im www.google.co.in www.google.io www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.com.lc www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.ne www.google.com.nf www.google.com.ng www.google.com.ni www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pk www.google.com.pa www.google.com.pe www.google.com.ph www.google.pl www.google.com.pg www.google.pn www.google.co.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.rs www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.sm www.google.so www.google.st www.google.sr www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.to www.google.tn www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.co.za www.google.co.zm www.google.co.zw i.vimeocdn.com i.vimeocdn.com/video/*; font-src 'self' cdn.shopify.com cdn.shopifycloud.com cdnjs.cloudflare.com; connect-src 'self' www.facebook.com www.google-analytics.com api.leadpages.io cdn.aimtell.com s3.amazonaws.com monorail-edge.shopifysvc.com analytics.aimtell.com collect.tealiumiq.com stats.g.doubleclick.net noembed.com/embed vimeo.com/api/oembed.json vimeo.com/api/oembed* www.shopify.com/content-services/subscribers; frame-src 'self' www.facebook.com beacon.aimtell.com shopify.lpages.co www.google.com 9321158.fls.doubleclick.net player.vimeo.com; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' *.igbimo.com *.konga.com; style-src 'self' *.quickteller.com 'unsafe-inline' *.interswitchng.com https://tagmanager.google.com https://fonts.googleapis.com *.livechatinc.com; script-src 'self' *.google-analytics.com https://www.google-analytics.com *.kongapay.com kongapay-pg.kongapay.com 'unsafe-inline' 'unsafe-eval' *.igbimo.com *.pushwoosh.com *.google.com *.gstatic.com *.quickteller.com 'self' *.interswitchng.com *.algolianet.com *.algolia.net https://cdnjs.cloudflare.com/ajax/libs/lazysizes/4.0.2/lazysizes.min.js https://www.googletagmanager.com/ fullstory.com https://static.ads-twitter.com/uwt.js https://ajax.cloudflare.com *.twitter.com https://storage.googleapis.com https://creativecdn.com https://js-agent.newrelic.com/nr-1099.min.js http://static.ads-twitter.com/uwt.js *.livechatinc.com *.postaffiliatepro.com https://connect.facebook.net/ *.facebook.com/ *.doubleclick.net *.hotjar.com *.cloudfront.net/capture/UAT/konga.js https://stats.g.doubleclick.net *.yimg.com/ *.salecycle.com/ https://sp.analytics.yahoo.com https://static.criteo.net/js/ld/ld.js *.criteo.com *.chartbeat.com https://creativecdn.com *.typeform.com/ *.googleadservices.com *.scarabresearch.com/ *.o-s.io *.intel-vsa.verbio.com *.netcoresmartech.com *.netcore.co.in *.boxx.ai https://fcm.googleapis.com; img-src * data: https://creativecdn.com https://gethatch.com *.intel-vsa.verbio.com; frame-src 'self' *.igbimo.com *.konga.com *.kongapay.com *.youtube.com *.google.com https://d22j4fzzszoii2.cloudfront.net *.quickteller.com https://www.googletagmanager.com/ *.livechatinc.com *.hotjar.com *.salecycle.com https://dis.eu.criteo.com/ https://konga622377.typeform.com/ *.doubleclick.net *.scarabresearch.com/ *.facebook.com/ *.o-s.io/ *.intel-vsa.verbio.com https://creativecdn.com; font-src 'self' data: *.livechatinc.com *.themes.googleusercontent.com https://fonts.gstatic.com/ https://d22j4fzzszoii2.cloudfront.net/*; connect-src 'self' *.igbimo.com *.konga.com https://sentry.io *.google-analytics.com https://www.google.com.ng *.pushwoosh.com *.cloudinary.com https://www.google-analytics.com *.quickteller.com https://secure.livechatinc.com *.algolianet.com *.algolia.net *.fullstory.com *.doubleclick.net *.salecycle.com *.chartbeat.com *.google.com *.hotjar.com https://stats.g.doubleclick.net https://creativecdn.com https://www.googletagmanager.com https://analytics.twitter.com https://t.co https://ib.adnxs.com https://cdnjs.cloudflare.com *.scarabresearch.com *.yimg.com/ *.o-s.io/ *.netcoresmartech.com *.netcore.co.in *.boxx.ai https://fcm.googleapis.com; media-src *.livechatinc.com 1
default-src 'self' static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de data: blob: *.avm.de;frame-ancestors 'self' 1
frame-ancestors 'self' *.bnc.ca *.nbc.ca; 1
frame-ancestors 'self' *.netology-group.services 1
frame-ancestors https://*.donorperfect.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com translate.google.com translate.googleapis.com www.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net z.moatads.com v1.addthisedge.com m.addthis.com www.ebmcdn.net ssl.p.jwpcdn.com blob: cdn.rawgit.com public.tableau.com bam-cell.nr-data.net addevent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com s7.addthis.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com translate.googleapis.com addtocalendar.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors *.webtrends.com 'self' 1
frame-ancestors https://www.montblanc.com/ https://www.montblanc.com/ https://lb.pcae.cms01.int1.ewe1.aws.yoox.net https://lb.cae.cms01.int1.ewe1.aws.yoox.net https://lb.pcae.cms01.prd1.ewe1.aws.prod.e-comm https://lb.cae.cms01.prd1.ewe1.aws.prod.e-comm https://ecomm.ynap.biz/api/richemont1 *.dimelo.com https://richemont.ws.dimelo.com https://dimelo.s3.amazonaws.com richemont.dimelochat.com https://media.yoox.biz http://webcache.googleusercontent.com; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' traffic-drivers.unibuddy.co cdn.unibuddy.co cdn.jsdelivr.net embed.tawk.to pub21.bravenet.com assets.bnidx.com apps.bravenet.com widgets.flickr.com embedr.flickr.com public.tableau.com e1.envoke.com cdnjs.cloudflare.com ajax.googleapis.com 25livepub.collegenet.com platform.twitter.com googleads.g.doubleclick.net cdn.syndication.twimg.com code.jquery.com connect.facebook.net cse.google.com e.issuu.com ssl.google-analytics.com ucads-cdn.ucweb.com uwinnipeg.ca www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com ; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net pub21.bravenet.com e1.envoke.com cdnjs.cloudflare.com  www.google.com platform.twitter.com fonts.googleapis.com ajax.googleapis.com uwinnipeg.ca ton.twimg.com 'unsafe-eval'; img-src 'self' data: web-assets.uwinnipeg.ca cdn.jsdelivr.net static-v.tawk.to c1.staticflickr.com farm5.staticflickr.com public.tableau.com files.envoke.com abs.twimg.com www.google.ca www.gstatic.com 25livepub.collegenet.com clients1.google.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com googleads.g.doubleclick.net pbs.twimg.com ton.twimg.com www.google-analytics.com www.facebook.com syndication.twitter.com uwinnipeg.ca platform.twitter.com www.fourmilab.ch ssl.google-analytics.com www.google.com www.googleapis.com www.googletagmanager.com; font-src 'self' data: static-v.tawk.to apps.bravenet.com maxcdn.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' *.tawk.to wss://*.tawk.to 25livepub.collegenet.com pub21.bravenet.com fonts.googleapis.com ajax.googleapis.com www.google.com www.google.com e1.envoke.com api.ipapi.com google-analytics.com www.facebook.com www.google-analytics.com ssl.google-analytics.com ca.api4load.com gjtrack.ucweb.com plugin.ucads.ucweb.com; object-src 'self' www.youtube.com; child-src 'self' www.googletagmanager.com www.youtube.com bid.g.doubleclick.net cse.google.ae cse.google.ca cse.google.com e.issuu.com indd.adobe.com platform.twitter.com syndication.twitter.com uwinnipeg.ca www.google.com; frame-src 'self' forms.office.com traffic-drivers.unibuddy.co player.vimeo.com popcard.unibuddy.co unibuddy.co www.juicer.io uwinnipegca.elluciancrmrecruit.com uwinnipegcatest.elluciancrmrecruit.com  va.tawk.to embed.radiopublic.com www.chemicalsafety.com chemicalsafety.com static.issuu.com  w.soundcloud.com www.flickr.com public.tableau.com www.lapersonnelle.com www.thepersonal.com www.youtube.com 25livepub.collegenet.com cse.google.ca cse.google.com bid.g.doubleclick.net uwinnipeg.ca platform.twitter.com syndication.twitter.com www.google.com e.issuu.com indd.adobe.com ; frame-ancestors 'self' uwinnipegca.elluciancrmrecruit.com panopto.uwinnipeg.ca collegiate.uwinnipeg.ca ; media-src 'self' web-assets.uwinnipeg.ca; form-action 'self' www.bettermail.ca platform.twitter.com syndication.twitter.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src * 'unsafe-inline'; font-src https: data:; frame-ancestors 'self' localhost:4000; frame-src 'self' www.mindmeister.com accounts.google.com docs.google.com dl.dropboxusercontent.com platform.harvestapp.com player.vimeo.com zapier.com www.youtube.com www.facebook.com optimize.google.com chrome://pdf-viewer; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.bing.com https://*.bizographics.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com/bat.js https://sjs.bizographics.com/insight.min.js https://static.ads-twitter.com/uwt.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://analytics.twitter.com/i/adsct https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://use.typekit.net https://static.oktopost.com/oktrk.js https://okt.to https://www.browsealoud.com https://plus.browsealoud.com https://*.speechstream.net https://fonts.googleapis.com https://apis.google.com https://wikisum.texthelp.com/ https://www.gstatic.com/firebasejs/6.0.4/firebase-app.js https://www.gstatic.com/firebasejs/6.0.4/firebase-messaging.js https://mautic.texthelp.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js https://f.vimeocdn.com/js/froogaloop2.min.js https://www.buzzsprout.com https://mautic.texthelp.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com ;frame-ancestors https://mautic.texthelp.com; 1
default-src 'unsafe-inline' https:; img-src data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; frame-ancestors 'self' https://www.20min.ch https://*.unitycms.io; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://codeburst.io https://*.codeburst.io https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 1
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com  www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.litix.io embedwistia-a.akamaihd.net/ https://*.marketo.net https://*.salesforceliveagent.com https://*.wistia.com https://1.tl813.com https://a.adroll.com/ https://a.sfdcstatic.com https://analytics.twitter.com https://apis.google.com https://app-sj15.marketo.com https://autocomplete.demandbase.com https://cdn.cookielaw.org/consent/4a3b4a16-9af0-4726-976d-39737fb16905.js https://checkout.stripe.com https://connect.facebook.net https://connectors.tableau.com https://d.adroll.com/ https://d.adroll.mgr.consensu.org https://demdex.com https://dpm.demdex.net https://fast.wistia.com https://fast.wistia.net/ https://geolocation.onetrust.com https://googleads.g.doubleclick.net/ https://js.adsrvr.org/ https://m.addthis.com https://m.addthisedge.com https://omtr2.partners.salesforce.com https://org62.my.salesforce.com https://platform.twitter.com https://play.vidyard.com https://px.ads.linkedin.com/ https://quip-cdn.com https://quip-marketing.com https://s.adroll.com/ https://s.ytimg.com https://s7.addthis.com https://scripts.demandbase.com https://sdk.snapkit.com https://secure2.sfdcstatic.com https://sjs.bizographics.com https://snap.licdn.com/ https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://static.lightning.force.com https://store.salesforce.com https://t.sf14g.com https://tag.demandbase.com/shared/forms.min.js https://tagmanager.google.com https://tracking.g2crowd.com https://vidassets.terminus.services https://wistia.com https://www-onepick-opensocial.googleusercontent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com/csp/dtag https://www.youtube.com; frame-ancestors https://www.quip-resource-center.com http://www.quip-resource-center.com; report-uri /csp-report 1
script-src https: 'self' 'unsafe-inline' 'unsafe-eval' www.google.com maps.googleapis.com fonts.googleapis.com ajax.googleapis.com www.gstatic.com fonts.gstatic.com www.google-analytics.com docs.google.com www.googletagmanager.com www.googleadservices.com ajax.cloudflare.com connect.facebook.net 1
frame-ancestors 'self' https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=GB&lang=en-GB&device=desktop&yrid=cgo8g1dg3jl9b&partner=; 1
script-src 'self' *.startpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' data: *.startpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com; report-uri https://www.startpage.com/do/cspvr 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src https: 'self' 'unsafe-inline' *.onetrust.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.force.com *.cookiebanners.com ;script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' *.onetrust.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.googleapis.com *.chargebee.com *.jquery.com *.fullstory.com js.chargebee.com *.chargebeestatic.com *.1trust.app *.cloudfront.net *.cookiepro.com *.bing.com *.en25.com *.intercom.io *.intercomcdn.com *.gstatic.com *.google.com *.driftt.com *.force.com *.cookiebanners.com;font-src https: 'self' data: *.onetrust.com *.googletagmanager.com fonts.google.com *.force.com;img-src 'self' data: *; media-src 'self' blob:  data: *.onetrust.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.cookiebanners.com;object-src 'none'; base-uri 'none'; frame-ancestors 'self'; frame-src 'self' *.onetrust.com *.wistia.com *.wistia.net *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.google.com *.driftt.com *.force.com *.cookiebanners.com;connect-src 'self' data: * ; 1
script-src 'unsafe-inline' *.typeform.com *.carthook.com *.stripe.com *.convertkit.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.algolianet.com *.jsdelivr.net *.algolia.net *.doubleclick.net *.facebook.com *.cloudflare.com *.sumo.com *.crazyegg.com *.examinecdn.com *.sumome.com *.google.com 'self' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 1
frame-src 'self' https://*.hel.fi https://suite.icareus.com https://*.helsinkikanava.fi https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.twitter.com https://*.linkedin.com https://*.readspeaker.com https://*.vimeo.com https://*.google.com https://*.siteimproveanalytics.com https://*.snoobi.com https://*.dreambroker.com https://youtu.be https://dreambroker.com https://pollev.com https://e.infogram.com https://tyoterveys-helsinki-pv.mail-eur.net https://walls.io https://*.youtube-nocookie.com https://*.flockler.com https://*.lightwidget.com https://hel-thk-botti.kuurahealth.com https://*.giosg.com https://*.giosgusercontent.com https://helfi.fi1.frosmo.com https://survey.feedbackly.com https://survey.userneeds.com https://*.powerbi.com https://coh-chat-app-test.eu-de.mybluemix.net https://coh-chat-app-dev.eu-de.mybluemix.net https://coh-chat-app-prod.eu-de.mybluemix.net ; 1
frame-ancestors 'self' online.greatergiving.com supporter.greatergiving.com; 1
upgrade-insecure-requests;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com https://go.zen.co.uk https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://sjs.bizographics.com https://js.bizographics.com https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://bat.bing.com https://s3.amazonaws.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://errors.angularjs.org https://code.jquery.com https://stackpath.bootstrapcdn.com https://livechat.zen.co.uk https://www.googleadservices.com https://tagmanager.google.com https://www.zen.co.uk https://secure.leadforensics.com https://secure.quantserve.com https://rules.quantcount.com https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net https://zen-internet-ltd.disqus.com https://disqus.com https://c.disquscdn.com https://widget.trustpilot.com https://dec.azureedge.net https://cdn.insight.sitefinity.com https://static-demo.mention-me.com https://static.mention-me.com https://tag-demo.mention-me.com https://tag.mention-me.com https://optimize.google.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://static.ads-twitter.com https://analytics.twitter.com https://secure.adnxs.com;object-src 'none';style-src 'self' 'unsafe-inline' https://c.disquscdn.com https://platform.twitter.com https://ton.twimg.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://optimize.google.com;img-src 'self' https://www.google-analytics.com https://wallpaperplay.com https://wallpaperaccess.com https://www.google.com https://www.google.co.uk https://i.ytimg.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://gtrk.s3.amazonaws.com https://livechat.zen.co.uk https://zen-marketingwebsite-data.s3.amazonaws.com https://zen-marketingwebsite2-data.s3.amazonaws.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn-ukwest.onetrust.com data: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com https://ton.twimg.com https://t.co https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://ssl.gstatic.com https://www.gstatic.com https://c.disquscdn.com https://referrer.disqus.com https://pixel.quantserve.com https://bat.bing.com https://secure.adnxs.com;media-src 'self';frame-src 'self' https://www.youtube.com https://livechat.zen.co.uk https://myaccount.zen.co.uk https://www.google.com https://maps.google.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://disqus.com https://identity.sysdevext.zen.co.uk https://identity.zen.co.uk https://vars.hotjar.com https://widget.trustpilot.com https://demo.mention-me.com https://mention-me.com https://zen.mention-me.com https://optimize.google.com https://servedby.flashtalking.com;font-src 'self' https://use.fontawesome.com https://script.hotjar.com;connect-src 'self' https://www.google-analytics.com https://dc.services.visualstudio.com https://links.services.disqus.com https://nl-api.dec.sitefinity.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://tag.mention-me.com https://mention-me.com;frame-ancestors 'self';report-uri /WebResource.axd?cspReport=true 1
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us https://d17o6on0vd932d.cloudfront.net blob: 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: about: https://ruanshi2.8686c.com https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://d2b9h3rz4xo53c.cloudfront.net https://d24cgw3uvb9a9h.cloudfront.net https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://static.zoom.com.cn https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/* https://optimize.google.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/releases/ https://www.gstatic.cn/recaptcha/releases/ https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://www.recaptcha.net https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://d17o6on0vd932d.cloudfront.net https://www.gstatic.com https://www.gstatic.cn https://fonts.googleapis.com https://hcaptcha.com https://assets.hcaptcha.com https://*.ada.support https://*.adroll.com https://*.hotjar.com https://*.zoom.us https://*.zoomcloudpbx.com https://*.zoomus.cn https://*.zopim.com https://adroll.com https://zoom.us https://apis.google.com https://*.zoom.com.cn 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';frame-ancestors 'self' *.zoomcloud.cn; 1
frame-ancestors 'self' *.dxnssee-cloud.eu *.kotsovolos.gr *.dynamics.com 1
report-uri /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com pixel.mathtag.com n26.go2cloud.org tr.snapchat.com *.youtube-nocookie.com youtube-nocookie.com boards.greenhouse.io;connect-src 'self' https://api.tech26.de https://api.tech26.us * fonts.googleapis.com;font-src 'self' data:;img-src https://api.tech26.de https://api.tech26.us 'self' data: images.ctfassets.net images.contentful.com * *.greenhouse.io;media-src videos.contentful.com videos.ctfassets.net;object-src 'none';style-src 'unsafe-inline' fonts.googleapis.com tagmanager.google.com;script-src n26-trusted.n26.com 'self' polyfill.io cdn.number26.de 'unsafe-inline' * *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com boards.greenhouse.io 'unsafe-inline';worker-src 'self';default-src * 1
frame-ancestors self *.moneyweb.co.za http://preview.moneyweb-2.instantmagazine.com http://moneyweb-2.instantmagazine.com *.instantmagazine.com 1
child-src 'self' blob: tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net;connect-src 'self' *.flickr.com *.staticflickr.com *.civiccomputing.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.doubleclick.net *.gstatic.com *.googlesyndication.com *.hotjar.com *.google-analytics.com *.yahoo.com *.disquscdn.com *.disqus.com disqus.com *.emailcc.com emailcc.com blob: *.akamaihd.net *.boltdns.net tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.boltdns.net *.akamaihd.net www.facebook.com;default-src 'self' *.googlesyndication.com *.disquscdn.com *.disqus.com disqus.com *.lawsociety.org.uk *.google-analytics.com *.doubleclick.net *.gstatic.com *.adservice.google.ie *.adservice.google.com.sg *.adservice.google.ro *.adservice.google.de *.adservice.google.co.in *.adservice.google.fr *.googletagmanager.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.hotjar.com *.civiccomputing.com *.emailcc.com emailcc.com *.spreaker.com *.infogram.com tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net;font-src 'self' data: *.slidesharecdn.com *.slideshare.net fast.fonts.net *.hotjar.com *.gstatic.com tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net;frame-src 'self' *.livestream.com data: *.youtube.com *.ytimg.com *.twitter.com *.ads-twitter.com *.carto.com *.spreaker.com *.concep.com *.slidesharecdn.com *.slideshare.net *.storify.com *.hotjar.com *.doubleclick.net *.google.com *.google.co.uk *.infogram.com *.disquscdn.com *.disqus.com disqus.com *.googlesyndication.com *.emailcc.com emailcc.com *.akamaihd.net *.boltdns.net *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net  www.facebook.com staticxx.facebook.com www.googletagservices.com;img-src 'self' data: blob: *.youtube.com *.ytimg.com *.googleapis.com *.google.com *.google.co.uk *.twitter.com *.ads-twitter.com *.twimg.com *.yahoo.com *.webscanningservice.com *.flickr.com *.staticflickr.com *.google-analytics.com *.doubleclick.net *.gstatic.com *.hotjar.com *.lawsociety.org.uk *.disquscdn.com *.disqus.com disqus.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.boltdns.net tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net *.boltdns.net *.googlesyndication.com px.ads.linkedin.com www.facebook.com *.lawgazette.co.uk www.linkedin.com d1d8vslyhr7rdg.cloudfront.net;media-src 'self' blob: *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net;object-src *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net;report-uri  https://lawsocietyorguk.report-uri.com/r/d/csp/enforce https://7ir5fiw82m.execute-api.eu-west-1.amazonaws.com/beta;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.youtube.com *.ytimg.com *.twitter.com *.ads-twitter.com *.twimg.com blob: *.flickr.com *.staticflickr.com *.concep.com *.googletagmanager.com *.spreaker.com *.hotjar.com *.google-analytics.com *.adservice.google.ie *.adservice.google.com.sg *.adservice.google.ro *.adservice.google.de *.adservice.google.co.in *.adservice.google.fr *.google.com *.google.co.uk *.gstatic.com *.doubleclick.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.infogram.com *.disquscdn.com *.disqus.com disqus.com *.civiccomputing.com *.jquery.com *.emailcc.com emailcc.com tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net prdsitecore-2019-cd.azurewebsites.net tlsuatsitecore-single.azurewebsites.net tlsstgsitecore-cd.azurewebsites.net tlsstgsitecore-cm.azurewebsites.net tlsuatsitecore-single.azurewebsites.net *.civiccomputing.com *.jquery.com cdnjs.cloudflare.com c.contentsvr.com *.emailcc.com *.ytimg.com *.bizographics.com connect.facebook.net snap.licdn.com cdn.ampproject.org *.googleadservices.com *.googletagservices.com;style-src 'unsafe-inline' *.googleapis.com 'self' fast.fonts.net *.twitter.com *.ads-twitter.com *.disquscdn.com *.disqus.com disqus.com *.googletagmanager.com tlsstgsitecore.azureedge.net tlsprdsitecore.azureedge.net tlsuatsitecore-single.azurewebsites.net tagmanager.google.com cdn.ampproject.org ;upgrade-insecure-requests; 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' 1
script-src 'nonce-c911c33ef1c1f88dff7c587ca6ac2b41' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com *.youtube.com *.ytimg.com; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=1052883139308316; frame-ancestors 'self' 1
script-src 'nonce-JpCQ6LjFJ6HZHiPEX7oYBtk2SBPTH4PSd6806RU83nvVcOrLW9HuJx9bBTClMxWX' 'strict-dynamic' https: 'self'; object-src 'none'; base-uri 'self' 1
block-all-mixed-content; default-src 'none; script-src 'none'; style-src 'self'; img-src 'self'; connect-src 'none'; font-src 'self'; object-src 'none'; media-src 'self'; frame-src 'none'; form-action 'none'; frame-ancestors 'none'; base-uri 'self'; worker-src 'none'; manifest-src 'none'; sandbox allow-same-origin allow-downloads 1
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org codecurricula.com 1
frame-ancestors 'self' https://*.designcrowd.com; 1
frame-ancestors 'self' https://www.iprusalesbeta.com http://ribstg.icicibankltd.com:9082 https://*.iciciprulife.com https://*.icicibank.com https://www.cardekho.com http://www.firstcry.com http://www.moneycontrol.com https://economictimes.indiatimes.com http://www.mensxp.com http://www.idiva.com https://timesofindia.indiatimes.com http://www.businessinsider.in https://www.valueresearchonline.com https://www.indiatimes.com https://m.timesofindia.com  https://m.economictimes.com https://secure.icicidirect.com https://*.addng.com https://*.gettng.com; 1
default-src 'unsafe-inline'  'unsafe-eval' 'self'  shangdu.com *.shangdu.com *.shangdu.net *.baidu.com *.qq.com *.weibo.com *.huliang.com *.shangdu.pro *.online.cn *.thangdu.com thangdu.com *.zz.ha.cn 1
frame-src app.powerbi.com *.deutschland-machts-effizient.de *.youtube-nocookie.com piwik.itzbund.de *.youtube.com 1
default-src 'self' data: https://internalgogdemo.terracycle.com https://fonts.gstatic.com/ https://use.typekit.net/ https://d3c39yxulteaif.cloudfront.net/; script-src 'self' 'unsafe-inline' data: https://internalgogdemo.terracycle.com https://analytics.twitter.com/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://b-code.liadm.com/a-00v3.min.js https://cdn.leadmanagerfx.com/js/mcfx/2794 https://cdn.leadmanagerfx.com/phone/js/2794 https://connect.facebook.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://log.pinterest.com/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://script.hotjar.com/ https://secure.wufoo.com/scripts/embed/form.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ssl.google-analytics.com/ga.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://use.typekit.net/ https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.redditstatic.com/ads/pixel.js https://www.wufoo.com/scripts/embed/form.js https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://syndication.twitter.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://assets.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/; img-src 'self' https://internalgogdemo.terracycle.com https://tc-global-prod.s3.amazonaws.com/ https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com/gog-prod/ https://alb.reddit.com/ https://assets.pinterest.com/images/pidgets/ https://c.liadm.com/ https://log.pinterest.com/ https://maps.googleapis.com/maps/vt https://maps.gstatic.com/mapfiles/ https://p.typekit.net/ https://px.ads.linkedin.com/ https://rp.liadm.com/ https://stats.g.doubleclick.net/r/ https://syndication.twitter.com/i/ https://t.co/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com https://tc-shop-stage.s3.amazonaws.com/ https://tc-shop-prod.s3.amazonaws.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white* https://www.google.at/ https://www.google.be/ https://www.google.br/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.uk/ https://www.google.com/ https://www.google.de/ https://www.google.dk/ https://www.google.es/ https://www.google.fr/ https://www.google.hu/ https://www.google.ie/ https://www.google.jp/ https://www.google.kr/ https://www.google.mx/ https://www.google.nl/ https://www.google.nz/ https://www.google.se/ https://shop.terracycle.com/ filesystem:; connect-src 'self' https://internalgogdemo.terracycle.com https://ipapi.co/json https://maps.googleapis.com/maps/api/geocode/json https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/2794 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information https://www.google-analytics.com https://rp.liadm.com/; plugin-types application/pdf application/xml 1
default-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; media-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; prefetch-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; script-src https://www.phonepe.com https://www.googletagmanager.com https://phonepe.com https://website.phonepe.com https://www.gstatic.com https://www.google.com http://api.recaptcha.net https://cdn.jotfor.ms https://form.jotform.me https://code.jquery.com https://www.google-analytics.com https://platform.twitter.com/ 'self' 'unsafe-inline'; style-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com  https://cdn.jotfor.ms https://fonts.googleapis.com http://api.recaptcha.net 'self' 'unsafe-inline'; img-src data: https://website.phonepe.com data: https://www.phonepe.com https://phonepe.com https://imgstatic.phonepe.com http://images.phonepe.com http://api.recaptcha.net https://cdn.jotfor.ms www.googletagmanager.com 'self' https://www.google-analytics.com; font-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com https://cdn.jotfor.ms https://fonts.gstatic.com/ 'self'; connect-src https://api.phonepe.com https://www.phonepe.com https://phon.pe https://phonepe.com https://website.phonepe.com https://insights-api.phonepe.com 'self'; frame-src http://api.recaptcha.net https://form.jotform.me https://docs.google.com https://qr.phonepe.com https://www.google.com https://phonepe.helpshift.com https://phonepe.freshdesk.com *.phonepe.com https://www.sisainfosec.com https://website.phonepe.com https://www.youtube.com https://platform.twitter.com/; frame-ancestors https://mercury.phonepe.com https://mercury-t1.phonepe.com https://mercury-t2.phonepe.com; report-uri https://csp.phonepe.com/log 1
frame-ancestors 'self' emaildesign.beefree.io 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com 1
frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp http://bkoffice.sov.gs.corp http://shdwbkoffice.sov.gs.corp; 1
base-uri 'none'; object-src 'none'; script-src 'self' https: 'unsafe-inline'; 1
: default-src data: self 'unsafe-inline' 'unsafe-eval'  *.nbe.com.eg https://www.youtube.com https://migs.mastercard.com.au youtube.com https://migs-mtf.mastercard.com.au https://cap.attempts.securecode.com cdnjs.cloudflare.com facebook.com connect.facebook.net fonts.gstatic.com *.doubleclick.net *.ytimg.com maps.googleapis.com cdn.jsdelivr.net plugin.accessibilityeg.com fonts.googleapis.com *.googlevideo.com *.google.com *.ggpht.com *.twitter.com www.facebook.com maps.gstatic.com; 1
frame-ancestors 'self'  *.bankia.int *.bankia.es 1
frame-ancestors https://informatica.seismic.com https://content.informatica.com https://infa.my.salesforce.com https://infa.lightning.force.com; 1
frame-ancestors 'self' https://teams.microsoft.com https://teams.microsoft.us https://local.teams.office.com https://int.teams.microsoft.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms; report-uri /cspreport 1
frame-ancestors 'self' http://webvisor.com/ https://webvisor.com/ 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors www.facebook.com 'self' 1
default-src https://tpc.googlesyndication.com https://*.safeframe.googlesyndication.com; style-src 'self' 'unsafe-inline' https://cdn.flowplayer.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: https://www.google.com https://www.google.pl https://www.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.flowplayer.com https://cdn.ampproject.org https://tpc.googlesyndication.com http://ckeditor.iframe.ly https://cdnjs.cloudflare.com https://www.google.com https://www.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://adservice.google.com https://adservice.google.pl https://securepubads.g.doubleclick.net https://www.gstatic.com https://*.hit.gemius.pl https://connect.facebook.net https://platform.twitter.com;; font-src 'self' data: https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; connect-src 'self' https://play.lwcdn.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.com https://*.googlesyndication.com https://www.google-analytics.com https://csi.gstatic.com https://www.google-analytics.com; object-src 'self'; frame-src 'self' https://iframe.dacast.com https://images.dacast.com https://webstreaming.europarl.europa.eu https://multimedia.europarl.europa.eu https://*.dcs.redcdn.pl https://ljsp.lwcdn.com https://igrafika.pap.pl https://*.googlesyndication.com https://www.youtube.com https://www.google.com https://infostrefa.tv https://*.hit.gemius.pl https://maps.google.com https://www.facebook.com https://platform.twitter.com; base-uri 'self'; 1
frame-ancestors https://*.bewakoof.com/ https://microapps.google.com/ 'self' 1
upgrade-insecure-requests; base-uri 'self'; default-src  https://capture.trackjs.com 'self' 'unsafe-eval' 'unsafe-inline' *.akafms.net *.akamaihd.net *.boltdns.net *.cloudflare.com *.datadoghq.eu *.jsdelivr.net about: about: blob: data: http://mystore.decathlon.net/ https://*.abtasty.com https://*.adnxs.com https://*.amazonaws.com https://*.api.gouv.fr https://*.bing.com https://*.booxi.com https://*.booxi.eu https://*.braintree-api.com https://*.braintreegateway.com https://*.brightcove.com https://*.brightcove.net https://*.cloudfront.net https://*.commander1.com https://*.commandersact.com https://*.cube-net.org https://*.cube-net.pub https://*.custhelp.com https://*.dc-storm.com https://*.decathlon.com https://*.decathlon.fr https://*.decathlon.io https://*.decathlon.net https://*.doubleclick.net https://*.etrusted.com https://*.facebook.com https://*.facebook.net https://*.flagship.com https://*.google-analytics.com https://*.google.com https://*.google.fr https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.iadvize.com https://*.kelkoogroup.net https://*.linksynergy.com https://*.livestorm.co https://*.luckyorange.com https://*.luckyorange.net https://*.mediadecathlon.com https://*.mediaforge.com https://*.mopinion.com https://*.mypangee.com https://*.numerized.com https://*.nxtck.com https://*.omnitagjs.com https://*.oppwa.com https://*.oxylane.com https://*.paypal.com https://*.privacy-center.org https://*.pubmatic.com https://*.rakuten.com https://*.segment.com https://*.smartsuppcdn.com https://*.smooch.io https://*.stripe.com https://*.tagcommander.com https://*.target2sell.com https://*.teester.com https://*.tradelab.fr https://*.trustcommander.net https://*.trustedshops.com https://*.trylive.com https://*.valiuz.com https://*.webgeoservices.com https://*.woosmap.com https://*.y-track.com https://*.yahoo.com https://51.210.105.53 https://ad.atdmt.com https://ads.rekmob.com https://api-js.mixpanel.com https://b.admedia.com https://bf97725pbp.bf.dynatrace.com https://bootstrap.smartsuppchat.com https://booxi-api-be.appspot.com https://booxi-api.appspot.com https://bp-1c51.kxcdn.com https://brightcove.hs.llnwd.net https://brightcove.vo.llnwd.net https://browser-http-intake.logs.datadoghq.eu/ https://browser-update.org https://ce.lijit.com https://consent.jrs5.com https://contextual.media.net https://cookie-matching.mediarithmics.com https://cors-anywhere.herokuapp.com https://cstatic.weborama.fr https://ct.pinterest.com https://decathlon-dot-booxi-backend.appspot.com https://decathlon-ttpx.com https://decathlon.deafiline.net https://decathlonmaps-widget.firebaseapp.com https://dispatcher.adxcore.com https://dkt-assistant-widget-demo.web.app https://dsum-sec.casalemedia.com https://eb2.3lift.com https://emersya.com https://eu-u.openx.net https://ext-inv-cdn.presage.io https://flo.uri.sh https://i.ytimg.com https://idsync.rlcdn.com https://intljs.rmtag.com https://js-cdn.dynatrace.com https://js.squareup.com https://keepyeyes.cube-net.org https://m.stripe.network https://marketing.net.idealo-partner.com https://match.360yield.com https://numerized.com https://numerized.fr https://nxtck.com https://oppwa.com https://paypal.com https://pixel.advertising.com https://pixel.rubiconproject.com https://pixel.s3xified.com https://player.vimeo.com https://prod.y-medialink.com https://public.flourish.studio https://push-app-dev.deafiline.net https://push-app-dev.deafiline.net:1440 https://quechua.v-cult.com/ https://r.ad6media.fr https://rtb-csync.smartadserver.com https://s.kk-resources.com https://s.pinimg.com https://s.pubmine.com https://s.yimg.com https://s.ytimg.com https://script.googleusercontent.com https://sdk.privacy-center.org https://server.smartsupp.com https://smart-engine-dot-booxi-api-be.appspot.com https://smartsupp-files-161959.c.cdn77.org https://smartsupp-widget-161959.c.cdn77.org https://stackpath.bootstrapcdn.com https://sync.1rx.io https://sync.outbrain.com https://tracking.esearchvision.com https://tracking.lengow.com https://trc.taboola.com https://unpkg.com https://usage.trackjs.com https://use.fontawesome.com https://video.eko.com https://vimeo.com https://vjs.zencdn.net https://widgets.trustedshops.com https://wurfl.io https://www.google-analytics.com https://www.googletagmanager.com https://www.mobsuccess.com https://www.shape3d.com https://www.smartsuppchat.com https://www.youtube.com https://x.bidswitch.net intent://arvr.google.com intent://ra.numerized.com ws: wss://*.visitors.live; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://decathlon.deafiline.net https://push-app-dev.deafiline.net https://push-app-dev.deafiline.net:1440 ws:; 1
form-action 'self' *.paypal.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www1.member-hsbc-group.com learningcentre.creativevirtual.com visitor-service-ap-southeast-2.tealiumiq.com sc.omtrdc.net dpm.demdex.net demdex.net cm.everesttech.net pixel.everesttech.net  hsbcglobalcmb.tt.omtrdc.net  hsbcglobalcmb.tt.omtrdc.net p.adsymptotic.com bat.bing.com x.bidswitch.net dsum-sec.casalemedia.com cdn.decibelinsight.net www.dianomi.com cm.g.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net adservice.google.com img.en25.com t.eloqua.com connect.facebook.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com px.ads.linkedin.com www.linkedin.com p.adsymptotic.com snap.licdn.com dc.ads.linkedin.com accdn.lpsnmedia.net lpcdn.lpsnmedia.net lptag.liveperson.net lo.v.liveperson.net https://www.askus.hsbc.co.uk pixel.newscred.com analytics.newscred.com amplify.outbrain.com tr.outbrain.com amplifypixel.outbrain.com simage2.pubmatic.com stoneshot.com tags.tiqcdn.com collect-eu-west-1.tealiumiq.com collect.tealiumiq.com insight.adsrvr.org match.adsrvr.org pixel.advertising.com https://pixel.everesttech.net static.ads-twitter.com t.co sp.analytics.yahoo.com ups.analytics.yahoo.com visitor-service-eu-west-1.tealiumiq.com analytics.twitter.com static.ads-twitter.com so.rlcdn.com api7119.d41.co cdn-0.d41.co bat.bing.com lpcdn.lpsnmedia.net german4.creativevirtual.com lo.v.liveperson.net accdn.lpsnmedia.net googleads.g.doubleclick.net www.googleadservices.com lptag.liveperson.net img.en25.com www.stoneshot.com www.google-analytics.com www.googletagmanager.com analytics.newscred.com connect.facebook.net amplify.outbrain.com cdn.decibelinsight.net snap.licdn.com vjs.zencdn.net sadmin.brightcove.com maps.googleapis.com  www.youtube.com blob: players.brightcove.net metrics.brightcove.com tags.tiqcdn.com; connect-src 'self' german4.creativevirtual.com www.google-analytics.com hsbcglobalgpb.sc.omtrdc.net hsbcglobalgpb.tt.omtrdc.net hsbcglobalgbm.sc.omtrdc.net hsbcbankglobal.sc.omtrdc.net collect.tealiumiq.com collect-eu-west-1.tealiumiq.com api7119.d41.co hsbcglobalcmb.sc.omtrdc.net collect-ap-southeast-2.tealiumiq.com hsbcglobalcmb.tt.omtrdc.net dpm.demdex.net hsbcglobalgbm.tt.omtrdc.net collection.decibelinsight.net brightcove.hs.llnwd.net edge.api.brightcove.com bcsecure01-a.akamaihd.net secure.brightcove.com  f1.media.brightcove.com www.youtube.com; img-src 'self' data: learningcentre.creativevirtual.com www1.member-hsbc-group.com hsbcbankglobal.sc.omtrdc.net hsbcglobalgpb.sc.omtrdc.net ibeu2.mookie1.com www.linkedin.com dc.ads.linkedin.com adservice.google.co.uk bat.bing.com german4.creativevirtual.com dpm.demdex.net f1.media.brightcove.com www.google.co.uk www.google.com googleads.g.doubleclick.net cm.everesttech.net insight.adsrvr.org s1706134858.t.eloqua.com hsbcglobalgbm.sc.omtrdc.net adservice.google.com www.google-analytics.com tr.outbrain.com amplifypixel.outbrain.com px.ads.linkedin.com ad.doubleclick.net t.co pixel.everesttech.net sp.analytics.yahoo.com hsbcglobalcmb.sc.omtrdc.net pixel.newscred.com hsbcglobalcommon.sc.omtrdc.net players.brightcove.net metrics.brightcove.com tags.tiqcdn.com  secure.brightcove.com brightcove04pmdo-a.akamaihd.net maps.gstatic.com maps.googleapis.com blob:; style-src 'self' 'unsafe-inline' learningcentre.creativevirtual.com fonts.googleapis.com german4.creativevirtual.com;base-uri 'self';form-action 'self'; font-src 'self' fonts.gstatic.com data:; frame-src 'self' hsss.hsbc.co.uk hsbcbankgpb.demdex.net hsbcbankgbm.demdex.net 3464050.fls.doubleclick.net lpcdn.lpsnmedia.net hsbcbankcmb.demdex.net 4232721.fls.doubleclick.net players.brightcove.net www.youtube.com www.google.com; media-src 'self' blob: f1.media.brightcove.com 3464050.fls.doubleclick.net; frame-ancestors 'self' https://www1.secure.hsbcnet.com https://www2.secure.hsbcnet.com https://wk.lp.uk.hsbcnet.com https://sy.lp.uk.hsbcnet.com 1
frame-ancestors 'self' https://*.fdj.fr https://www.laredoute.fr/ http://clients.sismodesign.com; 1
default-src data: https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; font-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  1
base-uri 'self'; default-src 'self'; script-src 'self' https://dreambroker.com 'nonce-2bf41e44-cc65-410d-90f4-e61afd247926'; style-src 'self' https://fonts.googleapis.com 'nonce-2bf41e44-cc65-410d-90f4-e61afd247926'; img-src 'self' data: https://cdn.www.dev.suomi.fi/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://yhteystietohakemisto.valtori.fi https://api.digitransit.fi https://vaha-mandate-applications-qa.s3.eu-west-1.amazonaws.com; child-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:; frame-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:; object-src 'none'; frame-ancestors 'none' https://*.tunnistus.fi 1
default-src blob: data: https: 'self'; frame-src *.agkn.com *.doubleclick.net *.google.com mdlink.ucsfmedicalcenter.org ucsfmychart.ucsfmedicalcenter.org testmyc.ucsfmedicalcenter.org 'self' *.sitecore.net *.vimeo.com *.youtube.com; script-src *.answerscloud.com *.azurewebsites.net *.calltrk.com *.clicktale.net *.cloudflare.com *.cloudflareinsights.com *.doubleclick.net *.evaliahealth.com *.facebook.net *.foresee.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.invocacdn.com *.jsdelivr.net *.msecnd.net *.radiomd.com 'self' *.skyword.com *.tealiumiq.com *.tiqcdn.com *.twitter.com 'unsafe-eval' 'unsafe-inline' *.vimeo.com *.vimeocdn.com *.visto1.net; style-src *.fonts.net *.googleapis.com 'self' 'unsafe-inline'; worker-src blob:; 1
default-src 'self'; script-src https://www.dropbox.com https://api.trello.com 'self' https://viewer.diagrams.net https://storage.googleapis.com https://apis.google.com https://*.pusher.com https://code.jquery.com 'sha256-8HtpzsH4zj5+RKfTWMxPmWJKBu0OYbn+WuPrLbVky+g=' 'sha256-gCA3yqbX5kV5cXQOyvSd4v54e8cOLCBlaKU4tuhJF3Y=' 'sha256-ZMnCMK9Jg5ijd0Viqw4KAFn39HeC1LrVwervb9uC7Mo=' 'sha256-KgVey3Yy0LCtaUZnD77KXAark2kZ3wS5HGa+tyAkR28=' 'sha256-1k6pyjDIKgd1KTCRcmDfV6Yc9vgQexHRTiO4zUBoKg8=' 'sha256-/fZb/J4FQmI/TwyxqJbvALWSyGVEvnTrlj4ZTzZNKzI=' 'sha256-P4E8pNUYsln6/EUZppjCCe8y8lelBYTfsSyLjjFCE5g=' 'sha256-+CrvFhadGyk1VjhHM/t3R88LNSEKManW3TGSZi9fmHQ=' 'sha256-JqdgAC+ydIDMtmQclZEqgbw94J4IeABIfXAxwEJGDJs=' 'sha256-vS/MxlVD7nbY7AnV+0t1Ap338uF7vrcs7y23KjERhKc=' 'sha256-dIEi9UhRQPcyoE9/RPfkIPLe2mSS8oQzwabGMLAZzGE=' 'sha256-4Dg3/NrB8tLC7TUSCbrtUDWD/J6bSLka01GHn+qtNZ0=' ; connect-src https://*.dropboxapi.com https://api.trello.com 'self' https://*.draw.io https://*.diagrams.net https://*.googleapis.com wss://*.pusher.com https://*.pusher.com https://api.github.com https://raw.githubusercontent.com https://gitlab.com https://graph.microsoft.com https://*.sharepoint.com https://*.1drv.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data:; media-src * data:; font-src * about:; frame-src 'self' https://viewer.diagrams.net https://www.draw.io https://*.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
frame-ancestors 'self' *.antena3.com *.lasexta.com *.atresmedia.com *.ondacero.es *.europafm.com *.melodia-fm.com *.atresplayer.com *.staging.atresplayer.com http://*.antena3tv.es 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 1
default-src 'self' https://gidonline.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gidonline.io https://franecki.net https://franeski.net https://brdmin.com https://mrelko.com counter.yadro.ru; frame-src 'self' https://gidonline.io https://*.nogravitycdn.com https://*.ankunding.biz https://*.acdnpro.com https://mrelko.com https://www.mrelko.com https://81.svetacdn.in https://voidboost.net https://www.youtube.com; connect-src 'self' https://gidonline.io https://reichelcormier.bid; style-src 'self' 'unsafe-inline' https://gidonline.io; font-src 'self' https://gidonline.io; img-src 'self' data: https://gidonline.io https://*.nogravitycdn.com https://*.ankunding.biz https://brdmin.com https://*.brdmin.com https://*.acdnpro.com https://counter.yadro.ru; object-src 'self' https://gidonline.io 1
default-src 'self' https://canny.io https://*.canny.io; child-src 'self' blob: https://canny.io https://*.canny.io *.wistia.net https://*.loom.com https://*.stripe.com https://*.useloom.com https://*.vimeo.com https://*.youtu.be https://*.youtube.com https://intercom-sheets.com https://loom.com https://share.intercom.io https://useloom.com https://vimeo.com https://www.facebook.com https://www.intercom-reporting.com https://youtu.be https://youtube.com; connect-src 'self' https://canny.io https://*.canny.io *.wistia.com *.wistia.net https://*.intercom.io https://*.litix.io https://*.stripe.com https://bat.bing.com https://embedwistia-a.akamaihd.net https://heapanalytics.com https://rs.fullstory.com https://sentry.io https://stats.g.doubleclick.net https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.facebook.com https://www.google-analytics.com https://www2.profitwell.com wss://*.intercom.io; font-src * data:; form-action https://canny.io https://*.canny.io https://api-iam.intercom.io https://intercom.help https://www.facebook.com; img-src * data:; media-src * blob: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://canny.io https://*.canny.io *.wistia.com cdn.heapanalytics.com https://*.atl-paas.net https://*.intercom.io https://*.stripe.com https://*.zdassets.com https://*.zendesk.com https://a.quora.com https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://ct.capterra.com https://fullstory.com https://js.intercomcdn.com https://heapanalytics.com https://public.profitwell.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://zapier.com; style-src 'self' 'unsafe-inline' https://canny.io https://*.canny.io https://*.atlassian.com https://*.zdassets.com https://*.zendesk.com https://cdnjs.cloudflare.com https://heapanalytics.com; report-uri https://canny.io/api/csp/report 1
frame-ancestors 'self' https://cadence.pathfactory.com https://paths.pcb.cadence.com https://resources.pcb.cadence.com https://resources.orcad.com ; 1
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
default-src 'self' ws: data: 'unsafe-inline' 'unsafe-eval' *.ldlc.com api.userlike.com *.googleapis.com www.googletagmanager.com *.gstatic.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com chat.userlike.com *.cloudfront.net *.hotjar.com *.hotjar.io connect.facebook.net www.google-analytics.com www.googlecommerce.com aswpapieu.com aswpsdkeu.com *.doubleclick.net stats.g.doubleclick.net *.groupe-ldlc.com *.google.com *.google.fr www.facebook.com www.gstatic.com *.googleapis.com www.youtube.com mpshare.iesname.com *.trustpilot.com track.adform.net 1
default-src 'self' *.ebuyer.com p11.techlab-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudfront.net https://*.cnetcontent.com https://*.cnetcontentsolutions.com https://www.dwin1.com https://e2d2.easy2.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlecommerce.com https://*.googletagmanager.com https://storage.googleapis.com/code.snapengage.com/ https://*.reevoo.com/ https://*.snapengage.com https://www.googlecommerce.com https://www.gstatic.com/ https://*.hotjar.com https://*.facebook.net https://*.twitter.com https://content.webcollage.net https://*.exponea.com blob: https://d.turn.com https://console.turn.com https://snap.licdn.com/ https://px.ads.linkedin.com/ https://widget.trustpilot.com/ https://d2oh4tlt9mrke9.cloudfront.net https://*.criteo.net https://*.criteo.com https://w-it.m-t.io https://*.segmentify.com https://*.webgains.io https://cnstrc.com/ https://www.googleoptimize.com/ https://*.googleapis.com https://analytics.tiktok.com/ https://secure.dekopay.com https://*.doubleclick.net p11.techlab-cdn.com; object-src 'self' https://*.reevoo.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.cnetcontentsolutions.com https://*.cnetcontent.com https://mark.reevoo.com https://tagmanager.google.com https://fonts.googleapis.com https://*.segmentify.com https://optimize.google.com; img-src 'self' data: https://*.cloudfront.net https://*.cnetcontent.com/ https://*.cnetcontentsolutions.com https://*.cnetcontentsyndication.com https://*.doubleclick.net https://img.ebyrcdn.net https://image.ebuyer.com https://static.ebuyer.com https://*.facebook.com https://*.google.ie https://*.google.com https://*.google.co.uk https://*.google-analytics.com https://storage.googleapis.com/code.snapengage.com/ https://www.googlecommerce.com https://*.gstatic.com https://bat.r.msn.com https://*.reevoo.com https://*.snapengage.com https://*.twitter.com https://*.webcollage.net https://ads.yahoo.com https://w-it.m-t.io http://cdn.cnetcontent.com https://px.ads.linkedin.com; media-src 'none'; frame-src 'self' https://*.cnetcontentsolutions.com https://*.reevoo.com https://*.snapengage.com https://www.googlecommerce.com https://*.google.com https://*.hotjar.com https://*.facebook.com https://*.twitter.com https://*.youtube.com https://*.cc.cnetcontent.com https://widget.trustpilot.com https://*.criteo.com https://*.doubleclick.net; font-src 'self' 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://x.klarnacdn.net https://mark.reevoo.com; connect-src 'self' https://*.hotjar.com ws://*.hotjar.com https://*.googlecommerce.com https://*.google-analytics.com https://*.exponea.com https://console.turn.com https://*.snapengage.com https://*.segmentify.com https://*.webgains.io https://*.cnstrc.com/ https://*.googleapis.com orders.ebuyer.com p11.techlab-cdn.com; 1
script-src 'self' https://knowledgecenter.2checkout.com/ https://chat.exswap.com/ https://*.cardinalcommerce.com/edge/ https://www.google-analytics.com/analytics.js https://connect.facebook.net https://apis.google.com/ https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js https://platform.twitter.com https://www.dropbox.com/static/api/ https://www.youtube.com/iframe_api https://s.ytimg.com https://www.youtube.com/s/player/ https://cdnjs.cloudflare.com/ajax/libs/KaTeX/ https://cdn.quilljs.com/1.3.6/ https://vimeo.com/api/oembed.json https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api.braintreegateway.com/merchants/ https://api.sandbox.braintreegateway.com https://www.2checkout.com/checkout/ https://sandbox.2checkout.com https://cdnjs.cloudflare.com/ajax/libs/zxcvbn/4.2.0/zxcvbn.js ; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/KaTeX/ https://fonts.googleapis.com/ ; object-src 'self' ; report-uri /api/public/csp-error ; base-uri 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' http://mirrormedia.tw https://mirrormedia.tw http://35.189.183.129:3000 1
frame-ancestors 'self' https://www.baby.ru https://postila.ru https://yaplakal.com https://yastatic.net https://www.yaplakal.com https://www.beautyinsider.ru https://fishki.net https://*.fishki.net https://www.neboleem.net https://materinstvo.ru 1
frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ 1
default-src 'none';script-src 'self' 'nonce-OlZZmK27MfL2WnaPMUYvZhiR' 'unsafe-eval' 'strict-dynamic' blob: *.addthis.com *.cloud.coveo.com *.coveo.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.marketo.com *.marketo.net *.salesloft.com *.taboola.com *.techtarget.com *.vidyard.com *.wistia.com *.wistia.net 40e1c630fbbe49b4b3d7ec05b3f47678.js.ubembed.com analytics.twitter.com assets.ubembed.com bat.bing.com boards.greenhouse.io cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com chrome://forbidden connect.facebook.net d10lpsik1i8c69.cloudfront.net googleads.g.doubleclick.net js.driftt.com platewolf.com polyfill.io reveal.clearbit.com s.ytimg.com snap.licdn.com static.ads-twitter.com v1.addthisedge.com www.google.ca www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.youtube.com z.moatads.com;object-src 'none';style-src 'self' 'unsafe-inline' data: *.cloud.coveo.com *.coveo.com *.googleapis.com *.marketo.com *.typekit.net *.wistia.com cdnjs.cloudflare.com d10lpsik1i8c69.cloudfront.net maxcdn.bootstrapcdn.com optimize.google.com tagmanager.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com;img-src 'self' blob: data: *.ads.linkedin.com *.coveo.com *.gstatic.com *.hotjar.com *.taboola.com *.techtarget.com *.vidyard.com *.wistia.com *.wistia.net attr.ml-api.io avatars1.githubusercontent.com bat.bing.com cc.sj-cdn.net cdn.bizible.com cdn.bizibly.com cdn.cookielaw.org d10lpsik1i8c69.cloudfront.net embedwistia-a.akamaihd.net googleads.g.doubleclick.net i.ytimg.com img.youtube.com js.driftqa.com lh3.googleusercontent.com p.adsymptotic.com platewolf.com res.cloudinary.com s.ml-attr.com secure.adnxs.com stats.g.doubleclick.net t.co www.facebook.com www.google.ca www.google.ch www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.uk www.google.com www.google.com.ec www.google.com.hk www.google.com.lb www.google.com.mx www.google.com.my www.google.com.pk www.google.fi www.google.fr www.google.nl www.google-analytics.com www.googletagmanager.com www.linkedin.com;media-src 'self' blob: data: *.wistia.com *.wistia.net d10lpsik1i8c69.cloudfront.net embedwistia-a.akamaihd.net js.driftqa.com;frame-src 'self' *.addthis.com *.coveo.com *.hotjar.com *.marketo.com *.vidyard.com *.wistia.com *.wistia.net 40e1c630fbbe49b4b3d7ec05b3f47678.pages.ubembed.com accounts.google.com bid.g.doubleclick.net boards.greenhouse.io js.driftt.com optimize.google.com www.facebook.com www.youtube.com;font-src 'self' data: *.googleapis.com *.gstatic.com *.hotjar.com *.typekit.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;connect-src 'self' *.addthis.com *.cloud.coveo.com *.coveo.com *.googleapis.com *.hotjar.com *.hotjar.io *.mktoresp.com *.mktoutil.com *.org.coveo.com *.salesloft.com *.wistia.com *.wistia.net *.zoominfo.com 40e1c630fbbe49b4b3d7ec05b3f47678.events.ubembed.com api.ipify.org bat.bing.com cdn.cookielaw.org embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io o253811.ingest.sentry.io public-auth-dot-lucky-orange.appspot-preview.com sentry.io settings.luckyorange.net stats.g.doubleclick.net t.co wss://*.hotjar.com wss://in.visitors.live wss://visitors.live www.facebook.com www.google.com www.google-analytics.com;base-uri 'self';child-src 'self' blob: *.addthis.com *.marketo.com bid.g.doubleclick.net boards.greenhouse.io js.driftt.com www.youtube.com;form-action 'self' www.facebook.com;frame-ancestors 'self' *.addthis.com *.coveo.com *.marketo.com *.wistia.com *.wistia.net 40e1c630fbbe49b4b3d7ec05b3f47678.pages.ubembed.com accounts.google.com bid.g.doubleclick.net boards.greenhouse.io js.driftt.com www.facebook.com www.youtube.com;worker-src 'self' blob: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liquor.com 1
frame-ancestors 'self' *.senecacollege.ca; 1
frame-ancestors https://www.enel.com 1
script-src 'sha256-Ctv46qX3C0kNtevvIHJFcx4YqNSvcdpgKeTQqVA4YSI=' 'self' pagead2.googlesyndication.com 'self' 'unsafe-eval' 'nonce-csp-script-inline' polyfill.io *.madcat.tv *.trovo.live connect.facebook.net 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-G5gTuBIY0B0A928ho6zDtB8xjEJUVQzb8RILYuCebLE=' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.gtimg.cn websdk.appsflyer.com dev.api.unipay.qq.com guigu.singaporepaya.com; style-src 'self' 'unsafe-inline' *.madcat.tv *.trovo.live; worker-src 'self' 'unsafe-eval' *.trovo.live *.madcat.tv connect.facebook.net blob: www.google.com; connect-src *; media-src * blob: data: 1
default-src 'self' 'unsafe-inline' data: *; font-src 'self' * data: fonts.gstatic.com https://*.cloudfront.net; style-src 'self' https://*.cloudfront.net 'unsafe-inline' blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors https://insight.rapid7.com/ https://us.idr.insight.rapid7.com/ https://eu.insight.rapid7.com/ https://eu.idr.insight.rapid7.com 1
frame-ancestors *.pennymacusa.com *.adobe.com 1
frame-ancestors 'self' https://cdn.csas.cz 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ *.google-analytics.com https://www.gstatic.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; 1
default-src *;img-src * data:; style-src 'self' 'unsafe-inline' *.fbstatic.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fbstatic.cn 1
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.bimbolive.com *.google.com https://www.google.com *.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net *.gstatic.com fonts.googleapis.com cdn.fluidplayer.com https://blog.bongacams.com *.bongacash.com bngpt.com bngpst.com bngprl.com i.bongacash.com i.bcshcdn.com *.bongacams.com; img-src * data:; media-src * data:; frame-ancestors 'self' *.bongacash.com; 1
default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com https://*.sam4m.com/  http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://www.google.com.co https://www.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.sam4m.co https://*.a3cloud.net https://trackedweb.net https://gwmtracking.com https://kontentroom.com https://alteryz.s3.amazonaws.com/copalove/ https://script.googleusercontent.com 'unsafe-inline' 'unsafe-eval' data: blob: 1
font-src 'self';media-src 'self' 1
frame-ancestors 'self' https://top.gg 1
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1
script-src 'report-sample' 'nonce-R/wojaZuRUKIFDSB9HCdIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors 'self' admin.truelocal.com.au 1
script-src 'self' *.flickr.com 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com 1
connect-src 'self' blob: https://*.giphy.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://caps.twitter.com https://media.riffsy.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://app.link https://api2.branch.io https://bnc.lt https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com ; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://*.giphy.com https://media.riffsy.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com   https://www.google-analytics.com https://twitter.com https://app.link  'nonce-Zjg0OGZkMzgtYmUyNC00YWY0LWFkYzctNzg0NDM1ZDlmYWJl'; style-src 'self' 'unsafe-inline' https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self'; style-src 'self' *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline'; script-src 'self' *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/; frame-src 'self' *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/  *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/; connect-src 'self' *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/; font-src 'self' *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/; media-src 'self' *.lpsnmedia.net/ 1
frame-ancestors *.smilebox.com www.paypal.com *.paymentech.net soap.vindicia.com webapi.mymarketing.co.il www.googletagmanager.com orders2.pniws.com webservices.fujifilmesys.com sqs.us-west-2.amazonaws.com pagead2.googlesyndication.com; 1
default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src * https://*.risingbd.com data:; font-src * data:; connect-src *; media-src * data:; object-src 'none'; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; manifest-src *; report-uri https://risingbd.report-uri.com/r/d/csp/reportOnly; report-to https://risingbd.report-uri.com/a/d/g 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.little-mistress.com; base-uri 'self' 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; 1
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 1
frame-ancestors 'self';default-src 'self' https://www.google.com https://www.google.com.tw https://*.taiwan.net.tw https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google.com.tw https://*.taiwan.net.tw https://maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.taiwan.net.tw https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://*.google.com https://www.googletagmanager.com; img-src 'self' https://www.google.com https://www.google.com.tw https://*.taiwan.net.tw https://taiwan-askme.tw https://taiwan.taiwanstay.net.tw https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.gstatic.com data:; frame-src 'self' https://*.taiwan.net.tw https://*.google.com https://www.youtube.com https://stats.g.doubleclick.net https://maps.gstatic.com ; 1
frame-ancestors https://*.smartprix.com 1
frame-ancestors *.edfringe.com 1
frame-ancestors https://*.americafirst.com; 1
frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au *.chemistwarehouse.hk *.houseofwellness.com.au 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' https://cdn.iserv.eu data:; media-src 'self' https://cdn.iserv.eu font-src 'self' data:; 1
frame-ancestors 'self'; object-src https://*.ediblearrangements.com/; media-src https://*.ediblearrangements.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://dynl.mktgcdn.com/ https://www.yext-pixel.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://www.youtube.com/ https://az416426.vo.msecnd.net/ https://www.googletagmanager.com/ https://static.ads-twitter.com/ https://*.bing.com/ https://www.googleadservices.com/ https://sc-static.net/ https://*.simpli.fi/ https://*.hotjar.com/ https://analytics.twitter.com *.doubleclick.net/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://dynl.mktgcdn.com/ https://www.yext-pixel.com/ https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://a.mktgcdn.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://s.amazon-adsystem.com/ https://www.googletagmanager.com/ https://t.co/ https://www.google.com/ https://bat.bing.com/ https://tr.snapchat.com/; media-src 'self' data: blob:; frame-ancestors 'self'; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com https://www.facebook.com web.facebook.com badge.stumbleupon.com https://stagingreservations.getwisely.com https://reservations.getwisely.com/ https://9582598.fls.doubleclick.net/ https://*.hotjar.com/ https://*.snapchat.com/; connect-src 'self' accounts.google.com https://*.facebook.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.pfchangs.com https://liveapi.yext.com/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.hotjar.com/ https://*.hotjar.io/ https://*.bing.com/ https://*.yext.com https://www.yext-pixel.com/ https://dynl.mktgcdn.com/; 1
frame-ancestors 'self' https://dnb.no https://*.dnb.no; default-src 'self' blob: 6479481.fls.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.uniteliving.com *.regweb.no *.zdata.no *.hypersys.no *.compello.com *.azurewebsites.net api.21grams.com api.stralfors.com b2c.itella.net doc.logiq.no edi.edigard.com efaktura.lanekassen.no einvoice.payex.com fair24.no fakturahotell.norskluftambulanse.no fiken.no go.lucalabs.com invoice-hotel.example.com localhost nathalie.lucalabs.io paymentservices.radix.if.eu pilot-doc.logiq.no regnskap.dnb.no tkhelse.no www.ernholm.se www.example.com www.nyfaktura.no www.orimi.com www.sendregning.no www.vippsefaktura.no www.w3.org zubarus.com *.financial.com *.financial.com:* wss://*.financial.com wss://*.financial.com:* *.dnbeiendom.no http://www.e4cinvoice.com http://edok.ec.evry.com archive.ec.evry.com *.digipostdata.no https://api-fakturahotell.tellier.no https://bkk-web.bkk.no https://bkk-web2.bkk.no https://b2b.edb.com https://b2c.efakt.no https://cards.edb.com https://edi.hatteland.com https://edok.ec.evry.com https://efakt.lyse.no https://efaktura.biz https://efaktura.nets.no https://efaktura.quick.no https://dnbbankasa.tt.omtrdc.net https://assets.adobedtm.com https://e-faktura1.stralfors.net https://gateway.zscloud.net/ https://faktura.tabs.no https://*.efaktura.biz https://einvoice.compello.com https://*.celebrus.tech-03.net https://hotel.bbs.no/document https://documents.maventa.com https://invoicee.einvoiceportal.no https://invoice.lindorff.com https://kundonline.faktab.se https://mk.ec.evry.com https://privat.telenor.no https://*.efaktura.fellesdata.no https://www.e4cinvoice.com https://www.telenor.no *.siteimprove.com siteimproveanalytics.com mediaunit.23video.com dc.miprocloud.net *.digipost.no docs.google.com *.tiqcdn.com https://qbrick.hb.omtrdc.net *.dnbfeed.no https://dpm.demdex.net *.nets.eu *.bbs.no *.dnb.no *.dnb.se *.dnb.sg https://*.mastercard.com http://*.dnbnor.net http://www.google.com/intl/en_us/mapfiles/close.gif *.edb.com *.bankid.no *.bankidapis.no *.bankidnorge.no themes.googleusercontent.com https://www.google-analytics.com ssl.google-analytics.com fonts.gstatic.com fonts.googleapis.com csi.gstatic.com http://finncdn.no https://*.finncdn.no *.investtech.com *.morningstar.com adserver.adtech.de b2b.edb.com nettbankdrift.edb.com *.nets.no bedriftservice.no bilfinansonline.se carporten.dnbfinans.se carporten.nu connect.facebook.net designer.tagmycard.com dnb.socialcee.com dnbnor.bankavstemming.no dnbnor.easycruit.com dnbnor.enterprisebanker.com dnbnorfeed.com www.deltager.no www.dnbfinans.net fidstest.dnbfinans.no get.adobe.com innbo.livesite.no itunes.apple.com ajax.googleapis.com *.doubleclick.net mts.googleapis.com mts0.googleapis.com mts1.googleapis.com maps-api-ssl.google.com maps.googleapis.com maps.gstatic.com www.gstatic.com plus.google.com apis.google.com maps.google.no www.google.no www.googleadservices.com new.livestream.com thomsonreuters.com tools.euroland.com track.adform.net *.easyresearch.se webcastclients.s3.amazonaws.com www.adobe.com www.euroland.com www.newsweb.no www.nordic-online.net www.nordlandsbanken.no www.sandnes-sparebank.no www.slideshare.net www.soliditet.no www.ssf.no *.youtube.com *.ytimg.com www.youtube-nocookie.com www2.anleger-fernsehen.de wss://*.dnb.no wss://*.edb.com labeladmin.carporten.nu code.jquery.com com.bankid.app://* bankid: no.bankid.app://* *.webtrends.com *.webtrendslive.com https://api.vipps.no https://sit02gw.api.test.tech-02.net https://ece46ec4-6f9c-489b-8fe5-146a89e11635.tech-02.net https://www.facebook.com data: chrome-extension: chromeinvoke: chromeinvokeimmediate: chromenull: 'unsafe-inline' 'unsafe-eval' qbrick.d3.sc.omtrdc.net wvjbscheme://* *.dnbproto.com *.mxpnl.com *.mixpanel.com *.socialboards.com *.qbrick.com https://translate.google.com https://translate.googl eapis.com https://*.akamaihd.net https://einvoicepublic.compello.com  https://dnb-bank-dev.adobecqms.net https://content-stage.dnb.no https://content.dnb.no https://einvoicepublicapi.compello.com https://track.adform.net ; media-src 'self' *.dnb.no *.youtube.com:* *.vimeo.com:*; report-uri /portalfront/csp/cspreportlog.php 1
default-src 'self' *.cloudfront.net *.sheetmusicplus.com documentcloud.adobe.com *.upsellit.com *.upsellit.turbobytes.net widget.trustpilot.com *.bronto.com *.facebook.com docs.google.com www.youtube.com bid.g.doubleclick.net t.pepperjamnetwork.com;script-src 'self' *.sheetmusicplus.com *.cloudfront.net *.nr-data.net sheetmusic.attn.tv cdn.attn.tv documentcloud.adobe.com *.bc0a.com *.b0e8.com *.pepperjam.com *.pepperjamnetwork.com *.vwo.com *.visualwebsiteoptimizer.com *.upsellit.com *.upsellit.turbobytes.net *.pbbl.co widget.trustpilot.com *.bronto.com pippio.com pv-p.alcmpn.com static.traversedlp.com widget.privy.com optimize.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net sp.analytics.yahoo.com seal.digicert.com membrain.getsidecar.com js-agent.newrelic.com connect.facebook.net cdn.optimizely.com reporting.singlefeed.com bat.bing.com bam.nr-data.net ajax.googleapis.com request.eprotect.vantivcnp.com payments.vantivcnp.com assets.adobedtm.com request.eprotect.vantivpostlive.com cdn3.optimizely.com s.yimg.com flex.msn.com flex.atdmt.com 'unsafe-inline' 'unsafe-eval';style-src 'self' tagmanager.google.com optimize.google.com cdn.materialdesignicons.com fonts.googleapis.com assets.privy.com *.cloudfront.net *.sheetmusicplus.com 'unsafe-inline' 'unsafe-eval';img-src 'self' *.sheetmusicplus.com *.cloudfront.net events.attentivemobile.com *.b0e8.com popupstats.brontops.com *.visualwebsiteoptimizer.com *.agkn.com *.upsellit.com upsellit.turbobytes.net *.upsellit.turbobytes.net www.googletagmanager.com optimize.google.com www.google.com www.google.co.uk www.google.com.hk *.pbbl.co www.emjcd.com *.facebook.com ssl.google-analytics.com www.google-analytics.com google-analytics.com ap.lijit.com io.narrative.io api.privy.com events.privy.com assets.privy.com privymktg.com *.bronto.com seal.digicert.com bat.bing.com googleads.g.doubleclick.net stats.g.doubleclick.net tracking.searchmarketing.com;connect-src 'self' *.sheetmusicplus.com sheetmusic.attn.tv *.nr-data.net bat.bing.com d29ci68ykuu27r.cloudfront.net viewlicense.adobe.io *.bc0a.com *.visualwebsiteoptimizer.com widget.trustpilot.com api.traversedlp.com tri.privy.com api.privy.com events.privy.com *.bronto.com logx.optimizely.com a1281752415.cdn.optimizely.com *.doubleclick.net paypal.com *.paypal.com payments.vantivcnp.com freeshipping.com *.vantivpostlive.com themoneyconverter.com apilayer.net adn.16E4F.betacdn.net youtube.com browse-endpoint.brontops.com ssl.google-analytics.com www.google.com www.google.com.hk www.facebook.com;media-src 'self' *.sheetmusicplus.com youtube.com *.cloudfront.net;font-src 'self' fonts.gstatic.com cdn.materialdesignicons.com *.cloudfront.net data:;frame-src 'self' www.sheetmusicplus.com assets.sheetmusicplus.com sheetmusic.attn.tv *.cdn.optimizely.com t.pepperjamnetwork.com www.youtube.com optimize.google.com docs.google.com email.sheetmusicplus.com staticxx.facebook.com www.facebook.com connect.facebook.net bid.g.doubleclick.net widget.trustpilot.com 1
frame-ancestors 'self' *.optimizely.com optimizely.com http://*.corp.westmarine.com:* https://*.corp.westmarine.com:* http://*.westmarine.net:* http://westmarine.net:* https://*.westmarine.net:* https://westmarine.net:* 1
frame-ancestors 'self' http://content.microfocus.com https://content.microfocus.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bcucdn.azureedge.net/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://siteimproveanalytics.com/ https://*.doubleclick.net/ https://www.youtube.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://maps.googleapis.com/ https://s.ytimg.com/ https://connect.facebook.net/ https://www.googletagservices.com/ https://www.dynamicnumbers.mediahawk.co.uk/ https://player.vimeo.com https://gt.bcu.ac.uk/ https://region-eu.libanswers.com/ https://platform.twitter.com/ https://*.twimg.com/ https://app.geckoform.com/ https://www.instagram.com/ https://api3-eu.libcal.com/ https://cdn.unibuddy.co/ https://api.mapbox.com/ https://system.spektrix.com/ https://embed.expertfile.com/ https://d2mo5pjlwftw8w.cloudfront.net/  https://sjs.bizographics.com/ https://static.ads-twitter.com/ https://sc-static.net/  https://analytics.twitter.com https://*.mapbox.com  https://*.discoveruni.gov.uk https://discoveruni.gov.uk https://www.gstatic.com/ https://www.google.com/ https://snap.licdn.com/ https://analytics.tiktok.com/;            style-src 'self' 'unsafe-inline' https://bcucdn.azureedge.net/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://platform.twitter.com/ https://*.mapbox.com https://gt.bcu.ac.uk/;             img-src 'self' data: blob: https://bcuassets.blob.core.windows.net/ https://bcucdn.azureedge.net/ https://*.gstatic.com/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.co.uk/ https://adservice.google.com/ https://siteimproveanalytics.com/ https://www.facebook.com/ https://secure.adnxs.com/ https://pixel.mediaiqdigital.com/ https://syndication.twitter.com/ https://*.twimg.com/ https://platform.twitter.com/ https://image.issuu.com/ https://maps.googleapis.com/ https://pool.a8723.com/ https://pool.adizio.com https://pool.admedo.com https://51623691.global.siteimproveanalytics.io/ https://*.mapbox.com/ https://px.ads.linkedin.com/ https://t.co/ https://discoveruni.gov.uk/ https://gt.bcu.ac.uk/ https://snap.licdn.com/ https://lh3.googleusercontent.com/; 1
frame-ancestors https://bni.com https://onlinexperiences.com 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://cse.google.com http://cse.google.com https://clients1.google.com http://clients1.google.com https://va.ecitizen.gov.sg http://assets.adobedtm.com *.demdex.net http://wogadobeanalytics.sc.omtrdc.net http://va.ecitizen.gov.sg https://www.google.com https://s3-us-west-2.amazonaws.com http://fonts.googleapis.com http://ajax.googleapis.com https://fonts.gstatic.com cm.everesttech.net http://fast.wogaa.demdex.net https://tools.onemap.sg https://www.gstatic.com https://forms.cwp.gov.sg https://www.google-analytics.com wogadobeanalytics.sc.omtrdc.net https://assets.juicer.io https://connect.facebook.net https://www.facebook.com https://www.juicer.io https://graph.facebook.com https://static.juicer.io https://i.imgur.com https://scontent.xx.fbcdn.net https://external.xx.fbcdn.net https://external.xx.fbcdn.net https://twitter.com https://wogaa.demdex.net https://www.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.onemap.sg http://www.moh.gov.sg http://www.youtube.com https://www.youtube.com https://static.pigeonhole.at https://pigeonhole.at form.gov.sg https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.google.com.sg *.hotjar.com:* *.hotjar.io wss://*.hotjar.com https://*.wogaa.sg assets.adobedtm.com https://youtu.be https://*.arcgis.com https://assets.dcube.cloud; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 1
report-uri //www.shihuo.cn/api/cspReport;child-src jockey: shihuo: hupu: weixin: sinaweibo: weixinping: shimage: *.shihuo.cn *.hupu.com *.googlesyndication.com *.doubleclick.net *.weibo.com https://*.etao.com http://*.etao.com www.bilibili.com *.qiniu.com;frame-src jockey: shihuo: hupu: weixin: sinaweibo: weixinping: shimage: *.shihuo.cn *.hupu.com *.googlesyndication.com *.doubleclick.net *.weibo.com https://*.etao.com http://*.etao.com www.bilibili.com *.qiniu.com;default-src 'unsafe-inline' 'unsafe-eval' https://shihuo.cn-hangzhou.log.aliyuncs.com http://*.hupu.com https://*.hupu.com http://*.alicdn.com https://*.alicdn.com http://*.taobaocdn.com https://*.taobaocdn.com http://*.taobao.com https://*.taobao.com http://*.alimama.cn http://*.tbcdn.cn https://*.alimama.cn http://*.doubleclick.net https://*.doubleclick.net *.hoopchina.com.cn *.hupucdn.com *.shihuocdn.cn *.weibo.com *.google.com *.shihuo.cn *.qq.com *.cnzz.com *.mmstat.com *.c-cnzz.com *.aliyuncs.com *.googleadservices.com *.googleadsserving.cn *.googletagservices.com *.googlesyndication.com *.haitaodashi.cn *.baidu.com *.sinajs.cn *.gstatic.com *.appadhoc.com *.tanx.com www.bilibili.com *.qiniu.com data: shimage: 1
frame-ancestors *.lsm.lv; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' adserv.prsa.org *.feathr.co *.prsa.org *.jwp.io *.jwplayer.com *.jwpcdn.com *.google-analytics.com *.jwpsrc.com *.jwpsrv.com *.twitch.tv cdn3.wowza.com player.cloud.wowza.com documentcloud.adobe.com *.adobe.com *.adobe.io *.informz.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.googletagmanager.com *.jwplayer.com *.jwpcdn.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.fontawesome.com adserv.prsa.org jobs.prsa.org *.juicer.io *.tawk.to cdn.jsdelivr.net *.feathr.co *.tickcounter.com *.licdn.com *.jwpsrc.com *.jwpsrv.com cdn1.prsa.org https://jwp.io/ cdn.jwplayer.com player.twitch.tv *.cloud.wowza.com documentcloud.adobe.com *.adobe.com *.youtube.com *.informz.net; style-src 'self' 'unsafe-inline' adserv.prsa.org *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com dec.azureedge.net platform.twitter.com/css/ player.cloud.wowza.com *.twimg.com *.fontawesome.com via.placeholder.com *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com cdn.prsa.org jwp.io documentcloud.adobe.com *.adobe.com; font-src 'self' adserv.prsa.org fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com http://cdn.prsa.org/ https://jwp.io/; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com via.placeholder.com adserv.prsa.org *.juicer.io *.tawk.to cdn.jsdelivr.net *.jwplayer.com *.jwpcdn.com *.jwpsrv.com *.jwpltx.com *.feathr.co *.linkedin.com *.adsymptotic.com match.adsrvr.org http://cdn.prsa.org/ https://jwp.io/ documentcloud.adobe.com *.adobe.com; media-src 'self' data: blob: adserv.prsa.org cdn.prsa.org jwp.io cdn.jwplayer.com cdn3.wowza.com; form-action adserv.prsa.org *.facebook.com *.prsa.org; frame-src 'self' *.youtube.com *.twitter.com https://twitter.com https://jwp.io/ https://cdn.jwplayer.com/ adserv.prsa.org *.jwpsrv.com *.jwplayer.com *.tickcounter.com cdn1.prsa.org cdn2.prsa.org *.facebook.com *.twitch.tv *.adobe.com *.cloud.wowza.com/; 1
default-src c.wgr.de 'self'; script-src c.wgr.de https://track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de https://track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://secure.schulbuchzentrum-online.de https://track.westermann.de http://www.econda-monitor.de https://widgets.crosssell.info 'self'; report-uri /backend/csp 1
default-src 'self' blob:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.riksdagen.se 59b28002cb84d.streamlock.net;worker-src 'self' blob: *.riksdagen.se 59b28002cb84d.streamlock.net;img-src 'self' pbs.twimg.com data: *.riksdagen.se 59b28002cb84d.streamlock.net *.ytimg.com;font-src 'self' fonts.gstatic.com ;media-src 'self' blob: *.riksdagen.se *.readspeaker.com 59b28002cb84d.streamlock.net;connect-src 'self' *.riksdagen.se ws://meta.riksdagen.se wss://meta.riksdagen.se 59b28002cb84d.streamlock.net;frame-src *.readspeaker.com *.riksdagen.se *.youtube-nocookie.com;object-src 'self' 59b28002cb84d.streamlock.net;base-uri 'none';report-uri https://csp.riksdagen.se; 1
frame-ancestors 'self' https://smallcases.5paisa.com/ 1
frame-ancestors 'self' stopandshop.com *.stopandshop.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de spaceview.netzlabor.de; connect-src 'self' tracking.netmind-cloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org spaceview.netzlabor.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.googlevideo.com; child-src *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com *.cloudfront.net; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://dap.digitalgov.gov https://www.youtube.com https://search.usa.gov https://www.googletagmanager.com https://tagmanager.google.com https://static.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://cdnjs.cloudflare.com https://code.jquery.com https://*.vimeocdn.com https://*.ytimg.com; connect-src 'self' https://www.youtube.com https://googleads.g.doubleclick.net https://www.google-analytics.com; img-src 'self' https://*.ytimg.com https://*.ggpht.com https://search.usa.gov https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://player.vimeo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://search.usa.gov https://www.youtube.com https://*.vimeocdn.com https://tagmanager.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://c.go-mpulse.net https://www.google.com/ https://www.googletagmanager.com https://www.facebook.com/ *.akstat.io/ https://s.go-mpulse.net https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://w.sharethis.com https://cdn.ckeditor.com https://c.go-mpulse.net http://w.sharethis.com  *.hotjar.com https://vjs.zencdn.net *.viddler.com  https://www.recaptcha.net/ https://www.gstatic.com/ http://*.qualaroo.com https://78eacf64629b17a33a04-7a109b8f08b1a5a9cd571ab75c1589e6.ssl.cf1.rackcdn.com/ 1
frame-ancestors www.jivosite.com https://*.jivosite.com; child-src blob: https://mc.yandex.ru; frame-src blob: https://*.jivosite.com https://*.youtube.com https://mc.yandex.ru https://*.facebook.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser-update.org wcs.naver.net rum.beusable.net script.beusable.net mgxauaxkqisl514632.cdn.ntruss.com *.beusably.net; object-src 'self' xv-ncloud.pstatic.net *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com; media-src 'self' xv-ncloud.pstatic.net; style-src 'self' 'unsafe-inline' *.beusably.net; img-src 'self' data: ssl.pstatic.net browser-update.org *.ncloud.com xv-ncloud.pstatic.net ncloud-cs.static.naver.com wcs.naver.com; frame-src nid.naver.com *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com *.govdr-ncloud.com www.youtube.com xv-ncloud.pstatic.net; connect-src 'self' *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com *.govdr-ncloud.com xv-ncloud.pstatic.net wss://rum.beusable.net *.beusably.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *; upgrade-insecure-requests; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
default-src blob: firstrepublic data: https: 'self' wss:; frame-ancestors https://*.firstrepublic.com eagleinvest.futureadvisor.com firstrepublicbank.experiencecloud.adobe.com 10to8.com us.10to8.com; script-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.comfe.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com *.tiles.mapbox.com  app.link 'self' 'unsafe-inline' 'unsafe-eval' ; style-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self' 'unsafe-inline'; font-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self'; img-src *.newrelic.com *.typekit.net *.signalintent.com *.amazonaws.com *.google-analytics.com *.siteimprovementanalytics.io *.gstatic.com *.google.com *.everesttech.net *.doubleclick.net * *.we-stats.com *.googleapis.com *.googletagmanager.com *.youtube.com *.jsdelivr.net *.marketo.net *.splash-screen.net *.omtrdc.com *.siteimprovementanalytics.com *.tiqcdn.com *.branch.io *.ytimg.com *.frbnp2.com *.mktoresp.com *.extole.io *.freshaddress.biz *.nr-data.net *.dmdex.net *.marketo.com *.demandbase.com *.googleadservices.com *.facebook.com *.facebook.net *.linkedin.com *.ads-twitter.com *.twitter.com *.quantserve.com *.postrelease.com *.company-target.com *.adservr.org *.adnxs.com *.bidr.io *.adsymptotic.com *.openx.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.snapchat.com *.tapad.com *.yahoo.com *.3lift.com *.adroll.com *.bidswitch.net *.bing.com *.bttrack.com *.consensu.org *.flashtalking.com *.mathtag.com *.media6degrees.com *.mxptint.net *.outbrain.com *.pubmatic.com *.taboola.com *.newscred.com *.bizographics.com *.vimeo.com *.onlineaccess1.com *.nr-data.net *.fraudmap.net *.10to8.com *.cloudfront.net *.cloudflare.com 'self' data:; worker-src 'self' blob: firstrepublic; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://*.shareworks.com https://*.solium.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' * 'unsafe-eval' *; object-src 'self' 'unsafe-inline' * 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 'unsafe-eval' *; img-src 'self' 'unsafe-inline' * 'unsafe-eval' *; media-src 'self' 'unsafe-inline' * 'unsafe-eval' *; child-src 'self' 'unsafe-inline' * 'unsafe-eval' *; font-src 'self' 'unsafe-inline' * 'unsafe-eval' *; connect-src 'self' 'unsafe-inline' * 'unsafe-eval' *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' ads.dragonfru.it js-agent.newrelic.com bam.nr-data.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://mc.yandex.ru/ https://yastatic.net 'nonce-sSs42MtM2Ydj1RvNyUpENw=='; style-src 'self' 'unsafe-inline'; connect-src 'self' ads.dragonfru.it bam.nr-data.net https://mc.yandex.ru https://yastatic.net; object-src 'self' static1.e621.net static1.e926.net; media-src 'self' static1.e621.net static1.e926.net; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/; font-src 'self'; img-src 'self' data: static1.e621.net static1.e926.net ads.dragonfru.it https://mc.yandex.ru https://yastatic.net; child-src 'none'; form-action 'self' discord.e621.net discord.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.api.here.com https://*.flashtalking.com https://*.go-mpulse.net https://*.googletagmanager.com https://*.krxd.net https://*.oneweb.mercedes-benz.com https://*.ytimg.com https://adservice.google.com https://ajax.googleapis.com https://app.usercentrics.eu https://cdn.chatshipper.com https://cdn.smooch.io https://daimlerag.d2.sc.omtrdc.net https://daimleragmoneapp.tt.omtrdc.net https://places.mercedes-benz.com https://scripts.psyma.com https://storage.googleapis.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.youtube.com webpack://*; style-src 'self' 'unsafe-inline' https://*.adobedtm.com https://*.api.here.com https://*.oneweb.mercedes-benz.com https://cdn.smooch.io; font-src 'self' data: https://cdn.smooch.io; frame-src 'self' https://*.adobedtm.com https://*.api.here.com https://*.flashtalking.com https://*.fls.doubleclick.net https://*.oneweb.mercedes-benz.com https://*.plugsurfing.com https://*.usercentrics.eu https://cdn.motor1.com https://maps.google.com https://share4business.es https://smart.demdex.net https://usercentrics.mgr.consensu.org https://www.google.com https://www.youtube.com; connect-src 'self' https://*.adobedtm.com https://*.akstat.io https://*.api.here.com https://*.apps.atlas.cf.intra.oneweb.mercedes-benz.io https://*.cloudfront.net https://*.daimler-mobility.com https://*.demdex.com https://*.demdex.net https://*.flashtalking.com https://*.mercedes-benz.com https://*.microservice.smart.com https://*.oneweb.mercedes-benz.com https://*.smart.com https://*.smooch.io https://*.usercentrics.eu https://*.ytimg.com https://ajax.googleapis.com https://api.corpinter.net https://c.go-mpulse.net https://cdn.chatshipper.com https://cdn.scp.smart.computerrock.com https://cm.everesttech.net https://daimlerag.d2.sc.omtrdc.net https://daimleragmoneapp.tt.omtrdc.net https://europe.starconnect-ce.i.daimler.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.youtube.com; img-src 'self' blob: data: https://*.akstat.io https://*.daimler-financialservices.com https://*.daimler-mobility.com https://*.demdex.com https://*.fls.doubleclick.net https://*.krxd.net https://*.oneweb.mercedes-benz.com https://*.s3.eu-central-1.amazonaws.com https://*.usercentrics.eu https://*.ytimg.com https://adservice.google.com https://analytics.smart.com https://assets.smart.com https://cdn.chatshipper.com https://cdn.smooch.io https://cm.everesttech.net https://cms.smart.com https://daimlerag.d2.sc.omtrdc.net https://europe.starconnect-ce.i.daimler.com https://ice.fs.mercedes-benz.com https://sanalytics.smart.com https://storage.googleapis.com; media-src 'self' blob: data: https://*.akstat.io https://*.krxd.net https://*.oneweb.mercedes-benz.com https://*.s3.eu-central-1.amazonaws.com https://assets.smart.com; 1
frame-ancestors 'self' *.bond.edu.au bond.edu.au; 1
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.cookielaw.org; font-src 'self' data: *.kinstacdn.com fonts.gstatic.com *.slidesharecdn.com; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self'; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.marketo.com *.marketo.net *.cookiebot.com html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com px.ads.linkedin.com googleads.g.doubleclick.net www.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net *.cookiebot.com static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com fonts.googleapis.com *.marketo.com *.marketo.net; worker-src 'self' blob:; 1
default-src 'self';  object-src 'self';  media-src 'self' blob: data: https://*.akamaihd.net ;  connect-src 'self'   https://hella.containers.piwik.pro  https://hella.piwikpro.com  https://hella.piwik.pro  https://*.video-cdn.net  https://licensing.bitmovin.com   https://*.akamaihd.net ;  font-src 'self' data:   https://*.video-cdn.net https://fonts.gstatic.com;  frame-src 'self'   https://*.video-cdn.net  https://edge-cdn.net http://irpages2.equitystory.com  https://charts3.equitystory.com  https://irpages2.equitystory.com https://www.edge-cdn.net  https://hella.containers.piwik.pro https://hella.piwikpro.com https://hella.piwik.pro https://start.video-stream-hosting.de;   script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  https://uu.createsend.com  https://js.createsend1.com    https://*.video-cdn.net/ https://hella.piwik.pro https://hella.containers.piwik.pro https://hella.piwikpro.com   https://www.google.com  https://www.googleadservices.com  https://googleads.g.doubleclick.net https://www.google-analytics.com  https://www.googletagmanager.com  https://ajax.googleapis.com https://translate.google.com  https://translate.googleapis.com https://www.gstatic.com;  style-src 'self' 'unsafe-inline'   https://translate.googleapis.com  https://translate.googleapis.com   https://translate.google.com;   img-src data: 'self' blob: https://*.video-cdn.net   https://hella.containers.piwik.pro  https://hella.piwik.pro  https://hella.piwikpro.com   https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw  https://www.google.com  https://www.googleadservices.com  https://googleads.g.doubleclick.net https://www.google-analytics.com  https://www.googletagmanager.com https://ajax.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com ; worker-src blob: 'self'; report-uri https://hella.report-uri.com/r/d/csp/enforce 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
default-src 'self'; img-src 'self' data: *; object-src 'self'; connect-src 'self' https://www.goodsync.com https://www.google-analytics.com https://api.reviews.co.uk https://knrpc.olark.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.goodsync.com/ https://tagmanager.google.com/ https://static.olark.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://assets.olark.com https://api.olark.com https://knrpc.olark.com https://static.olark.com https://widget.reviews.co.uk https://www.googletagmanager.com/ https://widget.reviews.io https://www.google-analytics.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.doubleclick.net/ https://tagmanager.google.com/ https://bat.bing.com/ https://www.youtube.com/ https://s.ytimg.com/; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.goodsync.com; frame-src 'self' https://control.goodsync.com/ https://www.goodsync.com https://jobs.goodsync.com https://docs.google.com https://www.google.com https://static.olark.com https://widget.reviews.co.uk https://widget.reviews.io/ https://*.doubleclick.net/ https://www.youtube.com/ https://s.ytimg.com/; media-src 'self' https://static.olark.com 1
frame-ancestors  https://la.utexas.edu https://www.la.utexas.edu https://learn.stanford.edu https://idss.mit.edu https://*.mygreatlearning.com https://*.greatlearning.in https://detectify.com 1
frame-ancestors 'self' https://*.swapcard.com; 1
frame-ancestors 'self' https://lkpp-portal.festiware.com http://lkpp-portal.festiware.com http://bela-portal.festiware.com https://bela-portal.festiware.com http://belapengadaan.lkpp.go.id https://belapengadaan.lkpp.go.id; 1
default-src 'self' data: blob: shopify.com *.streamshark.io *.myshopify.io *.wistia.com embedwistia-a.akamaihd.net *.litix.io *.wistia.net *.shopify.com *.shopifysvc.com notify.bugsnag.com *.mode.com fonts.gstatic.com *.youtube.com monorail-edge-staging.shopifycloud.com *.doubleclick.net alb.reddit.com bat.bing.com cdn.bizible.com collect.tealiumiq.com ct.pinterest.com datacloud.tealiumiq.com my.tealiumiq.com p.adsymptotic.com px.ads.linkedin.com t.co tr.snapchat.com www.facebook.com www.google.com www.google.ca www.google-analytics.com shopify-assets.shopifycdn.com; style-src 'self' 'unsafe-inline' data: blob: cdn.shopify.com cdn.shopifycloud.com; script-src 'self' 'nonce-02acbade-4272-4003-a4ad-757dd7ab07cb' 'nonce-9496aa51-1ebb-4d35-9327-7d3aeafcff76' www.googletagmanager.com www.google-analytics.com tags.tiqcdn.com cdn.bizible.com deploytealium.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.redditstatic.com s.yimg.com s.pinimg.com sc-static.net bat.bing.com connect.facebook.net sp.analytics.yahoo.com cdn.shopify.com cdn.shopifycloud.com fast.wistia.com app.wistia.com blob:; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' https://esirket.com https://app.mukellef.co https://app-beta.mukellef.co https://app.bizimsiparis.com https://bizimsiparis.com 1
block-all-mixed-content; report-uri https://lodash.report-uri.io/r/default/csp/enforce; default-src 'none'; child-src 'self' data: ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com; img-src 'self' data: *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' data: ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com; manifest-src 'self'; script-src 'self' *.carbonads.com srv.carbonads.net adn.fusionads.net www.google-analytics.com cdn.jsdelivr.net embed.runkit.com; style-src 'self' cdn.jsdelivr.net; connect-src lodash.report-uri.com lodash.report-uri.io 'self' ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com fonts.gstatic.com cdn.jsdelivr.net *.carbonads.com srv.carbonads.net adn.fusionads.net embed.runkit.com; 1
;frame-ancestors 'self' 1
default-src https://yok.gov.tr https://*.yok.edu.tr https://*.yok.gov.tr https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com  'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' *.posti.fi *.googlesyndication.com; style-src 'unsafe-inline' 'self' *.posti.fi optimize.google.com tagmanager.google.com fonts.googleapis.com *.force.com *.salesforce.com *.euc-freshbots.ai; font-src 'self' data: *.posti.fi *.hotjar.com *.force.com *.sfdcstatic.com tagmanager.google.com fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.posti.fi cdn.ampproject.org *.doubleclick.net adservice.google.fi adservice.google.com optimize.google.com *.usemessages.com forms.hsforms.com js.hsforms.net js.hs-banner.com js-agent.newrelic.com bam.eu01.nr-data.net js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net sb.scorecardresearch.com connect.facebook.net www.googletagservices.com *.typeform.com *.krxd.net *.force.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com *.hotjar.com maps.googleapis.com locationservice.posti.com/location *.my.salesforce.com *.salesforceliveagent.com *.declaration.postinext.fi *.lfeeder.com *.euc-freshbots.ai *.pusher.com *.cookielaw.org *.onetrust.com *.postinext.fi ajax.googleapis.com *.googlesyndication.com www.googleadservices.com cdnjs.cloudflare.com www.google.com *.licdn.com code.jquery.com; frame-src optimize.google.com *.typeform.com *.krxd.net app.hubspot.com www.googletagmanager.com www.googletagservices.com forms.hsforms.com *.googlesyndication.com *.hotjar.com *.posti.fi www.facebook.com www.youtube.com *.force.com *.salesforce.com *.onetrust.mgr.consensu.org bot.leadoo.com client.myzef.com; child-src 'self' *.hotjar.com; img-src 'self' blob: data: *.posti.fi optimize.google.com *.googlesyndication.com forms.hsforms.com *.krxd.net *.force.com www.facebook.com www.googletagmanager.com sb.scorecardresearch.com *.hubspot.com maps.googleapis.com ssl.gstatic.com www.gstatic.com www.google-analytics.com www.google.fi www.google.com www.netposti.fi *.doubleclick.net *.hotjar.com *.ctfassets.net maps.gstatic.com *.lfeeder.com *.freshbots.ai *.euc-freshbots.ai *.cookielaw.org *.onetrust.com code.jquery.com *.postinext.fi *.linkedin.com; connect-src 'self' *.posti.fi adservice.google.fi adservice.google.com optimize.google.com bam.eu01.nr-data.net *.salesforceliveagent.com vc.hotjar.io api.posti.com *.api.posti.com *.api.posti.fi *.hubspot.com vbvavibkgkermrl.form.io www.google-analytics.com *.doubleclick.net *.force.com locationservice.posti.com *.hotjar.com wss://*.hotjar.com picc.posti.fi:* picc8.posti.fi:* *.form.io www.facebook.com *.declaration.postinext.fi *.euc-freshbots.ai *.pusher.com wss://*.pusher.com *.cookielaw.org *.onetrust.com *.postinext.fi *.googlesyndication.com *.execute-api.eu-west-1.amazonaws.com; media-src 'self' *.ctfassets.net; frame-ancestors 'self' apps.itella.com salesfra.me; object-src 'none'; 1
base-uri 'none'; object-src 'none'; script-src https://www.disclose.tv/logs/ https://www.disclose.tv/sidekiq/ https://www.disclose.tv/mini-profiler-resources/ https://cdn-uploads.disclose.tv/assets/ https://cdn-uploads.disclose.tv/brotli_asset/ https://www.disclose.tv/extra-locales/ https://cdn-origin.disclose.tv/highlight-js/ https://cdn-origin.disclose.tv/javascripts/ https://cdn-origin.disclose.tv/plugins/ https://cdn-origin.disclose.tv/theme-javascripts/ https://cdn-origin.disclose.tv/svg-sprite/ https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https://cdn-uploads.disclose.tv/assets/ https://cdn-uploads.disclose.tv/brotli_asset/ https://cdn-origin.disclose.tv/javascripts/ https://cdn-origin.disclose.tv/plugins/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.nr-data.net *.hotjar.com *.iu.edu *.powerbi.com *.nafsa.org *.vimeo.com *.youtube.com cqrcengage.com *.soundcloud.com *.doubleclick.net *.googlesyndication.com *.google-analytics.com *.live.com *.addtoany.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' disqus.com *.cqrcengage.com *.iu.edu *.powerbi.com *.addtoany.com *.doubleclick.net *.googlesyndication.com *.google.com *.nafsa.org *.vimeo.com *.youtube.com *.soundcloud.com *.live.com ; upgrade-insecure-requests; report-uri https://29af3d3fdd744b61877f6090f6f93c94@sentry.utdev.com/18; 1
frame-ancestors 'self' https://*.fanbox.cc 1
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 1
frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com *.carltoncards.ca 1
frame-ancestors 'self' https://platform.issuerdirect.com; 1
default-src 'self' https://darksky.wufoo.com maps.darksky.net https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' http://storage.googleapis.com https://www.wufoo.com https://maps.googleapis.com https://ajax.googleapis.com https://secure.wufoo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com 1
frame-ancestors 'self' https://legacyshield.com https://www.legacyshield.com https://hotfix.legacyshield.com https://test049.legacyshield.com https://lsapp.legacyshield.com https://getzuby.com https://staging.getzuby.com https://www.assistancedocs.com https://connectedinvestors.com https://www.furnishedfinder.com https://www.keycheck.com https://dev18.furnishedfinder.com https://dev18.keycheck.com https://www.lawyerless.com.au/ https://lawyerless.com.au http://local.lawyerless.com.au/ https://www.american-apartment-owners-association.org/ https://www.tenantalert.com/ https://secure.american-apartment-owners-association.org/ https://aragdc.eyelightdev.ca https://members.dginstitute.com.au https://honcho.com.au https://honcho.com.au:8080 https://infinitedocs.com; 1
frame-ancestors https://*.apus.edu https://*.hondros.edu 1
default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com production-cdn.bonus.ly staging-cdn.bonus.ly *.bootstrapcdn.com; img-src * data: blob:; object-src 'self' production-cdn.bonus.ly staging-cdn.bonus.ly; style-src 'self' 'unsafe-inline' *.googleapis.com *.bonus.ly *.google.com js.chilipiper.com *.chilipiper.com; connect-src 'self' https://*.intercom.io https://*.nr-data.net wss://*.intercom.io wss://*.bonus.ly/cable wss://*.hotjar.com api.hubspot.com app.getsentry.com forms.hubspot.com *.hubapi.com syndication.twitter.com uploads.intercomcdn.com uploads.intercomusercontent.com *.algolianet.com *.algolia.net www.google-analytics.com www.facebook.com *.fullstory.com *.hotjar.io *.hotjar.com *.doubleclick.net *.apiary.io log.intellimize.co *.clearbit.com api.lever.co js.chilipiper.com *.chilipiper.com *.bonus.ly; frame-src 'self' fast.wistia.net js.stripe.com share.intercom.io bonus.ly *.bonus.ly *.hubspot.com *.addthis.com *.doubleclick.net *.google.com *.twitter.com *.vimeo.com *.hsforms.com *.youtube.com www.instagram.com *.hotjar.com api.intellimize.co js.chilipiper.com *.chilipiper.com my.pima.app; media-src js.intercomcdn.com media.tenor.com *.bonus.ly; script-src 'self' 'unsafe-inline' api.usemessages.com connect.facebook.net graph.facebook.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsforms.net forms.hsforms.com js.hsleadflows.net js.chilipiper.com *.chilipiper.com *.hsadspixel.net js.leadin.com js.usemessages.com production-cdn.bonus.ly staging-cdn.bonus.ly unpkg.com *.addthis.com *.addthisedge.com *.adroll.com *.bnsly.co *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hscta.net *.hubspot.com *.intercom.io *.intercomcdn.com *.linkedin.com *.newrelic.com *.nr-data.net *.perfectaudience.com *.stripe.com *.twimg.com *.twitter.com zapier.com sjs.bizographics.com static.ads-twitter.com pixel.cdnwidget.com reddit.com redditstatic.com quora.com hotjar.com *.hotjar.com www.instagram.com *.fullstory.com *.licdn.com *.quantserve.com *.quantcount.com *.clearbit.com *.clearbitjs.com js.hs-banner.com bat.bing.com ct.capterra.com *.vimeo.com api.intellimize.co 'unsafe-eval' 1
base-uri 'none'; object-src 'none'; script-src https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/extra-locales/ https://blenderartists.org/highlight-js/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/ https://blenderartists.org/theme-javascripts/ https://blenderartists.org/svg-sprite/ 'report-sample' 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/; report-uri https://blenderartists.org/csp_reports 1
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' zona: http://install.zonastat.com https://dl.appzona.org http://vk.com https://vk.com https://login.vk.com http://tools.bongacams.com https://cdn-static-secure.liverail.com http://skycdnhost.com https://skycdnhost.com http://tvmir.ru http://out.pladform.ru http://*.24video.com *.24video.net *.24video.cc *.24video.me *.24videos.me *.24video.xxx 24video.ws *.24video.xxx:8080 *.24video.sex;img-src * data:;media-src * blob:;font-src * data:;object-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com http://skycdnhost.com https://skycdnhost.com https://vk.com http://vk.com http://zona.ru js-agent.newrelic.com https://bam.nr-data.net http://bam.nr-data.net c1.onedmp.com tools.runetki.co www.24video.com www.24video.net www.24video.cc www.24video.me www.24videos.me *.24video.xxx https://upload.24v.tv http://upload.24video.adult http://sibvic.ru http://tarkita.ru http://darangi.ru http://ictowaz.ru http://stat.php-d.com http://startstat.ru http://cdn-static.liverail.com livestatisc.com andwronsit.ru cdn7.rocks hgbn.rocks hgbn.rocks cdn7.rocks 2f9ffee6ab81a74.com 580fc2d73fdf67d.com mc.yandex.ru yastatic.net cdn.jsdelivr.net;child-src 'self' blob: 1
default-src 'self' *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.twitter.com *.opticsinfobase.org *.titanembeds.com *.boltdns.net blob:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org *.googleapis.com *.3playmedia.com s3.amazonaws.com https://unpkg.com *.cvent.com cdn.mxpnl.com *.mixpanel.com https://zoom.us *.zoom.us code.jquery.com *.twitter.com adservice.google.com *.doubleclick.net *.ampproject.org *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com tagmanager.google.com www.googletagservices.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net blob:; style-src 'unsafe-inline' *; font-src * data:; connect-src 'self' cdn.opticsinfobase.org *.gstatic.com *.google-analytics.com *.google.com *.3playmedia.com *.cloudfront.net *.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com www.google-analytics.com *.brightcove.com *.brightcove.net *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com *.zoom.us wss://*.zoom.us blob:; object-src 'self' cdn.opticsinfobase.org *.cloudfront.net *.googlesyndication.com https://*.zoom.us blob:; frame-src 'self' *.brightcove.net *.cloudfront.net *.osa.org cdn.opticsinfobase.org *.frontiersinoptics.com *.google.com *.googlesyndication.com *.youtube.com https://titanembeds.com *.acast.com; frame-ancestors 'self' *.osa.org *.frontiersinoptics.com; 1
font-src * data:; img-src * data: blob:; worker-src blob:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.marchofdimes.com *.marchforbabies.org *.marchofdimes.org *.ywxi.net *.addthis.com *.addthisedge.com feed2js.org *.cloudfront.net *.crazyegg.com ajax.googleapis.com *.juicer.io api.usersnap.com *.optimizely.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.atdmt.com *.adsrvr.org *.youtube.com *.googleadservices.com *.cetrk.com *.rfihub.net *.gwallet.com *.godaddy.com *.amazonaws.com *.adroll.com doublethedonation.com *.braintreegateway.com *.payments-amazon.com *.paypalobjects.com *.paypal.com *.amazon.com *.ssl-images-amazon.com *.google.com *.bing.com *.mathtag.com *.acquireinsight.net code.highcharts.com *.jquery.com *.cloudflare.com *.rfihub.com *.formstack.com siteimproveanalytics.com cdn.usersnap.com maxcdn.bootstrapcdn.com *.pinimg.com *.amazonpay.com static.ads-twitter.com *.braintree-api.com *.hotjar.com p2a.co *.gstatic.com cdn.jsdelivr.net cqrcengage.com platform-api.sharethis.com buttons-config.sharethis.com *.trustedsite.com c.sharethis.mgr.consensu.org *.osano.com l.sharethis.com *.cookielaw.org *.pinterest.com pixel-a.basis.net pixel.sitescout.com *.googlesyndication.com maxcdn.bootstrapcdn.com *.moatads.com *.cloudflareinsights.com js.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.hubspot.com *.marketo.net *.mktoresp.com marchofdimes.formstack.com api.mapbox.com events.mapbox.com *.tiles.mapbox.com cdn.heapanalytics.com heapanalytics.com *.taboola.com *.hsleadflows.net *.hsforms.com *.steelhousemedia.com secure.quantserve.com *.quantcount.com apps.rokt.com/ *.apple.com *.cdn-apple.com; 1
default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://builds.coreos.fedoraproject.org;  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.toodledo.com https://*.toodledo.com https://*.cookielaw.org https://*.onetrust.com https://*.stripe.com https://*.filepicker.io http://*.filepicker.io http://*.twitter.com https://*.twitter.com https://apis.google.com https://*.googleapis.com https://maps.gstatic.com http://apis.google.com http://*.googleapis.com http://maps.gstatic.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com http://*.google.com https://*.google.com http://d1h9d4exwfthxc.cloudfront.net https://www.googletagmanager.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net http://connect.facebook.net http://assets.pinterest.com https://canny.io https://*.chargebee.com https://*.adroll.com https://www.youtube.com https://www.gstatic.com https://*.googlesyndication.com; report-uri /ajax/csp_report.php; 1
frame-ancestors 'self' https://*.youranswer.io 1
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 1
default-src 'none'; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://d10lpsik1i8c69.cloudfront.net;script-src https://usablenet.com https://scout-cdn.salesloft.com https://d10lpsik1i8c69.cloudfront.net https://cdnjs.cloudflare.com https://js.usemessages.com https://scripts.demandbase.com https://aa.agkn.com https://adadvisor.net https://secure.adnxs.com https://*.linkedin.com https://snap.licdn.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-scripts.com https://forms.hubspot.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.it https://js.hs-banner.com https://js.hsadspixel.net https://www.loopanalytics.com https://cdn.calltrk.com https://stats.g.doubleclick.net https://cdn.loopanalytics.com https://js.calltrk.com https://adamonitoring.usablenet.com 'self' 'unsafe-inline'; img-src data: https://cdn2.hubspot.net https://d10lpsik1i8c69.cloudfront.net https://aorta.clickagy.com https://ws3.rqtrk.eu https://sp.adbrn.com https://cm.dpclk.com https://h.parrable.com https://analytics.spongecell.com https://x.bidswitch.net https://match.prod.bidr.io https://*.company-target.com https://global.ib-ibi.com https://e.nexac.com https://*.rlcdn.com https://aa.agkn.com https://*.linkedin.com https://stags.bluekai.com https://api.bizographics.com https://ib.mookie1.com https://cm.g.doubleclick.net https://secure.adnxs.com https://track.hubspot.com https://usablenet.com https://qa-usablenet-redesign.udev1a.net https://ucontrolproxy.usablenet.com https://mobile.usablenet.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.it  https://scout.us2.salesloft.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://www.loopanalytics.com 'self'; frame-src https://share.vidyard.com https://play.vidyard.com https://www.facebook.com https://app.hubspot.com https://www.google.com https://www.youtube.com https://bid.g.doubleclick.net/ https://embed.vidyard.com https://cdn.vidyard.com/ https://play.vidyard.com; frame-ancestors 'self'; connect-src wss://in.visitors.live wss://visitors.live https://*.luckyorange.net https://*.luckyorange.com https://api.hubspot.com https://api.hubapi.com/ https://*.company-target.com https://forms.hubspot.com https://scout.salesloft.com https://stats.g.doubleclick.net https://js.calltrk.com https://adamonitoring.usablenet.com 'self'; base-uri 'none'; media-src https://d10lpsik1i8c69.cloudfront.net; 1
default-src 'none'; script-src 'self'; child-src 'self'; frame-src https://*.youtube.com  https://*.vimeo.com; font-src 'self'; img-src http: data: *; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tutanota.com https://api.github.com https://www.reddit.com https://mail.tutanota.com; 1
frame-ancestors 'self' https://*.ariba.com https://*.linde.grp https://supplier.coupahost.com 1
default-src 'none'; manifest-src 'self'; block-all-mixed-content; script-src blob: 'unsafe-eval' 'self' https://stats.eurocontrol.int https://cdnjs.cloudflare.com/ajax/libs/proj4js/ https://public.flourish.studio https://stats.eurocontrol.int https://www.googletagmanager.com/gtm.js https://app.everviz.com 'sha256-CFPNGLBANUFhOL1M8jVvaU3fAdQlYtiwLugJcvT0Q9Y=' 'sha256-+aqVCS7el7iEYu9CC99LCerjjC2XgHVTSqklMsnHL6Q=' 'sha256-JAzQx1TyATh4RS10s1IVWGekoUoE6eBa+EvAkFNFEoc=' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://portal.nsv.eurocontrol.int https://int-api.nsv.eurocontrol.int https://platform.twitter.com https://cdn.syndication.twimg.com/tweets.json https://cloud.highcharts.com https://code.highcharts.com https://www.google-analytics.com/analytics.js; connect-src 'self' https://int-api.nsv.eurocontrol.int https://cloud-api.highcharts.com/chart/ https://api.everviz.com/; img-src data: 'self' https://stats.eurocontrol.int https://api.maptiler.com https://syndication.twitter.com https://platform.twitter.com https://www.google-analytics.com https://pbs.twimg.com https://stats.g.doubleclick.net https://public.flourish.rocks https://www.google.com/ads/ https://www.google.be/ads/; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://app.everviz.com/fonts/ https://cloud.highcharts.com/fonts/; form-action 'self' https://syndication.twitter.com https://platform.twitter.com; frame-src 'self' https://www.google.com https://platform.twitter.com https://flo.uri.sh https://www.nm.eurocontrol.int https://syndication.twitter.com https://webto.salesforce.com https://www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https://app.everviz.com/fonts/ https://cloud.highcharts.com/fonts/; object-src 'self'; media-src *; base-uri 'self' 1
frame-ancestors 4over.com *.4over.com *.authorize.net;” 1
style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https: https://fonts.gstatic.com; img-src 'self' data: https: https://g.foolcdn.com http://px.moatads.com https://optimize.google.com https://www.google-analytics.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; frame-src 'self' https: https://optimize.google.com; upgrade-insecure-requests; media-src 'self' https: 1
default-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; img-src * data:; object-src 'none' 1
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' https://iframe.elimparcial.com *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com  *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.indexww.com *.facebook.net *.giphy.com *.memeate.com *.windy.com iframe.enelradar.com *.taboola.com *.liveleak.com *.pinterest.com *.lkqd.net *.wcnc.com; report-uri https://imparcial.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.coastal.edu; 1
child-src https://*.fls.doubleclick.net https://bid.g.doubleclick.net form.gov.sg; connect-src *.cwp-stg.sg https://s3-ap-southeast-1.amazonaws.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg blob: www.google-analytics.com *.onemap.sg/ *.dcube.cloud *.wogaa.sg *.demdex.net https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com wss://*.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; default-src 'self' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg *.dcube.cloud *.wogaa.sg wogadobeanalytics.sc.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net; font-src https://cdnjs.cloudflare.com data: fonts.gstatic.com *.dcube.cloud *.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; img-src data: blob: 'self' www.google-analytics.com https://s3-ap-southeast-1.amazonaws.com https://px.ads.linkedin.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg https://www.facebook.com *.cwp-stg.sg *.onemap.sg/ https://cdnjs.cloudflare.com *.mycareersfuture.sg *.mycareersfuture.gov.sg https://pixel.quantserve.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net *.demdex.net https://va.ecitizen.gov.sg https://v2assets.zopim.io; script-src blob: www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net s.yimg.com sp.analytics.yahoo.com https://www.google.com www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://p.adsymptotic.com https://rules.quantcount.com https://secure.quantserve.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.mycareersfuture.sg https://www.mycareersfuture.gov.sg *.dcube.cloud *.wogaa.sg assets.adobedtm.com https://va.ecitizen.gov.sg https://flexanswer1653.zendesk.com *.zdassets.com *.zopim.com *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; style-src 'self' https://cdnjs.cloudflare.com fonts.googleapis.com unpkg.com *.dcube.cloud *.wogaa.sg https://va.ecitizen.gov.sg 'unsafe-inline' *.mycareersfuture.sg *.mycareersfuture.gov.sg *.app.gov.sg; report-uri /csp-report 1
default-src 'self' data: blob: http://*.iter.org https://*.iter.org; connect-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.iter.org https://*.iter.org http://p.jwpcdn.com http://*.gstatic.com https://*.gstatic.com https://cdnjs.cloudflare.com http://*.facebook.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.twimg.com http://*.linkedin.com https://*.linkedin.com http://*.google-analytics.com https://*.google-analytics.com https://*.googleapis.com http://*.google.com https://*.google.com https://*.google-analytics.com http://*.cloudflare.com https://*.dacast.com https://play.webvideocore.net https://s3.amazonaws.com https://*.reciteme.com; object-src 'self' https://player.dacast.com https://*.akamaihd.net; style-src 'self' 'unsafe-inline' http://*.google.com https://*.google.com https://fonts.googleapis.com https://www.gstatic.com https://player.dacast.com https://*.microsoft.com https://*.reciteme.com; img-src * data: blob:; frame-src 'self' http://*.iter.org https://*.iter.org http://*.youtube.com https://*.youtube.com https://*.google.com http://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com https://play.webvideocore.net https://*.issuu.com https://*.reciteme.com; media-src blob: 'self' http://*.iter.org https://*.iter.org https://*.akamaihd.net  https://*.reciteme.com; font-src 'self' data: blob: http://*.iter.org https://*.iter.org https://player.dacast.com https://*.sharepointonline.com https://*.microsoft.com https://fonts.gstatic.com https://*.reciteme.com; worker-src blob: 'self' http://*.iter.org https://*.iter.org 1
connect-src 'self';default-src 'self';font-src 'self' https://fonts.gstatic.com data:;frame-ancestors 'self' chrome-extension://mnojpmjdmbbfmejpflffifhffcmidifd;frame-src 'self' https://player.vimeo.com https://boards.greenhouse.io https://www.youtube-nocookie.com;img-src 'self' data: https://brave.com https://analytics.basicattentiontoken.org https://basicattentiontoken.org https://analytics.brave.com https://boards.greenhouse.io https://s.gravatar.com https://*.gravatar.com https://*.githubusercontent.com https://secure.gravatar.com https://www.gravatar.com https://blog.brave.com https://*.ggpht.com https://*.jtvnw.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.basicattentiontoken.org https://cdn.jsdelivr.net https://secure.gaug.es https://boards.greenhouse.io https://code.jquery.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cloud.typography.com 1
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 1
frame-ancestors https://*.ionos.fr https://ionos.fr; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://magicleap.com/assets/js/ https://www.google-analytics.com https://www.googletagmanager.com https://cdn.amplitude.com https://api.amplitude.com http://tagmanager.google.com https://connect.facebook.net https://storage.googleapis.com/workbox-cdn/releases/ https://cc.cdn.civiccomputing.com/ http://static.ads-twitter.com/ https://analytics.twitter.com/ https://js.hs-scripts.com/ http://js.hs-analytics.net/analytics/ https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://cdnjs.cloudflare.com https://magicleap.com/assets/fonts/ https://fonts.gstatic.com; img-src 'self' data: https://www.google.com/ads https://www.google-analytics.com https://images.contentful.com https://images.ctfassets.net https://ml-cms.imgix.net https://ml-cdn.imgix.net https://*.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com http://t.co/ https://img.youtube.com https://ml-identity-avatars-production.s3.amazonaws.com https://avatars.magicleap.com https://track.hubspot.com/ https://v2assets.zopim.io; media-src 'self' https://static.zdassets.com https://videos.ctfassets.net; child-src 'self'; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://8777618.fls.doubleclick.net; connect-src 'self' https://static-1.www.magicleap.com/ https://magicleap.com/assets/ https://cdn.contentful.com https://maps.googleapis.com https://sentry.io/api/ https://forms.hubspot.com/ https://api.hubapi.com/ https://cdn.amplitude.com https://api.amplitude.com https://www.google-analytics.com https://tagmanager.google.com https://ml-cms.imgix.net https://apikeys.civiccomputing.com/ https://static.zdassets.com https://ekr.zdassets.com https://magicleapcare.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://api.magicleap.com/identity/; frame-ancestors 'self' 1
frame-ancestors 'self' www.skylinewebcams.com; 1
frame-ancestors https://*.icicilombard.com/ https://www.icicibank.com/ https://www.icicidirect.com/ https://www.idfcbank.com/ 1
default-src 'self' gosbar.gosuslugi.ru gosmonitor.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' lofficielmode.ru *.tildacdn.com tilda.ws cdnjs.cloudflare.com voltajs.org piwik-gosbar.gosuslugi.ru yastatic.net gosmonitor.ru mc.yandex.ru api-maps.yandex.ru gosbar.gosuslugi.ru stat.sputnik.ru piwik.nsign.ru; connect-src 'self' gosbar.gosuslugi.ru mc.yandex.ru stat.sputnik.ru gosmonitor.ru *.tildacdn.com; img-src 'self' data: www.rosmintrud.ru piwik-gosbar.gosuslugi.ru *.tildacdn.com api-maps.yandex.ru *.maps.yandex.net stat.sputnik.ru mc.yandex.ru piwik.nsign.ru cnt.sputnik.ru gosmonitor.ru; style-src 'self' 'unsafe-inline' *.tildacdn.com tilda.ws fonts.googleapis.com cdnjs.cloudflare.com gosbar.gosuslugi.ru gosmonitor.ru; font-src 'self' gosbar.gosuslugi.ru gosmonitor.ru data: *.tildacdn.com fonts.gstatic.com; media-src 'self' static.rosmintrud.ru gosmonitor.ru; frame-src *; 1
default-src 'self'; script-src cdn.bookboon.io minio.stage.bookboon.io  script.crazyegg.com *.stripe.com *.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ blob: 'unsafe-eval' 'unsafe-inline' 'self'; style-src *.googleapis.com blob: 'unsafe-inline' 'self'; img-src bookboon.com boont.co *.google-analytics.com www.gravatar.com staging.content.stage.bookboon.io 'self'; connect-src boont.co *.stripe.com *.crazyegg.com sentry.bookboon.io 'self'; font-src fonts.gstatic.com data: 'self'; frame-src *.stripe.com https://www.google.com/recaptcha/ 'self'; media-src *.content.bookboon.com content.bookboon.com minio.stage.bookboon.io 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.gea.com; form-action 'self'; frame-src 'self' *.gea.com *.eqs.com *.eurolandir.com www.treedom.net console.e-bot7.de *.qualtrics.com vara-services.com *.podigee.com *.podigee-cdn.net 1
frame-ancestors 'self' http://mrgocom01stg.dmz.maggroup.com http://mrgocomforge.dmz.maggroup.com 1
frame-ancestors 'self' https://neo.deutsche-wirtschafts-nachrichten.de 1
frame-ancestors  'self' https://*.uworld.com https://www.rogercpareview.com https://*.zeqo.com/ http://*.zeqo.com/; 1
default-src 'self' data:; font-src 'self' data: https://fonts.gstatic.com/; media-src 'self' blob:; img-src * data:; style-src 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google-analytics.com/ https://cdn.plaid.com/ https://d.impactradius-event.com/ data:; frame-src 'self' https://www.google.com/recaptcha/ https://player.vimeo.com/ https://*.privacy.com/ https://*.facebook.com/ https://cdn.plaid.com/ https://d.impactradius-event.com/; connect-src 'self' https://s3.amazonaws.com/privacy-web/ https://a.qwepw.com/ https://privacycom.7oyhzp.net/ 1
upgrade-insecure-requests; default-src 'self';script-src 'self'  https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com fast.wistia.net *.wistia.com form.jotform.com cdn.jotfor.ms secure.jotformpro.com submit.jotformpro.com 'sha256-XSSi6RJIfxaVdFtY9gnqF1Hp+EmSO8tNQ9WaLvROtbc=';style-src 'self' 'unsafe-inline' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;child-src 'self' https://voicethread.com fast.wistia.net *.wistia.com player.vimeo.com;connect-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com wss://prod-mq.voicethread.com sentry.io *.sentry.io sentry.io *.sentry.io;font-src 'self'  https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;form-action 'self'  https://voicethread.com;frame-ancestors * ;img-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com *.akamaihd.net fast.wistia.com embed.wistia.com embedwistia-a.akamaihd.net events.jotform.com cdn.jotfor.ms embed-fastly.wistia.com;media-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com embed.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com;object-src 'self' https://prod-cdn.voicethread.com; 1
frame-ancestors http://stevemorse.org http://www.stevemorse.org 'self' http://www.jgsmd.org http://jgsmd.org http://www.jgss.org; 1
script-src 'report-sample' 'nonce-FSM4MrDdj+OwQzp2roqfFg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src * 'unsafe-inline' data: blob: https:; script-src 'self' https://*.waves.exchange https://cdn.ravenjs.com https://wavesplatform.innocraft.cloud https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google-analytics.com https://www.googletagmanager.com https://widget.intercom.io/widget/ibdxiwmt https://js.intercomcdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.amplitude.com https://coinomat.com https://*.wavesplatform.com https://*.wvservices.com https://*.wavesnodes.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; upgrade-insecure-requests; report-uri https://waves-exchange.report-uri.com/r/d/csp/enforce 1
default-src 'none';               script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com/ https://www.googletagmanager.com https://tagmanager.google.com https://consent.trustarc.com https://unpkg.com/aos@2.3.1/dist/aos.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.11.4/TweenMax.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/utils/Draggable.min.js https://maps.googleapis.com https://www.gstatic.com http://pixel.mathtag.com https://cookie-cdn.cookiepro.com https://cookie-cdn.cookiepro.com https://code.jquery.com https://geolocation.onetrust.com https://www.google-analytics.com http://tags.bkrtx.com https://connect.facebook.net http://consent.trustarc.com;            style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://unpkg.com/aos@2.3.1/dist/aos.css https://fonts.googleapis.com https://www.gstatic.com https://cookie-cdn.cookiepro.com https://consent.trustarc.com;             font-src 'self' data: http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;             img-src 'self' data: https://www.googletagmanager.com https://consent-pref.trustarc.com https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://maps.googleapis.com http://pixel.mathtag.com https://cookie-cdn.cookiepro.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://consent.trustarc.com http://consent.trustarc.com;            frame-src 'self' https://consent-pref.trustarc.com/ https://www.youtube-nocookie.com http://pixel.mathtag.com https://pepbridge.pepsicodigital.com http://tags.bluekai.com https://stags.bluekai.com https://www.youtube.com http://10095471.fls.doubleclick.net;             connect-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://trackerapi.trustarc.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com;             media-src 'self' data: https://davies-meyer-wsp.s3.eu-central-1.amazonaws.com/ https://www.youtube.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.discoverydb.com cdnjs.cloudflare.com *.storage.googleapis.com www.google-analytics.com platform.linkedin.com js-agent.newrelic.com *.salesforceliveagent.com tracker.totango.com bam.nr-data.net *.pendo.io *.listenloop.com;style-src 'self' 'unsafe-inline' *.discoverydb.com *.googleapis.com *.pendo.io;frame-src 'self' *.discoverydb.com *.pendo.io *.amazonaws.com;frame-ancestors *.pendo.io;child-src *.pendo.io;img-src 'self' *.discoverydb.com www.google-analytics.com *.cloudfront.net *.googleapis.com *.pendo.io sdr.totango.com bam.nr-data.net data:;font-src 'self' fonts.gstatic.com data:;connect-src 'self' www.google-analytics.com *.googleapis.com *.pendo.io bam.nr-data.net stats.g.doubleclick.net 1
frame-ancestors 'self' https://*.jurist.org http://*.jurist.org 1
default-src 'self'; object-src 'none'; img-src * data: blob:; font-src * data:; connect-src 'self' https://ynuf.aliapp.org/ https://translate.googleapis.com wss://www.bilaxy.com wss://bilaxy.com wss://m.bilaxy.com wss://www.bilaxy.io wss://bilaxy.io wss://m.bilaxy.io wss://www.bilaxy.net wss://bilaxy.net wss://m.bilaxy.net https://discovery.amp.cloudflare.com https://bilaxy.zendesk.com/ https://ekr.zdassets.com/ https://newapi.bilaxy.com/ https://newapi.bilaxy.io/ https://newapi.bilaxy.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com cdnjs.cloudflare.com amp.cloudflare.com storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cloudflareinsights.com *.tdum.alibaba.com https://ynuf.aliapp.org/ https://translate.google.com https://translate.googleapis.com storage.googleapis.com ajax.cloudflare.com cdn.polyfill.io amp.cloudflare.com cdnjs.cloudflare.com discovery.amp.cloudflare.com static.zdassets.com ekr.zdassets.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://g.alicdn.com/ https://cf.aliyun.com/ https://ynuf.alipay.com/;frame-src 'self' https://www.google.com/ 1
frame-ancestors 'self' https://*.astro.com.my https://webui-vpcnammamane2.vsscloud.in; 1
frame-ancestors 'self' *.uservoice.com *.miamed.de *.amboss.com amboss-miamed-de.ezproxy.medma.uni-heidelberg.de amboss-miamed-de.emedien.ub.uni-muenchen.de amboss-miamed-de.eaccess.ub.tum.de amboss.zendesk.com amboss.com 212699.apps.zdusercontent.com 1
frame-src * 'self' https://teams.microsoft.com https://*.youtube.com; 1
default-src *;script-src 'self' 'unsafe-inline'  'unsafe-eval'  changba.com *.changba.com *.changbaimg.com *.cdn.changbaimg.com *.bootcss.com *.bokecc.com *.qbox.me *.google-analytics.com *.qq.com *.alipay.com *.alibaba.com *.aliyun.com  *.alicdn.com hm.baidu.com *.cnzz.com *.cnzz.cn *.irs01.com  irs01.com zz.bdstatic.com *.zhanzhang.baidu.com s.url.cn cdn.jsdelivr.net unpkg.com;style-src * 'unsafe-inline';frame-src 'self' changba.com *.changba.com changba://*;img-src 'self' data: blob: *;media-src 'self' data: blob: * 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; media-src blob: https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://shs-components.infopark.io https://siemens-healthineers.com; worker-src blob:; script-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://api.scrivito.com https://assets.scrivito.com https://*.scrvt.com https://*.siemens.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://tools.adlytics.net https://charts3.equitystory.com/ https://irpages2.eqs.com/ https://shs-components.infopark.io https://players.brightcove.net https://vjs.zencdn.net https://siemenshealthcare.postclickmarketing.com https://ionfiles.scribblecdn.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com https://www.adobetag.com https://static.adlytics.net; object-src 'none'; block-all-mixed-content 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: 1
frame-ancestors https://www.bangkokair.com https://bookflight.bangkokair.com https://flightbooking.bangkokair.com/; 1
default-src 'self' *.uci.ch *.uci.org *.googletagmanager.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.cloudflare.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.twitter.com *.cloudflare.com *.googletagmanager.com *.jquery.com; font-src 'self' *.uci.ch fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src  'self' *.uci.ch *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://scontent-zrh1-1.cdninstagram.com; media-src 'self' data: blob: https://video-zrh1-1.cdninstagram.com; frame-src 'self' *.uci.ch *.uci.org *.twitter.com *.cloudflare.com *.googletagmanager.com *.tissottiming.com *.youtube.com *.chronorace.be chronorace.blob.core.windows.net *.facebook.com; frame-ancestors 'self' *.uci.ch *.uci.org; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.uci.ch *.uci.org *.twitter.com *.cloudflare.com *.googletagmanager.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.uci.ch *.uci.org *.twitter.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com *.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com snap.licdn.com ajax.googleapis.com js.createsend1.com *.bing.com https://captcha.gecirtnotification.com *.cloudfront.net https://staging-bakerhughs-event.netlify.app https://bakerhughes-subsea-connect-event.netlify.app plausible.io *.cookielaw.org *.onetrust.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data: https://designbysoap.b-cdn.net; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com  https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/ https://player.vimeo.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com themes.googleusercontent.com *.hotjar.com; report-uri /report-csp-violation 1
default-src 'self' https://s.hongleongconnect.my https://www.hlb.com.my; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * 'unsafe-inline'; img-src 'self' * 'unsafe-inline' data: ; style-src 'self' * 'unsafe-inline'; font-src 'self' * data: ; frame-src 'self' * 1
default-src 'self' *.uni-bamberg.de *.infogram.com *.mapbox.com scontent.cdninstagram.com platform.twitter.com *.twitter.com *.twimg.com *.facebook.net *.unity3d.com 'unsafe-inline' 'unsafe-eval' blob:; frame-src * 1
default-src 'none'; form-action 'self' admin.hostpoint.ch www.facebook.com; frame-src 'self' *.fls.doubleclick.net *.hotjar.com maps.google.com tpc.googlesyndication.com www.facebook.com www.google.com www.googletagmanager.com; connect-src 'self' admin.hostpoint.ch bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com stats.g.doubleclick.net t.co www.facebook.com www.google.com www.google-analytics.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: *; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' analytics.twitter.com bat.bing.com connect.facebook.net *.hotjar.com maps.googleapis.com px.ads.linkedin.com snap.licdn.com sjs.bizographics.com ssl.google-analytics.com static.ads-twitter.com tpc.googlesyndication.com twitter.com www.gstatic.com www.google.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com www.linkedin.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com; block-all-mixed-content; report-uri https://hostpoint.uriports.com/reports/report; report-to default; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://plugin.monotote.com https://isitetv.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://e.issuu.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://www.shoplooks.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://www.shoplooks.com https://ct.pinterest.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.thehut.com https://m.thehut.com https://checkout.thehut.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://s.trustpilot.com https://plugin.monotote.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://static.shoplooks.com https://google.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'none'; script-src 'self' blob: https://stackpath.bootstrapcdn.com https://ajax.googleapis.com https://pro.fontawesome.com https://code.jquery.com https://cdnjs.cloudflare.com https://c0.froala.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com; object-src 'none'; upgrade-insecure-requests 1
report-uri /csp-violation; default-src 'self' https://*.huntress.io; font-src 'self' data: https://fonts.gstatic.com https://beacon-v2.helpscout.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net https://heapanalytics.com https://checkout.stripe.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://checkout.stripe.com; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://checkout.stripe.com https://js.stripe.com https://canny.io; connect-src 'self' https://*.huntress.io https://huntress-user-uploads.s3.amazonaws.com https://bam.nr-data.net https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://chatapi.helpscout.net wss://*.pusher.com https://*.sumologic.com https://heapanalytics.com https://checkout.stripe.com https://canny.io; frame-src 'self' https://www.google.com https://beacon-v2.helpscout.net https://checkout.stripe.com https://js.stripe.com https://canny.io https://changelog-widget.canny.io; object-src 'self' https://beacon-v2.helpscout.net; img-src 'self' data: https://*.huntress.io https://huntress-user-uploads.s3.amazonaws.com https://www.google-analytics.com https://heapanalytics.com https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://linkmaker.itunes.apple.com https://*.stripe.com; media-src 'self' https://beacon-v2.helpscout.net 1
default-src 'none'; manifest-src 'self' https://www.bugatti.com https://assets.bugatti.com https://assets2.bugatti.com; connect-src 'self' https://www.bugatti.com https://assets.bugatti.com https://assets2.bugatti.com https://ssl.google-analytics.com https://scontent.cdninstagram.com https://static.cookiefirst.com https://app.cookiefirst.com/ https://api.cookiefirst.com/ blob:; frame-src 'self' https://www.youtube-nocookie.com; img-src 'self' data: https://www.bugatti.com https://assets.bugatti.com https://assets2.bugatti.com https://scontent.cdninstagram.com https://ssl.google-analytics.com https://i.ytimg.com https://consent.cookiefirst.com https://app.cookiefirst.com/ https://api.cookiefirst.com/ https://stats.g.doubleclick.net/ *.cdninstagram.com; font-src 'self' https://www.bugatti.com https://assets.bugatti.com https://assets2.bugatti.com https://fonts.gstatic.com https://static.cookiefirst.com; media-src 'self' https://assets.bugatti.com https://assets2.bugatti.com https://player.vimeo.com blob:; script-src 'self' https://www.bugatti.com https://assets.bugatti.com https://assets2.bugatti.com https://ssl.google-analytics.com https://www.youtube.com https://s.ytimg.com https://consent.cookiefirst.com 'sha256-V3VsijtxmFN+a6nbMFkBgSrpsCxs/c0DCoegulF76kc=' 'nonce-fofs9p3yF2fc' 'nonce-zei3ul4ReeNu' 'nonce-thaegai3ua5L' 'nonce-yo3Fianginez' 'nonce-AegohRee6Oow' 'nonce-pahneaHoo0uo' 'nonce-ubai2tuezu0C' 'nonce-o7oa6PRhRuQ4' 'nonce-72GBGz3iWpor' 'nonce-xRB3wouneh77'; style-src 'self' https://www.bugatti.com https://assets.bugatti.com https://assets2.bugatti.com https://consent.cookiefirst.com https://static.cookiefirst.com  https://fonts.googleapis.com/ https://consent.cookiefirst.com/ https://consent.cookiefirst.com/ 'unsafe-inline'; object-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; 1
script-src 'self' 'unsafe-inline' https://js.stripe.com; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 1
default-src 'self'; script-src 'self' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com; img-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; report-uri https://scotthelme.report-uri.com/r/default/csp/enforce 1
default-src 'self' https:; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src https: 1
default-src 'self' cdn.eurid.eu; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com eurid.matomo.cloud eurid.piwikpro.com www.gstatic.com *.riddle.com ; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com; script-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval' cdn.eurid.eu fonts.googleapis.com maps.google.com maps.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com connect.facebook.net *.twitter.com eurid.matomo.cloud www.googletagmanager.com www.google-analytics.com *.cookiebot.com *.riddle.com embed.ex.co *.playbuzz.com *.youtube.com *.googleadservices.com *.ytimg.com *.doubleclick.net f.vimeocdn.com *.recaptcha.net recaptcha.net ; img-src 'self' 'unsafe-inline' maps.google.com maps.googleapis.com maps.gstatic.com csi.gstatic.com www.gstatic.com www.google.com *.twitter.com www.facebook.com eurid.matomo.cloud eurid.piwikpro.com www.google-analytics.com data: *.outbrain.com *.playbuzz.com *.google.be *.ytimg.com *.doubleclick.net ; frame-src 'unsafe-inline' *.cookiebot.com *.riddle.com embed.ex.co *.youtube.com vimeo.com player.vimeo.com *.google.com *.recaptcha.net vod-progressive.akamaized.net ; child-src 'self' cdn.embedly.com www.youtube.com *.twitter.com staticxx.facebook.com www.facebook.com  www.gstatic.com www.google.com; connect-src 'self' *.ex.co *.playbuzz.com *.doubleclick.net eurid.matomo.cloud 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://1444264.collect.igodigital.com https://bam.nr-data.net https://js-agent.newrelic.com https://static.addtoany.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://analytics.twitter.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://unpkg.co https://bam-cell.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://mstat.acestream.ne; object-src 'none'; img-src 'self' https://nova.collect.igodigital.com https://www.googletagmanager.com https://t.co data: https:; media-src 'self' https://www.youtube.com https://www.youtube-nocookie.com data:; frame-src 'self' https://www.youtube.com https://www.google.com/ https://www.youtube-nocookie.com https://www.googletagmanager.com; frame-ancestors https://zellepay.com; font-src 'self' https://fonts.gstatic.com/ data: https://use.typekit.ne https://www.clearplay.com https://assets.quadpay.com; connect-src 'self' https://www.google-analytics.com https://privacyportal.onetrust.com  https://bam-cell.nr-data.net https://plugin.ucads.ucweb.com; report-uri /report-csp-violation 1
frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 1
script-src 'self' 'unsafe-inline' *.dallasfed.org *.google-analytics.com *.federalreserve.org *.twimg.com *.twitter.com *.frswebservices.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com; 1
report-uri https://www.yelp.com/csp_block?id=7e6e7ab4308419b2&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1614395810; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
default-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.hotjar.com/ https://static.hotjar.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://ajax.googleapis.com/ https://www.calcxml.com/ https://cdnjs.cloudflare.com/ https://*.firebaseio.com https://*.landbot.io https://*.google.com https://www.google.com/; style-src 'self' 'unsafe-inline' https://profontawesome.com/ https://www.incharge.org/ https://fonts.googleapis.com/ https://www.calcxml.com/ https://www.google.com/; connect-src 'self' wss://*.firebaseio.com https://*.landbot.io https://*.google.com https://stats.g.doubleclick.net https://*.hotjar.com/ wss://*.hotjar.com/ https://www.calcxml.com/ https://*.googleapis.com/ https://google-analytics.com https://googletagmanager.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.synomia-autocompletion.com s7.addthis.com m.addthis.com api.dmcdn.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.facebook.net https://*.twitter.com https://*.linkedin.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.jquery.com https://cdn.syndication.twimg.com https://cdn.rawgit.com  https://static.addtoany.com  1
frame-ancestors 'self'; style-src 'self' 'unsafe-inline' hello.myfonts.net cloud.typography.com *.vitamix.com *.bazaarvoice.com  https://optimize.google.com https://fonts.googleapis.com *.cj.com; 1
report-uri https://consumer-travel.americanexpress.com/home/report/security/csp-violation; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com wss://*.americanexpress.com lib-us-1.brilliantcollector.com/collector/collectorPost *.bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com; script-src 'nonce-175d03d3-b6aa-47f1-88bb-74da6c53b558' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js-cdn.dynatrace.com *.bounceexchange.com *.microsoft.com analytics.newscred.com www.google-analytics.com s.ntv.io www.youtube.com/iframe_api s.ytimg.com assets.adobedtm.com nexus.ensighten.com service.maxymiser.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn; img-src data: 'self' *.aexp.com *.americanexpress.com *.aexp-static.com omn.americanexpress.com amexuat1-merchantgeo.cs42.force.com res.cloudinary.com s1.ticketm.net ad2.adfarm1.adition.com ad4.adfarm1.adition.com p.adbrn.com 20743471p.rfihub.com 20795861p.rfihub.com aax-eu.amazon-adsystem.com private-orm-open-receipt-match.s3.amazonaws.com s.amazon-adsystem.com tag.yieldoptimizer.com ads.avocet.io stags.bluekai.com sandbox.dev.clover.com/v2/image/ sslwidget.criteo.com widget.criteo.com www.facebook.com cnt.fout.jp www.googleadservices.com/pagead/conversion/ googleads.g.doubleclick.net ad.doubleclick.net ad-emea.doubleclick.net media.iceportal.com dc.ads.linkedin.com px.ads.linkedin.com www.bizographics.com www.linkedin.com/px/ urldefense.proofpoint.com pubads.g.doubleclick.net s1933033461.t.eloqua.com prf.hn farm.plista.com *.switchfly.com www.tripadvisor.com analytics.twitter.com t.co b92.yahoo.co.jp sp.analytics.yahoo.com img.static-bookatable.com *.sevenrooms.com image.resy.com l.betrad.com cdn.cohesionapps.com adservice.google.com www.google.com/ads/user-lists/ www.google.com/pagead/1p-user-list/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ ct.pinterest.com/v3/ bat.bing.com/action/ *.flashtalking.com pt.ispot.tv rs.gwallet.com *.cloudfront.net/receipts/assets/ *.cloudfront.net/assets/sqmarket/ api.tiles.mapbox.com/ s.mzstatic.com/email/images_shared/ t.teads.tv affleads.latamtracking.com *.finn.ai/images/product-recommender/ events.bouncex.net pixel.newscred.com www.google-analytics.com track.adform.net *.doublemax.net *.microsoft.com pixel.sojern.com jadserve.postrelease.com p.adsymptotic.com px.ladsp.com tg.socdm.com tr.line.me atm.im-apps.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn images.trvl-media.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com; connect-src 'self' *.aexp.com *.aexp-static.com *.americanexpress.com wss://*.americanexpress.com lib-us-1.brilliantcollector.com/collector/collectorPost *.bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com amex-promotion-service-stg.iseatz.com amex-promotion-service.iseatz.com; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; frame-ancestors none; frame-src *.aexp-static.com *.americanexpress.com aexp.demdex.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn service.maxymiser.net 1
default-src 'self' https://sharechat.com https://*.sharechat.com; script-src 'self' 'unsafe-inline' https://*.branch.io https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://storage.googleapis.com https://app.link https://*.agora.io https://cdn.ampproject.org https://*.google.com https://*.google.co.in https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.googletagservices.com https://sb.scorecardresearch.com; style-src 'self' https://sharechat.com https://*.sharechat.com 'unsafe-inline'; prefetch-src 'self' https://sharechat.com https://*.sharechat.com https://*.googlesyndication.com; frame-src 'self' https://sharechat.com https://*.sharechat.com https://*.youtube.com https://*.googlesyndication.com; img-src 'self' https://sharechat.com https://*.sharechat.com http: https: data:; media-src 'self' https://sharechat.com https://*.sharechat.com; worker-src 'self' https://sharechat.com https://*.sharechat.com; manifest-src 'self' https://sharechat.com https://*.sharechat.com; connect-src 'self' https://sharechat.com https://*.sharechat.com https://*.gstatic.com https://*.google.com https://*.google.co.in https://*.google-analytics.com https://*.googleapis.com https://*.branch.io https://*.agora.io https://*.agora.io:* https://*.agoraio.cn https://*.agoraio.cn:* https://stats.g.doubleclick.net wss://*.agora.io:* wss://*.agoraio.cn:* https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.googletagservices.com https://cdn.ampproject.org; frame-ancestors 'self' https://sharechat.com https://*.sharechat.com https://google.com https://*.google.com https://google.co https://*.google.co https://sharechat-com.cdn.ampproject.org 1
frame-ancestors 'self' *.wallstreetmojo.com *.educba.com 1
frame-ancestors 'self' http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us cmsp; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 1
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net *.hotjar.com bid.g.doubleclick.net 10317493.fls.doubleclick.net 10366747.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com *.soundcloud.com ti.to *.tito.io *.cdn.optimizely.com tpc.googlesyndication.com www.google.com ethn.io *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com sentry.io www.facebook.com *.akamaihd.net *.optimizely.com *.wistia.com *.wistia.net *.quora.com *.soundcloud.com *.sndcdn.com *.clearbit.com 258-clw-344.mktoresp.com bat.bing.com cdn.bizible.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net rum-http-intake.logs.datadoghq.com public-trace-http-intake.logs.datadoghq.com heapanalytics.com api.company-target.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.optimizely.com cdn3.optimizely.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com ethn.io fast.wistia.com fast.wistia.net ga.clearbit.com googleads.g.doubleclick.net sjs.bizographics.com js.stripe.com munchkin.marketo.net platform.twitter.com reveal.clearbit.com rtp-static.marketo.com script.hotjar.com secure.adnxs.com snap.licdn.com static.hotjar.com stats.g.doubleclick.net store.intercom.io ti.to tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com *.jquery.com *.tito.io *.linkedin.com *.quora.com *.soundcloud.com *.sndcdn.com *.widerfunnel.com 'strict-dynamic' 'nonce-ZmViNGI4OTgtZmEyZC00ODBhLWFkNjgtMGFlYTE0MWYzZGU1'; style-src 'self' 'unsafe-inline' *.tito.io app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com heapanalytics.com; worker-src data: blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lpages.co/ https://*.doubleclick.net https://api.myjson.com https://translate.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://cdn.syndication.twimg.com https://*.zopim.com https://cdn.jsdelivr.net https://*.hotjar.com https://localhost:* wss://localhost:* https://js.center.io https://my.leadpages.net https://cdn.mxpnl.com https://*.google-analytics.com https://*.optimizely.com https://*.bootstrapcdn.com https://*.jquery.com https://*.sharethis.com https://*.haikudeck.com https://*.newrelic.com https://connect.facebook.net https://www.googleadservices.com https://assets.pinterest.com https://*.nr-data.net https://checkout.stripe.com https://js.stripe.com/v2/ https://platform.twitter.com  https://*.surveymonkey.com https://*.googleapis.com https://static.accountdock.com https://*.accountdock.com https://*.cloudfront.net https://*.intercom.io https://*.intercomcdn.com https://tagmanager.google.com https://www.googletagmanager.com https://*.ytimg.com https://cdnjs.cloudflare.com https://*.google.com; object-src 'self'; img-src * data:; frame-src 'self'  https://*.hotjar.com https://*.doubleclick.net https://syndication.twitter.com https://js.center.io https://*.google.com https://twitter.com https://facebook.com https://linkedin.com https://www.haikudeck.com https://*.vimeo.com https://*.parse.com https://*.sharethis.com https://*.filepicker.io https://googleads.g.doubleclick.net https://checkout.stripe.com https://js.stripe.com/v2/ https://twitter.com https://facebook.com https://linkedin.com https://platform.twitter.com https://*.facebook.com https://*.surveymonkey.com https://*.amazonaws.com https://static.accountdock.com https://*.accountdock.com https://accountdock.com https://www.googletagmanager.com https://*.youtube.com  https://surveymonkey.com https://*.cloudfront.net; font-src 'self' data: https://api.myjson.com https://static.accountdock.com https://*.accountdock.com https://*; connect-src 'self' https://l.sharethis.com https://api.leadpages.io https://api.myjson.com https://translate.googleapis.com wss://*.hotjar.com https://*.hotjar.com wss://*.zopim.com https://*.zopim.com https://localhost:* wss://localhost:* https://*.haikudeck.com:* https://*.mixpanel.com https://*.optimizely.com https://*.nr-data.net wss://*.haikudeck.com:* https://*.profitwell.com wss://*.intercom.io https://*.intercom.io http://*.haikudeck.com https://*.stripe.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://platform.twitter.com https://static.accountdock.com https://*.accountdock.com https://*.cloudflare.com https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.sharethis.com https://checkout.stripe.com https://js.stripe.com/v2/ https://*.google.com https://*.cloudfront.net; 1
img-src 'self' https://sk.ru/ https://*.maps.yandex.net https://yastatic.net https://mc.yandex.ru https://*.sk.ru/ data: https://*.sk.ru/ https://*.ytimg.com/ http://www.w3.org/ https://www.gravatar.com/ https://anketolog.ru/ https://*.yandex.ru https://login.vk.com https://vk.com https://www.facebook.com https://www.google-analytics.com https://chat.autofaq.ai; form-action 'self' https://yastatic.net https://mc.yandex.ru https://*.sk.ru/ https://www.facebook.com/tr/; worker-src 'self' https://yastatic.net https://mc.yandex.ru; connect-src 'self' https://sk.ru/ https://*.sk.ru https://yastatic.net https://mc.yandex.ru https://releases.wagtail.io https://chat.autofaq.ai wss://chat.autofaq.ai https://*.google-analytics.com; object-src 'self'; frame-src 'self' https://www.yumpu.com https://html5-player.libsyn.com https://broadcast.comdi.com http://balance.skolkovo.local/ https://balance.skolkovo.local/ https://calendar.google.com https://stepik.org https://accounts.google.com/ https://api-maps.yandex.ru https://*.sk.ru/ https://anketolog.ru/ https://staticxx.facebook.com/ https://www.facebook.com https://www.youtube.com https://yandex.ru https://edu.1va.vc https://facecast.net; block-all-mixed-content; base-uri 'self'; media-src 'self' https://sk.ru/ https://*.sk.ru; script-src 'self' https://sk.ru/ 'unsafe-inline' 'unsafe-eval' https://broadcast.comdi.com https://api-maps.yandex.ru https://*.maps.yandex.net https://yastatic.net https://anketolog.ru/ https://*.sk.ru/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://mc.yandex.ru https://s.ytimg.com https://vk.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://alotrade.ru/app/dist/js/embedded.js https://chat.autofaq.ai; style-src 'self' 'unsafe-inline' blob: https://sk.ru/ https://yastatic.net https://*.sk.ru/ https://anketolog.ru/ https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://chat.autofaq.ai; frame-ancestors 'self' https://yastatic.net https://*.sk.ru/ https://mc.yandex.ru http://webvisor.com; font-src 'self' data: https://sk.ru/ https://yastatic.net https://*.sk.ru/ https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; default-src 'none' 1
frame-ancestors 'self'; report-uri https://zqcie68ipf.execute-api.us-east-1.amazonaws.com/production/report; report-to report-endpoint ; script-src 'self' https://apis.google.com https://js.stripe.com 'report-sample'; object-src 'none' 1
frame-ancestors 'self' https://*.mixmax.com chrome-extension://ocpljaamllnldhepankaeljmeeeghnid chrome-extension://acopemiijaedckfmlemjdimcnphgbald https://mail.google.com https://inbox.google.com https://*.salesforce.com; frame-src 'self' https://play.vidyard.com/ https://*.ubembed.com https://js.driftt.com/ https://*.mixmax.com chrome-extension://ocpljaamllnldhepankaeljmeeeghnid chrome-extension://acopemiijaedckfmlemjdimcnphgbald https://mail.google.com https://inbox.google.com https://*.salesforce.com https://www.youtube.com https://boards.greenhouse.io https://optimize.google.com https://bid.g.doubleclick.net https://player.vimeo.com/ https://vimeo.com/ https://platform.twitter.com/; report-uri https://sentry-external.mixmax.com/api/57/security/?sentry_key=c23c96eac66f4c84ab5ea7f5145252eb 1
frame-ancestors 'self' http://*.cartoonstock.com https://*.cartoonstock.com http://*.clivegoddard.com https://*.clivegoddard.com; 1
frame-ancestors jdmart.com www.jdmart.com labs.jdmart.com 1
default-src 'self' *.paizo.com *.kc-usercontent.com; img-src 'self' *.paizo.com *.kc-usercontent.com *.ytimg.com; connect-src 'self' https://*.paizo.com https://*.kontent.ai; font-src 'self' https://fonts.gstatic.com https://*.typekit.net; frame-src *.paizo.com *.youtube.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paizo.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net 1
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://plan-salle-de-bain-3d.castorama.fr;style-src * data: 'unsafe-inline'; font-src * data: ; 1
default-src 'self' *.kk.dk *.testkkms.kk.dk; base-uri 'self'; child-src 'self' *.kk.dk star.23video.com dw3.dk kk.halbooking.dk ipaper.ipapercms.dk kk.sites.itera.dk app.ivolunteer.dk www.video.kk.dk kk-bioposer.dk vemcount.app l.vemcount.com player.vimeo.com www.youtube.com; connect-src 'self' *.kk.dk dawa.aws.dk ibikecph.dk kortforsyningen.kms.dk cphvolunteers.kubedata.dk geoserver.plandata.dk *.septima.dk id.siteimprove.com my2.siteimprove.com; font-src 'self' *.kk.dk cphvolunteers.kubedata.dk cdn.materialdesignicons.com *.septima.dk data:; form-action 'self' *.kk.dk centernordvest.us10.list-manage.com familieplejekk.metimus.dk idp.tabulex.net kbenhavns-kommune.clients.ubivox.com *.uxmail.io www.workindenmark.dk; frame-ancestors 'self' *.kk.dk; frame-src 'self' 'unsafe-eval' *.kk.dk www.google.com bif.23video.com star.23video.com kkpdfgen.dis-play.dk dw3.dk chat.ecmr.biz kk.halbooking.dk ipaper.ipapercms.dk kk.sites.itera.dk app.ivolunteer.dk www.video.kk.dk kk-bioposer.dk cphvolunteers.kubedata.dk openstreetmap.org my2.siteimprove.com trafikkort.vejdirektoratet.dk vemcount.app l.vemcount.com player.vimeo.com youtu.be www.youtube.com www.youtube-nocookie.com; img-src 'self' *.kk.dk *.testkkms.kk.dk www.defgo.net app01.defgosoftware.net *.services.kortforsyningen.dk cphvolunteers.kubedata.dk www.kultunaut.dk *.mqcdn.com http://tile.openstreetmap.org https://tile.openstreetmap.org kec.plan2learn.dk *.septima.dk ssl.siteimprove.com 259887.global.siteimproveanalytics.io www.skrivopgave.dk kkkortdata.spatialsuite.dk teambade.dk api.vandudsigten.dk data: blob:; object-src 'self' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kk.dk dawa.aws.dk www.defgo.net chat.ecmr.biz fast.fonts.net www.google.com ajax.googleapis.com cdn.jsdelivr.net cphvolunteers.kubedata.dk www.kultunaut.dk openstreetmap.org *.septima.dk septimamap.dk cdn.siteimprove.net siteimproveanalytics.com responder.wt-safetag.com www.gstatic.com data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.kk.dk dawa.aws.dk www.defgo.net chat.ecmr.biz fast.fonts.net cphvolunteers.kubedata.dk cdn.materialdesignicons.com *.septima.dk data:; worker-src 'self' blob:; upgrade-insecure-requests; report-uri https://municipalityofcopenhagen.report-uri.com/r/d/csp/enforce 1
policy-uri /'self' 1
frame-ancestors https://*.mybigcommerce.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ws://localhost:3000 *.wildbit.com *.postmarkapp.com fonts.googleapis.com app.vwo.com cdnjs.cloudflare.com *.cloudfront.net wildbit.sinter-collect.com createsend.com wildbit.createsend.com js.createsend1.com api.craftcms.com *.createsend.com *.typekit.net fast.fonts.net fast.fonts.com *.helpscout.net *.googletagmanager.com *.googleadservices.com  *.google-analytics.com *.google.com *.visualwebsiteoptimizer.com *.simplecast.com *.twitter.com *.ads-twitter.com t.co *.facebook.net *.hs-analytics.net *.hs-banner.com *.fullstory.com feed-proxy.craftcms.com *.gstatic.com *.getsitecontrol.com *.helpscoutdocs.com *.github.io *.twimg.com *.vimeo.com *.youtube.com api.usemessages.com tag.rightmessage.com js.hs-scripts.com *.wistia.com *.wistia.net *.akamaihd.net src.litix.io wss://*.pusher.com data: blob: https://api.keen.io https://*.rightmessage.com; img-src * data: blob:; frame-ancestors 'self' http://app.vwo.com https://*.rightmessage.com https://*.postmarkapp.com; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.baua.de; object-src 'self' www.baua.de; media-src 'self' www.baua.de; frame-src www.baua.de; img-src 'self' data: www.baua.de uvi.bfs.de; frame-ancestors 'self'; 1
frame-ancestors *.bajajfinservmarkets.in *.BajajFinserv.in www-bajajfinservmarkets-in.cdn.ampproject.org www.google.com *.adobe.com 1
frame-ancestors https://www.finanztreff.de; 1
default-src 'none'; prefetch-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; img-src data: https: http://ip.qgy18.com; style-src 'unsafe-inline' https:; child-src https:; prefetch-src https:; connect-src 'self' https://www.google-analytics.com; frame-src https://disqus.com https://www.slideshare.net; manifest-src 'self'; 1
default-src 'self' *.adobe.io; frame-src * ; media-src *; img-src * 'self' data: https:; script-src 'self'  'unsafe-eval' 'unsafe-inline' viewlicense.adobe.io sstats.adobe.com documentcloud.adobe.com p13n.adobe.io viewlicense.adobe.io use.typekit.net santander.com www.santander.com gruposantand-prod.adobemsbasic.com syndication.twitter.com static-exp1.licdn.com  cdn.syndication.twimg.com licdn.com www.linkedin.com  amcglobal.sc.omtrdc.net www.instagram.com platform.twitter.com  tbcdn.talentbrew.com maps.googleapis.com player.vimeo.com www.google.com www.google-analytics.com www.gstatic.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net www.youtube.com  www.google-analytics.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com r3---sn-h5q7dne6.googlevideo.com syndication.twitter.com ikuna.s3.amazonaws.com; style-src * 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io; 1
child-src 'self'; connect-src * ws: swapi.co; default-src 'self'; img-src 'self' 'unsafe-inline' data: ctia.wpengine.com ctia-wp.herokuapp.com ctia.staging.wpengine.com ctiastage.wpengine.com ctiadev.wpengine.com www.ctia.org *.facebook.com *.google-analytics.com t.co *.amazonaws.com *.ctia.org maps.googleapis.com img.youtube.com newton.newtonsoftware.com recruitingbypaycor.com; font-src 'self' data: fonts.googleapis.com/css fonts.gstatic.com *.ctia.org; object-src 'self'; media-src 'self' ctia.wpengine.com ctia.staging.wpengine.com ctiastage.wpengine.com ctiadev.wpengine.com ctia-wp.herokuapp.com s3.amazonaws.com *.ctia.org *.youtube.com newton.newtonsoftware.com recruitingbypaycor.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' *.ctia.org www.ctia.org ctia.wpengine.com ctia.staging.wpengine.com ctiastage.wpengine.com ctiadev.wpengine.com cdn.polyfill.io *.google-analytics.com connect.facebook.net static.ads-twitter.com analytics.twitter.com newton.newtonsoftware.com recruitingbypaycor.com *.ctia.org *.youtube.com *.ytimg.com 'sha256-1gIG1EI7ABKBfq8rVwk7j2MeEOIlut5+TbLxyAnCYTA=' 'sha256-Q4TYFUIUMPBKUnm62Z3tcSgK2Q5L+T7NpRL17mZ9JJ0=' 'sha256-Zzr0ONAe5wNs3Qi1533zdzqs1hgP9pFLlyNlQ8rzlow=' 'sha256-gtKFj0yNetpIDkA36Pz+kl6/tx8y2XsLtD/uFt4lUYk=' 'sha256-mgJymcMYP5AH4Uny0a8DMOBCvMYhGtoOj4zzJMXytNo=' 'sha256-VFKmGd8fIC1kONXlJvDxg4ueE2mMOfIjvMjMFCdnHpY=' 'sha256-pbnpgPqiBOz7hzoiMSGIC6tFh9u6/XYdxr8SaGCgv78='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com; frame-src *.vimeo.com *.youtube.com *.ctia.org flickrembed.com *.youtube.com youtu.be *.youtu.be *.boxwoodtech.com newton.newtonsoftware.com recruitingbypaycor.com 1
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com aldianer.staffbase.com aldinord-custom.staffbase.com www.aldianer-nord.de cname-main-de1.staffbase.com 195.192.131.24; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
frame-ancestors 'self' *.letsbab.app letsbab.s3.us-east-2.amazonaws.com letsbab-staging.s3.us-east-2.amazonaws.com letsbab-splash.s3.us-east-2.amazonaws.com 1
media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 1
frame-ancestors https://*.zscalertwo.net *.sick.com *.sickcn.net *.sickcn.com *.crm4.dynamics.com; 1
default-src 'self' *.vivint.com; script-src data: 'unsafe-inline' 'unsafe-eval' *; object-src *; style-src blob: 'unsafe-inline' *; img-src data: *; media-src *; frame-src *; frame-ancestors *.vivint.com viv.drupalvm; child-src *; font-src data: *; connect-src *; report-uri /report-csp-violation 1
default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src http: https: data: 1
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com https://cdnjs.com/ https://fast.fonts.net/ https://code.jquery.com/ https://api.usersnap.com https://www.googletagmanager.com https://rum-static.pingdom.net https://s7.addthis.com https://sjs.bizographics.com https://snap.licdn.com https://v1.addthisedge.com https://m.addthis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://kendo.cdn.telerik.com https://cookie-cdn.cookiepro.com/ https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://downloads.mailchimp.com https://mc.us5.list-manage.com https://secure.adnxs.com https://z.moatads.com https://geolocation.onetrust.com https://stackpath.bootstrapcdn.com https://walls.io https://cse.google.com *.pagestrip.com;   style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.fonts.net https://cdnjs.cloudflare.com https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com  https://downloads.mailchimp.com https://cdn-images.mailchimp.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net *.pagestrip.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com;   img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://px.ads.linkedin.com data: blob: *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com http://media.corporate-ir.net https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna-p.magna.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com;   media-src 'self' *.ssl.cf1.rackcdn.com data: blob:;   child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com https://my.walls.io;   connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://rum-collector-2.pingdom.net https://m.addthis.com https://cookie-cdn.cookiepro.com https://s7.addthis.com https://emea3.recruitmentplatform.com https://emea3.recruitmentplatform.com https://global3.recruitmentplatform.com https://www.google-analytics.com https://privacyportal.cookiepro.com https://pagestrip.com https://*.pagestrip.com; 1
script-src 'unsafe-inline' 'unsafe-eval' https:; 1
default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com www.linkedin.cn static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com snap.licdn.cn platform.linkedin.cn platform-akam.linkedin.cn platform-ecst.linkedin.cn platform-azur.linkedin.cn static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; media-src dms.licdn.com *.lynda.com dms.licdn.cn; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com www.linkedin.com www.slideshare.net *.megaphone.fm msit.powerbi.com app.powerbi.com linkedin.github.io www.linkedin.cn; manifest-src 'self'; report-uri https://www.linkedin.cn/platform-telemetry/csp?f=gg 1
frame-ancestors https://cloudsecurityalliance.org https://knowledge.cloudsecurityalliance.org https://circle.cloudsecurityalliance.org https://360.articulate.com https://articulateusercontent.com https://sj-cdn.net 1
script-src 'nonce-f+OHuVSEbu5LzOdfaxvANA' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://www.google-analytics.com/analytics.js https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport 1
frame-ancestors 'self' *.buildertrend.com *.buildertrend.net; 1
default-src https://neverbounce.com 'unsafe-inline' https://* ; script-src https://neverbounce.com 'self' 'unsafe-eval' 'unsafe-inline' https://*; connect-src https://neverbounce.com https://* wss://*; style-src https://neverbounce.com 'unsafe-inline' https://* ; frame-src https://neverbounce.com 'self' https://* ; child-src https://neverbounce.com 'self' https://* ; worker-src https://neverbounce.com 'self' https://* ; font-src https://neverbounce.com data: https://* ; img-src https://neverbounce.com data: https://* ; object-src 'none' ; report-uri https://sentry.neverbounce.com/api/4/security/?sentry_key=4a166cf492e041cda3079631d36bb76d&sentry_environment=production&sentry_release=0.2.371 1
default-src 'self' https://storage.googleapis.com https://accounts.google.com https://www.google-analytics.com; child-src 'self' https://www.youtube.com https://storage.googleapis.com https://talkgadget.google.com https://accounts.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://ajax.googleapis.com data: https://code.jquery.com https://www.google.com https://apis.google.com https://www.google-analytics.com https://www.youtube.com https://ajax.cdnjs.com https://s.ytimg.com; img-src 'self' https://storage.googleapis.com https://www.google.com data: https://i.ytimg.com data: https://onlinecourses-archive.nptel.ac.in https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://storage.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.google.com; font-src 'self' https://fonts.gstatic.com https://storage.googleapis.com https://cdnjs.cloudflare.com data:; object-src 'self' 1
default-src 'self' *.viabtc.com:* viabtc.com:* static.zdassets.com viabtc.zendesk.com www.google-analytics.com stats.g.doubleclick.net www.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.viabtc.com viabtc.com www.google-analytics.com static.geetest.com *.zdassets.com api.geetest.com monitor.geetest.com res.wx.qq.com viabtc.zendesk.com www.google-analytics.com stats.g.doubleclick.net; style-src 'unsafe-inline' at.alicdn.com *.viabtc.com viabtc.com static.geetest.com viabtc.zendesk.com dn-staticdown.qbox.me; img-src www.google-analytics.com www.google.com *.aliyuncs.com *.alicdn.com *.viabtc.com viabtc.com viabtcconfig.oss-cn-shenzhen.aliyuncs.com viapoolconfig.oss-cn-hongkong.aliyuncs.com data: stats.g.doubleclick.net static.geetest.com; font-src 'unsafe-inline' at.alicdn.com *.viabtc.com viabtc.com data:; connect-src *.viabtc.com:* viabtc.com:* viabtc.zendesk.com viabtc-help.zendesk.com *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net 1
: script-src "self" 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com www1.11degrees.com; base-uri 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval';script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com tagmanager.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com tagmanager.google.com;font-src fonts.googleapis.com fonts.gstatic.com data:;img-src 'self' www.google-analytics.com www.google.com www.google.fr www.google.de stats.g.doubleclick.net ssl.gstatic.com www.gstatic.com data:;connect-src 'self';object-src 'none';media-src 'none';child-src 'self' www.google.com www.youtube.com;form-action 'self'; 1
default-src 'self' *.skat.dk skat.dk ;  script-src 'unsafe-eval' 'unsafe-inline' *.skat.dk skat.dk *.ccta.dk *.readspeaker.com siteimproveanalytics.com https://policy.cookieinformation.com https://policy.app.cookieinformation.com https://ecefinesse.skat.dk https://p99eceweb.voip.nd.local https://test-eceweb.voip.nd.local d3js.org https://tjektolden.dk https://www.tjektolden.dk https://assets.adobedtm.com https://activitymap.adobe.com https://*.skat.supwizapp.com ;  style-src 'unsafe-inline'  *.skat.dk skat.dk *.ccta.dk *.readspeaker.com https://tjektolden.dk https://www.tjektolden.dk https://p99eceweb.voip.nd.local https://test-eceweb.voip.nd.local https://supchat.skat.supwizapp.com https://supchat.test.skat.supwizapp.com ;  img-src 'self' data: blob: *.skat.dk skat.dk http://skat.dk  http://www.skat.dk *.readspeaker.com customer.cludo.com eur-lex.europa.eu skat.sc.omtrdc.net www.supwiz.com ;  font-src 'self' data: *.skat.dk skat.dk ;  connect-src 'self' *.skat.dk skat.dk *.ccta.dk api.cludo.com consent.app.cookieinformation.com dpm.demdex.net test-eceweb.voip.nd.local skat.sc.omtrdc.net supchat.skat.supwizapp.com supchat.test.skat.supwizapp.com wss://supchat.skat.supwizapp.com wss://supchat.test.skat.supwizapp.com *.readspeaker.com ;  frame-src 'self' skat.dk *.skat.dk *.ccta.dk *.readspeaker.com https://media.videotool.dk https://app-eu.readspeaker.com https://skatig.wilkeonline.com https://skatigtest.wilkeonline.com https://befordringsbot.skat.dk http://www.vurdering.skat.dk https://policy.app.cookieinformation.com https://p99eceweb.voip.nd.local https://test-eceweb.voip.nd.local https://ufst.demdex.net ;  media-src 'self' blob: skat.dk *.skat.dk www.skat.dk https://skat.dk https://www.skat.dk *.readspeaker.com https://media.videotool.dk ;  object-src 'self' blob: ;  form-action 'self' *.readspeaker.com ;  report-uri  https://skat.dk/websrv/contentsecurity.ashx 1
default-src blob: data: 'unsafe-inline' *.webnovel.com *.yueimg.com *.google-analytics.com *.facebook.com *.picca.myqcloud.com *.file.myqcloud.com *.tenor.com  *.linkconnector.com linkconnector.com *.quora.com *.googlesyndication.com *.shareasale.com *.gstatic.com *.googletagmanager.com *.cos.na-toronto.myqcloud.com *.yuewen.com *.googleapis.com *.g.doubleclick.net *.pingdom.net *.facebook.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src data: 'unsafe-inline' 'unsafe-eval' *.webnovel.com *.yueimg.com *.googleapis.com *.google-analytics.com *.facebook.net *.quora.com *.dwin1.com *.linkconnector.com linkconnector.com *.googlesyndication.com  *.google.com *.googleadservices.com *.googletagservices.com *.pingdom.net *.g.doubleclick.net *.gstatic.com *.googletagmanager.com *.ampproject.org *.shareasale.com; style-src data: 'unsafe-inline' *.webnovel.com *.yueimg.com *.googleapis.com cdn.jsdelivr.net *.google.com; frame-ancestors  *.webnovel.com; frame-src *.webnovel.com *.g.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.facebook.com *.google.com *.twitter.com; font-src data: *; report-uri /csp-report/release/csp-log 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors file: cdvfile: 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' newslab.su www.newslab.su code.createjs.com tagmanager.google.com ssl.p.jwpcdn.com www.youtube.com s.ytimg.com maps.google.com maps.googleapis.com pagead2.googlesyndication.com adservice.google.com adservice.google.ru cdn.ampproject.org code.jquery.com vk.com api-maps.yandex.ru www.instagram.com platform.instagram.com relap.io top-fwz1.mail.ru mediator.imgsmail.ru collector.mediator.media static.criteo.net cas.criteo.com ad.mail.ru ajax.googleapis.com newslab.ru www.newslab.ru s.newslab.ru cdnjs.cloudflare.com jsn.24smi.net js-agent.newrelic.com bam.nr-data.net cdn.onthe.io tt.onthe.io www.googletagmanager.com an.yandex.ru yastatic.net www.google-analytics.com mc.yandex.ru radario.ru code.jivosite.com; object-src 'none'; base-uri newslab.ru; style-src 'self' 'unsafe-inline' s.newslab.ru tagmanager.google.com fonts.googleapis.com ajax.googleapis.com relap.io ssl.p.jwpcdn.com; 1
default-src 'self' https://www.youtube.com/ https://geoip-js.maxmind.com/; style-src 'self' https://fonts.googleapis.com/; img-src 'self' data: https://avatars0.githubusercontent.com https://avatars1.githubusercontent.com https://avatars2.githubusercontent.com https://avatars3.githubusercontent.com https://avatars4.githubusercontent.com https://avatars5.githubusercontent.com https://avatars6.githubusercontent.com https://avatars7.githubusercontent.com https://avatars8.githubusercontent.com https://www.google-analytics.com; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://js.maxmind.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com 1
frame-ancestors hoa.org.uk staging-hoaorguk.kinsta.cloud kuldea.com www.ufurnish.com tilegiant.co.uk sturents.com www.santander.co.uk lifestyleflooringuk.co.uk storiesflooring.co.uk enhancemykitchen.co.uk www.ironmongerydirect.co.uk www.farrow-ball.com tenantshop.uk www.buyfencingdirect.co.uk www.hometander.co.uk staging.ufurnish.com 1
frame-ancestors https://tongji.baidu.com/ https://www.jiguang.cn/ 1
default-src 'self' *.disquscdn.com discus.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  *.googleapis.com *.marketo.net *.google-analytics.com  *.google.com *.linkedin.com  *.marketo.com play.vidyard.com dev.visualwebsiteoptimizer.com  *.googletagmanager.com *.googleadservices.com *.mktoresp.com sjs.bizographics.com static.ads-twitter.com vidassets.terminus.services *.twitter.com *.doubleclick.net api.company-target.com *.cloudfront.net *.disqus.com *.disquscdn.com disqus.com discuscdn.com *.newrelic.com bam.nr-data.net client.netmng.com js.bizographics.com bat.bing.com  s.swiftypecdn.com connect.facebook.net script.crazyegg.com j.6sc.co *.amazonaws.com *.swiftype.com *.6sc.co *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.webspellchecker.net *.driftt.com boards.greenhouse.io use.typekit.net/yip2czf.js snap.licdn.com px.airpr.com tracking.intentsify.io js.adsrvr.org protect-us.mimecast.com ads.avocet.io ads.avct.cloud cdn.ampproject.org ml314.com optanon.blob.core.windows.net unpkg.com mc.yandex.ru info.veracode.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com cdnjs.cloudflare.com *.marketo.com scripts.demandbase.com *.disqus.com *.disquscdn.com s.swiftypecdn.com tagmanager.google.com *.cookielaw.org *.veracode.com *.webspellchecker.net maxcdn.bootstrapcdn.com optanon.blob.core.windows.net pro.fontawesome.com; img-src 'self' data: * *.gstatic.com; media-src 'self' www.youtube.com *.snapengage.com js.driftqa.com; frame-src 'self' www.youtube.com *.google.com www.facebook.com platform.twitter.com careers.lifeatca.com *.snapengage.com b.company-target.com app-abd.marketo.com *.doubleclick.net play.vidyard.com *.disqus.com disqus.com *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.soundcloud.com https://www.slideshare.net  *.webspellchecker.net *.driftt.com boards.greenhouse.io insight.adsrvr.org match.adsrvr.org info.veracode.com *.marketo.com; child-src 'self' www.youtube.com *.google.com www.facebook.com platform.twitter.com careers.lifeatca.com *.snapengage.com b.company-target.com app-abd.marketo.com *.doubleclick.net play.vidyard.com *.disqus.com disqus.com *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.soundcloud.com *.webspellchecker.net; font-src 'self' data: *; connect-src 'self' *.mktoresp.com *.marketo.com api.company-target.com *.disqus.com *.disquscdn *.discuscdn.com *.google-analytics.com search-api.swiftype.com s.swiftypecdn.com cloud.typography.com cdnjs.cloudflare.com ajax.googleapis.com *.googleapis.com *.googletagmanager.com script.crazyegg.com *.googleadservices.com sjs.bizographics.com *.ads-twitter.com *.terminus.services bat.bing.com secure.adnxs.com fonts.gstatic.com connect.facebook.net caveracode.netmng.com munchkin.marketo.net cc.swiftype.com analytics.twitter.com *.doubleclick.net *.google.com t.co *.company-target.com *.prod.bidr.io id.rlcdn.com *.facebook.com *.ads.linkedin.com tag.demandbase.com *.6sc.co *.crazyegg.com *.swiftype.com *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.vidyard.com *.linkedin.com *.disquscdn.com *.gravatar.com play.vidyard.com *.webspellchecker.net secure.gravatar.com i1.wp.com https://disqus.com https://js.driftt.com boards.greenhouse.io bam.nr-data.net cdn.ampproject.org mc.yandex.ru; report-uri /report-csp-violation 1
blob: https://meiodepagamento.campanhaporto.com.br/ https://h.online-metrix.net/ frame-ancestors https://optimize.google.com/ http://rum-static.pingdom.net/ https://www.portoseguro.com.br/ https://adservice.google.com/ http://aplwebprd/ http://aplwebprd.portoseguro.brasil/ https://www.google.com/ https://vars.hotjar.com/ https://cliente.portoseguro.com.br/ http://otclientprodm.portoseguro.brasil/ https://wwws.portoseguro.com.br/ https://www.youtube.com/ https://bid.g.doubleclick.net/ https://connect.facebook.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://9186255.fls.doubleclick.net/ https://adservice.google.com.br; 1
frame-ancestors 'self' www.riverbed.com *.riverbed.com *.lookbookhq.com *.pathfactory.com pf.riverbed.com riverbed.lookbookhq.com *.adobecqms.net 1
report-uri /admin/config/system/seckit/csp-report 1
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 1
font-src https:;img-src https: data:;frame-ancestors 'self' *.movistar.cl *.vtr.com *.sersimple.com *.simplemoviles.com *.simplemoviles.cl sersimple.com simplemoviles.com simplemoviles.cl 1
frame-ancestors 'self' wol.gg wof.gg; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.book.fr www.google-analytics.com connect.facebook.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com; style-src 'self' 'unsafe-inline' www.book.fr fonts.googleapis.com; font-src 'self' www.book.fr fonts.gstatic.com; media-src 'none'; frame-ancestors www.respcheck.com; 1
child-src 'self' app.pendo.io *.youtube.com; default-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com; frame-src 'self' app.pendo.io *.driftt.com *.hotjar.com *.plaid.com *.youtube.com; manifest-src 'self'; media-src 'self'; object-src 'none'; prefetch-src 'self'; worker-src 'self' *.youtube.com; frame-ancestors 'self' app.pendo.io https://*.squareup.com https://squareup.com https://*.squareupstaging.com https://squareupstaging.com; base-uri 'self'; form-action 'self'; navigate-to * 1
upgrade-insecure-requests; connect-src * https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 1
frame-src 'self' https://*.cookiebot.com https://www.youtube.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com 1
frame-ancestors 'self' *.marmara.edu.tr 1
script-src 'self'  'unsafe-inline' 'nonce-8E6A1G4bWkq80IDQn49icQ==' *.faithlifecdn.com *.faithlife.com api.reftagger.com serve.faithlifeads.com platform.twitter.com *.google.com connect.facebook.net cdn.syndication.twimg.com www.googletagmanager.com www.google-analytics.com reftaggercdn.global.ssl.fastly.net cdnjs.cloudflare.com netdna.bootstrapcdn.com *.live.net cdn.amplitude.com cdn.raygun.io request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com maps.googleapis.com www.gstatic.com www.sc.pages08.net *.adroll.com d.adroll.mgr.consensu.org cdn.siftscience.com js.hs-scripts.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net www.recaptcha.net apple-pay-gateway.apple.com apple-pay-gateway-nc-pod1.apple.com apple-pay-gateway-nc-pod2.apple.com apple-pay-gateway-nc-pod3.apple.com apple-pay-gateway-nc-pod4.apple.com apple-pay-gateway-nc-pod5.apple.com apple-pay-gateway-pr-pod1.apple.com apple-pay-gateway-pr-pod2.apple.com apple-pay-gateway-pr-pod3.apple.com apple-pay-gateway-pr-pod4.apple.com apple-pay-gateway-pr-pod5.apple.com cn-apple-pay-gateway-sh-pod1.apple.com cn-apple-pay-gateway-sh-pod2.apple.com cn-apple-pay-gateway-sh-pod3.apple.com cn-apple-pay-gateway-tj-pod1.apple.com cn-apple-pay-gateway-tj-pod2.apple.com cn-apple-pay-gateway-tj-pod3.apple.com apple-pay-gateway-cert.apple.com cn-apple-pay-gateway-cert.apple.com; object-src 'none'; base-uri 'none' 1
default-src * 'unsafe-inline' blob: wss://ai.ocelotbot.com; img-src *.ocelotbot.com pixel.sitescout.com  www.google.com eventcal.pima.edu stats.g.doubleclick.net www.google-analytics.com ssl.google-analytics.com www.facebook.com 'unsafe-inline' 'self' data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: eventcal.pima.edu embed.financialaidtv.com *.ocelotbot.com libanswers.pima.edu v2.libanswers.com lgapi.libapps.com imageserver.ebscohost.com www.youtube.com polyfill.io js.adsrvr.org www.googletagmanager.com s.yimg.com s.ytimg.com *.google-analytics.com script.crazyegg.com up.pixel.ad connect.facebook.net us2.siteimprove.com sp.analytics.yahoo.com munchkin.marketo.net 1
default-src 'self' *.39.net *.youku.com; img-src 'self' * blob: data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; media-src 'self' *.39.net; 1
frame-ancestors https://*.prolific.co http://*.prolific.co https://prolific.co 1
frame-ancestors  *.pseg.com *.salesforce.com *.salesforceliveagent.com *.force.com *.psegliny.com; default-src https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; media-src blob: *.streamlock.net; font-src * data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; object-src *; frame-ancestors 'self'; child-src * 'self' blob: http:; 1
frame-ancestors 'self' https://dat.activehosted.com https://datsolutions.wpengine.com https://datstage.wpengine.com; 1
frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.sams.com.mx https://*.ampproject.org https://*.googlesyndication.com https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://optimize.google.com https://*.google.co.mx https://*.google.co.in https://*.gstatic.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googletagservices.com https://*.googleadservices.com https://*.adform.net https://*.evergage.com https://*.contentsquare.net https://*.veinteractive.com https://*.pages05.net https://*.bing.com https://*.azureedge.net https://*.iesnare.com https://log.pinterest.com https://*.twitter.com https://*.pinterest.com https://*.criteo.com https://*.criteo.net https://*.facebook.net https://www.youtube.com https://*.ibmmarketingcloud.com https://contentsquare.com https://kenshoo.com/ https://rakutenlinkshare.com https://openpay.s3.amazonaws.com https://api.openpay.mx https://cdn.siftscience.com https://*.accpg.accertify.net https://ci-mpsnare.iovation.com https://*.2mdn.net https://*.atdmt.com https://*.ytimg.com https://www.recaptcha.net https://cdn.siftscience.com https://mex-cca-prod.walmart.com https://mex-sams-coreweb-prod.walmart.com https://*.signifyd.com mediastream: blob:; connect-src 'self' * blob:; object-src 'self' https://*.sams.com.mx blob:; base-uri 'self' https://*.google.com; report-uri https://csp.walmart.com/c/r/samsmx 1
'self' script-src https://ajax.googleapis.com/ajax/*; object-src 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://vimeo.com https://wb.messengerpeople.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.iwantoneofthose.com https://m.iwantoneofthose.com https://checkout.iwantoneofthose.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat2.nic.cz https://test-ipv6.nic.cz https://*.test-ipv6.nic.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.test-ipv6.nic.cz https://*.labs.nic.cz https://widget.nic.cz https://ipv4-widget.nic.cz https://ipv6-widget.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://dns53.check.odvr.cz https://dot.check.odvr.cz https://doh.check.odvr.cz https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://csp.nic.cz/report/ 1
frame-ancestors 'self' https://onlineapplication.targobank.de https://onlineapplication.uat.targobank.de 1
frame-ancestors 'none'; default-src 'none'; media-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube.com https://player.vimeo.com https://www.rai.it https://www.rai.tv; object-src 'self' https://www.googletagmanager.com https://www.google-analytics.com; 1
default-src 'self' 'unsafe-inline' *.twitter.com *.youtube.com *.gstatic.com *.ytimg.com *.doubleclick.net *.typekit.net *.googleapis.com *.twimg.com *.idio.episerver.net *.msecnd.net *.episerver.net *.google.com *.visualstudio.com *.googletagmanager.com *.google-analytics.com; img-src 'self' 'unsafe-inline' * data: 1
frame-ancestors about: 'self' https://*.airtransat.com https://*.transat.com 1
default-src https: http: wss: ; script-src https: 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdnjs.cloudflare.com *.adopto.eu adopto.eu www.adopto.eu *.googleapis.com *.facebook.net *.facebook.com www.google.com www.google-analytics.com; object-src 'self' https: data: adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net; style-src * https: 'unsafe-inline'; img-src 'self' https: data: cdnjs.cloudflare.com adoptostaging.blob.core.windows.net adoptoprod.blob.core.windows.net *.gstatic.com *.googleapis.com *.facebook.com s3.amazonaws.com stats.g.doubleclick.net; child-src 'self' *.talentlyft.com app.livestorm.co platform.twitter.com static.addtoany.com *.nosiva.com *.facebook.com *.youtube.com *.us11.list-manage.com forms.hubspot.com js.hs-scripts.com js.hs-analytics.net player.vimeo.com; font-src * https: data:; 1
default-src 'self' *.youtube.com *.facebook.com va.ecitizen.gov.sg https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' va.ecitizen.gov.sg blob: https://*.wogaa.sg https://assets.adobedtm.com/; img-src 'self'  data: va.ecitizen.gov.sg  attachment.outlook.office.net *.googleusercontent.com *.yusercontent.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/; connect-src 'self' va.ecitizen.gov.sg https://*.wogaa.sg https://dpm.demdex.net/; style-src 'self' 'unsafe-inline' fonts.googleapis.com va.ecitizen.gov.sg https://assets.wogaa.sg/fonts/; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.amazonaws.com va.ecitizen.gov.sg data: https://assets.wogaa.sg/fonts/; media-src 'self' va.ecitizen.gov.sg; 1
default-src 'self' 'unsafe-inline' https://materials.8card.net https://assets.8card.net tpc.googlesyndication.com *.safeframe.googlesyndication.com; connect-src 'self' *.8card.net graph.facebook.com bam.nr-data.net eight-rp-sansan-cards-files-production.s3.ap-northeast-1.amazonaws.com eight-hiring-resumes-production.s3.ap-northeast-1.amazonaws.com securepubads.g.doubleclick.net www.google-analytics.com stats.g.doubleclick.net pagead2.googlesyndication.com www.facebook.com; frame-src 'self' www.googletagservices.com www.googletagmanager.com b.yjtag.jp js.fout.jp www.google.com www.google.co.jp www.facebook.com static.ak.facebook.com s-static.ak.facebook.com staticxx.facebook.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net js.stripe.com materials.8card.net ff.doubleclick.net tpc.googlesyndication.com cf.im-apps.net *.safeframe.googlesyndication.com; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.g.doubleclick.net www.googletagmanager.com s.yjtag.jp yjtag.yahoo.co.jp y.nakanohito.jp connect.facebook.net fonts.googleapis.com www.google-analytics.com s.thebrighttag.com s.yimg.jp b92.yahoo.co.jp b97.yahoo.co.jp platform.twitter.com graph.facebook.com js-agent.newrelic.com bam.nr-data.net www.googleadservices.com atm.im-apps.net dmp.im-apps.net cf.im-apps.net cdn.smartnews-ads.com js.stripe.com googleads.g.doubleclick.net www.google.com www.google.co.jp tagmanager.google.com static.ads-twitter.com analytics.twitter.com d-cache.microad.jp cdn.treasuredata.com aid.send.microad.jp in.treasuredata.com acq-3pas.admatrix.jp pi.pardot.com sync.im-apps.net relay-dsp.ad-m.asia sync-dsp.ad-m.asia sync-tapi.admatrix.jp relay-dsp.t-ad-m.asia *.8card.net assets.8card.net:443 securepubads.g.doubleclick.net adservice.google.com adservice.google.co.jp www.googletagservices.com tg.socdm.com rrd.yahoo.co.jp tpc.googlesyndication.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' tagmanager.google.com fonts.googleapis.com materials.8card.net assets.8card.net assets.8card.net:443 1
frame-ancestors https://bulbul.io 1
script-src  'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com 2549153.fls.doubleclick.net jadserve.postrelease.com www.google.com www.google-analytics.com pixel.everesttech.net cm.g.doubleclick.net bat.bing.com sp.analytics.yahoo.com connect.facebook.net www.linkedin.com www.facebook.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 1
default-src 'self'; form-action 'self'; object-src 'self';             connect-src 'self' https://api.github.com;             media-src 'self';             style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com;             font-src 'self' data: https://fonts.gstatic.com;             img-src 'self' data: https://matomo.riot.im/matomo.php;             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js;             child-src 'self' 1
default-src 'self'; img-src * data: 'unsafe-inline'; media-src *; script-src 'self' *.hotjar.com *.adroll.com *.adroll.mgr.consensu.org *.analytics.yahoo.com s.yimg.com static.zdassets.com www.recaptcha.net *.poems.com.sg *.facebook.net tagmanager.google.com *.twitter.com *.twimg.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.zopim.com *.googletagmanager.com *.cloudflare.com www.google.com googleads.g.doubleclick.net *.gstatic.com maps.google.com *.zumata.com snap.licdn.com cdn.polyfill.io *.linkedin.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; connect-src 'self' vc.hotjar.io *.hotjar.com *.adroll.com s.yimg.com chatbot.poems.com.sg:1234 *.poems.com.sg www.facebook.com yoast.com *.g.doubleclick.net *.google-analytics.com *.zumata.com *.zopim.com *.zdassets.com phillipchatbot3.zendesk.com wss: ; frame-src 'self' vars.hotjar.com *.phillipmobile.com.sg *.phillip.com.sg *.poems.com.sg www.youtube.com www.google.com www.facebook.com connect.facebook.net *.cqtrader.com.sg www1.cqtraderonline.com *.cqtraderonline.com  *.doubleclick.net view.vzaar.com; 1
frame-ancestors 'self' *.psplugin.com vergic.com 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bitbay.net *.adroll.com *.facebook.net *.adroll.mgr.consensu.org embed.tawk.to cdn.jsdelivr.net cdn.livechatinc.com secure.livechatinc.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com onesignal.com cdn.onesignal.com cdnjs.cloudflare.com wchat.freshchat.com snippets.freshchat.com;  style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com onesignal.com cdn.livechatinc.com tagmanager.google.com wchat.freshchat.com snippets.freshchat.com; font-src 'self' static-v.tawk.to fonts.gstatic.com; connect-src 'self' wss://api.bitbay.net *.bitbay.net static-v.tawk.to va.tawk.to onesignal.com www.google-analytics.com stats.g.doubleclick.net https://api.livechatinc.com; frame-src 'self' datastudio.google.com onesignal.com youtube.com *.youtube.com *.bitbay.net wchat.freshchat.com bitbay.webpush.freshchat.com secure.livechatinc.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.qvalent.com *.westpac.com.au *.cloudflare.com *.googleapis.com https://www.google-analytics.com *.google.com https://www.googletagmanager.com *.addthis.com assets.zendesk.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net www.vicroads.vic.gov.au *.mailchimp.com cdn.monsido.com chat.vicroads.vic.gov.au https://tagmanager.google.com https://ssl.google-analytics.com *.qualtrics.com *.usabilla.com https://d6tizftlrpuof.cloudfront.net;img-src * data: blob:;style-src 'self' 'unsafe-inline' *.cloudflare.com *.google.com *.googleapis.com www.vicroads.vic.gov.au https://tagmanager.google.com https://fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net;frame-src 'self' *.qvalent.com *.westpac.com.au *.google.com *.addthis.com feedback.userreport.com *.youtube.com *.facebook.com *.sitecore.net chat.vicroads.vic.gov.au https://d6tizftlrpuof.cloudfront.net blob:;font-src 'self' https://fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net data:;connect-src 'self' *.qvalent.com *.westpac.com.au *.vicroads.vic.gov.au *.funnelback.com https://www.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net *.qualtrics.com *.amazonaws.com *.usabilla.com; frame-ancestors 'self' *.vicroads.vic.gov.au; 1
default-src 'unsafe-inline' * 'unsafe-eval' data: https: blob:; img-src 'unsafe-inline' data: mediastream: blob: * android-webview-video-poster:; font-src 'unsafe-inline' * 'unsafe-eval' data:; form-action https:; report-uri https://sagvhts6ostb5kz5guxaxuzi.httpschecker.net/report 1
script-src 'self' https://cdn.cookielaw.org https://widget.trustpilot.com https://api.map.baidu.com https://fast.wistia.net https://fast.wistia.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://optanon.blob.core.windows.net https://cdn.callrail.com https://pi.pardot.com https://geolocation.onetrust.com https://tags.tiqcdn.com https://intljs.rmtag.com https://tags.rd.linksynergy.com https://act-us.rd.linksynergy.com https://resources.xg4ken.com https://go.control4.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://bat.bing.com https://solutions.invocacdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://pnapi.invoca.net https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline' 1
default-src https: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org 1
frame-ancestors 'self' *.purestorage.com *.flashstack.com; 1
frame-ancestors https://*.jobs.cz https://my.teamio.com https://*.facebook.com https://*.kurzy.cz; 1
default-src 'self' https://cancer.org.au https://*.doubleclick.net https://*.google-analytics.com https://*.sharethis.com https://api.usabilla.com https://*.cancer.org.au;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.usabilla.com https://w.usabilla.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://tagmanager.google.com https://d6tizftlrpuof.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://*.bugherd.com bugherd-attachments.s3.amazonaws.com https://cancer.org.au https://*.cancer.org.au https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://cse.google.com https://www.google.com.au https://*.googletagmanager.com https://*.google-analytics.com https://code.jquery.com https://use.typekit.net https://*.sharethis.com https://*.facebook.net https://s.ytimg.com; style-src 'self' 'unsafe-inline' https://*.cancer.org.au https://cancer.org.au https://d6tizftlrpuof.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://cdnjs.cloudflare.com https://*.googleapis.com https://*.google.com; img-src 'self' data: https://*.cancer.org.au https://cancer.org.au  https://*.kc-usercontent.com https://*.youtube.com https://www.youtube.com https://*.youtube.com https://d6tizftlrpuof.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://*.bugherd.com https://*.usabilla.com https://www.google-analytics.com https://www.google.com.au https://*.doubleclick.net https://platform-cdn.sharethis.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.facebook.com https://*.typekit.net https://script.hotjar.com; media-src 'self' data: https://*.kc-usercontent.com; font-src 'self' data: https://*.cancer.org.au https://cancer.org.au https://*.typekit.net https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://fonts.gstatic.com https://*.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://script.hotjar.com; frame-src 'self' https://cancer.org.au https://www.youtube.com https://www.facebook.com https://cse.google.com https://*.doubleclick.net https://www.sunsmart.com.au https://c.sharethis.mgr.consensu.org https://www.google.com https://www.google.com.au https://vars.hotjar.com https://d2wy8f7a9ursnm.cloudfront.net https://d6tizftlrpuof.cloudfront.net; connect-src 'self' https://www.cancercouncilfundraising.com.au https://*.doubleclick.net https://*.google-analytics.com https://*.algolia.net https://*.algolianet.com https://api.usabilla.com https://sessions.bugsnag.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.bugherd.com bugherd-attachments.s3.amazonaws.com wss://ws.pusherapp.com https://sockjs.pusher.com; object-src 'self'; frame-ancestors https://app.kontent.ai 1
style-src 'self' 'unsafe-inline' *.instagram.com *.hotjar.com *.disqus.com *.cloudfront.net *.googleapis.com *.curator.io tagmanager.google.com burnsc21.glasgow.ac.uk; frame-src 'self' burnsc21.glasgow.ac.uk *.webspellchecker.net *.instagram.com *.myfonts.net *.hotjar.com https://disqus.com *.curator.io *.youtube.com *.visitscotland.com readymag.com *.readymag.com *.doubleclick.net *.sutori.com planetradio.co.uk *.vimeo.com open.spotify.com 1
frame-ancestors 'self' *.lovecrafts.com 1
default-src 'self' https://api.observablehq.com https://events.observablehq.com https://static.observablehq.com https://static.observableusercontent.com ; connect-src https://api.observablehq.com https://events.observablehq.com https://static.observablehq.com wss://ws.observablehq.com https://connector.observableusercontent.com https://www.google-analytics.com https://checkout.stripe.com https://*.ingest.sentry.io; font-src https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://*.static.observableusercontent.com https://observablehq.com https://static.observableusercontent.com https://checkout.stripe.com data: blob:; img-src https://static.observableusercontent.com https://static.observablehq.com https://*.githubusercontent.com https://*.stripe.com https://avatars.observableusercontent.com https://www.google-analytics.com data: blob:; manifest-src 'none'; media-src https://static.observablehq.com; object-src 'none'; prefetch-src https://api.observablehq.com https://events.observablehq.com https://static.observablehq.com https://static.observableusercontent.com ; script-src https://static.observablehq.com https://www.google-analytics.com https://checkout.stripe.com 'sha256-7L89jUqbQ2cfpzhKP+MNcU9V8EuqWXtMMW+T9giVbWg=' 'sha256-lheQvYwsps3nx5WTl3S16Ks7CGw2VjJzoeA6Oa5PLSU=' 'sha256-DEY7uFMT16+BnFyNi41ncPUJCzZFemSkJrxjX6WNKqU=' 'sha256-TalAxHiZT3B3OstaxXloBNgf4xgxvCA319SYLdsta+0='; style-src https://static.observablehq.com https://fonts.googleapis.com 'unsafe-inline'; worker-src 'none' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.csub.edu; 1
script-src https://bbox.blackbaudhosting.com  https://www.socialintents.com https://v2.libanswers.com   'self'  ; script-src-elem 'self' * 'unsafe-inline'  ; style-src https://www.socialintents.com/assets/css/si-include-chat.css https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css https://bbox.blackbaudhosting.com  'self' 'unsafe-inline' ; style-src-elem * 'unsafe-inline' ; 1
default-src 'self' searchencrypt.com *.ampfeed.com *.45tu1c0.com *.wikipedia.org wikipedia.org *.hidemyhistory.co *.searchencrypt.com *.searchencrypt.com:* *.navigateto.net 'nonce-asdf';prefetch-src 'self' searchencrypt.com *.ampfeed.com *.45tu1c0.com *.wikipedia.org wikipedia.org *.hidemyhistory.co *.searchencrypt.com *.searchencrypt.com:* *;img-src 'self' searchencrypt.com *.ampfeed.com *.45tu1c0.com *.wikipedia.org wikipedia.org *.hidemyhistory.co *.searchencrypt.com *.searchencrypt.com:* *;font-src 'self' searchencrypt.com *.ampfeed.com *.45tu1c0.com *.wikipedia.org wikipedia.org *.hidemyhistory.co *.searchencrypt.com *.searchencrypt.com:* *;media-src 'self' searchencrypt.com *.ampfeed.com *.45tu1c0.com *.wikipedia.org wikipedia.org *.hidemyhistory.co *.searchencrypt.com *.searchencrypt.com:* *.navigateto.net 'nonce-asdf';frame-src 'self' searchencrypt.com *.ampfeed.com *.45tu1c0.com *.wikipedia.org wikipedia.org *.hidemyhistory.co *.searchencrypt.com *.searchencrypt.com:* *.google.com *.bing.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com *.vimeo.com vimeo.com *.pornhub.com pornhub.com *.xvideos.com xvideos.com *.xhamster.com xhamster.com *.tube8.com tube8.com *.porn.com porn.com *.porncom.com porncom.com *.eporner.com eporner.com *.youjizz.com youjizz.com *.youporn.com youporn.com *.redtube.com redtube.com *.navigateto.net 'nonce-asdf';style-src 'self' 'unsafe-inline' searchencrypt.com *.ampfeed.com *.45tu1c0.com *.wikipedia.org wikipedia.org *.hidemyhistory.co *.searchencrypt.com *.searchencrypt.com:* *.googleapis.com *.navigateto.net;script-src 'self' 'unsafe-eval' searchencrypt.com *.ampfeed.com *.45tu1c0.com *.wikipedia.org wikipedia.org *.hidemyhistory.co *.searchencrypt.com *.searchencrypt.com:* *.navigateto.net 'nonce-asdf' 1
default-src 'self' data: https://*.epam.com https://*.epam-group.ru;script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://connect.facebook.net https://conv.indeed.com https://www.google.com https://snap.licdn.com https://*.hotjar.com https://use.typekit.com https://www.google-analytics.com https://*.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://s.ytimg.com https://www.youtube.com https://*.assets-yammer.com https://*.typekit.net https://*.typekit.com https://menu.epam.com https://googleads.g.doubleclick.net https://vk.com https://*.adform.net https://res.wx.qq.com https://t.visitorqueue.com https://munchkin.marketo.net https://www.linkedin.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://tagmanager.google.com;connect-src 'self' https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.md https://yandexmetrica.com https://*.hotjar.io https://www.google.com https://translate.googleapis.com https://www.youtube.com wss://menu.epam.com https://menu.epam.com https://*.typekit.net https://*.typekit.com https://www.facebook.com https://stats.g.doubleclick.net https://a.visitorqueue.com https://*.mktoresp.com https://*.mktoutil.com;frame-src 'self' https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com https://mc.yandex.ru https://mc.yandex.md https://*.doubleclick.net https://www.google-analytics.com https://www.google.by https://www.google.com https://*.epam.com https://*.yammer.com https://login.microsoftonline.com https://vk.com https://login.vk.com https://www.googletagmanager.com https://w.soundcloud.com https://www.linkedin.com;img-src 'self' * data: blob: about: android-webview-video-poster:;font-src 'self' data: https://*.typekit.net https://*.typekit.com https://fonts.gstatic.com;report-uri /services/interaction/csp-report 1
frame-ancestors https://www.cedars-sinai.org/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 1
object-src 'none'; frame-ancestors 'self' http://mcaf.ee http://intelsecu.re http://*.mcafee.com https://*.mcafee.com 1
frame-ancestors *.kwankodev.net *.kwanko.com *.netaffiliation.com 1
frame-ancestors 'self' https://*.sanity.io https://hjaelp-community-studio-git-staging.sanity-io.vercel.app  https://community.sanity.tools 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.freecharge.in assets.adobedtm.com jasper.d3.sc.omtrdc.net www.google-analytics.com www.googleadservices.com cdn.jsdelivr.net cdn.freecharge.in ds-aksb-a.akamaihd.net ssl.gstatic.com https://*.googleapis.com https://*.google.com connect.facebook.net cdnjs.cloudflare.com d2r1yp2w7bby2u.cloudfront.net static.clevertap.com in.wzrkt.com tracker.freecharge.in cdn.branch.io chuknu.sokrati.com www.googletagmanager.com tracking.sokrati.com bat.bing.com googleads.g.doubleclick.net app.link https://*.freshdesk.com dmx246cm6p7k8.cloudfront.net axisbank.demdex.net https://helpcenterapi.freecharge.in nlpbots.freecharge.in activitymap.adobe.com www.gstatic.com frch-invoice.getparchi.com; img-src 'self' *.freecharge.in s.freecharge.in dmx246cm6p7k8.cloudfront.net dvb25sefq5u4k.cloudfront.net www.facebook.com jasper.d3.sc.omtrdc.net s3-ap-south-1.amazonaws.com d32vr05tkg9faf.cloudfront.net dmx246cm6p7k8.cloudfront.net d1g4sjv85anmpz.cloudfront.net d2v1q9q29hny2y.cloudfront.net d1vi4hxtdrq9n9.cloudfront.net d2o927etjybc8i.cloudfront.net freechargemobile.112.2o7.net jasperfreechargemerchantnew.112.2o7.net s3.ap-south-1.amazonaws.com offers.freecharge.in dpm.demdex.net www.google-analytics.com stats.g.doubleclick.net cm.everesttech.net bat.bing.com tracking.sokrati.com www.google.com www.google.co.in s3.amazonaws.com https://*.freshdesk.com ds-aksb-a.akamaihd.net dmx246cm6p7k8.cloudfront.net offers.freecharge.com googleads.g.doubleclick.net maps.gstatic.com www.googletagmanager.com csi.gstatic.com www.gstatic.com frch-invoice.getparchi.com data:; style-src 'self' 'unsafe-inline' *.freecharge.in fonts.googleapis.com http://fonts.googleapis.com cdn.jsdelivr.net cdn.rawgit.com https://*.freshdesk.com dmx246cm6p7k8.cloudfront.net www.gstatic.com frch-invoice.getparchi.com data:; font-src 'self' *.freecharge.in fonts.googleapis.com netdna.bootstrapcdn.com fonts.gstatic.com cdn.rawgit.com data:; connect-src 'self' *.freecharge.in dpm.demdex.net www.freecharge.in merchant-app.freecharge.in api2.branch.io www.google-analytics.com d1g4sjv85anmpz.cloudfront.net maps.googleapis.com stats.g.doubleclick.net api.getparchi.com jasper.d3.sc.omtrdc.net; frame-src 'self' accounts.google.com staticxx.facebook.com www.facebook.com www.youtube.com freechargepayment.demdex.net bid.g.doubleclick.net axisbank.demdex.net https://helpcenterapi.freecharge.in nlpbots.freecharge.in 9950466.fls.doubleclick.net activitymap.adobe.com *.omniture.com https://www.google.com fc-cdn.freecharge.in frch-invoice.getparchi.com 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 1
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 1
default-src 'self' ; connect-src 'self' https://s1259914507.t.eloqua.com https://www.google-analytics.com; font-src 'self' https://*.twimg.com https://*.twitter.com data:; frame-src 'self' https://twitter.com https://*.twitter.com; img-src 'self' https://*.twimg.com https://*.twitter.com https://www.google-analytics.com https://cdn.cms-twdigitalassets.com https://s1259914507.t.eloqua.com data:; media-src 'self' https://*.twimg.com https://*.twitter.com https://cdn.cms-twdigitalassets.com; object-src 'self' ; script-src 'self' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-4vjRgvPWP4vJR8o44Hly4wuWPbcPosEtObsy+q163L0=' https://*.twitter.com https://static.ads-twitter.com 'nonce-9e5949095e50a5294b332722ae70ee8'; style-src 'self' 'unsafe-inline' https://*.twimg.com https://*.twitter.com; report-uri https://twitter.com/i/csp_report; frame-ancestors 'self' 1
default-src 'self' z.cash; connect-src 'self' bam.nr-data.net www.google-analytics.com data.messari.io api.blockchair.com; script-src 'self' 'unsafe-inline' bam.nr-data.net js-agent.newrelic.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google-analytics.com www.googletagmanager.com www.gstatic.com ; font-src 'self' data:; frame-src 'self' www.youtube.com www.youtube-nocookie.com time.graphics; object-src 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' bam.nr-data.net js-agent.newrelic.com www.google-analytics.com www.googletagmanager.com; report-uri /csp_problem; 1
style-src 'unsafe-inline' http://pamyat-naroda.ru https://stat.pamyat-naroda.ru https://pamyat-naroda.ru https://release.pamyat-naroda.ru https://fonts.googleapis.com; default-src data: http://pobeda.elar.ru https://google.com/jsapi https://maps.googleapis.com http://podvignaroda.ru http://www.obd-memorial.ru http://cdn.pamyat-naroda.ru https://cdn.pamyat-naroda.ru https://cdn2.pamyat-naroda.ru http://cdn.pamyatnaroda.mil.ru https://cdn.pamyatnaroda.mil.ru http://pamyat-naroda.ru https://pamyat-naroda.ru https://release.pamyat-naroda.ru https://fonts.gstatic.com https://mc.yandex.ru https://geocode-maps.yandex.ru; img-src * data:; img-src *; script-src 'unsafe-eval' 'unsafe-inline' *.google.com https://mc.yandex.ru https://*.gstatic.com https://*.googleapis.com mc.yandex.ru *.google-analytics.com https://google.com/jsapi https://geocode-maps.yandex.ru https://api-maps.yandex.ru https://cdnjs.cloudflare.com 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://www.shoplooks.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.hotjar.com wss://*.hotjar.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.skinstore.com https://m.skinstore.com https://checkout.skinstore.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.pinimg.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://www.shoplooks.com https://static.shoplooks.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none'; connect-src 'self'; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.happify.com *.optimizely.com *.ads-twitter.com *.vimeo.com *.google.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn g.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.g.doubleclick.net *.youtube.com *.ytimg.com *.licdn.com tracker.mrpfd.com rum-static.pingdom.net cdn.mxpnl.com platform.twitter.com analytics.twitter.com cdn.branch.io connect.facebook.net app.link js.braintreegateway.com *.newrelic.com *.nr-data.net;img-src 'self' data: https: http:;connect-src 'self' *.happify.com *.adservice.google.com api2.branch.io api-js.mixpanel.com www.facebook.com *.pingdom.net *.googlesyndication.com *.g.doubleclick.net tracker.mrpfd.com *.google-analytics.com *.newrelic.com *.nr-data.net;frame-src 'self' *.happify.com platform.twitter.com *.facebook.com *.googlesyndication.com *.g.doubleclick.net www.youtube.com *.vimeo.com embed.ted.com player.youku.com;style-src 'self' 'unsafe-inline' *.happify.com fonts.googleapis.com *.typekit.net;font-src 'self' *.happify.com fonts.gstatic.com typekit.com use.typekit.net data:;default-src 'self' *.happify.com *.googlesyndication.com; 1
default-src 'self'; script-src https://szuf-stat.magyarorszag.hu 'unsafe-inline' 'unsafe-eval' 'self'; connect-src https://kau.gov.hu/proxy/saml/authnrequest https://kau.gov.hu/proxy/saml/authnrequest 'self'; img-src https://szuf-stat.magyarorszag.hu 'self' data:; style-src 'unsafe-inline' 'self'; child-src https://magyarorszag.hu https://kau.gov.hu https://kau.gov.hu/proxy/saml/authnrequest http://tarhely.gov.hu https://tarhely.gov.hu https://idp.gov.hu https://www.youtube.com https://youtu.be blob: 'self'; font-src 'self'; frame-ancestors 'self' http://tarhely.gov.hu/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/maps/api/geocode/json https://www.google-analytics.com/analytics.js  https://cr.testfreaks.com https://d1le22hyhj2ui8.cloudfront.net https://js.testfreaks.com https://se-content-b.psplugin.com https://w8db611c3.api.esales.apptus.cloud https://wff10df68.api.esales.apptus.cloud https://cdn.esales.apptus.com/api/apptus-esales-api-2.0.1.js https://co1078.clasohlson.se/nl https://co1078.clasohlson.se/webApp https://www.gstatic.com/recaptcha images.clasohlson.com checkout-eu.playground.klarna.com se-content-f.psplugin.com https://www.google.com/recaptcha/api.js www.gstatic.com clasohlson.psplugin.com content.psplugin.com co.clasohlson.com co1078.clasohlson.se 04uatcrmm.clasohlson.com maps.gstatic.com https://www.google-analytics.com fonts.gstatic.com fonts.googleapis.com https://www.googletagmanager.com maps.googleapis.com account.psplugin.com x.klarnacdn.net evt.playground.klarna.com https://*.youtube.com https://js.playground.klarna.com  https://eu.playground.klarnaevt.com https://widget.porterbuddy.com https://careoffunctionsuatstor.blob.core.windows.net/rentalscripts/rental.js https://reviews.testfreaks.com/ https://www.google.com https://ds-aksb-a.akamihd.net/aksb.min.js https://api.porterbuddy-test.com/availability https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/id https://adtr.io https://connect.facebook.net  https://translate.googleapis.com https://googleads.g.doubleclick.net https://segment.api.useinsider.com  https://w76e66a6f.api.esales.apptus.cloud/ https://static.hotjar.com https://in.hotjar.com https://vars.hotjar.com/ https://vc.hotjar.io https://script.hotjar.com https://assets.api.useinsider.com https://stats.g.doubleclick.net https://www.facebook.com https://location.api.useinsider.com https://clasohlson.api.useinsider.com https://hit.api.useinsider.com https://adservice.google.com https://5756990.fls.doubleclick.net https://socialproof.api.useinsider.com https://tpc.googlesyndication.com https://cnv.adt662.net https://unification.useinsider.com https://api.porterbuddy.com  https://s2.adform.net https://track.adform.net https://js.klarna.com https://eu.klarnaevt.com https://ds-aksb-a.akamaihd.net https://www.googleadservices.com https://translate.google.com https://cop-order-prod-cdnendpoint.azureedge.net/blob/returns.js https://se-content-a.psplugin.com/visitor/2.8.304/fonts/vngage.ttf https://se-content-a.psplugin.com/visitor/2.8.304/fonts/vngage.woff https://se-content-a.psplugin.com https://apim-stream00-prod-apim.azure-api.net https://bat.bing.com/ https://*.psplugin.com https://*.hotjar.com https://*.cloudflare.com wss://*.hotjar.com https://optimize.google.com https://rum-static.pingdom.net https://*.pingdom.net https://cert.tryggehandel.se/ wss://*.vergic.com wss://*.psplugin.com https://*.getflowbox.com https://9mn3sm7015.execute-api.eu-west-1.amazonaws.com https://cicptqmkej.execute-api.eu-west-1.amazonaws.com; report-uri /coutility/view/COCsp/csp-reports; img-src 'self' data: *; 1
base-uri 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://static.doubleclick.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.mouseflow.com  *.intercom.io https://js.intercomcdn.com *.mouseflow.com; connect-src 'self' *.elrond.com https://www.google-analytics.com https://www.youtube.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com *.mouseflow.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com *.mouseflow.com; img-src 'self' blob: data: https://www.google-analytics.com https://*.intercomcdn.com https://static.intercomassets.com https://uploads.intercomusercont